informa
/
Risk
News

InformationWeek 500: Secure Authentication is Good Medcine For Cincinnnati Children's Hospital Medical

Fingerprint readers and pass code generators save caregivers time while complying with state laws.
WHAT THE DOCTOR ORDERED
The next step was choosing an actual physical authentication method that would aid Cincinnati Children's in its drive to reduce paperwork, work with the Epic software, satisfy the Ohio Board of Pharmacy and Epic technical requirements, and increase the accuracy and efficiency in handling prescription medications, all without hampering practitioners' ability to prescribe and dispense medications.

The only way to make absolutely sure the biometric/token authentication system was workable was to conduct a pilot test with clinicians in a live setting. Cincinnati Children's documented its evaluation using an annotated matrix, in which IT scored each product based on usability, technical implementation, support, and security. The organization chose RSA's Secure ID tokens and Sentillion Identix fingerprint readers for its Secure Authentication program.

LESSONS LEARNED
DOUBLE UP  Business processes should drive tech deployments. For Cincinnati Children's, that meant two authentication systems were needed to let clinicians handle medications regardless of their location.
KEEP MOVING  It's more efficient to address the spirit than the letter of a regulation. At Cincinnati Children's, other authentication options would have stalled plans to streamline processes.
THE RIGHT FIT   One authentication method doesn't fit all. Some fingerprints won't work with the readers, some users have a hard time reading their pass codes, and some just prefer one method over the other.
Either authentication method can be used within Epic to authorize the prescription or dispensing of medicines. Cincinnati Children's chose to support both because fingerprint biometrics, although efficient for practitioners, requires fingerprint readers at every workstation that might be used to enter prescriptions into Epic. This isn't always possible: Authorized users might be in an office or clinic within the hospital that doesn't have fingerprint readers, but they still must be able to prescribe medications or document that medications were administered. Tokens like RSA SecureID are a simple-to-use, portable authentication method that satisfy regulations and aren't tied to specific workstations.

In addition, fingerprint readers won't work when the clinician is wearing gloves or, in rare cases, when an employee simply doesn't have clear enough fingerprints to be usable. Cincinnati Children's selected RSA's SecureID tokens as an alternative so practitioners who can't (or won't) use a fingerprint reader can still authorize medications.

DIG DEEPER
WHAT AILS E-RECORDS?
Ditching paper forms for electronic records? See what's taking so long.
Epic Software provides native support for both RSA's Ace Server, used to authenticate the SecureID tokens, and Identix fingerprint readers. During the configuration and rollout of Epic at Cincinnati Children's, IT administrators simply add the required authentication methods into the Epic transaction system, defining which transactions require token or fingerprint authentication.

Illustration by Brian Stauffer

Slideshow: Innovation Leaders

Return to the 2008 InformationWeek 500 homepage

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5