Two-factor authentication has not only helped bring an Ohio health care facility into compliance, but streamlined processes and improved data security, reports Greg Masters.

When Dublin Methodist Hospital in Dublin, Ohio sought to enhance patient safety and clinical quality, part of this initiative involved computerized provider order entry. For electronic medication orders, the state of Ohio Board of Pharmacy requires two-factor authentication. This ensures physicians provide identifying credentials at the time of the transaction. Knowing this requirement, the hospital needed to implement a second factor of authentication, such as biometric identification.

The 300,000 square foot, 94-bed facility (expandable to 300 beds) opened its doors to the public in January 2008, with a 24-hour emergency department, surgical services, women's health and obstetrics, and intensive care. It has nearly 1,000 physicians, associates and staff using more than 150 applications. The facility is a part of OhioHealth, a nonprofit, charitable health care organization serving and supported by the community.

“We had previously implemented a medication administration system utilizing barcodes in order to reduce errors, which occur when medications are administered,” says OhioHealth CTO Jim Lowder (left). “This helped us to reduce medication administration errors, but we still needed to address errors which occur during ordering.”

He cites studies which have shown that a majority of medication errors occur during the ordering process. “Implementing electronic ordering of medications helps us to reduce those errors as well. This is all part of the closed loop medication management process. Being able to meet the authentication regulations of the Ohio Board of Pharmacy was critical to our ability to improve patient safety through electronic medication ordering.”

OhioHealth has 280 staff members in its IT department , and Lowder credits Michael Krouse, system vice president and chief information officer, with managing the transition.

The IT team evaluated several identity and access management solutions. Lowder says the team wanted a robust, cost-effective and easily deployed solution that would allow the hospital to comply with state of Ohio Board of Pharmacy requirements for two-factor authentication.

“In addition, we required a solution that could provide a streamlined, fast and convenient process for physicians to login and out of applications they need to deliver optimal patient care.”

The IT team recommended Imprivata's OneSign platform. The tool enables quick access to applications and  effectively addresses the requirement for two-factor authentication, he says. In addition, the solution was cost-effective, simple for the hospital staff to learn and use, required minimal support and could integrate well with other core health care applications, says Lowder.

“Imprivata's OneSign platfom helps organizations safeguard enterprise information assets by enabling secure access to networks and applications – improving user productivity and convenience, while reducing the time, risk and cost of complying with data privacy and protection regulations,” says Imprivata CTO David Ting (left).

OneSign Single Sign-On (SSO) provides users easy access with one strong password or biometric to all of the applications and information necessary for optimum patient care.

An extension of the OneSign platform, ProveID, provides the means to insert transactional strong authentication into any application's workflow, says Ting, adding that it addresses increasing policy and regulatory compliance requirements being mandated.  

“As more and more health care organizations shift toward paperless transactions, they are realizing that identity-based regulations are becoming more common and stringent across various industries,” says Ting. “As a result, transaction-level authentication will be the norm in any situation where a person's identity is an important element of the transaction.”

However, there is one area of the electronic prescriptions story that is missing from the conversation -- authenticating that the prescription drug order is legitimate and truly from an approved physician. Electronic transactions are easier and quicker, but so is the potential for misuse and fraud, says Ting.

He credits The Ohio State Board of Pharmacy for being on the mark with its requirements calling for "positive identification" for the prescriber with online prescription orders to use "a method that may not rely solely on the use of a private personal identifier such as a password, but also include a secure means of identification…,” including biometrics or proximity badges.

“The ProveID functionality has enabled strong authentication at the point of medication orders.  It has gained acceptance by the State Board of Pharmacy, regarding positive identification when prescribing, dispensing or administering medications,” Lowder says.

The system is deployed throughout Dublin Methodist Hospital. Some fingerprints have been more challenging to recognize, but Lowder and his team have worked closely with Imprivata to understand the nuances of fingerprint technology and how to better educate staff.

He adds that the team found the platform to be very manageable and that employees at the facility had a fairly easy time learning how to use the technology.

“We are currently developing plans for rolling out the OneSign platform throughout the organization.”

“While meeting the stipulations of the state and other regulating bodies has been an important marker for Dublin Methodist Hospital's progress, the end goal has always been providing the highest quality care in the safest environment for our patients,” says Lowder. “Imprivata has played an integral role in helping DMH meet that goal.”

“OhioHealth's Dublin Methodist Hospital, on the cutting edge with opening an entirely paperless facility, has taken a significant step in deploying a strong authentication solution to help its physicians and clinicians embrace electronic prescriptions while adhering to the state's mandates surrounding them,” says Ting. “Now other industries/states are following suit requiring positive identification and strong authentication for these online orders.”


[sidebar]

MANDATES:
Patient data

At Dublin Methodist Hospital in Ohio, the implementation of Imprivata's OneSign platfom has proven useful in complying with mandates.

“Imprivata's OneSign platform simplifies application access and provides another level of authentication at Dublin Methodist Hospital to help ensure compliance with Health Insurance Portability and Accountability Act (HIPAA) standards,” says OhioHealth CTO Jim Lowder.

Strong authentication implementation, easily enabled with OneSign, allows companies to comply with HIPAA regulations for patient data security requirements and adds no additional cost to the overall solution, says Imprivata CTO David Ting.

“The ProveID functionality helps organizations comply with increasing regulations, including state of Ohio Board of Pharmacy's requirement for two-factor authentication for controlled drug prescription orders and HIPAA regulations for patient data security,” says Lowder

These instances of positive identification authentication requirements are just the tip of the regulation iceberg, adds Ting.

“Whether government-driven or industry-driven, transaction level security is becoming a crucial element for health care and other organizations in the transition toward paperless transactions.” – GM