HITECT MultiFactor Authentication for McKesson HIS

by | Feb 14, 2013 | Cyber Security, Healthcare, Hospital Information System, Multifactor Authentication,, Password Authentication, Password Management, Smartcards

Multifactor Authentication required by HIPPA & HITECH

Multifactor authenticationAccess Smart® adds multifactor authentication to McKesson’s Paragon Hospital Information System (HIS) software. Access Smart’s Power LogOn® application requires no modifications to the Paragon software so integration is fast and easy. With Power LogOn, hospitals, clinics and other health-care providers can now address their HIPAA and HITECH compliance concerns while protecting patient’s private records. “You can’t have the health-care reform act without electronic health records,” says Judy Hanover, a health-care technology industry analyst at IDC. True, but you can’t have privacy without first authenticating who is accessing your electronic health records.

Access Smart analyzed the Paragon HIS software and quickly updated Power LogOn to now auto-launch Paragon, auto fill-in the user name and password fields, and auto shutdown Paragon when the smart card is removed. Furthermore, Power LogOn ties into Active Directory so virtually any computer, network, internet site, cloud and application that requires a user name and password can easily be secured by the same smartcard. Power LogOn can also be added to RFID access control cards for a single card solution.

Market Place Demands a Solution

Many healthcare providers have the problem that computers in an examining room remain logged into their Paragon HIS application because the nurses and/or doctors don’t want to log out. They find it too cumbersome to have to re-type their user names and passwords every time they access a computer. A patient who may be waiting alone in the examining room could check their or other patients’ medical records.

IT needs to remove their weakest security link: the user. User managed network security procedures are unacceptable for IT because it raises HIPAA/HITECH compliance violation concerns. In some cases to address the convenience factor, IT has assigned the same simple password for every Paragon user. A weak password, keylogger, over-the-shoulder surfer or lost password reminder note puts compliance in jeopardy. This brought up a major security concern for IT that they could never truly authenticate and report who was actually logging in and when.

How Power LogOn works with Paragon HIS and the benefits

Stop your care givers from carrying pieces of paper with all their passwords written down to log into their different computer programs and accounts. Security doesn’t have to be cumbersome to be effective; it just has to be designed from the user’s perspective. That is what Power LogOn has done.

A nurse or doctor inserts their smart card ID badge into a computer’s smartcard reader. They authenticate themselves to the smartcard with a single PIN and/or Biometric (finger print or iris scan). After a successful authentication, Power LogOn then auto launches the Paragon HIS software and auto fills in the person’s user name and password. Then when the nurse or doctor leaves the computer they simply pull their smartcard out of the reader and Power LogOn automatically logs the user off and properly shuts down Paragon HIS and readies the computer for the next user.

The Power LogOn benefits include user convenience for the doctor or nurse since they no longer have to remember, type or even know their passwords. IT administrators can increase security since they can assign very long complex passwords and frequently change them without affecting the doctor or nurse. And the CEO/CFO has a low cost of ownership: no subscriptions feeds, no backend server modifications and transferable licenses.

Conclusion

As the healthcare industry installs more Electronic Health Record (EHR) solutions and networks the HIPAA compliancy issue of authenticating the person accessing those records becomes paramount. In reviewing any government data security reports, they all recommend at least two factors of authentication. Power LogOn uses a mixture of authentications that IT can control to deliver up to eight Levels of Assurances between the user-to-card, card-to-computer, card-to-server, and user-to-server. Power LogOn is a separate application so there are no modifications required to EHR software.

To learn more about Power LogOn contact Access Smart for a free, no obligation consultation.

About Access Smart, LLC:
Headquartered in Ladera Ranch, California, Access Smart, LLC is dedicated to empowering businesses, agencies and institutions to securely regain control over their computer network authentication and data access authorization. Security does not have to be cumbersome to be effective. That is why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low-cost-of-ownership. Security should never be a luxury, especially with rampant data breaches and privacy regulations.

For more information about Access Smart, please visit www.Access-Smart.com.

Access Smart and Power LogOn are trademarks exclusively licensed to Access Smart, LLC. Other product names are either trademarks or trade names of their respective holders.