Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/10/2008
11:45 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

InformationWeek 500: Secure Authentication is Good Medcine For Cincinnnati Children's Hospital Medical

Fingerprint readers and pass code generators save caregivers time while complying with state laws.

WHAT THE DOCTOR ORDERED
The next step was choosing an actual physical authentication method that would aid Cincinnati Children's in its drive to reduce paperwork, work with the Epic software, satisfy the Ohio Board of Pharmacy and Epic technical requirements, and increase the accuracy and efficiency in handling prescription medications, all without hampering practitioners' ability to prescribe and dispense medications.

The only way to make absolutely sure the biometric/token authentication system was workable was to conduct a pilot test with clinicians in a live setting. Cincinnati Children's documented its evaluation using an annotated matrix, in which IT scored each product based on usability, technical implementation, support, and security. The organization chose RSA's Secure ID tokens and Sentillion Identix fingerprint readers for its Secure Authentication program.

LESSONS LEARNED
DOUBLE UP  Business processes should drive tech deployments. For Cincinnati Children's, that meant two authentication systems were needed to let clinicians handle medications regardless of their location.
KEEP MOVING  It's more efficient to address the spirit than the letter of a regulation. At Cincinnati Children's, other authentication options would have stalled plans to streamline processes.
THE RIGHT FIT   One authentication method doesn't fit all. Some fingerprints won't work with the readers, some users have a hard time reading their pass codes, and some just prefer one method over the other.
Either authentication method can be used within Epic to authorize the prescription or dispensing of medicines. Cincinnati Children's chose to support both because fingerprint biometrics, although efficient for practitioners, requires fingerprint readers at every workstation that might be used to enter prescriptions into Epic. This isn't always possible: Authorized users might be in an office or clinic within the hospital that doesn't have fingerprint readers, but they still must be able to prescribe medications or document that medications were administered. Tokens like RSA SecureID are a simple-to-use, portable authentication method that satisfy regulations and aren't tied to specific workstations.

In addition, fingerprint readers won't work when the clinician is wearing gloves or, in rare cases, when an employee simply doesn't have clear enough fingerprints to be usable. Cincinnati Children's selected RSA's SecureID tokens as an alternative so practitioners who can't (or won't) use a fingerprint reader can still authorize medications.

DIG DEEPER
WHAT AILS E-RECORDS?
Ditching paper forms for electronic records? See what's taking so long.
Epic Software provides native support for both RSA's Ace Server, used to authenticate the SecureID tokens, and Identix fingerprint readers. During the configuration and rollout of Epic at Cincinnati Children's, IT administrators simply add the required authentication methods into the Epic transaction system, defining which transactions require token or fingerprint authentication.

Illustration by Brian Stauffer

Slideshow: Innovation Leaders

Return to the 2008 InformationWeek 500 homepage

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20663
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and ea...
CVE-2021-20664
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlie...
CVE-2021-20665
PUBLISHED: 2021-03-05
Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and ear...
CVE-2021-28031
PUBLISHED: 2021-03-05
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.
CVE-2021-28032
PUBLISHED: 2021-03-05
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.