Case Study: Gaining more time for patient care while improving security by using proximity-based user authentication

The constant need to re-enter passwords to access online systems and to lock unattended computers was creating inefficiencies and frustration at US critical care facility Iron County Medical Center. After testing several different systems, the center implemented proximity-based authentication solution GateKeeper, which provides a single sign-on option with two factor authentication, ensures computers are locked when unattended and creates detailed audit reports of logins. This has enabled the center to save an average of more than $19,000 per year through reducing time spent logging in, while raising the standard of security and ensuring regulatory compliance.

About Iron County Medical Center

Iron County Medical Center (ICMC) in rural Missouri offers professional emergency care services as well as inpatient and outpatient care services. The residents of Iron County have trusted ICMC for all their healthcare needs for years. Whether they need an annual check-up or a surgical procedure, the skilled team of professionals delivers “compassionate care, close to home.”

The challenge

ICMC is a critical access hospital with limited resources. However, its security needs and responsibilities continue to grow daily. To ease the current burdens of the medical staff and meet Health Insurance Portability and Accountability Act (HIPAA) requirements, ICMC needed an affordable and secure authentication solution.

The medical staff was burdened with typing passwords to constantly unlock computers and electronic health records (EHR). Assuming a team member uses three different computers within one hour and completes every task without interruption, they would need to enter login credentials at least six different times. With a staff of at least 20, there could be as many as 120 logins an hour, creating notable frustration and inefficiencies. The HIPAA requirement of locking unattended computers can easily double the number of logins within a single hour. As a designated critical access hospital, new security measures and processes were needed to optimise workflow and enhance the overall efficiency and security of the entire facility:

  • ICMC wanted to implement multi-factor authentication, while adhering to HIPAA’s requirement of locking unattended computers and generating reports of computer login activity
  • The center aimed to establish a single sign-on option so that medical staff could continue transcribing and notetaking from any workstation in the clinic
  • ICMC required a password manager to autofill usernames and passwords within a virtual desktop to reduce the number of logins.

The solution

After researching and testing several different solutions, GateKeeper was the clear favourite to increase security and save the medical staff from repeated logins. GateKeeper’s proximity authentication ensures all computers are locked when unattended, thus satisfying HIPAA compliance.

Security was further increased by enabling two factor authentication on all GateKeeper-enabled computers. Each user’s unique token is monitored by the GateKeeper software, which provides detailed audit reports of individual logins for remote and desktop sessions.

ICMC launched Windows Terminal sessions to enable virtual desktops (or remote sessions) for all team members. The medical staff’s work remains active in the virtual desktop, which can be paused and continued from any PC. The Untethered Labs team developed the GateKeeper Remote app, a new feature to work exclusively with Windows Terminal Server, that enables web credentials on remote sessions. The medical team’s password manager now follows them on any GateKeeper-enabled computer, and within the virtual desktop as well. Each time a nurse accesses an electronic health record, the credentials are auto filled.

The results

Immediately after implementing the GateKeeper Enterprise software at ICMC, the IT team integrated multi-factor authentication, auditing, privileged access controls, password management and proximity-based workstation auto-lock security.

Training the nursing team to use the GateKeeper tokens for authentication was brief, and the team has communicated that they cannot imagine returning to the previous workflow. Thanks to GateKeeper password manager being available on every GateKeeper-enabled computer, entering passwords to access EHRs has become a thing of the past. Everyone from the medical staff to network administrators has recognised an increase in the team’s productivity.

HIPAA compliance is met by automatically locking unattended computers. ICMC no longer relies on staff to remember or implement disruptive timeout policies. Additionally, the auditing features built into GateKeeper Hub allow the IT team to generate user login and logout activity reports. Reports can be generated daily, weekly, monthly or on demand.

According to IT Coordinator Mark Natale: “Using the GateKeeper Enterprise software has raised our standard of security for our employees beyond initial expectations.”

The business benefits

The entire ICMC team is gaining 75 to 95 minutes every day to perform critical business functions and dedicate to patient care simply by eliminating the requirement to enter passwords to unlock computers and electronic health records. As a critical access hospital in a rural location, it is important to keep costs low and employees as efficient as possible.

As a direct result of implementing GateKeeper to optimise workflow, ICMC is saving an average of $1,600 a month – or more than $19,000 per year – simply by reducing the number of logins through automation.