Acting as watchful sentinels to any healthcare EMR /EHR system are the access portals. When they fail, the entire system is compromised. Most breaches occur at the password authentication level. According to the 2013 ITRC Breach Report Key Findings:
- Hacking remains the number one method or type of breach, representing more than one-quarter of the total recorded data breaches
- 42% of all data breaches were healthcare related in 2014
More than any other industry, strict regulations require healthcare providers with EHR systems to tightly secure records or face severe penalties. Yet most systems still use dated multi-layer authentication of user ID/password and security question to ensure compliance. Identity technology has evolved far past this.
Multi-factor authentication will be the new standard to identify users. It's not a question of IF your network will switch to this form of identity management but when. Many institutions are delaying migration due to cost, legacy technology and other factors.
There is no need to wait. There is a powerful incentive to migrate now. It's low cost, easily implemented and works on all computers and devices. The answer is multi-factor authentication backed by gesture biometrics: BioSig-ID, the only software gesture biometric solution for identity. This can be a key piece in your Meaningful Use certification strategy.
Not only is BioSig-ID highly accurate (exceeding National Institute of Standards for biometrics by 3X) it is the only truly privacy conscious biometric. Unlike physical biometrics that are unchanging, BioSig-ID's biometric password can be replaced /reset any time. In an industry like healthcare which leads the U.S. in breaches, this is a significant advantage because it limits liability.
All physical biometrics - if stolen or hacked - pose enormous liability for institutions as well as individuals. Since fingerprints, face, palms, etc. cannot be replaced, privacy lawsuits can result. BioSig-ID gives healthcare a much safer alternative, providing the best of biometric security with low risk.
BioSig-ID's companion product BioProof-ID is ideally suited to healthcare needs. BioProof-ID identity proofing and verification service uses live agents to confirm government issued ID then immediately witness the biometric password creation process. This adds additional assurance in identity that meets all criteria for healthcare portal use.
Because the process is virtual, it replaces physical encounters allowing deep savings as it provides new biometric access to your network. Interoperable with any other system that runs HTML 5 or Flash, BioSig-ID can be used by any device including PCs, tablets, laptops, and mobiles.
BioProof-id: seamless ID authentication that can replace physical encounters and facilitate increased telehealth delivery
Healthcare portals must meet several criteria:
a) ensure that first time users are who they say they are;
b) secure access by physicians, nurses, etc. to clinical applications that contain patient data;
c) secure access by payees and other third parties;
d) secure any session both before and after login.
BioSig-ID™ meets these demands easily. It captures a user’s unique movements: direction, speed, length, angle, height, etc. as they draw and create a biometric password using just a mouse or finger. Each time a user logs in their password is compared and only if the patterns match will the “legitimate user” gain access to the online activity. Imposters are stopped in their tracks. Even if they were able to gain access to your password they must duplicate the user’s unique biometric movements used to create the password, which is nearly impossible.
Biometric password login takes just moments, equivalent to most physical biometrics.
BioSig-ID satisfies requirements:
CFR 45, Section 170.314(d)(1) sums it all up—the system must verify against a unique identifier (e.g., username or number) that a person seeking access to EHR is the one claimed and provide the ability to audit access. Certification requires authentication, access control, and authorization.
Additionally, Section 170.314(d)(2-3):
Auditable Events and Tamper-Resistance
The Federal Regulations/Interpretive Guidelines for Hospitals (482.24(c)(1)(i)) require that every entry in the health record should be authenticated and traceable to the author of the entry. Hence, any authentication system must incorporate some method of tracking.
Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
In 2015 - 2017 EHR Medicare and Medicaid incentive programs from CMS include these objectives:
- Electronic Prescribing: (EPs) Generate and transmit permissible prescriptions electronically (eRx); (Eligible hospitals/CAHs) Generate and transmit permissible discharge prescriptions electronically (eRx)
- Protect Patient Health Information: Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities
Qualifies for Electronic Prescriptions for Controlled Substances (EPCS):
BioSig-ID was independently tested by the Tolly Group to meet CFR 21 1311.116 “Additional Requirements for Biometrics” from the DEA's Interim Final Rule for Electronic Prescriptions for Controlled Substances published on March 31, 2010. We can confirm that the results put BioSig-ID technology in compliance with 1311.116. The results of the false positive scores were 3x better than the NIST guidelines for biometrics.
BioSig-ID's ability to provide evidence of all the events surrounding the identity authentication activity not only provides a powerful tool to combat fraud, but also ensures compliance with evolving regulations that continue to mandate ever stricter standards of identity authorization within the healthcare industry.
Epic Healthcare and Ping Identity Management Partners
BSI is an integrated partner providing multi-factor authentication (MFA) for use with Epic’s electronic medical record (EMR) software. BSI is also an approved Ping Identity technology alliance partner offering its patented BioSig-ID™ gesture biometrics into Ping’s popular PingFederate SSO software to enable secure multi-factor authentication.