Hospitals face many security threats in an environment complicated by high traffic volumes, complex staffing requirements, and a demanding regulatory environment. In California, hospitals must report any security breach event, after which the California Department of Public Health (CDPH) checks policies, practices and audit trails, and executes inspections and assesses fines. Often, hospital administrators must also follow federal guidelines established by the Centers for Medicare & Medicaid Services (CMS) that, at times, conflict with state rules and result in fines. Other entities that set security guidelines include the Joint Commission accreditation and certification body, which has oversight for physical building security, water, safety, fire, and other security processes, and the Det Norske Veritas (DNV), an independent foundation that works with healthcare authorities and providers to manage risk and improve healthcare delivery. Legislation such as the Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996, which established U.S. standards for privacy and security, also impact hospital access control policies and procedures.
Meeting modern security challenges while complying with these and other regulatory mandates requires best practices for both physical and IT security, using flexible and scalable access control systems that can combat today’s evolving security threats while supporting future improvements in security and convenience. It is also important for healthcare institutions to maximize the ongoing value of their investment by ensuring that ID cards used for opening doors can also be used for other applications including time-and-attendance, cashless payment and logical access control to protect IT assets and enhance patient information privacy protection.
Improving Physical Access Control
Hospital security challenges can be extremely complicated. Patients and visitors must feel welcomed and comfortable, yet safe and well protected. Hospitals also must support affiliated doctors who need to carry multiple badges for all the locations they visit. Over time, administrators may want to integrate access control with visitor management, or add video surveillance and other technologies. This can be difficult to accomplish with legacy systems, which are vulnerable to security threats and can’t easily be upgraded to new features and capabilities. In contrast, the latest physical access control system (PACS) system architectures are based on dynamic technologies, making it significantly easier and less expensive to upgrade them. Benefits of these systems include:
- Improved security
- Simplified system management
- Improved risk management
- A path to networked access control
- Ability to add wireless locksets
- More secure and simplified visitor management, integrated with the PACS
- Opportunities to do more with the card
- Convergence of PACS with secure logical access control
Today’s solutions enable healthcare organizations to achieve a versatile PACS that protects everything from hospital doors and storage areas to the cloud and desktops. With proper planning, healthcare institutions will be able to preserve investments in today’s physical access control credential solution as they seamlessly add new capabilities in the future. The result is a fully interoperable, multi-layered and highly adaptable security solution that spans the organization’s networks, systems and facilities, and has room to grow, evolve and improve over time.