Presence in the ER


Imagine that you're the CIO for a hospital. Like any CIO, one of the problems that you face is making sure people have access to the information they need to do their job. Another one of your problems is that you need to ensure that only the people who need to access a particular bit of information can. Unlike other CIO's however, you have a big stick called HIPAA hanging over your head, forcing you to do it right (at least as defined by HIPAA). Here's a riddle for you: how do you manage the computer terminal in the ER? Doctors, nurses, and other workers need to access the records that are available on it. Yet its preposterous to think that they'll log in and out for you every time they approach the terminal. Even so, your responsible for creating an audit trail of access to each and every record.

One answer to this problem is presence---having the computer detect who has approached it and is currently clicking the keys. This is actually not that hard to do. By embedding a low-range ID device (like RFID) into the ID badge, and installing a detector at the workstation, the software can know what ID badge is around the next of the person in front of the computer. Of course, that only works as long as good physical security is practiced and the work culture is supportive of good badge management practices. Still, its better than not knowing at all and likely good enough for the problem at hand.