Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Biometrics – Security, Password Change Policy

Posted on March 29, 2006 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Security
Biometrics Security is pretty impressive. We’ve joked a few times about what happens if you lose your finger (the situation at Wendy’s comes to mind). Let’s just say that the chances are good that this won’t be a problem. More importantly the biometrics people have really given you quite a few options on keeping it secure. One example is that with the biometrics you can also store a pin number that people can use. If I wasn’t so lazy in this moment I would pull out the part of HIPAA that says something about dual authentication methods. Your finger and a pin number sounds like dual to me. When you add in my previous article about False Acceptance Rate and False Reject Rate, then biometrics is a great option for securing EMR.

One other really nice feature with biometrics security is that you can choose to restrict people from using a password to get into certain programs. While this could be scary if something happens to the biometrics device it is an interesting concept. Since it is all managed by group policy in active directory I could train my end users on just using their fingerprints and never having them know their password(see below for password change policy). I would of course want to be able to use a password or biometrics, but there might be a few cases where you could literally restrict access to EMR to a fingerprint. Now that’s security!

Password Change Policy
One other impressive feature that I had never considered is how does biometrics handle the wonderful password change policies required by HIPAA? It’s not like your fingerprint can be changed. The units I’m testing can take care of this for you as part of the templates you create for each application. In fact, if you don’t want to have users know the password at all you can even have the biometrics software generate a password. I think this might be a little scary since then if the biometric device breaks or some other problem then you have no way of getting into your EMR program(or other application as desired).

Loose Sheets of Paper

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was approached the other day by my HIM (medical records) staff with a sheet of paper asking me to find which patient it belonged to.

Yes, unfortunately we have an electronic medical record with as little paper as possible, but you are always going to have papers floating around. Even with EMR you can’t stop patients from bringing in paper to you which you are then responsible to keep. Good thing you can at least scan the paper. Scanning is definitely worthy of another post though.

So, here I was charged to find which patient this stray sheet of paper belonged to. This paper had no identifying information for the patient (Don’t ask me how that happened). The only information that could really be gleaned from it was which doctor had seen the patient, the patient was a nursing student and that the patient was pregnant. Now many of you may be saying, well having many nursing student patients do you have which are pregnant? This is a valid question, but all those people balking at my example take a step back and imagine you didn’t have an electronic medical record. How would you find this patient?

Charts..
Charts..
More Charts!

Is there really anything else that could be done besides sifting through chart after chart? I can’t really think of much.

With an EMR it was no problem finding whose chart it must be. I pulled up all patients with a pregnancy diagnosis for that doctor and then looked for the patients that were in the nursing school. Patient Found!!