Delivering the correct medicine to healthcare patients – the holes in the checks

administering medicine

Drugs and medicines administered to patients in hospitals, care homes and psychiatric wards need to be done according to the instructions issued by the doctor or consultant in charge of the patient. These medicines are issued by the nurse(s) in charge and there is a heavy reliance and trust based on them to dispense the correct drug(s) and in the correct dosage, according to the instructions given. Situations can arise where the wrong medicine is administration, the medicine is given in the wrong dosage (either too little or too much), the medicine is given at the wrong time (either earlier or later than the scheduled time) or it is missed completely. These situations can be for any reason, including unusually busy times on the ward, changes in shift or simply because of general complacency or lack of knowledge of the nurse. These inconsistencies in receiving medicine(s) can be extremely harmful to the patient, especially if they are children, elderly or in intensive care units. When a medicine is administered, it is simply recorded on the patients chart (usually attached to the patient’s bed) with the time of administering and the signature of nurse. The time put down is not necessarily correct.

A biometrics solution, such as palm vein can help to eliminate the inconsistencies with administering medicines to patients, ensuring that patients receive the medicine that they need at the right time. Using a palm scanner, a nurse can ‘check-in’ at a patient’s bedside. This can then be recorded as the time at which the medicine(s) were given to the patient. The palm vein technology will detect whether the nurse who has ‘checked-in’ has the authority to give this patient his medicine. If the scanner has recorded a reading of another non-authorised nurse, this will be flagged up immediately. On successfully checking-in, a nurse is able to see a list of the medicine(s), the times at which they should be administered and the correct dosage that should be given to the patient. If the palm vein reading is false, i.e. is a reading of a person that is not authorised or does not exist in the database, details of the medication, including dosages will not be revealed. This method of administrating medicine makes it virtually impossible for the nurse to make any accidental errors or for unauthorised persons to have access to the patient’s records. Alerts are triggered in the solution to alert the nurse’s station if the time is approaching for the next dose to be given to the patient or if the next dose has been missed. Nurses are able to them immediately correct the oversight.

The palm vein technology is a highly secure and contactless biometric solution that works by reading the vascular pattern of the palm. These patterns are unique to each individual and exists underneath the skin layer so they cannot be forged thereby making it more secure than any other biometric device. Being contactless and technologically advanced, it is extremely appropriate for places like hospitals, care homes and psychiatric wards where security and hygiene cannot be compromised.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (globalsales@wct-inc.com)

Advertisements

Government workers and their unsecured technology devices

Data security breaches - laptop and USB

This blog addresses the issue of confidential government information and data being lost after being taken by trusted personnel out of Government offices

 

With dependencies on technology, we have all started using mobile phones, laptops, tablets etc. as a means of communication. Threats of malware and viruses attacking our devices have been investigated in depth and are still a hot subject of research and investigation. However, what hasn’t been discussed are ways in which to eliminate unauthorised access to a device that arise when a government worker loses a device in their possession which contains confidential information.

Over the last several years, there have been a number of cases reported in the United Kingdom where Government workers, authorised personnel or sub-contractors of government agencies have lost, had stolen or left their technology devices, including Laptops, memory sticks and external hard drives on public transport, in car parks, fast-food chains or from military sites.

All the devices that went missing contained extremely highly sensitive and Top Secret data. In one particular case, an authorised person lost a memory stick containing the medical records of more than 6000 prisoners and ex-prisoners. The data was encrypted, however the password was written on a note which was attached to the memory stick.  In July 2008, the Ministry of Defence confirmed that 121 computer memory sticks 747 laptops have been lost or stolen in the previous 4 years.

Although the loss or theft of these devices is difficult to control, biometric solutions such as PalmVein can help to eliminate unauthorised access to the sensitive and Top Secret data that these devices hold. By using a palm scanner, authorised personnel are able to log-in to the devices without the need for passwords. The palm scanner is also used as way to open certain government related applications or even documents that are password protected without the need for a password. The biometrics scan of a personnel’s palm acts a single sign-on mechanism. Each sign-on to a device is recorded for auditing purposes. This is especially important if there are multiple authorised personnel accessing the same device. Any unauthorised personnel trying to access the device will also be recorded for future auditing. This method on access a device eliminates the need to use password.

