Health System Can Ensure Secure Remote Access to Patient Data with Multi-Factor Authentication
Presence Health, with more than 150 locations, serves the healthcare needs of people throughout Illinois. The organization’s physicians and other workers often need to remotely access patient health records. To ensure secure and simple access for these employees, Presence deployed Windows Azure Multi-Factor Authentication. This service helps healthcare workers focus on patient care and makes it possible for the organization to secure access to health records in accordance with US healthcare regulations.
"For physicians, every second counts. If they need to get into an application right away to view an x-ray, for example, they can do that quickly and securely with Windows Azure Multi-Factor Authentication."
Presence Health is the largest Catholic health system in Illinois, with 12 hospitals, 27 long-term care and senior living facilities, and dozens of physician offices and health centers. The organization’s 150-plus locations provide a range of healthcare services to hundreds of thousands of people across the state.
Like most healthcare organizations, Presence Health must comply with Health Insurance Portability and Accountability Act (HIPAA) regulations, which ensure the confidentiality of patient records. For the organization’s IT department, that means maintaining tight control over who has access to clinical and financial applications. “Many of our physicians and other employees need to get into our network to use applications from home or while on the road,” says Mike Baran, System Director, Technology, Presence Health. “Our compliance department has mandated that we have multi-factor authentication in place for those employees.”
For several years, Presence workers used security tokens, small hardware fobs with a passcode that each employee entered when logging in. But those devices had become unreliable. “People would misplace the fobs and, in some cases, drop them or have the battery run out,” says Baran. “They had become very problematic.” Additionally, the devices did not provide simple network access. “They were cumbersome to use,” he says. “People would have to push a button, get a number, and take a few extra steps to get into the system securely. It was inconvenient.”
To solve these challenges, Presence sought to find a new multi-factor authentication solution for remote users.
Presence Health considered several solutions, including hardware-based technologies, before it decided on Windows Azure Multi-Factor Authentication, powered by PhoneFactor. “We liked the solution immediately because it is phone-based,” says Baran. “Everyone in our organization is tied to their cell phone, so this solution made so much sense to us. Also, this solution was much more cost-effective than the hardware-based solutions we evaluated.”
Windows Azure Multi-Factor Authentication helps safeguard access to the organization’s clinical and financial applications using the phones their employees already carry. Remote employees sign in with their username and password, and then use their phone for additional verification.
The majority of Presence Health employees use the phone call method, where they receive an automated voice call when signing in. They simply answer the call and press the pound key (#) to authenticate. “It couldn’t be easier,” says Baran. Some Presence employees also take advantage of the mobile app notification feature, which pushes an alert to the app on their smart phones.
Presence is also expanding use of the solution’s one-time passcode method, where the mobile app can be used as a software token to generate a one-time passcode. Users enter the passcode along with their username and password for the second form of authentication. “That option will be good for people in physician offices or hospitals that don’t have great cell phone reception,” says Baran.
The organization has the Windows Azure Multi-Factor Authentication Server installed on two machines, one in each of two data centers. Baran says, “This setup provides the high availability and reliability we need.”
With Windows Azure Multi-Factor Authentication, Presence Health employees now have ready access to data, facilitating patient care from outside the hospital walls. The organization has added confidence that the necessary controls are in place to safeguard patient data, helping it comply with industry regulations. With a highly available, reliable solution, Presence Health can focus on its core mission of caring for patients.
Facilitates Patient Care by Simplifying Remote Access to Applications
Windows Azure Multi-Factor Authentication gives Presence Health physicians and other healthcare professionals a simple method of two-factor authentication when accessing information remotely. “Our previous hardware solution involved multiple steps, which was frustrating,” says Baran. “But with Windows Azure Multi-Factor Authentication, the users just need to log in and get a phone call to securely access patient records. And because they always have their cell phones with them, it’s a much more reliable method.”
By having simpler access to patient data, physicians and other workers are better-positioned to care for patients. “For physicians, every second counts,” says Baran. “If they need to get into an application right away to view an x-ray, for example, they can do that quickly and securely with Windows Azure Multi-Factor Authentication.”
Addresses Regulatory Requirements for Controlling Access to ConfidentialData
Presence Health can more easily comply with HIPAA regulations by giving its employees a second layer of authentication. “From a corporate compliance perspective, it is highly important that our patient data is protected and that only authenticated users can view it,” says Baran. “Windows Azure Multi-Factor Authentication helps us do that. This really helps as we grow, too. We recently merged with another hospital system that insisted on having two-factor authentication for all employees. We can easily ensure that now.”
The solution also reduces financial risk for Presence. “Billing and payroll data is vulnerable and requires stronger access control,” says Baran. “This solution puts our finance department at ease. Also, auditors want to know that outsiders can’t get into the environment, and with Windows Azure Multi-Factor Authentication, we can demonstrate that only authenticated users can get in.”
Ensures High Availability and Reliability
With the organization’s two synchronized Windows Azure Multi-Factor Authentication servers communicating with the solution’s cloud service, Presence Health has the high availability it needs. “We have a redundant setup that is perfectly configured for high availability,” says Baran. “Given the critical nature of healthcare, it is essential that we provide constantly available access for users, and we can do that with Windows Azure Multi-Factor Authentication. This is a highly available, reliable solution that gives us the confidence we need.”