Industry Insights

FRAC Can Save Your Budget

Today, there are over 20 million people in the U.S. who could be classified as a first responder. While it is essential to understand how this credential can help in a crisis situation, the benefits of having such a credential go far beyond the crisis and have the opportunity to introduce convenience and operation efficiencies into the first responder system.

These additional benefits could be realized immediately in the current hospital and healthcare provider industry. For example, hospital executives, physicians, nurses and EMTs are some of those who would benefit the most. With continued identity assurance and authentication initiatives within the healthcare industry, the FRAC business case for healthcare employees is stronger than ever.

It is (PIV-I) standards-based, non-proprietary and a trusted credential by the federal government. 

The compelling argument for providing a verified and standardized credential to hospital executives, physicians, nurses and EMTs is that it not only meets objectives for federal and state level governments, but also resolves many of the technology challenges health institutions face with securing the physical and logical access into their facilities and patient information. With the FRAC credential, the requirements for healthcare facilities are met or exceeded, while still meeting the mandates imposed by the larger healthcare market.

In addition to the market condition, hospitals and healthcare intuitions are faced with their own unique set of challenges. Currently, hospitals deploy multiple hardware and software technologies to secure building access, localized vicinities and network access - both local and remote. Historically, institutions have purchased proprietary technologies for physical access systems (i.e., cards and door readers), a separate photo ID badge for visual identity verification (e.g., "flash pass") and some form of one-time password generating hardware or software solution for access to computer networks, adding expense and consuming precious budget. For providers who travel from facility to facility, having multiple combinations for each facility only increases their frustration and inconvenience.

Multiple movements within the healthcare industry have created even more reason to target the referenced audience for FRAC credentialing. The Health IT Policy & Standards Committees are taking a hard look at various methods of authenticating persons accessing EHRs for the purpose of health information exchange. The use of the FRAC credential could fulfill this call for increased authentication. In addition, the U.S. Drug Enforcement Agency recently published an Interim Final Rule for e-Prescribing controlled substances, calling for two-factor authentication - yet another actionable move that will require a secure credential, one which the FRAC could fulfill.

The personal identity verification (PIV) component of Federal Information Processing Standard 201 (FIPS 201) is the basis for the identity credentials being issued throughout the U.S. federal government. In May 2009, for non-Federal implementations, like many health institutions, guidance was released by the Federal CIO Council for Non-Federal Issuers, defining what PIV interoperable (PIV-I) and PIV compatible (PIV-C) credentials are. This means there is now a set of credential standards that can be followed for interoperability, compatibility and overall efficiency between systems.

Currently, the PIV-I is the credential widely deployed as the FRAC credential. It is standards-based, non-proprietary and a trusted credential by the federal government. The PIV-I is a multi-purpose electronic identity credential that provides significant functionality. The credential can be tied to existing systems and can be used for granting physical access into:

  • an office;
  • secure areas of a hospital or other medical facility;
  • the gated medical staff-only parking lot.

In addition, the PIV-I can be used for logical access: Secure two- or three-factor authentication into a PC and network, whether within the four walls of the hospital or when working remotely, high trust to assert identity when accessing EHRs, meets NIST's Level 4 (highest level) of identity assurance, exceeds the DEA's Interim Final Rule for e-Prescribing controlled substances, and eliminates the need for username and password. The latter is an antiquated, unsecure method of authentication prone to hacker's attacks and costly support calls to your organization's help desk.

Finally, it can serve as a form of payment: as a smart card based credential, the PIV-I can be equipped with an e-Purse feature and can be used to load money and pay for goods and services where accepted such as the cafeteria, company store, parking or gift shop.

PIV-I based FRACs are not a concept. They are currently being deployed in Virginia, Washington, DC, Colorado, Pennsylvania and in San Antonio, Texas. Those who carry the FRAC enjoy the benefits of the trusted identity credential, preferred parking and easy, secure access into their network. They are also properly authorized to respond in emergency situation, meeting the federal and state objectives to better serve in these crisis environments. Healthcare organizations can realize savings quickly. It is no longer necessary to issue additional authentication devices such as one-time-password tokens or separate ID badges for physical access. PIV-I can do it all.

How can you get a FRAC? Contact your Governor's office, State-level Emergency Response Coordinator or Critical Infrastructure Protection Coordinator to inquire about the FRAC.

Michael Magrath, business development director for the security division of Gemalto North America, is responsible for the strategic marketing, business development and government affairs activities in the government and healthcare sectors. Mr. Magrath develops and drives consensus on legislation and policy within technology, information security, privacy, and additional security-related public policy issues. In addition to supporting Gemalto's business and policy initiatives, Mr. Magrath is committed to consumer education and advocacy through Gemalto's online resource www.JustAskGemalto.com, which provides answers to consumer questions about how to better enjoy the conveniences of the digital world. He serves as vice chairman of the Smart Card Alliance's Healthcare Council and represents Gemalto on TechAmerica's Health IT Committee, the Health Record Banking Alliance, The Secure ID Coalition and TechAmerica's Information Security Committee. Mr. Magrath is also a member of the Healthcare Information and Management Systems Society (HIMSS) and is a Certified Smart Card Industry Professional (CSCIP).


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.