The Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States fosters health insurance coverage for workers and their families, and requires national standards for electronic health care transactions.

 

The law’s privacy provisions include protection of information related to any individual’s health status, provision of health care, or payment for health care. There are also additional health privacy laws specific to California. Internationally, there is a patchwork of health privacy laws around the world, from Argentina to Uruguay, including laws throughout Europe, Central Asia and Australia.  

Role of physical security in safeguarding data 

Physical security systems can play a big role in helping to keep patient information safe and private, as required by various laws. For example, AMAG has developed new capabilities within its Symmetry family of products that allow healthcare institutes to demonstrate their compliance with HIPAA. Compliance reporting is a key area and has been a focus for AMAG, says Dave Ella, Vice President of Product Marketing, AMAG Technology. 

Hospitals and healthcare facilities install AMAG’s Symmetry access control system and Symmetry CompleteView Video Management to manage and control access and provide HIPAA compliance throughout their buildings and campuses. Security plan policies and procedures need to protect a healthcare facility, says Ella. Automatically reviewing access permissions for employees, contractors and visitors on a regular basis is a key aspect of the plan, and AMAG’s Symmetry CONNECT product is designed for that purpose. Also, capabilities within the system make documentation of adds and changes to the security system more straightforward. They include the ability to add drawings, documents and notes to any device within the system.  
Demanding regulatory environment

Legislation like HIPAA, which establishes U.S. standards for privacy and security, impacts hospital access control policies and procedures, says Sheila Loy, Director Healthcare Strategies, North America, HID Global. In fact, HIPAA is just one element in a demanding regulatory environment. The need to comply is complicated in hospitals by security threats in an environment with high traffic volumes and complex staffing requirements, Loy adds. For instance, in California, hospitals must report any security breach event, after which the California Department of Public Health (CDPH) checks policies, practices and audit trails, and executes inspections and assesses fines. 

Today’s access control
platforms enable hospitals to
improve risk management and
comply with new legislation
or regulatory requirements

Often, hospital administrators must also follow federal guidelines established by the Centers for Medicare and Medicaid Services (CMS) that, at times, conflict with state rules and result in fines.

Other entities that set security guidelines include the Joint Commission accreditation and certification body, which has oversight for physical building security, water, safety, fire, and other security processes; and the Det Norske Veritas (DNV), an independent foundation that works with healthcare authorities and providers to manage risk and improve healthcare delivery. Today’s access control platforms enable hospitals to improve risk management and comply with new legislation or regulatory requirements. For instance, HIPAA imposes strict requirements for accessing medical records, which may necessitate the use of a smart card to enter secure areas or to access IT networks that store patient information.  

HID Global offers comprehensive healthcare security solutions to create a safe, compliant environment for patients and employees. The company’s solutions: provide secure access to healthcare facilities and supplies; enable hospitals to identify and manage hospital visitors; provide electronic audit trails to protect patients and staff; ensure HIPAA compliance for patient records; and enable organisations to leverage existing access control cards for additional services to offer convenience and create operational efficiencies. 

Need for versatile authentication platform 

Health data is at least as valuable as financial data in the online banking industry, where a layered system approach is used to ensure that appropriate risk mitigation levels can be applied, says Loy. Even though patients don’t access healthcare information as frequently as do online banking customers, and aren’t protected by the same regulatory compliance requirements, they can benefit from the same multi-layered authentication mechanisms, both inside and outside the hospital. Healthcare organisations need a versatile authentication platform with real-time threat detection capabilities in order to effectively implement the critical five layers of security including user authentication, device authentication, transaction authentication with pattern-based intelligence, browser protection, and application security, says Loy.  

 Hospital CCTV system
With video surveillance, cameras must be positioned in such a way that they don't violate HIPAA laws

Access control systems can be used to help protect access to patient records and other controlled materials, adds Robert Laughlin, President, Galaxy Control Systems. By using higher-security credentials for access control readers, such as biometrics, medical facilities can increase their confidence levels that they are only providing access to authorised individuals and creating an audit trail for reporting or review. Galaxy access control systems can be integrated with a wide range of readers, including high security biometric readers.  

