Solving the Secure Remote Access Dilemma in the Era of Health System Mergers
M&A activity across healthcare enterprises continues to speed up as they seek to lower costs and increase profitability in a competitive healthcare landscape. That’s reflected in the 27 health system mergers in Q1 2019 according to the latest M&A Activity Report from Kauffman Hall. One of the chief challenges in these new organizations are data security and access.
Each merger may result in hundreds of “new” support personnel accessing networks, countless health information systems (HIS), and medical devices across disparate healthcare locations. This leaves System admins and security/IT teams in a constant state of catch-up as they seek a unified and transparent approach to access authorization and security through advanced multi-factor authentication solutions.
Overcoming Access Challenges with Multi-factor Authentication Solutions
Overcoming the challenge of identifying users in real time and providing anywhere, anytime access based on roles will set the stage for success or failure of a health system merger. The root of the problem lies in how M&A creates challenges for creating an accurate, responsive, and centralized user profile system across a changing active directory. Things only get more complicated with electronic protected health information (ePHI) data scattered across a healthcare enterprise’s cloud applications and information systems.
Passwords can be an easy target for hackers that can become even more vulnerable post-merger by allowing them to exploit loopholes in security systems. The problem of insufficient password protocols can be seen in a recent Health Informatics Research (HIS) Brief.
HIS assembled the brief from over 200 medical professional respondents that showed 74 percent of them admitting to sharing EHR access credentials with others. This statistic is one of many that reveals the need for advanced multi-factor authentication products and the challenge of making access authorization simple for users.
Overcoming Access Authorization Complexity
Enterprise EHRs may have dozens of clinical workflows requiring authentication, which is just one example where user convenience can conflict with secure access. The varied access endpoints increase the conflict even more. In the age of mobility and BYOD, this can include:
Desktops, tablets and smartphones for network and cloud application access to point-of-care (POC) medical devices
Medical carts
Drug dispensary systems Telemedicine access points Other vital care management and monitoring points.
Medical devices either at the POC or patient-imbedded devices will require simple but stringent data access security methods so that authorized health professionals can monitor and adjust the device parameters. This may require a mix of professionals that need both POC and remote access via wireless and cloud connectivity.
Embedded medical device security has been traditionally lacking where they connect to sensors, monitors and the hospital network. Multi-factor authentication methods for access to these systems are crucial to decreasing both PHI data theft and hacks that can cause patient harm.










