You are the HIM Director and Privacy Officer for a 300-bed hospital that part of

Question

You are the HIM Director and Privacy Officer for a 300-bed hospital that part of a large healthcare organization. In an effort to lower costs, the leadership of the organization has made the decision to outsource all transcription services to an independent contractor. In order for this to occur, the IT Director at your facility is requiring that the independent contractor use a multi-factor authentication method as an added measure of security in order to ensure the authenticity of the individuals accessing the electronic health record (EHR). You are to propose a plan for your supervisor regarding the following: 1. Provide rationale for why authentication is a necessary component when working with a vendor 2. Detail the potential threats to the organization if multi-factor authentication is not implemented in this instance. 3. Evaluate the options that are available for authentication (PIN, biometric, etc) create a recommendation supporting your choice of methods.

Explanation / Answer

1. While dealing with a vendor, there is a likely a channel of communication between the internal IT infrastructure and external sources/destinations. This means there will likely be an open channel of communication. As a result, it is possible for anyone from outside to access the data of the healthcare facility.

The healthcare facility will be housing some very sensitive data such as identification details, insurance details and other information about the patients. Any party with malicious intent could possibly enter the system from outside and steal these data. As a result, the connection between external systems and internal system needs to be secure. One of the ways of making sure that these connections are secure is authentication.

2. Multifactor authentication is a process of providing credentials across multiple channels. For example, entering a password and receiving an email/message with a token. Along with the password, the toke must be entered as well to gain access to a system. This is more secure than providing just the password for authentication.

A healthcare center is likely to see a lot of people on a normal day. The risk of a crowded place is the likelihood of passwords being read by some individual. In addition, there are always chances of social engineering. Hackers often guess passwords through social engineering and large group of people provide more surface area for such attacks.

A multifactor authentication not only secures such risks, but also provides users with a single sign on options. With that, the users can log into specific portals/application on their computers without entering password. However, it works only for that particular computer. This makes the login process difficult for hackers but easier for the users.

3. The facility should implement multiple authentication methods for various levels. For example, the entry to hospital wards could have a keycard or pin based authentication. The laboratory should have minimum two factor authentication. For example, biometric and keycard. The more sensitive data such as the patient files/records could have multifactor authentication that includes keycard, biometric and pin.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.