Ensuring privacy with video surveillance 

Video systems are also impacted by HIPAA in the United States and by similar privacy legislation around the world. When a physical security system is installed in a healthcare environment, patients’ privacy must be protected according to HIPAA’s specific rules, says Jason Ouellette, Product Line Director – Access Control, Tyco Security Products. A patient’s PII – or personally identifiable information – must be protected. PII is any information that can be used to uniquely identify, contact or locate an individual, or that can be used with other sources to uniquely identify a person.  

With video surveillance, cameras must be positioned in such a way that they don’t violate HIPAA laws, says Ouellette. If a camera is pointed to a computer screen or something else that contains a patient’s PII, there must be an option to draw a privacy window within the frame so that a patient’s sensitive information isn’t easily accessed or compromised. 

HIPAA and similar
requirements can indirectly
impact video systems in
ways not thought of before
the advent of megapixel
surveillance cameras

Challenge of megapixel cameras 

Furthermore, the use of megapixel cameras can increase the challenge. HIPAA and similar requirements can indirectly impact video systems in ways not thought of before the advent of megapixel surveillance cameras, says Jeff Whitney, Arecont Vision’s Vice President of Marketing. On one hand, video surveillance systems are more effective than ever at protecting medical records storage and access to other confidential information.  

On the other hand, it is now equally important to consider the field of view of a high-megapixel camera, says Whitney. A camera placed over a cashier may yield images with discernible credit card numbers of a screen within the field of view, of documents, or of the credit card itself. Medical records may similarly be picked up in detail by a high megapixel camera. Therefore, it is necessary to ensure that the integrator selected to install a video surveillance system understand the objective of each area of coverage, and what should not be included.  

Integrated security systems aid faster compliance 

Faced with a number of local, state and national regulatory guidelines, security directors within healthcare facilities must be able to improve hospital security and insulate the organisation from potential liability claims, says Kyle Cusson, Business Development Manager, Healthcare, Pelco by Schneider Electric. “That means implementing a surveillance system that allows multiagency cooperation and response,” he says. “Keeping all of this in mind, having a video surveillance system that integrates with the necessary emergency and fire alarm systems, access control and other systems can promote an institution’s compliance with regulatory agencies by providing proof that the organisation’s assets are safe and secured.”  

Finally, there is the issue of access to video. In today’s regulation-focused market, healthcare organisations must strictly control who has access to video, says Brandon Reich, Senior Director of Surveillance Solutions, Pivot3. Servers and storage are typically easier to secure because these devices are traditionally deployed in controlled locations, sometimes on closed networks and often under the supervision of IT. Client access is more difficult to control – security personnel, management and even first responders need access to video, and their devices are typically unsecured. This can translate into a potential HIPAA violation, especially if data is access by unauthorised people. 

Read Part 10 of our Security in Healthcare series here

Save

Save

Save

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

ISC West rescheduled again to October 5-8
ISC West rescheduled again to October 5-8

ISC West, in collaboration with premier sponsor SIA, is rescheduling the ISC West 2020 event to take place October 5-8 at Sands Expo in Las Vegas. The SIA Education@ISC conference will be October 5-7, and the exhibition will be Oct. 6-8. Previously, ISC West had announced the postponement of the 2020 edition of ISC West to July. However, given the continually evolving COVID-19 pandemic and stay-at-home guidelines, organisers deemed the July dates no longer viable for the security industry. ISC West has expressed concern for everyone impacted by the COVID-19 coronavirus. Based on Reed Exhibitions’ close monitoring of ongoing developments with the virus, recent reports from public health officials and extensive consultation with partners in the global security community, they have rescheduled ISC West. ISC West takes pride in offering vital business opportunities to customers, including networking, education and access to new products and technologies, and are committed to making the event live up to high standards. Over the coming weeks, along with ISC West’s Premier Sponsor SIA, ISC West organisers will continue to serve the industry, creating ways to connect, collaborate and keep the world moving during this difficult period.

What’s the next big thing in video image quality?
What’s the next big thing in video image quality?

Superior image quality has been the “holy grail” of the video surveillance business for several years. A transition to 4K images and a race to ever-higher pixel counts have dominated product development conversations for a while now. However, it’s now possible that the tide has turned. These days, data is sometimes more important than image quality, and increasing use of smaller-format mobile devices has helped to make image quality variations moot. As the industry changes, we asked this week’s Expert Panel Roundtable: What’s the next big thing in video image quality (beyond 4K and megapixel)?

