If there’s anything we know about hospital protection, it’s that the security of confidential patient information as well as the narcotics and other drugs kept in these facilities are extremely important to everyone concerned. In fact, health care information is so important to the federal government that the Congress passed an all-encompassing law that assures patient privacy.
Hospitals, doctor’s offices, health insurance companies, clinics, and other health-related concerns are required by law to do everything in their power to safeguard these records. The mechanism whereby this is made possible is a law referred to as HIPAA (Health Insurance Portability Protection Act).
HIPAA seeks “to protect the privacy and security of health information and provide individuals with certain rights to their health information.” In addition, the “Privacy Rule” within HIPAA “sets standards for when protected health information (PHI) may be used and disclosed, while the 'Security Rule' requires safeguards to ensure only those who should have access to electronic protected health information (EPHI) will have access” (HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules, published by the Centers for Medicare & Medicaid Services [CMS]).
Since HIPAA came into existence in 1996, it has undergone several transformations, each bringing with it additional privacy protections, which were implemented over a decade. The final rule became law for the vast majority of health-related concerns on May 23, 2005, while relatively small providers were required to meet HIPAA standards one year later. The Act calls for a variety of safeguards designed to limit exposure of PHI and EPHI to unauthorized individuals while readily allowing access to those that are authorized to view them.
The dual role of HIPAA is first realized by physical security precautions such as door locks, electronic access control, locking mechanisms for desk drawers, wall cabinets, file cabinets, equipment cabinets, laptop lock-down hardware, and more. Additionally, above and beyond HIPAA compliance, there’s also an enormous need to control access to the prescription drugs and medications that health care providers must have for the treatment of their patients. In some states as well as local jurisdictions, additional laws were devised to do just that.
Hard and soft PHI/EPHI comes in a variety of forms, from hard copy files housed in file cabinets to the data contained in LANs (local area networks) and off-site server farms with lots of hard drives in lockable cabinets, all of which must physically be protected. Even simple optical disks with health care information on them must be kept in locked desk drawers, storage cabinets, and file cabinets. In the same way, prescription drugs of all kinds are kept in a wide variety of storage containers, such as medicine cabinets, refrigerators, portable medicine carts, and locked containers in ambulances.
Although HIPAA provides direction for the physical security of patient data, as locksmiths, it’s our obligation to extend the same safeguards to the medicinal side of the equation. So, no matter where or how patient data and medications are stored, it’s our job to provide the means whereby these things remain under lock and key until an authorized person requires them.
To make a distinction between authorized and unauthorized individuals, an access management system must be used. This includes the use of assigned keys, cards, and PINs according to job function, position/title, and need for access. This same management system must be capable of tracking who has accessed what, where, and when.
Conventional cabinet locks made by Illinois Lock, Master Lock, Medeco, and others have always performed well in securing data on a physical level, just as they continue to do today. However, because these mechanical systems can be confusing and enormously difficult to manage for our clients in super-large settings, high-tech, computer-based systems are regularly deployed.
With all of this in mind, electrified locking devices and local, standalone solutions with Internet connectivity have been designed for use with a wide array of storage cabinets, desk drawers, IT (Information Technology) network server cabinets, refrigerators, portable medicine carts, and other containment solutions.
Manufacturers, such as Compx Security Products; Codelocks Inc., CyberLock Inc. (Videx); HES Inc.; Kenstan Lock Co., Rutherford Controls and others have introduced a variety of electrified, electronic-driven locks to assist you in your effort to protect health care clients while meeting HIPAA regulations.
Some of these solutions are capable of standalone, local operation because they contain a keypad or card reader of some kind along with a local connection that links each portal together into an integrated access system. Others make electrified locks that require a connection to a separate access control system that can operate locally or campus wide.
In both cases, it’s possible to program and maintain schedules, user lists, portal access criteria, and other access information in order to assure that only authorized individuals have access to medical facilities, doctor’s offices, and other locations that fall under HIPAA.
The following is a sample of the kinds of electrified and access controlled cabinet locks available to help your healthcare customers comply with HIPAA regulations. For a more complete listing, go to our online Buyers Guide at www.locksmithledger.com/directory.
CompX Security Products makes the eLock electronic access control line of locks for “drug & supply cabinets, refrigerators and freezers, ultra-low freezers, incubators, patient and personnel records cabinets, key control cabinets, hazardous material storage, tool storage, evidence lockers and anywhere else access control or temperature monitoring is needed or required.”
