Passwords for network security are out and faces are in at ParadigmHealth.
The Upper Saddle River, N.J., provider of care to seriously ill patients is adopting a Web-based authentication method that requires doctors, nurses and other users to remember images of nine faces to gain access to patient records through Paradigm-Health's Web portal.
"There's a huge advantage in this high-security face recognition" over easily shared and compromised passwords, says Tom Hagen, CEO of the healthcare company, which is using technology from PassFaces.
Healthcare providers, not often viewed as IT innovators, are becoming increasingly aggressive and creative about network security. Their efforts go hand in hand with regulatory requirements to safeguard patient data, and recognize that wireless and other technologies fit the mobile jobs of doctors and nurses.
Kettering Medical Center Network in Dayton, Ohio, has embraced wireless for staff and patients. It is adopting fingerprint biometrics to secure patient data.
The organization, which includes five major hospitals and numerous smaller facilities for a total of about 7,000 employees, last month began installing Cisco-based wireless LAN (WLAN) technology. The rollout will provide nurses and doctors with laptops on carts and mounted on walls that will require fingerprint biometrics for authentication for access to patient data.
The Centillion single-sign-on software used for the project will let authorized staff bring up electronic records from where they're stored in Kettering's primary data center, says Bob Burritt, director of technology.
Once the network is up, Kettering will provide wireless hot spots for patients seeking Internet access.
Memorial Healthcare, a 1,000-employee hospital in Owosso, Mich., is a few steps ahead. It already has a segmented WLAN for use by patients and staff. The hospital also has put about 100 computers in hospital rooms for use by staff caring for patients. The latest round of innovation at Memorial came in January when nurses were given RFID-based badges to wear that automatically lock computers when they walk away from them.
"There's now a USB antenna in the computer, and they walk a certain distance, it locks," says Project Manager Frank Fear, citing Memorial's use of software from Ensure Technologies.
Hospital staff have to authenticate with a fingerprint biometric to gain access to computers. To simplify electronic-records access for the nurses, Memorial, with help from Citrix and single-sign-on firm Imprivata, added a way to have the nurses' electronic patient records roam with them from room to room.
"Before, they had to go pull up each patient's record from several databases each time they entered a new patient room," Fear says. "Our philosophy in this project is security needs to be coupled with convenience."
One challenge Memorial has encountered in using the radio frequency-based proximity badges is that nurses easily adapt to them, but physicians find it harder because their schedules more frequently have them on the go outside the hospital.
New York Presbyterian Hospital also is taking IT security seriously, adopting the sort of network access control technology that many organizations are still only thinking about using.
New York Presbyterian has a system that includes 8,000 associated physicians and 14,000 other network users who can access records in databases in a mid-town data center connecting the organization's two main hospitals via private-line dark fiber in Manhattan and the Bronx.
Earlier this year New York Presbyterian deployed appliances from start-up CounterStorm that plug into a switch to monitor traffic and shut down port access to infected machines. The appliances use anomaly detection rather than signature-based recognition to spot infected machines or attacks and shut off access to ports.
"We wanted to move to the prevention side," says Soumitra Sengupta, information security officer at the hospital. "We had been using intrusion-detection systems but we were getting a large amount of fake positives in terms of alerts."