Clinician using SSO authentication with the tap of a badge.

Authentication in the Changing Healthcare Industry

The manner in which health services are provided to the public has shifted dramatically in a short period of time. Spurred by the global upheaval of 2020 and the commonplace mottos such as “stay home, save lives” that followed, patients and medical staff seeking safer ways to access services increasingly leaned into the world of remote access. But while remote access offers clinicians and patients greater safety and convenience, it has made it mandatory for healthcare institutions to batten down their security hatches and adopt new authentication solutions.

Balancing Security and the Patient Experience

The healthcare industry is highly regulated, with stringent security requirements designed to protect sensitive information. Healthcare institutions must ensure sure both providers and clinicians are who they say they are each time they request access — whether that’s onsite working in-person or when logging in remotely from an offsite location.

There is a lot at stake: adherence to guidelines for Health Insurance Portability and Accountability Act (HIPAA) compliance, vulnerability when it comes to cyber fraud and hacking, insurance fraud, patient identity theft, and ­— since remote access mean services may cross state borders — compliance with geography-dependent laws and licensing requirements. Healthcare providers have all these additional responsibilities to juggle outside of what should be their core focus of tending to patient matters and delivering a healthy customer experience.

Increasing Protection Across Digital Systems

Logging into systems with only a username and password is a fading practice. It’s simply not enough to protect digital data these days. And it’s been a long-term risk for institutions as employees tend to jot down passwords on sticky notes then tape them directly on the medical device that’s supposed to be secure. Often, staff share passwords across departments. This 1990s-type of behavior leaves healthcare organizations incredibly vulnerable and is well-beyond its expiration date.

But bad habits can be hard to break. Even though we hear about data breaches all the time, statistics indicate populations continue to choose convenience over security. Everyone these days is overwhelmed trying to keep track of emails and nonsensical passwords that require a combination of letters, symbols and numbers to gain access. Naturally, people get lazy and reuse or select simple, mundane passwords that can be easily hacked. Making things worse, too often people carry over their personal usernames and passwords into their professional accounts. To bypass these problematic patterns and provide everyone involved with a more secure, seamless and satisfying sign-on experience, responsible organizations are using modern methods of authentication solutions to fortify their remote healthcare access horizons.

A Layered Approach: SSO, MFA and RFID

There are a number of acronyms helping to remedy weak access approaches. You may be familiar with the terms single sign-on (SSO), multi-factor authentication (MFA) or radio-frequency identification (RFID).

SSO authentication allows people to log in with a single ID at the beginning of a work period, granting secure access to various systems whether onsite or remote during telehealth engagements. In the context of healthcare, RFID-enabled SSO is one of the most ideal solutions as it addresses a prominent pain point in this setting — having to log into multiple workstations and IT networks over and over throughout shifts. With authentication solutions like single sign-on, clinicians simply present their smartphone or tap their badge on an RFID reader once to gain ongoing access to computers/PCs, medical equipment, supply dispensing systems and more. This lifts employee satisfaction levels by not having to remember or re-enter multiple passwords and affords workers more time to focus on patient care. It also reduces IT support costs with fewer requests for password resets.

SSO can be made even more secure when paired with multi-factor authentication (also known as two-step verification). With MFA, the user is required to provide a second piece of evidence to prove their true identity. This combination of two factors — a password, physical token (mobile device, smart card or one-time code), biometric or location factor — significantly enhances securing healthcare access and is a fast and simple way to verify identities anytime, from anywhere.

Applying stronger authentication measures like MFA reduces the risk of data and software breaches, thereby optimizing operations and preserving spend as the hassle of ongoing cyber battles and password resets is drastically diminished. Authentication clinicians experience positive, rewarding sign-on scenarios and an uptick in productivity when MFA is part of the organization’s defense strategy. In fact, shoring up security gaps is being closely monitored across many fronts where data privacy and preservation is critical. In 2021, President Biden issued an executive order mandating government agencies adopt strong multi-factor authentication protocols and encrypt sensitive data to bolster cybersecurity efforts.

RFID by HID: Secure and Seamless Authentication

RFID technology has long been a part of our daily technology fabric. First developed for military uses as early as the 1920s, it wasn’t until the 1960s that we began to see it in more mainstream applications. Today, it’s everywhere and so “routine” we usually don’t even notice its presence. RFID technology is used each time we make a contactless payment. It’s in the cards and key fobs we swipe or flash to access buildings, places and spaces. It’s steadily at work as our transponders pass through tollbooth checkpoints. And it moves with our microchipped pets.

In healthcare and office environments, RFID technology is likely already in use via staff ID cards to allow access to secure areas, or to unlock computers to view/modify patient records. It might already drive time and attendance processes or secure printing. With the increased use of e-prescriptions, RFID provides a way to track prescriptions, dosages and overall administration for each patient. It’s especially pertinent to support the burgeoning remote access and telehealth community as a frontline defense against relentless, looming cybersecurity threats.

HID’s identity and security experts funnel knowledge gleaned from use cases around the world to drive security and efficiency into trusted and proven authentication solutions and technologies. Our portfolio of RFID desktop readers and reader modules are designed to offer medical practitioners superior security and access control to safeguard data, streamline workflows and ensure compliance with the industry’s ever-evolving regulations.

Interested in taking better care of your access? Learn how to apply HID RFID solutions directly to your authentication pain points >>

Marc Butler is a Product Manager with global responsibility for the RFID Desktop and Embedded portfolio within the Extended Access Technologies Business Area. Marc brings extensive commercial and technical expertise in both domestic and export markets, a background in technical support and account management, along with 30 years’ experience in the security industry. An effective communicator at all levels within the organization, his proven abilities in producing market requirement specifications provide business case justification for new product development.