28 April, 2005
category: Contactless, Corporate, Digital ID, Education, Health, Library
By Andy Williams, Contributing Editor
Using single sign-on, roaming access, and a sonar sensor device, the University of Colorado Hospital can meet not only HIPAA privacy requirements, but give its nurses and doctors faster access and more flexibility in dealing with their patients’ records and actual treatment.
This is thanks to a system set up by HealthCast, based in Boise, Idaho, utilizing proximity readers and sonar technology from RF IDeas, located near Chicago, Illinois. The Colorado medical facility is using 21st century technology that also works with its legacy systems without requiring changes to them, said HealthCast’s Trip O’Donnell, vice president of business development.
The key component in the Colorado system is eXactACCESS, an enterprise single sign-on that provides secure access to any application and offers HealthCast’s clients the choice of multi-user or ‘RoamingSession’ functionality for shared workstations.
The single sign-on means users have to remember just one password. In a hectic hospital environment, that can save nurses and doctors up to 30 minutes every day, said Mr. O’Donnell.
“It has worked out extremely well for the hospital, which was already using HID proximity cards for physical access. It ties into a system it already had in place,” he added.
“In RoamingSessions deployment, eXactACCESS is installed on a terminal server, while its eXpressACCESS component is installed on the client side, replacing the Windows shell, to lock down the workstation, and speed access to the terminal session.” Mr. O’Donnell explained. “When the user swipes his badge and puts in his password, he is taken directly to his unique desktop on the terminal server, speeding his access to the data he needs.
The user is, effectively, locked out of accessing any data that isn’t necessary for his or her work.
“Instead of having a workstation where multiple people share the same login to access information, each user now authenticates uniquely and is given access only to the information systems they have been pre-approved to use. This helps to ensure a patient’s privacy,” said Mr. O’Donnell.
“We also ensure privacy in other ways. They (hospital personnel) log on only once to the network, and we handle all authentications to their clinical applications, via their single sign-on. Then the session will timeout if the workstation isn’t being used for a pre-configured amount of time.”
Protecting patient data with sonar …
But a problem still remains … If the timeout is set for say 30 seconds, that stills leave a gap where the record would be available to anyone to view (unless the user physically locked his/her session).
Enter a sonar device supplied by RF IDeas. “If they walk away, it locks down their session on the work station so others cannot view that patient’s information,” said Mr. O’Donnell. “In the meantime, with eXactACCESS, multiple people can use the same workstations to access their own unique sessions; yet, the first user’s session is still available at any other workstation, exactly as he left it when he logs back in.”
This sonar device sits atop the workstation. It recognizes when the user walks away, and locks the session, automatically launching eXactACCESS’ Privacy Shield, said Mr. O’Donnell.
“The sensor uses ultrasound,” explained Greg Gliniecki, vice president, RF IDeas.
“It’s a very easy installation, a simple device that is seamlessly integrated with eXactACCESS,” added Mr. O’Donnell. “It’s a pretty slick solution for a hospital to help them meet HIPAA patient privacy and security regulations.”
The sonar serves as primary protection and the automatic timeout “can act as a backup to the sonar,” he said.
The system at the University of Colorado’s hospital was installed about 18 months ago. Said Mr. O’Donnell: “eXactACCESS is the point of entry for nurses and doctors to access all their patients’ information. Since we control access to improve patient privacy and security, we also add functionality to help them access their information faster and with more flexibly; just controlling access alone would make it more difficult for them and they wouldn’t want to use the system.”
“On the one hand,” he added, “we’re securing the workstation with an audit trail, but at the same time, because we create these RoamingSessions, users can pick up their work where they left off, regardless of which workstation they use, therefore improving the work flow.”
Another beauty of the system, Mr. O’Donnell said, is its ability to speak with existing legacy systems. “Hospitals have been in business a long time. In a typical hospital, you might have 50 different applications, often including a mainframe-based system. There isn’t typically one system that does everything. HealthCast can deal with these older and more difficult applications which were not designed to integrate with other applications or conform to today’s security requirements.”
Mr. Gliniecki said RF IDeas, which supplies the badge readers, “wrote our own software” to combine PC logon with door access. But rather than inventing another mousetrap, “we partnered immediately with some of the big companies, like HID for proximity badges. By connecting with them, we made a reader that supported their badges. We then realized we weren’t going to make complicated badge systems, so we felt it best to open our system up through a software development kit and brought on companies supporting these types of systems.”
Mr. O’Donnell said the HealthCast solution installed at the University of Colorado hospital is useable elsewhere, particularly anyplace where HIPAA applies, such as in the healthcare insurance and the pharmaceutical industries. “It’s a combination of things we do that sets us apart, but our technology is generic. It can be applied to any industry, particularly those with older systems and environments where people share workstations.”
About HealthCast
Mr. O’Donnell said HealthCast enterprise solutions strengthen security while streamlining user workflow. They provide session management to shared workstations and secure single sign-on access to information stored in any application–legacy, web, client-server, or proprietary. “Advanced authentication technologies can be added and tailored modes of deployment, including RoamingSessions, are offered.” he added.
Additional resources:
To visit Healthcast on the web, click here.
To visit RF Ideas on the web, click here.