Southeast Texas Medical Associates (SETMA) is a privately owned consortium of medical professionals dedicated to providing the best medical care to patients, and with a unique commitment to technology. Unlike many organizations that follow a reactive approach, SETMA anticipates the future of electronic medical record management and patient security and has implemented an innovate set of tools and solutions to stay ahead of the curve.
Just as medical offices store paper medical records behind lock and key, SETMA Chief Informational Officer Richmond Holly realized there was a need for stronger access controls to protect their online systems. SETMA was using industry standard user names and passwords to login to the network, but Holly felt this was not enough to protect this critical information. User names and passwords were problematic as they were less secure and cumbersome for the doctors to remember with increasingly longer and more complicated passwords. Holly worried because he suspected some users were writing down or sharing login information - a big security risk.
Richard Holly explains: "Security is a big thing for us. The majority of the healthcare industry has been lax in securing networks. Although there is no current regulation that requires two factor authentication, we wanted to lead the way, and go above and beyond what is necessary to protect our patients. Not only were we using shared logins for all exam rooms, which wasn't secure, but our physicians still had to use separate user names and passwords to login to various applications every time they went to a new patient room. It was tedious for our staff to remember all the complicated passwords and we didn't want our patients to see our processes as anything less than seamless."
Holly and his team evaluated several solutions, but liked the idea of two-factor authentication - something you have (token or smartcard) paired with something you know (PIN). They chose Gemalto's IDPrime smartcards for security reasons, but also to improve efficiency and convenience. In addition, it ensures physicians don't leave a computing device with an open session.
It was easy to deploy smartcards with SETMA's existing Microsoft environment, making the smartcards easy to deploy and simple to use with no need to install or maintain any extra software or middleware. The smartcards were also integrated with door security at SETMA's four clinical locations, making a converged badge for physical and logical access. For the management of the smartcards, SETMA chose the vSEC:CMS S-Series application which allowed their IT administrators to quickly deploy digital identities to the smartcards assigned to the staff. Using the vSEC:CMS S-Series application, the complete lifecycle of the smartcards could be managed from one central application.
Using a SETMA physician as an example, here's how it works:
Richmond Holly, Chief Informational Officer, explains: "The patients think it's the coolest thing. They see our use of the smartcards as going the extra mile to protect their data. From its inception, SETMA has prepared for the future of healthcare with technology, backed by strong security solutions. We're confident our solutions not only meet government regulations, but far outweigh those standards, and we're proud to be a pioneer."