Healing America Through Innovation in Healthcare

Healthcare Innovation Journal

Subscribe to Healthcare Innovation Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Healthcare Innovation Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Healthcare Innovation Authors: Jaun Parker, Progress Blog, LeanTaaS Blog, Yoel Knoll, Mark Hoover

Related Topics: Citrix Virtualization Journal, CIO, Government News, Green Healthcare, Healthcare Innovation Journal, CIO/CTO Update, Sarbanes Oxley on Ulitzer

Blog Feed Post

Two-Factor Web Authentication in Healthcare

Plus Strong Identity Management

Here's a very good article concerning the various types of strong identity management, multifactor and two-factor authentication solutions that are necessary for healthcare system and process identity enforcement - recently written by John D. Halamka MD, a self-described Healthcare CIO.

Strong Identity Management

In this article, Dr. Halamka states that he's had a wide range of experience with many of these token-based and tokenless two-factor authentication methods, including security tokens, smart cards, biometrics, certificates, soft tokens, and cell phone-based approaches.

His summarized findings include:

Security Tokens
- many challenges and prohibitive expenses.
Smart cards - a good consideration, though requires installation of many readers.
Biometrics - great results, but still requires major technology upgrade for existing PC/LAN infrastructure (this is especially challenging in government and healthcare institutions with extremely diverse and aged personal computer and networking systems)

Certificates - "managing certificates for 20,000 users is painful".
Soft tokens - similar challenges for support, maintaining new software across all desktops.

The article focuses in on seemingly the most effective and efficient solution currently available:

Cell phone based approaches - popular, easy to support, and very low cost. Companies such as Anakam Inc. offer tools and technology to implement strong identify management in cell phones via text messaging, voice delivery of a PIN, or voice biometric verification. Per the Anakam website, their products achieve full compliance with NIST Level 3, are scalable to millions of users, cost less than hard tokens or smart codes, are installable in the enterprise without added client hardware/software, and are easy to use (all you have to do is answer a phone call or read a text message).

Probably the clearest two factor authentication choice to make is between token-based identity management solutions and tokenless authentication. Here's some reasons why token-based 2 factor authentication isn't necessarily as effective as tokenless user authentication (such as that provided by Anakam).

User authentication tokens and other similar devices do not effectively protect against emerging threats, such as man-in-the-middle attacks - since they don't utilize "out-of-band" authentication (i.e. a separate channel for the second factor of authentication). User adoption is a very large obstacle to token-based authentication; an extra device to carry that's vulnerable to many forms of damage and theft simply isn't acceptable. Additionally, significant overhead is required by IT department to provision, manage as an asset, and control the token devices, along with training users in proper use and protection.

Read the original blog entry...

More Stories By Ted McLaughlan

Summary: Currently a Federal Enterprise Architect with Oracle, Ted has over 25 years in Commercial and Government Information Technology with University of Virginia, EDS, Accenture, KME Internet Marketing, Blackstone Technology Group, NavigationArts and CSC; additional focus recently on Interactive Design, Web 2.0 Internet Marketing, SEO, Social Media and Advertising. Specialties: Enterprise Architecture and Information Management, SOA/ESB, Enterprise Integration, Business Intelligence, Internet Safety and Security, Family Content Networks, Knowledge Management and Collaboration, User-Defined Operational Pictures/Common Operating Pictures (UDOP/COP), Situational Awareness, Portals, Internet Marketing and Search Engine Optimization (SEO), Website Design/Development and Optimization - Certified Systems Engineer - Certified Enterprise Solution Architect

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.