Case study: SETMA
Southeast Texas Medical Associates (SETMA) is a privately owned consortium of medical professionals dedicated to providing the best medical care to patients, and with a unique commitment to technology.
Unlike many organizations that follow a reactive approach, SETMA anticipates the future of electronic medical record management and patient security and has implemented an innovate set of tools and solutions to stay ahead of the curve.
Just as medical offices store paper medical records behind lock and key, SETMA Chief Informational Officer Richmond Holly realized there was a need for stronger access controls to protect their online systems. SETMA was using industry standard user names and passwords to login to the network, but Holly felt this was not enough to protect this critical information. User names and passwords were problematic as they were less secure and cumbersome for the doctors to remember with increasingly longer and more complicated passwords. Holly worried because he suspected some users were writing down or sharing login information - a big security risk. Richard Holly explains:
"Security is a big thing for us. The majority of the healthcare industry has been lax in securing networks. Although there is no current regulation that requires two factor authentication, we wanted to lead the way, and go above and beyond what is necessary to protect our patients." /Richmond Holly, Chief Informational Officer
Not only were we using shared logins for all exam rooms, which wasn't secure, but our physicians still had to use separate user names and passwords to login to various applications every time they went to a new patient room. It was tedious for our staff to remember all the complicated passwords and we didn't want our patients to see our processes as anything less than seamless."
Holly and his team evaluated several solutions, but liked the idea of two-factor authentication - something you have (token or smartcard) paired with something you know (PIN). They chose Gemalto's IDPrime smartcards for security reasons, but also to improve efficiency and convenience. In addition, it ensures physicians don't leave a computing device with an open session.
It was easy to deploy smartcards with SETMA's existing Microsoft environment, making the smartcards easy to deploy and simple to use with no need to install or maintain any extra software or middleware. The smartcards were also integrated with door security at SETMA's four clinical locations, making a converged badge for physical and logical access. For the management of the smartcards, SETMA chose the vSEC:CMS S-Series application which allowed their IT administrators to quickly deploy digital identities to the smartcards assigned to the staff. Using the vSEC:CMS S-Series application, the complete lifecycle of the smartcards could be managed from one central application.
Using a SETMA physician as an example, here's how it works:
- Physician uses the smartcard with the contactless physical access control system to enter into the facility.
- The card is attached to a white coat for secure visual identity.
- Physician greets the first patient of the day and enters the smartcard into the shared computer for two factor logical access. Pulls up the patient chart to access medical history and enter information from the visit.
- When the visit is complete, the physician pulls the card from the computer, automatically logging out of the shared resource. The system is disconnected and will only reconnect when a card is inserted and the PIN is entered. However, whatever applications the physician logs into will remain open throughout the day, so there is no more logging in and out of multiple applications while the patient waits.
- The physician travels to another location and uses the same secure identity card to access the physical access control system for this location.
- Physician uses the badge to securely login to the computing resources at new location. Applications remained from the earlier session. This allows the physician to continue to see patients at the new location without re-opening applications.
Richmond Holly, Chief Informational Officer, explains: "The patients think it's the coolest thing. They see our use of the smartcards as going the extra mile to protect their data. From its inception, SETMA has prepared for the future of healthcare with technology, backed by strong security solutions. We're confident our solutions not only meet government regulations, but far outweigh those standards, and we're proud to be a pioneer."