window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-141226144-1');
(416) 550 8458,       (905) 612 1672        [email protected]      

Access control in healthcare settings

Access control in healthcare settings:  92% of U.S. hospitals use electronic access control to some extent, representing a 13% increase since 2016.

The COVID-19 pandemic accelerated the adoption of security technologies and touchless solutions, according to the 2022 Health Care Trends Report from Allegion. The report surveyed 100 decision-makers from across leading U.S. health systems.

COVID-19’s effect on hospital security

Beyond PPE and touchless access control in healthcare settings, the study unveiled how COVID-19 accelerated the adoption of new security and safety measures aimed at protecting people and physical assets. Many strategic initiatives around door hardware and access control have been adopted since the pandemic, according to the report.

  • 73% added extra layers of security to limit the spread of infection while protecting people and property.
  • 59% added touchless technology at openings and 62% electrified openings with access control.
  • 61% are using hands-free or touchless access products more than before the COVID-19 pandemic.

Electronic access control adoption

Adoption escalated throughout the healthcare market over the last five years, especially among larger facilities located in urban and suburban markets, according to the report. Common areas with electronic door hardware in place include surgical suites, nurseries, behavioral health units, and equipment rooms.

  • Of those using connected systems in their facilities, 82% are using hardwired electronic access control products, and 71% are using wireless technologies.
  • Healthcare professionals cite cost (34%) and lack of budget (28%) as primary barriers to widespread electronic access control adoption.

Patient accommodations in access control

Facilities have become more accommodating for patients of all abilities and needs. The pandemic and an increased focus on mental health are cited as key drivers for these shifts.

  • Over 80% of hospitals updated doors to meet ADA compliance over the last year.
  • Changing door knobs to levers (45%) and adding automatic door operators (44%) were the most common changes made in areas like patient rooms, common areas, and restrooms.

For more report findings, click here.

Access Control in healthcare settings and Access Control Models

Access control is basically identifying a person doing a specific job, authenticating them by looking at their identification, then giving that person only the key to the door or computer that they need access to and nothing more. In the world of information security, one would look at this as granting an individual permission to get onto a network via a username and password, allowing them access to files, computers, or other hardware or software the person requires, and ensuring they have the right level of permission (i.e. read-only) to do their job. So, how does one grant the right level of permission to an individual so that they can perform their duties? This is where access control models come into the picture.

Access control models have four flavors: Mandatory Access Control (MAC)Role-Based Access Control (RBAC)Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).

Let’s look at each of these and what they entail

The Mandatory Access Control, or MAC, the model gives only the owner and custodian management of the access controls. This means the end-user has no control over any settings that provide any privileges to anyone. Now, there are two security models associated with MAC: Biba and Bell-LaPadula. The Biba model is focused on the integrity of information, whereas the Bell-LaPadula model is focused on the confidentiality of information. Biba is a setup where a user with low-level clearance can read higher-level information (called “read up”) and a user with high-level clearance can write for lower levels of clearance (called “write down”). The Biba model is typically utilized in businesses where employees at lower levels can read higher-level information and executives can write to inform the lower-level employees.

Bell-LaPadula, on the other hand, is a setup where a user at a higher level (i.e. Top Secret) can only write at that level and no lower (called “write up”), but can also read at lower levels (called “read down”). Bell-LaPadula was developed for governmental and/or military purposes where if one does not have the correct clearance level and does not need to know certain information, they have no business with the information. At one time, MAC was associated with a numbering system that would assign a level number to files and level numbers to employees. This system made it so that if a file (i.e. myfile.ppt) had level 400, another file (i.e. yourfile.docx) is level 600 and the employee had a level of 500, the employee would not be able to access “yourfile.docx” due to the higher level (600) associated with the file. MAC is the highest access control there is and is utilized in military and/or government settings utilizing the classifications of Classified, Secret, and Unclassified in place of the numbering system previously mentioned.

Role-Based Access Control, or RBAC, model provides access control based on the position an individual fills in an organization. So, instead of assigning John permissions as a security manager, the position of security manager already has permissions assigned to it. In essence, John would just need access to the security manager profile. RBAC makes life easier for the system administrator of the organization. The big issue with this access control model is that if John requires access to other files, there has to be another way to do it since the roles are only associated with the position; otherwise, security managers from other organizations could possibly get access to files they are unauthorized for.

The Discretionary Access Control, or DAC, the model is the least restrictive model compared to the most restrictive MAC model. DAC allows an individual complete control over any objects they own along with the programs associated with those objects. This gives DAC two major weaknesses. First, it gives the end-user complete control to set security level settings for other users which could result in users having higher privileges than they’re supposed to. Secondly, and worse, the permissions that the end-user has are inherited into other programs they execute. This means the end-user can execute malware without knowing it and the malware could take advantage of the potentially high-level privileges the end-user possesses.

The fourth and final access control model is Rule-Based Access Control, also with the acronym RBAC or RB-RBAC. Rule-Based Access Control will dynamically assign roles to users based on criteria defined by the custodian or system administrator. For example, if someone is only allowed access to files during certain hours of the day, Rule-Based Access Control would be the tool of choice. The additional “rules” of Rule-Based Access Control requiring implementation may need to be “programmed” into the network by the custodian or system administrator in the form of code versus “checking the box.”

2023-04-17T11:20:18-04:00

Share This Post With Others!

FacebookXLinkedInPinterestEmail

Related Posts

Securing public spaces without a perimeter
Securing public spaces without a perimeter

Securing public spaces without a perimeter

April 15th, 2024
Enhancing retail security: Combating insider theft
Enhancing retail security: Combating insider theft

Enhancing retail security: Combating insider theft

March 30th, 2024
Phishing attacks are destroying SMBs
Phishing attacks are destroying SMBs

Phishing attacks are destroying SMBs

March 1st, 2024
Security executive interview preparation
Security executive interview preparation

Security executive interview preparation

February 1st, 2024

Title

This website uses cookies and third-party services to ensure that we give you the best experience on our website, that may analyze your use of this site. you can edit your preferences. Settings Ok

Required Cookies

These cookies and tracking technologies are required to help our Websites work correctly or required to comply with the law (e.g., security requirements of data protection law). For example, these cookies allow you to navigate our Websites and use essential features, including secure areas and shopping baskets. We do not need to obtain your consent in order to use these cookies.

Analytics Cookies

These cookies and tracking technologies help us understand how customers and visitors interact with our Websites. They provide us with information about areas of our Websites visited, time spent on our Websites, transactions performed, and any error messages you receive. These cookies allow us to improve the performance of our Websites. They may collect your IP address but only for the purpose of identifying general locations of visitors and identifying fraudulent or spam traffic.

Functional Cookies

These cookies and tracking technologies allow our Websites to remember choices you make to give you better functionality and a personalized experience. For example, when you select a specific currency on one of our Websites, we will remember your currency selection when you return.

Advertising Cookies

These cookies and tracking technologies allow us to deliver content, including advertisements, relevant to your specific interests. This content may be delivered on our Websites or on third party websites or services. They allow us to understand and improve the relevancy of our advertisements. They may track personal information, including your IP address.
Go to Top