By Ajay Jain, President and CEO, Quantum Secure
Much like our nation’s schools, airports, and other semi-public facilities, hospitals and other kinds of healthcare facilities are grappling with the new reality that dictates stronger and more enforceable access restrictions. In these new circumstances, the need for security must be balanced with the individual’s need to easily move about the hospital by allowing medical staff, visitors, or contract workers to go about their business with relative ease. Fortunately, intelligent and purpose-built software can provide a solution to address these concerns and can add depth to the hospital’s overall administrative safety and security operation.
One software solution gaining traction among healthcare facilities is automated physical identity and access management (PIAM) software that, integrated with IT, ensures immediate updated physical access privileges for each identity, with policy-based on- or off-boarding that utilizes existing privilege levels. More specifically, the software provides four fundamentals of hospital security and IT needs; namely safety, control, compliance, and peace of mind.
Hospitals never close their doors, and at any time, any individual can easily enter the building. In this open door environment, security officers are often the first line of defense for maintaining a safe and secure environment by managing situations and preventing incidents. However, officers cannot be everywhere and see everything. Without a more sophisticated access control system, it can be difficult to be certain that every individual is authorized to be where they are.
Centralized PIAM can provide the necessary security and operational reinforcement by providing a means to create an identity in the hospital’s IT system for every individual on the premises. Visitors to the facility can be vetted by VMOs (visitor management operators) via display of a friends and family list, and once on-site, visitors can be tracked if needed.
Having the procedures in place to ensure everyone has an identity in the IT system is the first objective of PIAM software. Controlling the process with pre-defined rules and workflows that match the hospital’s operational requirements takes the solution to the next level. When integrated with the hospital’s LDAP (lightweight directory access protocol) files or other data files, the software allows the central management of a multitude of identities including patients, doctors, nurses, visiting doctors, vendors, contractors, and so on. With a single point of control, errors are less likely to occur and management of the information can be more precise. It’s a totally automated system that connects existing systems and automates key processes and workflows to optimize security operations.
For instance, visitors can be restricted to only areas where the patient they are visiting is located, and hospital security management has the ability to track visitors as well as record all visitor activity. Access can be granted for specific types (i.e. family, guardian, contractor, etc.) and lengths of visits (overnight, multi-day, etc.), and the information remains in the system for return visitors or contract workers. In all cases, access cards and badges are automatically disabled by the system after visiting hours or when access permission has expired.
Adherence to rules and regulations established by state and federal agencies is not only mandatory; it also meets best practices with regard to hospital safety. Compliance with regulatory mandates is an important element of risk management, and software can enable these initiatives to be automated in real time. Existing off-the-shelf software can enable hospital management to perform important identity and access control functions in the context of meeting regulatory requirements, with adherence to specific regulatory guidelines built into the software. Daily, weekly and monthly operational reports can be automatically generated to provide security practitioners with information to optimize staff, budget, and other resources. Overall, the software ties together various disparate physical security and other systems and centralizes their control.
As an example, HL7 refers to specific standards for the exchange, integration, sharing, and retrieval of electronic health information. When PIAM software is integrated with a patient’s electronic health record (EHR), the combined information provides a more holistic view for the medical professional. All information pertaining to patient identity, such as visitors, dietary restrictions, medical attendees, and so on, are tied together under policy-based workflows.
Peace of Mind
Real-time awareness of identities and location in the hospital environment is invaluable information during a crisis situation. PIAM software provides security with instantaneous visibility into the location of identities, and this can save valuable time in an emergency. Visibility of security and security practices can also be a significant deterrent for criminal activity. From access control to watch lists to compliance and more, PIAM software enhances risk management operations by ensuring that security and convenience are equally maintained.
From a management point of view, as facilities grow in size due to additions or acquisitions and personnel increase, the system can grow along with the expansion. Further, integrating the PIAM system with operational systems can reduce costs by eliminating duplicate work efforts across multiple systems; these cost reductions are sustainable and repeatable year over year.
Software systems can streamline time-consuming and inefficient processes in the hospital environment, from issuing ID badges to managing databases to assigning access privileges across multiple physical access control systems. Addressing hospital challenges regarding physical identity and access management helps to mitigate risk and ensure the safety of patients, staff and visitors.