Most breaches occur at the password authentication level.
More than any other industry, strict regulations require healthcare providers with EHR systems to tightly secure records or face severe penalties. Yet most systems still use dated 2 factor authentication of user ID/password and security question or SMS code for security.
Identity technology has evolved far past this. Nothing is stronger than multi-factor authentication. BioSig-ID is a biometric multi-factor solution that handles all healthcare identity challenges.
BioSig-ID™ meets the unique demands of healthcare with an identity solution that can be used on any device, requires no hardware and can be used at any layer.
Gate content or applications
Onboarding user verification
Patient privacy security
Employee device management
Secure sessions before and after login
Detect suspicious access
Stop shared or stolen passwords
Audit trail evidence of access
Atypical event warnings in real time
Control vendor and third party access
Plugs single most vulnerable point of entry
- Biometric multi-factor authentication
- Takes just seconds to log in
- Stops imposters who have the password with 99.97% accuracy
- Revoke and reset like any other password
- Pinpoint access control
- Works on any device
- No hardware or software downloads
- 0.002% support calls
- No more juggling multiple passwords or fobs
How it Works
BioSig-ID™ is a dynamic gesture biometric. It captures a user’s unique movements: direction, speed, length, angle, height, etc. as they draw and create a biometric password using just a mouse or finger. Each time a user logs in their password is compared and only if the patterns match will the legitimate user gain access.
Imposters are stopped in their tracks. Even if they were able to gain access to your password they must duplicate the user’s unique biometric movements used to create the password, which is nearly impossible.
Regulatory Requirements and BioSig-ID
BioSig-ID satisfies requirements:
CFR 45, Section 170.314(d)(1) sums it all up—the system must verify against a unique identifier (e.g., username or number) that a person seeking access to EHR is the one claimed and provide the ability to audit access. Certification requires authentication, access control, and authorization.
Additionally, Section 170.314(d)(2-3):
Auditable Events and Tamper-Resistance
The Federal Regulations/Interpretive Guidelines for Hospitals (482.24(c)(1)(i)) require that every entry in the health record should be authenticated and traceable to the author of the entry. Hence, any authentication system must incorporate some method of tracking.
Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
In 2015 – 2017 EHR Medicare and Medicaid incentive programs from CMS include these objectives:
- Electronic Prescribing: (EPs) Generate and transmit permissible prescriptions electronically (eRx); (Eligible hospitals/CAHs) Generate and transmit permissible discharge prescriptions electronically (eRx)
- Protect Patient Health Information: Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities
Qualifies for Electronic Prescriptions for Controlled Substances (EPCS):
BioSig-ID was independently tested by the Tolly Group to meet CFR 21 1311.116 “Additional Requirements for Biometrics” from the DEA’s Interim Final Rule for Electronic Prescriptions for Controlled Substances published on March 31, 2010. We can confirm that the results put BioSig-ID technology in compliance with 1311.116. The results of the false positive scores were 3x better than the NIST guidelines for biometrics.
BioSig-ID’s ability to provide evidence of all the events surrounding the identity authentication activity not only provides a powerful tool to combat fraud, but also ensures compliance with evolving regulations that continue to mandate ever stricter standards of identity authorization within the healthcare industry.
Epic Healthcare and Ping Identity Management Partners
BSI is an integrated partner providing multi-factor authentication (MFA) for use with Epic’s electronic medical record (EMR) software. BSI is also an approved Ping Identity technology alliance partner offering its patented BioSig-ID™ gesture biometrics into Ping’s popular PingFederate SSO software to enable secure multi-factor authentication.
For Highest Identity Assurance Add BioProof-ID
BioSig-ID’s companion product BioProof-ID is ideally suited to healthcare needs. BioProof-ID identity proofing and verification service confirms real world identity as users enroll with BioSig-ID. In a single session, the process confirms government issued photo ID and compares the photograph to a real-time selfie.
Because the process is virtual, it replaces physical encounters allowing deep savings as it provides new biometric access to your network. Interoperable with any other system that runs HTML 5 or Flash, BioSig-ID can be used by any device including PCs, tablets, laptops, and mobiles.