COMMENT: Ensuring security in e-Prescribing
DAVID TING of Imprivata, a single sign-on and access management solutions provider, explores how NHS trusts can ensure security in e-Prescribing functions
INFORMATION technology has taken centre stage in the healthcare market as the introduction of Electronic Medical Records (EMRs) has demanded new levels of IT security.
An increased focus on access management and re-authentication has been driven by the requirement to protect these new volumes of sensitive digitised data, particularly as healthcare organisations have begun to roll out e-Prescription services which have further raised concerns around the medico-legal responsibility of electronic information.
With this in mind, hospitals are increasingly turning to technology in the hopes of avoiding security breaches without inhibiting clinical workflow, all while adhering to strict data protection regulations.
In a progressively digital era, the challenge of secure end-user access to patient data has become ever more prominent, especially as staff need daily access to a growing number of IT applications and systems, each with a unique username and password. Given this, password and user account sharing have become more and more common. But, while this may save time in accessing critical patient data, the primary objectives of essential security measures are defeated.
Now, as we see a proliferation of sensitive patient data online, and as clinical users gain power to administer prescriptions digitally, the need to solve access issues and guarantee identification of the end-user is essential.
As we see a proliferation of sensitive patient data online, and as clinical users gain power to administer prescriptions digitally, the need to solve access issues and guarantee identification of the end-user is essential
The benefits of electronic systems such as e-Prescribing lie in workflow and efficiency as well as in improved patient safety, care and services. However, healthcare trusts without the ability to authenticate users to the IT system at the transaction level leave themselves exposed to risk. Without this level of security it’s impossible to determine that the clinician logged into an application such as e-Prescribing is in fact the user administering the prescription.
For example, if Doctor A was to leave his workstation unattended and Doctor B ordered a prescription using the same workstation while logged in as Doctor A, any resulting complications would incorrectly follow an audit trail back to Doctor A. With this in mind, in order to optimise the benefits of e-Prescribing while maintaining high levels of security, trusts need to find a way to ensure non-repudiation of e-Prescriptions. To specifically tackle the security challenges associated with e-Prescriptions, trusts can also introduce another layer of authentication at the transaction level. By demanding that users re-authenticate at the point of issuing a prescription, healthcare organisations can benefit from non-repudiated access records, offering an assured link from a prescription back to the clinician who placed the order.
By using methods of strong authentication, NHS trusts can further address security concerns around the e-Prescription process and, by utilising finger biometrics, for example, which cannot be duplicated or shared, and which improve clinician workflow, trusts can add further reliability and convenience around the identification of the end user.
Heavy penalties have been introduced, which include fines of up to £500,000 and, in light of this, and recent budget cuts, NHS trusts are more aware than ever of the critical importance of improving access management practices
The Information Commissioners Office has heavily criticised the NHS for the sheer number of security breaches and data losses that are reported, while highlighting the need for healthcare organisations to improve security measures to protect sensitive, private data. Heavy penalties have been introduced, which include fines of up to £500,000 and, in light of this, and recent budget cuts, NHS trusts are more aware than ever of the critical importance of improving access management practices.
The introduction of e-Prescription services has further served to enforce this concept and, while clinicians face the challenge of securely accessing multiple applications during each working day, NHS trusts are responsible for providing systems that will not only improve workflow and security, but also provide a platform for further developments in healthcare IT as technology and business requirements continue to change.
