Solo doctor solves HIPAA multi-factor authentication need at a low cost.
(Re-posting of the article in Quality Insights of Delaware newsletter REC, 07-29-2014)
I am a practicing ophthalmologist in Delaware, and like many solo docs, I am also the in-house IT manager. The government has encouraged all of us to adopt EMR. About two years ago, I went “all-in” with electronic medical records (EMR) software. One of the scariest things about this process is the penalties levied by the government for a failed security audit or data breach. I have read stories of medical practices losing a hard drive or laptop and then being fined over $100,000. In addition, many major hospitals with full-time IT security teams have also been fined millions dollars for a breach. The U.S. government does not treat protecting patient’s records lightly.
I have been quite pleased with my EMR software however the system does not require a “strong” password for access. HIPAA guidelines recommend the standard security components like anti-virus software, firewalls, and strong passwords but they also discussed “multi-factor authentication.”
One of my greatest concerns was that when the patient was in the exam room behind a closed door they could access my PC or network. Having a running desktop PC and patient behind a closed door is sometimes just too tempting for them. They want to just check their e-mail or quickly surf the Web. However, they could also check medical files. With HIPAA’s requirement of preventing unauthorized access into patient files, I knew I needed a solution that would stand up to an audit.
My security auditor recommended that I “lock” Windows whenever I left the room. While this step may be “best practices,” I was concerned about how much it would slow me down to enter the password so many times each day.
Enter Power Logon by Access Smart, LLC. This ingenious product promised both security and user convenience for logging into computers, applications, and networks without having to remember or type a user name or password. This solution uses a smartcard-based, multi-factor authentication. Access Smart also has a money back guarantee. I took the plunge and purchased their Power LogOn Administrator Starter Kit. I was able to use the smartcards and readers that I had already purchased and only needed the software from them.
The people at Access Smart were knowledgeable and very helpful in enabling me to deploy this technology. Dovell Bonnett, the founder and CEO of Access Smart, explained that their philosophy is to make the software flexible to accommodate a company’s security policy, and not make a company change their policies to accommodate the software’s functionalities.
Power LogOn has simplified life for me and my staff. Before we leave the exam room, we simply push Window/L and Windows is locked. When the staff or I need to access the computer, we swipe a prox card and automatically are logged into BOTH Windows and the EMR. Everyone has a unique card and password and we can track who and when a person has accessed the computer or network.
I searched for other products and Power Logon is really the only solution that I have found that addresses HIPAA security and user’s convenience. It was easy to install and the Access Smart team was there to answer any questions that came up.
I have no financial interest in Access Smart and feel that other practices could benefit from my experience. Power LogOn is a reliable, cost-effective solution to enhance network security. I now feel much better knowing that my patients (behind closed doors) are not jeopardizing my practice with a HIPAA violation now that Power Logon is deployed.