Topics
Reimbursement
Home health agencies get half a percent pay increase
Home health agencies get half a percent pay increase
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
HIMSSCast: Is private equity the bad guy in healthcare?
HIMSSCast: Is private equity the bad guy in healthcare?
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Hospital margins climb to 5.1% in September
Hospital margins climb to 5.1% in September
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
$47.5 million grant allows Rutgers to turn lab discoveries into practical healthcare
Rutgers to promote 'translational' science with $47.5M grant
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cleveland Clinic partnering with Cavaliers on new training center
Cleveland Clinic partnering with Cavs on new sports complex
Compliance & Legal
Elevance latest insurer to sue over Medicare Advantage star ratings
Elevance latest insurer to sue over Medicare Advantage star ratings
Policy and Legislation
HHS investing $75 million in rural healthcare infrastructure
HHS investing $75 million in rural healthcare infrastructure
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
ACO REACH changes more negative than positive, says participant
ACO REACH changes not positive, says participant
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
Aetna underperforms, plans recovery as CVS Health logs $95.4B in revenue
CVS Health logs $95.4B in revenue as Aetna struggles
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Elevance Health 'considering options' following star ratings hit
Elevance Health 'considering options' following star ratings hit
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
HIMSSCast: Prior authorization as gatekeeper
HIMSSCast: Prior authorization as gatekeeper
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Teladoc posts $640.5 million in revenue, stresses virtual care improvement
Teladoc posts $640.5 million in revenue
Mergers & Acquisitions
Steward Medical sold to Rural Healthcare Group 
Steward Medical sold to Rural Healthcare Group 
View more
Jan 14, 2013 More on Quality and Safety

3 strategies for strengthening internal data security practices

Benjamin Harris

When it comes to securing a hospital's IT, the focus is on keeping unwanted or unauthorized people out of the system. Strengthening a system to bar access to the wrong people while making it easy for the right ones to get in is always on IT managers' minds. What most people think about in the realm of security is referred to as "perimeter control," or securing a system from outside intruders.

But this is not the only area that needs focus, as there are just as many threats to network security within an organization as there are without. Paul Christman, Vice President, Public Sector Sales and Marketing at Dell, speaks about three key elements of internal controls that help ensure a system's IT is as strong inside a hospital's corridors as it on the outside.

[See also: Data breach leads to $1.7M fine for Alaska DHSS]

1. Two-factor identification. Probably the most familiar to the security-minded, two-factor identification is the next step beyond the traditional system of requiring a username and password for access. "Username/passwords are the foundation for a lot of our internal security, but passwords can get lost, passwords can get hacked," says Christman. Much more secure is coupling the username/password combination with an additional token, like a key card or some other unique device that helps identify a person trying to log on as who they should be. This second factor is only limited by the bounds of an IT department's imagination- and its budget. "It could be a key fob, you see people carrying around little tokens that have random number generators," says Christman. He goes on to describe advances being made to develop "soft tokens," or a strong second factor that can reside on something almost every hospital worker is permanently attached to- a person's mobile device. Two factor identification, while not bulletproof, makes simply cracking a password much less effective. Christman likens the system to an ATM machine, saying that just a PIN or card alone will not grant access – the two are needed in conjunction to make the system work.

2. Identity of a service. Anybody in a healthcare system probably has to deal with more than a handful of passwords. Christman says this horde of passwords is part of the problem. Another problem is keeping track of all of a system's users and the hassles that entails. The solution to this lies in authenticating a user's device to connect to a central server, which then passes on the authentication details to the specific applications that a user is approved to access. "The system understands who I am, the authentication engine passes my credentials on to the software," says Christman. "You can control these credentials from one place and you can shut someone out. You don't have to worry about all of the different places their identity was stored." Authenticating through identity of service also has its added security benefits. "If you just have a username/password to a website, you can share that on a Post-It note," says Christman. "It's horribly insecure." With identity of service, there are no passwords to share. Also, when someone leaves the system or loses a device, removing privileges is as simple as a few clicks.

3. Least privileges. Ever want to be king for a day? Turns out that's actually one of the best ways to manage large IT systems where multiple people need administrator access, according to Christman. Networks allow for different levels of permissions, or ability to change and control configurations, with the highest level called root, which is basically "god status," says Christman. "You can do anything you want inside the IT services. You can do all sorts of very very high level things." It's not necessary for most to operate at this level, and as a result they're granted the much more commonplace user-level accounts. When someone needs a higher level of authority, instead of granting them unlimited access, Christman says least privileges allows a manager to "grand the amount of privileges necessary for a person to do their job, no more, no less." With this system, a user can get enhanced privileges for a specified period of time when "everything you do during that time is watched and logged and audited," says Christman. "When you give the keys to the kingdom to someone, you have to know you can get them back."
 

[See also: Security breaches prove costly for California hospitals]

 

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.