A Health Crisis -- Security Today

A Health Crisis

By Karina Sanchez
Oct 02, 2007

Those in the security industry know that protection doesn't just stop with police officers and first responders. Security, privacy and confidentiality are important issues in several applications. And healthcare facilities are no exception. Since 1996, when HIPAA, the Health Insurance Portability and Accountability Act, was established, healthcare facilities have been faced with even greater challenges of protecting patients' information. In essence, HIPAA is designed to address portability, confidentiality and information technology in a healthcare setting.

"What HIPAA did was create awareness that you need to start paying attention not to just security, but confidentiality, as well," said Robert Seliger, chairman and CEO of Sentillion, provider of products designed to protect the privacy of patient records and meet healthcare regulatory requirements.

When HIPAA was enacted, healthcare organizations were already using computers for back-office functions, and the new act demanded a change in organizational processes.

"Computers were everywhere, and hospitals were confronted with the need to protect those systems. Add world happenings, and spammers and hackers, and you create a recipe for awareness," Seliger said.

That's exactly what prompted healthcare associations across the country to take a hard look at how they were managing their business and how security, confidentiality and portability could be improved.

A Healthy Case
Lincoln, Neb.-based BryanLGH is a not-for-profit, locally owned healthcare organization with two acute-care facilities and several outpatient clinics, including cardiology, orthopedics, trauma, neuroscience, mental health, women's health and oncology. A statewide network allows BryanLGH to provide sophisticated mobile diagnostic treatment and services to citizens throughout the region. The organization restructured its data processes to comply with the new act.

"When HIPAA was initiated, the bar was raised in terms of the requirement of hospitals to protect the privacy and confidentiality of patient information," said BryanLGH CIO Rich Marreel. "HIPAA had a lot to do with making privacy and security a higher priority than it was before."

That, along with the JACO, the Joint Commission on hospital accreditation, which offers standards on security and confidentiality for hospitals, highlighted the need for hospitals to take charge of their data.

The first steps BryanLGH took were to review all policies and procedures it had in place. Instead of housing paper charts, it moved all of that information into electronic medical records for all patients dating back to 2000. For patients seen before that, records were transported to microfilm. With this change, the possibility of transporting hard-copy records outside of the organization is less likely.

"It helps us contain the patient information, who views it and how it's distributed. The downside is that it is electronically available, so it's susceptible to being hacked into," Marreel said. "If someone's careless with their authentication, then that information could become available to someone without the proper need to know. You always have that downside."

In general, Marreel notes, keeping the records electronically has helped the organization gain more control over patients' information, how it's distributed and accessed.

Worries About Authentication
BryanLGH has employed a single sign on product from Sentillion that helps it keep track of who's accessing what and why. The organization has done away with paper files completely, which makes its electronic files that much more important. Marreel admits to even having a security officer whose sole responsibility is to investigate any possibilities of leakage of patient information, look for holes in security and to make sure those are kept plugged up.

And one part of the security officer's job is to make sure users aren't exposing their usernames and passwords.

"But that's improved dramatically within the past few years. It used to be common practice to see people with various usernames and passwords taped somewhere," Marreel said.

Single sign on solutions are designed to allow the user to sign on once to all the applications they have rights to, eliminating the need to re-authenticate for each separate application. In addition, because of the technology's efficiency and ease of use, it has become favored among those in the healthcare industry.

"Physicians like it because they go from unit to unit, floor to floor, so they need access to their applications at each of those places," Marreel said. "Anything we can do for they physicians to make that process easier, while at the same time maintain appropriate privacy and security, we try to do it."

But industry experts have found a new breed of threats targeting the privacy and security of patients that steps away from the confines of a healthcare organization and targets patients themselves.

For Sale: Healthcare Identities
Patients are worried about keeping their medical records private, including any type of identifiable information that may go along with it<\m>Social Security number, blood type, birth date and more. But some in the industry are seeing that people aren't just targeting identities, but healthcare records, as well.

"People are stealing healthcare identities in order to receive free healthcare," Seliger said.

And due to rising healthcare costs and higher insurance rates, this crime is becoming more and more of a problem.

"I've heard of it, and fortunately we haven't had that kind of experience, but it's something that can happen at a lot of different points along the way," Marreel said.

Healthcare identities can be stolen at hospitals, in wallets, from family members, from insurance insiders and more. And it's important to keep that information as safe from tampering as possible because, as Seliger notes, it's something that will be more prevalent in the near future.

"You can see the perfect storm brewing to where this is going to become a larger problem," Selinger said.

There are regulations and standards out there to protect patients' information, healthcare organizations strive to comply with such standards, and private companies create technologies to help people protect themselves in the process. It's a trust in a healthy dose of security that can help the threats go down.

i-PRO Certified as a 2025 Great Place to Work Around the World
11/20/2025
Allied Universal Named to Forbes List of America’s Best Companies
11/19/2025
Motorola Solutions Acquires Blue Eye
11/19/2025
SIA Names Jonathan Aguila as 2025 Insightful Practitioner Award Honoree
11/13/2025
Allied Universal Receives Top 50 Learning and Development Team Award
11/13/2025
PSA Network Joins the Foundation for Advancing Security Talent (FAST) as an Exclusive Member
11/12/2025
IPTECHVIEW Launches AI Orchestrator Cloud Video Management Platform
11/12/2025
barox Appoints Industry Veteran Reinhard Florin as Vice President of North America Sales
11/06/2025

Featured

The Evolution of IP Camera Intelligence

As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now
- IP Video
From Surveillance to Intelligence

Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now
Cost: Reactive vs. Proactive Security

Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now
- Facility Security
Achieving Clear Audio

In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now
- Facility Security
Beyond Apps: Access Control for Today’s Residents

The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.
ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.