In every hospital scenario, 6 of 8 FTE’s (Security Administrators) are dedicated in provisioning and de-provisioning users. And 40% of helpdesk calls are requests for resetting the passwords. These are some of the realities that most of the large organizations face.
Any typical hospital (with more than 2000 beds and 4000 employees) helpdesk averaged between 20 and 25 password resets a month, and each required about 30 minutes to resolve because of laborious process of receiving the call, placing the work order, resetting the password and then informing the busy clinician.
Does this play a significant role in HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) requires that health institutions employs procedures that protect the disclosure of an individual’s personal health information, ensuring privacy and security of information as it is collected, processed and transferred to other health organizations.
Password management is a critical component of your HIPAA compliance plan. These passwords also protect your PM and EMR systems, and all the critical Protected Health Information they store.
Let’s take a look at the Administrative Safeguards section of the HIPAA Security Rule.
4. PASSWORD MANAGEMENT – § 164.308(a)(5)(ii)(D)
The last addressable specification in this standard is Password Management. Where this
implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must implement:
“Procedures for creating, changing, and safeguarding passwords.”
In addition to providing a password for access, entities must ensure that workforce
members are trained on how to safeguard the information. Covered entities must train all
users and establish guidelines for creating passwords and changing them during periodic
In accordance with HIPAA regulations, all new passwords must be “strong,” meaning difficult for individuals and automated systems to decipher and be frequently changed once in 120 days.
Creating new passwords frequently may help to lessen short-term risk.
People often forget their password particularly after a long weekend and vacation. Secret questions as a backup password is a bad idea.
Speech-Activated Password Resets
Here’s a solution that uses voiceprint as a backup password. Sensiple’s Voice Biometric Password reset solution, prompts the user a passphrase to repeat to reset the password.
Using Sensiple’ Voice biometric Password Reset solution, enterprise users can reset their own passwords quickly and securely. After a simple one time enrollment, users can access the system 24 hours a day, 7 days a week over any telephone to reset their password.
The real beauty of this system is that it doesn’t require any customer support personnel to deal with the user. Voice verification enrollment takes about 30 seconds to register using their own easy-to-remember phrase and identity verification takes less than 5 seconds.
Quick ROI can be realized within two months and our solution helps to save 70% Opex and Time in a year.
Voice Biometrics to protect Patient Data Integrity
Voice biometrics solutions are increasingly used to secure tablet and smart-phone based healthcare applications. Voice biometrics helps in ensuring that only the designated person is accessing sensitive EMR data through a tablet or patient viewing his results on his smart phone app.