With advancements in technology, many laptops and mobile phones nowadays have a biometrics enabled security access option, in the form of a fingerprint scanner. Although this is a secure method, it is not always the most accurate and is prone to flaws. If, for example a person is trying to access his own laptop using fingerprint recognition technology, any changes in his fingerprint, such as cuts or a worn-away finger-tip (due to burns or prolonged use of keyboards etc), will deny this person access to the device.

The palm vein technology is a highly secure and contactless biometrics solution that works by reading the vascular pattern of the palm. These patterns are unique to each individual and exists underneath the skin layer so they cannot be forged thereby making it more secure than any other biometric device. Being contactless and technologically advanced, it is extremely appropriate for use by end customers as well as for bank employees where security cannot be compromised.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (globalsales@wct-inc.com)

 

References:

BBC (2009, May). Previous Cases of Missing Data. Retrieved from http://news.bbc.co.uk/2/hi/uk_news/7449927.stm

House of Commons Defence Committee (2009, March). Ministry of Defence Annual Report and Accounts 2007-08. Retrieved from

                http://www.publications.parliament.uk/pa/cm200809/cmselect/cmdfence/214/214.pdf

 

 

The rise of card skimming at ATM’s

Finance Identity Theft - ATM

This blog addresses the issue of card skimming as a way of stealing a person’s PIN number for debit and credit cards

Since the introduction of the debit/credit card PIN number, Fraudsters have used more and more sophisticated methods and techniques of obtaining the card data, including the highly secure PIN number.  Using small electronic devices called skimmers, which can have a built-in camera, fraudsters have been able to read card data from card readers found in all retail stores and eateries at point-of-sale locations or bank ATM’s.

The skimmer is generally placed around the card slot in an ATM and reads the card data that is held on the magnetic strip, while the card is being processed by the ATM. In the meantime, a tiny camera which is built in to the skimmer or positioned elsewhere on the ATM reads the PIN as it is keyed in by the cardholder. Once the Fraudster has this card data, they are able to carry out several types of transactions, including online purchases.

At some ATM’s, after a bank customer inserts their card and their PIN, it can seem as though that the card has been ‘eaten’ by the ATM. The card is not released back to the customer, nor is the cash that they may have requested to withdraw. Bank customers are left angry and frustrated as they will need to re-order a new replacement card. This often requires two weeks before receipt. In the meantime, the bank customer can only make payments in cash, meaning frequent trips to the Bank or withdrawing large amounts of cash (which in some countries can be extremely dangerous).

A palm vein biometrics solution would act as a deterrent and could drastically reduce card fraud. By installing palm scanners at ATM’s the requirement for a PIN number could be removed. Instead the palm vein reading would act as the identity confirmation. Not only does this reduce card fraud, but it also makes it easier on the user from having to remember multiple PINs. Overtime, the requirement to insert a bank card into the ATM could also be abolished as the palm reading would be associated with the user’s bank accounts.

For a bank customer to access his account whilst at a bank, the need to give a card to the bank teller would be a thing of the past. Instead, by providing a palm reading, the bank teller will automatically be shown details of the customer’s bank accounts. No further identification (such as driving license, passport etc.) would be required.

This could also be taken further for use in locations where point-of-sale terminals are used, such as within retail stores, restaurants, leisure & entertainment places. A palm reading of a customer can be taken in order to process payment transactions. This method of payment can replace the need for a card reading machine/card swipe on the till where a PIN or signature is still required. There will be no need to worry about card details (including the CVC code commonly found on the back of cards and required for online payment transactions) being stolen. 

Unlike the fingerprint recognition solutions, the palm vein technology is a highly secure and contactless biometrics solution that works by reading the vascular pattern of the palm. These patterns are unique to each individual and exists underneath the skin layer so they cannot be forged thereby making it more secure than any other biometric device. Being contactless and technologically advanced, it is extremely appropriate for use by end customers as well as for bank employees where security cannot be compromised.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (globalsales@wct-inc.com)

 

References:

Commonwealth Bank of Australia. ATM Card Skimming & PIN Capturing. Retrieved from https://www.commbank.com.au/personal/apply-online/download-printed-forms/ATM_awareness_guide.pdf

Patient safety and Identity Management

Identity & Security in Healthcare

Identity & Security in Healthcare

This blog will address patient safety issues in healthcare and the importance of ID management. Issues regarding wrong distribution of medications, etc. have been a growing concern in healthcare facilities because providers to do not properly identify the patient first. This blog will also provide suggested methods to improve these issues.