How do agricultural security systems measure up against livestock theft?
How do agricultural security systems measure up against livestock theft?

“Some embark on farmyard heists whilst others are devoted to back-bedroom chicken sanctuaries,” a quote taken from Channel 4’s new documentary ‘How to Steal Pigs and Influence People’. Whilst many think this is part of the positive vegan uprising, The National Pig Association have expressed grave concern of the glamorisation and condoning of livestock theft from farms. Wesley Omar, who was featured in the documentary, was found guilty of theft after he broke into a farm and stole a pig stating "he was saving it from slaughter." Due to this ‘humane reasoning,’ he received a 12 month community order and completed 100 hours of unpaid work. However, the farmer in question incurred huge losses as he could not reclaim the pig due to potential contamination and had a cost of £6,000 to upgrade his security. The cost of rural crime Opportunistic thieves have now turned into organised criminals According to NFU Mutual, the cost of rural crime has risen by 12% since 2017, and the Home Office statistics stated that 26% of rural businesses experienced at least one crime incident in 2018. However, the face of rural crime is changing, with M.O.’s shifting. What once were opportunistic thieves have now turned into organised criminals stealing heavy machinery and livestock. One example saw around 200 sheep stolen in the last three months within the Wiltshire area alone. Due to the volume of these incidents, police speculated only skilled sheep rustlers could conduct this crime so efficiently and undisturbed. The result of this crime has cost the agricultural industry £3m in 2019 alone. However, theft isn’t the only emerging rural crime trend hitting these farmers. Fly tipping on private land has risen considerably over the past few years with figures constantly rising. Once again, like the face of rural theft, criminals are evolving. The Environment Agency has stated that organised gangs are making high profits through ‘waste removal’, undercutting legitimate waste management sites through fly tipping. This crime is affecting 67% of farms and landowners as criminals try to evade landfill taxes. But what happens when you’re the victim of this crime? According to Countryside Alliance, it is the only rural offence where landowners are legally responsible for the disposal of said waste, costing them around £47m each year. So, how can farmers and agricultural landowners protect their premises and assets from both animal rights activists and organised criminals? A scheme has been introduced within specific areas in order to curb the increasing rates of rural crime across England and Wales. Dedicated police teams have been created to provide protection and support to rural areas, with specialist knowledge in dealing with cases. Agricultural physical security How does the farming industry's physical security measure up against these criminals? With this in mind, how does the farming industry's physical security measure up against these criminals? How can they prevent these targeted attacks on their livelihoods? One area that should be considered is a line of defence that deters, detects and delays these intruders - rather than allowing them onto the land - whilst waiting for police to respond. Security measures nowadays are able to delay intrusions, being the difference between criminals getting away and getting caught. A physical fencing system with anti-cut and anti-climb features would offer the first line of defence to farmers and landowners by restricting access onto their fields. Alongside effective high security fencing systems, used to prevent livestock trailers entering farmers fields, entry points need to be reviewed and addressed on whether they are effectively deterring criminals. Many successful livestock thefts are due to organised criminals and their vehicles being able to access fields undetected. Improving the security of field perimeters and entry points is the first step in protecting a farmer's livelihood against criminals. In turn, having a single entry point in and out of fields and premises is also an effective deterrent. Properties with various exit plans are more likely to be targeted as criminals have a higher percentage of escaping. Access point security Security measures such as CCTV cameras or motion sensor lighting have quick installation times In order to increase security at field access points, blocking off the gateways to these fields would act as an extra deterrent to those looking to steal livestock and fly-tip. With perimeter and access point security comes additional physical security measures that could help prevent the theft of livestock. Security measures such as CCTV cameras or motion sensor lighting have quick installation times that help detect an intruder rather than deter and delay like perimeter security. With rural crime on the rise, livestock theft and other criminal activity is becoming a common occurrence for farmers and agricultural landowners. Rural crime is not only having detrimental effects on the individuals but also communities across the UK. Many other industries such as the commercial industry and sports sectors utilise effective physical security within their premises in order to protect their assets. And so we are asking; why is the agricultural industry any different?