HIPPA Tips:
By Robert N. Mitchell
A few years ago, biometrics was all the rage, but has since quieted down as a possible alternative to protecting patient information. Nonetheless, the health care industry continually needs secure solutions to protect sensitive patient data. silex technology america, Inc., a Salt Lake City company, remains active in developing biometrics solutions that bring value to the health care industry, according to silex's Vice President of Biometrics, Gary Bradt.
"I always look at the value proposition technology can bring to an organization," Bradt said. "And the technology has the ability to leverage simple biometrics in the workplace to do more than just protect computers; it also provides a solution that addresses HIPAA front-and-center, where everybody is struggling to understand and implement technology to bring about compliance."
Intellectual property protection
Bradt said that silex's technology protects the enterprise's intellectual property, as well as all the people that work in the hospital or health care environment. It also protects patients and customers, and does it in an unobtrusive way. "When you go home at night, you know that the patient information is protected. Only those individuals who have access to the technology can gain access to patient information. With all of the recent reports in the media about credit card customer data being leaked, if there were a type of system such as silex in place in the financial services industry, people who weren't supposed to get access to this information wouldn't get access to this information," Bradt said. "You also hear about people walking out of government and other facilities with classified documents. A system such as ours can protect against such thefts. It's finally happened in the health care industry and other industries; solutions that are being developed solve everyday problems, and bring a true value proposition to an enterprise."
silex technology america is a wholly owned subsidiary of silex technology, based in Japan, which designs, develops and produces solutions for the United States marketplace (e.g., products for HIPAA and Sarbanes-Oxley). According to silex, the company developed the first USB wireless device server, IPV6, launched in the biometric market in 2004, Bradt said.
"Looking back at biometrics a few years ago, the industry was a total disaster," Bradt said. "There were a lot of different types of biometrics products being released, but no commonality."
But the biometrics industry, responding to federal mandates such as HIPAA and Sarbanes-Oxley, increased the acceleration of the technology's growth.
A look at biometrics
Biometrics is not adaptable for every organization. "Each system addresses a unique issue. And for biometrics technology to be successful, it really must be combined with solid business rules and an organization's overall objectives," he said. "For example, retina scans are somewhat invasive; people don't like to have lights shining in their eyes. If all of a sudden you start to have high blood pressure problems, the retina scanner won't be able to read the retina well. It's also cumbersome and expensive."
Many industries, including health care, are returning to fingerprint scans, one of the first biometrics technologies marketed a few years ago. Now organizations are coupling that technology with other types of biometrics, such as facial recognition.
Non-secure printers
To address security of patient information, silex looked to one of the common, non-secured areas -- the networked printer. The company developed SecurePrint, which exemplifies how health care organizations are again embracing biometrics technology.
Bradt described a common scenario with SecurePrint: A person sitting at his computer prints out a document that should be secured. But he's interrupted either by a phone call or a meeting. He walks to the printer 10 minutes later to pick up the previously-printed document.
"He goes to the printer and the document he printed is not there. He wonders: Did the document print? Did somebody take what I had printed? In the past at some companies, people would print sensitive documents and then literally run to the printer. But even then, sometimes the document would be stuck in someone else's pile of documents. So, for government and health care organizations, the technology is very useful," Bradt said.
The computer connects to a fingerprint reader. The computer retrieves a document or a patient file, and the health care employee pulls down a patient record, which is encrypted into a folder on the hard drive. When the document is sent to the printer, SecurePrint holds the document in a queue until the person who printed the document comes to the printer and inserts his/her finger into the fingerprint reader.
SecurePrint prevents unauthorized access to documents sent to the printer by integrating the user's lifetime ID, the fingerprint. Once SecurePrint verifies the sender's fingerprint data, the queued print job releases, allowing only the authenticated user access to the printed documents. "The technology provides the highest level of confidentiality for printing sensitive data on a network printer. The device comes with a fingerprint reader that has a USB interface and connects directly to the secured printing device on the printer. The device server is a four-port USB device that connects one of the fingerprint readers and up to three USB printers to the network for secure printing," Bradt said.
SecurePrint solves a common HIPAA-compliance problem. "Everybody in health care is interested in this technology. It also can serve as a back door for health care organizations to start using biometrics. It's beneficial to have technology that addresses protecting patient data while secondarily protecting the intellectual property that's stored on a computer and network.
"As we know, paper is the weakest link in any system," Bradt said. "And, everyone that I talk to about the technology understands the intrinsic vulnerabilities of having paper sitting on a printer."
HIPAA documentation
Bradt said that IT administrators like SecurePrint because they can control their printer areas, rather than allowing users to maintain control on what to secure. The software allows the IT administrator to perform audits, based on server, facility, role- and user-based access.
Biometrics can also control physical access to buildings and rooms within a hospital or health care organization, Bradt said. "We have a solution, through which certain areas within a hospital can be protected with a biometric, fingerprint identification, proximity card and/or PIN-based access. This is useful in protecting medication supplies and specific rooms/locations in a hospital, he said. "You can track who is entering and leaving a specific area, who is accessing information, and who is printing information -- all in a non-invasive way," Bradt said.
In the past, biometrics technology couldn't meet any of today's requirements, Bradt said. "You had stand-alone, cobbled systems that couldn't talk to one another. An enterprise biometrics solution allows a health care organization to decide how it wants to work, and what level of biometric security devices/systems it needs. An IT administrator now has total flexibility, because he/she can implement further protections that doctors or nurses might not otherwise think about. So, encryption of documents is a strong way of protecting sensitive, patient data," he said.
Mr. Mitchell is managing editor of ADVANCE for Health Information Executives.
Original Post