All About CSP

Posted by: Mary Pat Simmons January 04, 2016 Healthcare

Exostar is a Certified Credential Service Provider

No industry is immune from today’s increasingly sophisticated cyber threats, and that includes healthcare. Want proof? In 2015 alone, Anthem, Carefirst, Community Health Services, and Primera all have disclosed they have been victimized. As a result, over 100,000,000 records of sensitive, personally identifiable information have fallen into the wrong hands.

Healthcare providers, payers, and patients can better safeguard this information by insisting on stronger access controls to the systems and databases where this information resides and is exchanged. Having multifactor authentication protection achieves this objective.

In the past, single factor authentication, in the form of a username and password (“something you know”), provided sufficient security. Adding another factor (“something you have”), such as a physical card or token or electronic certificate, augments the access control solution and makes it more difficult for cyber criminals to successfully carry out attacks.

If healthcare systems require multifactor authentication to gain access, how do individuals obtain the necessary second factor credential? Enter a credential service provider. A credential service provider is an independent entity that works with healthcare systems owners to initiate, deliver, and maintain these credentials. What’s critical is finding the right credential service provider. Exostar, for example, has been certified as a full service credential service provider by the SAFE-BioPharma Association. Healthcare organizations can trust Exostar-issued credentials and accept them with confidence.

A credential service provider works with the system owner to determine what type of identity proofing must be completed before an individual receives a second factor credential. Identity proofing can be performed remotely or in-person. Individuals may be asked a series of questions only they should be able to answer, and/or they may be asked to present official documents such as birth certificates or passports to verify their identities.

Multi-factor authentication is used today to not only improve information security, but also in healthcare to reduce prescription fraud and abuse. In fact, New York has passed a law that will take effect in early 2016 making multifactor authentication a prerequisite to e-prescribing of controlled substances.

The value of multifactor authentication is undeniable. As multifactor authentication becomes the healthcare industry standard for system and data access, information will be better protected. Hopefully, that means fewer damaging data breaches in the coming year.