Georgia Hospital Deploys Strong Authentication Solution For Remote Access
To comply with HIPAA regulations, the Georgia-based Gwinnett Medical Center already was leveraging two-factor authentication via hardware tokens in order to protect patient files, sensitive medical data and clinical information.
The solution, however, was cost-prohibitive to deploy to a wider audience and cumbersome for the medical staff to use. To address these concerns, Gwinnett Medical Center (GMC) turned to Entrust Inc. and the Entrust IdentityGuard versatile authentication platform, a cornerstone of a layered security approach.
"From a cost perspective, it was just hard to top the versatility and strength of the Entrust IdentityGuard authentication solution, but the usability for our staff members really put the Entrust solution over the top," said Rick Allen, IT director at Gwinnett Medical Center. "We now are able to save money across the board and deploy strong enterprise authentication for a larger group of users, and the employees can just carry the grid cards with their ID badges, which makes them much easier to keep track of than a key-fob token. In addition, the platform supports a wide array of authenticators that, in the future, can help us secure a variety of applications that also house sensitive patient information."
Facilitated by trusted partner PossibleNOW, Entrust IdentityGuard with one of its innovative authentication capabilities, grid cards is now used to authenticate GMC doctors and staff who wish to remotely access the corporate network via SSL VPN. Gwinnett will initially deploy grid cards to be deployed to 1,500 current users, who are being migrated to the new system as their current tokens expire. The solution may be expanded to secure as many as 3,000 users in the future.
"The importance of protecting sensitive patient information is obvious, but Gwinnett Medical Center should be applauded for implementing an easier, more cost-effective authentication platform to assist in their compliance with regulatory requirements," said Entrust chairman, president and CEO Bill Conner. "Not only are they solving this current pain point and reducing cost, they're implementing a comprehensive versatile authentication platform with capabilities to help address a variety of security challenges that they may experience in the future."
Entrust IdentityGuard's gird card is a secure and simple form factor that is easily stored, carried and produced. In addition, PossibleNOW created a custom card-production application that allows the hospital to easily print, distribute and manage the card-production process in-house, helping to further reduce cost and streamline protocol. The Atlanta-based security vendor provides consulting services and designs, develops and implements online applications.
Gwinnett Medical Center also plans to leverage the Entrust versatile authentication platform to help secure access to a Web-based physician portal application.
Entrust IdentityGuard enables organizations to layer security -- according to access requirements or the risk of a given transaction -- across diverse users and applications. The platform's authentication options include username and password, IP-geolocation, machine/device, questions and answers, out-of- band one-time passcode (delivered via voice, SMS or e-mail), grid cards and a range of one-time-passcode tokens. Entrust IdentityGuard also provides multiple methods of supporting mutual authentication, including picture and caption replay.
With a flagship facility in Lawrenceville, Ga., Gwinnett Medical Center is a not-for-profit healthcare network that provides an array of high-quality services and facilities to both Lawrenceville and Duluth, which anchor the Gwinnett region in Georgia. Tracing its heritage back more than 60 years, the Gwinnett Medical Center includes three hospitals plus additional supporting medical facilities, which are serviced by more than 4,300 employees and 800 affiliated physicians. In 2007, GMC provided care to more than 400,000 patients.