Physically Securing Medical Equipment with Electronic Access Control

Physically Securing Medical Equipment with Electronic Access Control

  • By Steve Spatig
  • May 20, 2014

Physically Securing Medical Equipment with Electronic Access ControlWith HIPAA audits approaching, health care providers are concentrating their efforts on ensuring they have the appropriate physical safeguards in place to protect confidential patient information. Under new HIPAA rules, non-compliant providers face penalties of up to $1.5 million per year for security breaches, making access control a top priority.

Despite actions taken industry-wide to protect patient privacy, an alarming number of medical records are still subject to security breaches each year. According to a recent study published by Redspin, 199 large data breaches were reported to the Secretary of Health and Human Services (HHS) in 2013, impacting over 7 million patient records. Of those breaches reported to the HHS, 83.2% occurred due to theft and 22.1% resulted from unauthorized access.[1]

Health care IT managers can avoid costly penalties, improve security and better prepare for impending HIPAA audits by integrating intelligent electronic access solutions into the equipment that stores confidential patient data, such as server racks and wall mounted charting stations. Electronic access solutions combine intelligent electronic locking mechanisms with remote monitoring and audit trail capabilities, and can be networked with existing facility security systems to control access.

A “Digital Record” of Physical Activity

Physical security solutions traditionally used in health care facilities include mechanical locks with different keying options, some of which allow multiple key codes for added security. With the need for greater security clearly defined by HIPAA, health care IT managers are turning to electronic access solutions.

A complete electronic access solution consists of an electronic lock or latch, access control device and remote monitoring capabilities. Intelligent electronic locks can be operated from a variety of access control devices, from standalone keypads to fully networked RFID and biometric readers. Combining an electronic lock with an access control device provides an additional layer of security for health care equipment that stores valuable patient data.

Electronic access solutions eliminate the complexity of managing multiple mechanical keys and can provide real-time remote access monitoring and audit trail reporting through the generation of an electronic “signature” – a digital record of activity that can be monitored locally or remotely and aid in meeting compliance requirements.

Each time an electronic access-enabled enclosure opens or closes, a signal is sent to a monitoring system to confirm and log access. Depending on the configuration, electronic access reporting can provide simple open/close information as well as additional data such as:

  • Which credential was used to activate the electronic lock;
  • The time and duration of the event; and
  • If access was activated electronically or mechanically.

In the event a security breach does occur, this audit trail can be used to forensically reconstruct a series of events leading up to the suspicious activity.

Networked Solutions for Equipment Security

Electronic access solutions are ideal for securing medical equipment as they can provide an indisputable access audit trail for all doors and cabinets secured electronically, allowing the health care facility to demonstrate compliance with industry regulations such as HIPAA and HITECH. When combined with a building’s existing security system, electronic locks create one cohesive security network across the health care facility to control access.

For example, many facilities use wall-mounted charting stations that typically house computers containing HIPAA-protected information. Access to these stations must be tightly controlled as they are often located in high-traffic areas within the health care facility. Because multiple health care workers may have access to these stations on any given day, securing them and monitoring access can be a challenge.

Electronic access solutions that have been networked with the health care facility’s existing security network allow employees to access these charting stations with the same credentials they use to enter the building. Each time the card comes in contact with the reader and the door to the wall charting station opens or closes, a signal is sent to the monitoring system to confirm and log access, creating an audit trail of all activity.

Electronic access solutions work with existing user credentials to keep medical equipment secure, connecting building security and equipment access through standardized security credential protocols. Additionally, electronic locks can communicate with IP security cameras or other security devices, expanding the scope and capabilities of a security network.

Preparation Is Key

As the health care industry continues to anticipate HIPAA audits, it is critical for health care facilities to have the appropriate security controls in place to ensure compliance and protect valuable patient information. Electronic access offers a multitude of solutions for securing medical equipment throughout the hospital or institution, including intelligent locking mechanisms and access control devices that work with existing building security systems.

When choosing an electronic access solution, it should ultimately provide remote monitoring capabilities to control access within the facility and audit trail capabilities to demonstrate compliance with HIPAA requirements. It is important to consider access control and select an equipment level security solution that leverages the facility’s overall physical security system.

[1] BREACH REPORT 2013: Protected Health Information (PHI), Feb. 2014, www.redspin.com

About the Author

Steve Spatig is general manager of Southco’s Electronic Access Solutions Strategic Business Unit and has over 15 years of experience working in various design engineering and product management capacities with the company.

Featured

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3