Personal details together with passcode
Such access previously involved a token-based system, for which employees needed dedicated hardware tokens. In addition to the complex configuration required and the need to distribute the tokens to the staff, the management noted the considerable costs associated with such a system, not least because tokens were often lost or stopped working. As an alternative, SecurAccess from SecurEnvoy had a particular strength. The two-factor authentication solution does not require a dedicated token, but instead it uses mobile phones that the staff already have with them anyway. If carers want to view a patient record, they must first prove their identity. This is done by entering a user name and a password. If these details are correct, the user then receives a six-digit numeric passcode on his/her mobile device by text message, which is also entered on the login screen. If this is also entered correctly, the user is granted access. The users also have the choice to use the code via an email, app or through a voicecall.
Gradual implementation
The system installation was carried out by the SecurEnvoy partner Motiv, who also provided training on the system for two IT managers at Altrecht. Around 500 employees currently use SecurAccess and it is expected that all 1,500 carers will be working with it over the next twelve months. As smart phones are becoming increasingly common, Altrecht would also like to use the SecurAccess soft token app in the foreseeable future altogether. This generates passcodes directly on the mobile device, thereby eliminating the costs of text message transmission. Altrecht is currently testing the soft token app internally before implementing it throughout the organisation.
"Mental health problems still constitute a taboo subject for many people," comments Frans van Vugt, security officer at Altrecht. "If you are in hospital, you usually get a lot of attention, but entering a centre for mental health is a much more sensitive matter - as is the handling of patient data. With SecurAccess we can clearly authenticate our staff and hence prevent information from falling into the wrong hands.“