The healthcare system has long faced issues with verifying identity across devices and processes, but today there are even more challenges to consider. The HIMSS Identity Management Task Force (HIMSS IMTF) has made a policy-level recommendation that all healthcare information systems, such as patient portals and electronic health record (EHR) systems, be capable of identity validation of individuals at NIST Level of Assurance 3 (LOA-3) or its equivalent before gaining access to protected information.
The HIMSS IMTF evaluated other industries to understand the progress of their identity management processes and came to the conclusion that current advancements and support infrastructure are available to serve the healthcare industry. To best invest in this technology and infrastructure, it is important to evaluate the existing challenges facing identity management in healthcare.
Identify Theft Has Become Commonplace
According to the Federal Trade Commission’s estimates, identity theft was again the number one complaint of Americans in 2014. There is no exception for medical records and other protected healthcare information, which is a premium target for thieves and hacker groups. Unfortunately, it is likely that your organization has been considered for an attack or has suffered a security breach in the last five years, making it even more urgent to know your identity validation options moving forward.
Nearly 30 million Americans have had their personal health information (PHI) accessed or accidentally disclosed since 2009, according to the InfoSec Institute. To properly defend your patients’ PHI and prevent this statistic from continuing to rise, existing healthcare security procedures aren’t enough to protect your existing healthcare systems. It’s time to comply with proper mobile and web security policies.
The private sector can no longer wait for the government to update it cybersecurity policies. Legislation isn’t quick enough to get ahead of potential threats to sensitive data. According to the International Information System Security Certification Consortium’s 2015 survey of 1,800 federal information security professionals, the U.S. government hasn’t improved its security posture despite more investments in the area. One of the top reasons for reduced security is that the government is unable to keep pace with modern threats, according to 80 percent of survey respondents.
Confidentiality in Healthcare is Complex
Healthcare organizations looking to secure their data face the critical challenge of PHI confidentiality. Care providers must comply with existing federal laws such as HIPPA, but also cater to patients’ interests to ensure that they are trusted resources for their healthcare needs. Balancing access and HIPPA requirements requires understanding whether or not the individuals accessing systems are who they say they are. This ensures that the only individuals accessing confidential data are the patients and individuals at NIST LOA-3 or its equivalent.
These individual profiles must be accurate enough to provide non-repudiation, or the assurance that the identity of an individual cannot be denied by its owner. At the same time, many patients need to access files on their own without being identified to the healthcare system at large. It’s the patients’ right to remain anonymous. In some cases, they may not need to prove who they are other than that they are served by the healthcare system overall.
Accuracy and Availability of Information is Essential
Whether you’re analyzing mobile security of PHI or other confidential information, note that the data being accessed must be remain entirely accurate and readily available to both medical practitioners and their patients when needed. Security can’t compromise patients’ data integrity, even if you’re ensuring that they are properly treated and all fatal decision errors are avoided.
Patients’ and healthcare providers’ identity validation must be verified quickly to keep pace with the way medical professionals are using mobile devices. The accuracy and availability of PHI is heavily tied to how user-friendly a particular system is. This is an important consideration to keep in mind when adopting the right healthcare security protocols to support your identity validation systems. One solution that addresses this is Samsung KNOX, a manageable, on-device mobile security solution that helps empower healthcare systems to better validate the identity of individuals accessing PHI on a regular basis. KNOX allows healthcare providers to customize Samsung devices into purpose-built appliances, which address these challenges and focus on providing quicker, more effective care for their patients.
Visit Samsung’s Healthcare page to learn how mobile devices with Samsung KNOX can secure your patients’ data and improve your processes.