 

According to various studies, over 195,000 deaths in the United States occur annually because of medical errors. Of those medical errors, about 60 percent were attributed to a failure to correctly identify the patient. Accurately identifying patients and linking them with their medical records are significant challenges today for hospitals, healthcare providers and payers, with the government representing one of the largest stakeholders in this industry. Improper patient identification can occur for many different reasons and cause errors in patient identity. Some of these reasons include common names, misspellings, numeric transpositions, fraud, as well as patient language barriers. These identity errors result in adverse financial and clinical issues for the hospital, provider, and patients.

In addition to the issue of misidentification, there is also the problem of “incomplete” patient medical records. Studies have shown that a considerable amount of duplicate medical records are created in hospitals. This means that portions of a patient’s complete medical record are spread across multiple records leading to continuity of care issues, potential delays in treatment and/or medical errors. Duplicate records can also lead to redundant or unnecessary testing, medical and billing errors, and bad claims. In smaller institutions (with patient databases of less than one million records), the duplication rate is typically between 5%–10%, and for larger institutions (with patient database greater than four million records), duplication rates can range from 15 to 40%. Correcting patient database records can be a substantial expense; for large hospitals this can add up to millions of dollars per cleanup every few years. Database record cleanup is a flawed approach since it addresses the problem only after it has occurred rather than dealing with the root cause of the problem, which is inadequate patient identification and record matching. Unfortunately, this problem grows exponentially as the number of institutions and medical providers for a single patient increases.

Patient identity management is also a critical function for healthcare-related federal and state government agencies. Federal and state government agencies pay over half of U.S. formal health-care costs as employers and through Medicare, Medicaid and state-level programs. Through policies, regulation, direct involvement and budget allocation, government agencies increasingly shape the U.S. health-care system. Central to all government agency healthcare activities are patients and the requirement to accurately and appropriately identify, handle, treat and track them. To accomplish this, patient identity management is critical to agencies’ ability to link all patient-related information within and across systems and the healthcare network. As the U.S. moves away from paper-based medical records that are controlled by physical access to buildings, rooms, and files, there is a need to have an infrastructure that supports strong identity and security controls. The issues with establishing identity are compounded as electronic medical records are used by many different organizations at the regional, state, and national levels.

A solid patient identity management foundation produces a range of benefits to patients, healthcare providers, payers, regulators and other stakeholders. These benefits include reducing the risk of medical errors, lowering healthcare costs, reducing fraud and limiting healthcare identity theft. For these reasons, a patient identity management infrastructure needs to become a foundational element of every patient-related information system.

WCT is in the business of Compliance, Identity & Security assurance. For more information, you can reach us on (globalsales@wct-inc.com)

References:

AHIMA. (2009, July). Managing the integrity of patient identity in health information exchange. Journal of AHIMA, 80(7), 62-69.

Rand. (2008). Identity crisis: An examination of the costs and benefits of a unique patient identifier for the U.S. healthcare system. Retrieved from http://www.rand.org/pubs/monographs/MG7

Smart Card Alliance. (n.d.). Healthcare identity management: The foundation for a secure and trusted national health information network. Retrieved from http://www.smartcardalliance.org/resources/pdf/Healthcare-Identity_Management_Position_Paper-20090930.pdf

World Compliance Technologies sponsors eMerge Americas

World Compliance Technologies was proud to be a Silver sponsor at the eMerge Americas event held in Miami Beach from May 2-6, 2014. Armed with the latest technology within identity and security, WCT showcased SafeHandTM; a robust biometric pattern authentication solution based on the Palm Vein.

eMerge Americas is a large-scale technology conference that attracts the world’s leading technology companies and focuses on key trends driving growth in the Latin American IT market. eMerge attracted thousands of attendees from Latin America, North America and Europe with in-depth analysis of the key drivers impacting the IT sector in the Americas.

Over the course of two days, the WCT team met with IT decision makers, executives, and entrepreneurs, and received strong interest for SafeHandTM. From Healthcare to Education, WCT demonstrated unique capabilities in enhancing physical security and managing identity in an array of markets. 

Image