By David S. Robinson, RMA, MGMA member
Published in MGMA Connection Plus, July 2015 Issue

When upgrading and implementing new workstations at Northwest Neurospecialists, Tucson, Ariz. (which has 14 exam rooms, one patient education room and 14 office staff workstations that are affixed to exam room walls), we noticed that the workstations were accessible to patients, which posed a possible breach in protected health information (PHI). We use all-in-one versions of desktop computers on exam room walls so they can be used for patient education.

Our information technology vendor recommended that we implement a timed screen saver on all network workstations, which cost about $100 per device and took a few hours to install. The dilemma was password logins, which are a burden in healthcare settings because they are complex. Our solution was to use a biometric device and fingerprint physicians and staff to eliminate the need for memorizing passwords.

Our systems have a Windows-integrated login that connects EHR software with the login authentication of our operating system. The device is a USB and simply plugs and plays — no need to download or install software. The control panel is used to configure the device and assign the biometric device and fingerprints. Every provider and staff member is required to provide fingerprints when assigned to a workstation.

To start fingerprint authentication:

  • Click on the Start tab and open the control panel.
  • Open the biometric controls.
  • Ask the user to save two sets of fingerprints from different fingers on each hand. The use of lotions or creams will slow the authentication process.
  • Ask the user to place his or her finger on the device three times with each finger.

Once these steps are complete, the biometric device is ready for login. With our system, the EHR is integrated so only one sign-on is needed and it is the most secure.

There is no need to change the password every three to four months. To change users, type in a new username and follow the same login process.

We believe this is the most secure and efficient way to protect PHI, and providers have been very receptive to it. They have said it increased efficiency because they don’t have to type in and change passwords every three to four months to stay compliant.