The 300 series refrigerator lock is especially interesting because not only does it provide security for protected narcotics and other drugs that require refrigeration, but it also monitors temperature. Even more importantly, this lock will send temperature alerts via SMS text, voice, fax, or email, all through the use of a WiFi connection. Access is controlled using a built-in keypad, HID proximity and/or iCLASS cards, or common magstripe cards with an overall capacity of 3,000 users/supervisor codes. Through eLock LockView software, managers can review the last 15,000 access events. CompX also offers a number of other access control options. To learn more, go to: http://www.compxnet.com/.
Codelocks Inc. also makes a complete line of electronic locking devices for lockers, cabinets, and cupboards. The KitLock 1000, which is designed to replace an existing cam lock, is powered by two AA dry-cell batteries that provide more than 15,000 lock operations and employs a keypad/PIN (personal identification code) for access. The 1500 model, which is top of the line, also offers an iButton option to replace the keypad. This allows users to use a wristband equipped with an iButton Touch Button access device instead of the keypad. The unit also is powered by two AA batteries, providing more than 50,000 lock operations with a capacity of 20 users. Codelocks also offers other models with other features.
Cyberlock Inc. makes several electronic-driven access control systems with both electronic access keys and access cards. Called “Flex System,” the system is designed to replace the inner cylinder of conventional cabinet locks with an electronic version capable of reading a smart key. In this case the smart key provides the power and access data that the smart cylinder needs in order to make access decisions. Both the smart cylinder and smart key retains historical event data that can be read by the client using special software combined with a communication portal. Cyberlock also manufacturers the Videx line that uses WiFi to program smart keys. To find out more, go to http://www.cyberlock.com/.
HES Inc. offers a variety of electrified locking devices for cabinets, lockers, drawers, and other storage containers related to health care. The HES K100 electronic lock, for example, relies on Wiegand ID badges and tokens to unlock storage cabinets, file cabinets, and almost anything else that requires a cam lock for physical protection. The lock itself, which replaces an existing cam lock, connects to a conventional access control system through an Aperio Wireless Hub. This hub, which communicates with the lock over radio waves, must be installed within 50 feet of the lock. The hub itself connects to the access control system in place of a Wiegand card reader using five or six conductor cable. The hub also provides the I/O for request-to-exit (REX) devices, door sensors, and other sensor-driven devices. HES also offers a variety of other electronic locking options.
The new HES K200 cabinet lock makes it easy and cost-effective to bring access control to cabinets and drawers where audit trail and monitoring are becoming increasingly critical. The K200 uses local Wiegand communication between the multi-technology reader and existing access control system to deliver full access control to cabinets and drawers. It installs easily, offering control and enabling real-time audit capabilities and door monitoring at the drawer or cabinet level. The HES KS200 Server Cabinet Lock extends access control to protect data center assets from intrusion and expensive downtime, by bringing real-time access control in a single-card system to individual server cabinet doors. Designed to install quickly and easily, with minimal modifications, on most swing-handle style server rack doors, the KS200 uses Wiegand wiring to integrate seamlessly with existing access control systems and ID badges. It supports Small Format Interchangeable Core (SFIC) mechanical key override. To learn more about HES’ offerings, go to: http://www.hesinnovations.com.
Kenstan Lock offers the Nexgen line of electrified locks, designed to replace common cam-type cabinet locks. Similar to the Cyberlock electronic cylinders where smart cylinders replace their conventional counterparts, the smart keys carried by users contain the necessary access criteria that tell the lock cylinder when and where they are authorized to access a secured cabinet. Smart keys are recharged and programmed by way of a docking station that connects them to the Internet through a LAN. Kenstan’s Medeco® XT software provides the means whereby smart keys are programmed and, using the Medeco® XT Web Hosting service, enterprise-level access programming can be provided for at a nominal monthly fee. Kenstan offers a variety of electric lock and access system options. To find out more, go to: http://www.kenstan.com.
RCI offers the 3510LM electromechanical cabinet lock with built-in latch monitor. The monitor indicates whether the mechanism is locked or unlocked. This compact electric lock allows controlled access to enclosures such as cabinet doors or drawers. desk . Simplified mounting allows either side or top mounting. Positioning of the locking pin determines lock mode. A simple twist of the pin changes the lock from fail unlocked to fail locked during installation. Four countersunk mounting holes are provided to securely mount the lock and pin. Field selectable for 12V or 24V operation. For more information go to: www.rutherfordcomtrols.com