Physically Securing Medical Equipment with Electronic Access Control

Physically Securing Medical Equipment with Electronic Access Control

  • By Steve Spatig
  • May 20, 2014

Physically Securing Medical Equipment with Electronic Access ControlWith HIPAA audits approaching, health care providers are concentrating their efforts on ensuring they have the appropriate physical safeguards in place to protect confidential patient information. Under new HIPAA rules, non-compliant providers face penalties of up to $1.5 million per year for security breaches, making access control a top priority.

Despite actions taken industry-wide to protect patient privacy, an alarming number of medical records are still subject to security breaches each year. According to a recent study published by Redspin, 199 large data breaches were reported to the Secretary of Health and Human Services (HHS) in 2013, impacting over 7 million patient records. Of those breaches reported to the HHS, 83.2% occurred due to theft and 22.1% resulted from unauthorized access.[1]

Health care IT managers can avoid costly penalties, improve security and better prepare for impending HIPAA audits by integrating intelligent electronic access solutions into the equipment that stores confidential patient data, such as server racks and wall mounted charting stations. Electronic access solutions combine intelligent electronic locking mechanisms with remote monitoring and audit trail capabilities, and can be networked with existing facility security systems to control access.

A “Digital Record” of Physical Activity

Physical security solutions traditionally used in health care facilities include mechanical locks with different keying options, some of which allow multiple key codes for added security. With the need for greater security clearly defined by HIPAA, health care IT managers are turning to electronic access solutions.

A complete electronic access solution consists of an electronic lock or latch, access control device and remote monitoring capabilities. Intelligent electronic locks can be operated from a variety of access control devices, from standalone keypads to fully networked RFID and biometric readers. Combining an electronic lock with an access control device provides an additional layer of security for health care equipment that stores valuable patient data.

Electronic access solutions eliminate the complexity of managing multiple mechanical keys and can provide real-time remote access monitoring and audit trail reporting through the generation of an electronic “signature” – a digital record of activity that can be monitored locally or remotely and aid in meeting compliance requirements.

Each time an electronic access-enabled enclosure opens or closes, a signal is sent to a monitoring system to confirm and log access. Depending on the configuration, electronic access reporting can provide simple open/close information as well as additional data such as:

  • Which credential was used to activate the electronic lock;
  • The time and duration of the event; and
  • If access was activated electronically or mechanically.

In the event a security breach does occur, this audit trail can be used to forensically reconstruct a series of events leading up to the suspicious activity.

Networked Solutions for Equipment Security

Electronic access solutions are ideal for securing medical equipment as they can provide an indisputable access audit trail for all doors and cabinets secured electronically, allowing the health care facility to demonstrate compliance with industry regulations such as HIPAA and HITECH. When combined with a building’s existing security system, electronic locks create one cohesive security network across the health care facility to control access.

For example, many facilities use wall-mounted charting stations that typically house computers containing HIPAA-protected information. Access to these stations must be tightly controlled as they are often located in high-traffic areas within the health care facility. Because multiple health care workers may have access to these stations on any given day, securing them and monitoring access can be a challenge.

Electronic access solutions that have been networked with the health care facility’s existing security network allow employees to access these charting stations with the same credentials they use to enter the building. Each time the card comes in contact with the reader and the door to the wall charting station opens or closes, a signal is sent to the monitoring system to confirm and log access, creating an audit trail of all activity.

Electronic access solutions work with existing user credentials to keep medical equipment secure, connecting building security and equipment access through standardized security credential protocols. Additionally, electronic locks can communicate with IP security cameras or other security devices, expanding the scope and capabilities of a security network.

Preparation Is Key

As the health care industry continues to anticipate HIPAA audits, it is critical for health care facilities to have the appropriate security controls in place to ensure compliance and protect valuable patient information. Electronic access offers a multitude of solutions for securing medical equipment throughout the hospital or institution, including intelligent locking mechanisms and access control devices that work with existing building security systems.

When choosing an electronic access solution, it should ultimately provide remote monitoring capabilities to control access within the facility and audit trail capabilities to demonstrate compliance with HIPAA requirements. It is important to consider access control and select an equipment level security solution that leverages the facility’s overall physical security system.

[1] BREACH REPORT 2013: Protected Health Information (PHI), Feb. 2014, www.redspin.com

About the Author

Steve Spatig is general manager of Southco’s Electronic Access Solutions Strategic Business Unit and has over 15 years of experience working in various design engineering and product management capacities with the company.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

Most   Popular

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.