With HIPAA audits approaching, health care providers are concentrating their efforts on ensuring they have the appropriate physical safeguards in place to protect confidential patient information. Under new HIPAA rules, non-compliant providers face penalties of up to $1.5 million per year for security breaches, making access control a top priority.

Despite actions taken industry-wide to protect patient privacy, an alarming number of medical records are still subject to security breaches each year. According to a recent study published by Redspin, 199 large data breaches were reported to the Secretary of Health and Human Services (HHS) in 2013, impacting over 7 million patient records. Of those breaches reported to the HHS, 83.2% occurred due to theft and 22.1% resulted from unauthorized access.[1]

Health care IT managers can avoid costly penalties, improve security and better prepare for impending HIPAA audits by integrating intelligent electronic access solutions into the equipment that stores confidential patient data, such as server racks and wall mounted charting stations. Electronic access solutions combine intelligent electronic locking mechanisms with remote monitoring and audit trail capabilities, and can be networked with existing facility security systems to control access.

A “Digital Record” of Physical Activity

Physical security solutions traditionally used in health care facilities include mechanical locks with different keying options, some of which allow multiple key codes for added security. With the need for greater security clearly defined by HIPAA, health care IT managers are turning to electronic access solutions.

A complete electronic access solution consists of an electronic lock or latch, access control device and remote monitoring capabilities. Intelligent electronic locks can be operated from a variety of access control devices, from standalone keypads to fully networked RFID and biometric readers. Combining an electronic lock with an access control device provides an additional layer of security for health care equipment that stores valuable patient data.

Electronic access solutions eliminate the complexity of managing multiple mechanical keys and can provide real-time remote access monitoring and audit trail reporting through the generation of an electronic “signature” – a digital record of activity that can be monitored locally or remotely and aid in meeting compliance requirements.

Each time an electronic access-enabled enclosure opens or closes, a signal is sent to a monitoring system to confirm and log access. Depending on the configuration, electronic access reporting can provide simple open/close information as well as additional data such as:

• Which credential was used to activate the electronic lock;
• The time and duration of the event; and
• If access was activated electronically or mechanically.

In the event a security breach does occur, this audit trail can be used to forensically reconstruct a series of events leading up to the suspicious activity.

Networked Solutions for Equipment Security

Electronic access solutions are ideal for securing medical equipment as they can provide an indisputable access audit trail for all doors and cabinets secured electronically, allowing the health care facility to demonstrate compliance with industry regulations such as HIPAA and HITECH. When combined with a building’s existing security system, electronic locks create one cohesive security network across the health care facility to control access.

For example, many facilities use wall-mounted charting stations that typically house computers containing HIPAA-protected information. Access to these stations must be tightly controlled as they are often located in high-traffic areas within the health care facility. Because multiple health care workers may have access to these stations on any given day, securing them and monitoring access can be a challenge.

Electronic access solutions that have been networked with the health care facility’s existing security network allow employees to access these charting stations with the same credentials they use to enter the building. Each time the card comes in contact with the reader and the door to the wall charting station opens or closes, a signal is sent to the monitoring system to confirm and log access, creating an audit trail of all activity.

Electronic access solutions work with existing user credentials to keep medical equipment secure, connecting building security and equipment access through standardized security credential protocols. Additionally, electronic locks can communicate with IP security cameras or other security devices, expanding the scope and capabilities of a security network.

Preparation Is Key

As the health care industry continues to anticipate HIPAA audits, it is critical for health care facilities to have the appropriate security controls in place to ensure compliance and protect valuable patient information. Electronic access offers a multitude of solutions for securing medical equipment throughout the hospital or institution, including intelligent locking mechanisms and access control devices that work with existing building security systems.

When choosing an electronic access solution, it should ultimately provide remote monitoring capabilities to control access within the facility and audit trail capabilities to demonstrate compliance with HIPAA requirements. It is important to consider access control and select an equipment level security solution that leverages the facility’s overall physical security system.