Skip to content

Photo by iStock

Minimizing Insider Risks at Hospitals With AI-Driven Automation

The recent shortage of medical professionals and hospital workers in the United States has healthcare institutions struggling to locate and hire full-time replacement employees. As a result, healthcare organizations are turning to temporary and contract staffing services to fill vacancies. Although this is a good immediate solution, temporary staffing presents a new set of challenges including higher operating expenses—temporary personnel can cost as much as three times more than full-time employees—along with risks related to physical security and access violations.

To compound the issue, temporary workers often have simultaneous assignments working or serving in multiple healthcare facilities. Even if he or she is working for the same healthcare organization, a temporary employee might travel from one campus to another, possibly carrying multiple badges, access codes, and keys.

These credentials are all required to grant temporary workers various access permissions, depending on their specific role and location. To ensure the correct access rights and levels are granted, hospitals must assign additional on-site resources, including security personnel, who will need to verify each temporary access credential issued to medical staff.

Issuing a credential or badge to temporary workers can be a challenge because the credential should include the employee’s picture capture and identity verification. Another challenge is maintaining the employment status of the temporary worker and the life cycle of the badge in lockstep with each other. Often, an off-boarded worker’s badge remains active for a long period after his or her employment has ended, posing additional risks to the organization.

The end user ultimately decides which contractors would have access to a system, with predetermined levels of access in accordance with cybersecurity mandates determined by the user. The solution itself is encrypted from end to end, but the cyber-well-being of the contractor is typically part of a contractual agreement between the organization and the third-party labor source.

Strategic Contractor Management

Healthcare organizations can improve the management of contracted or temporary workers in several ways, and they can also improve their operational safety and security in the process. Here are some highly effective solutions to strategically manage contracted workers:

  • Implement an automated process for on- and off-boarding contingent workers, including setting access permissions for each location and timing, badging, and credentialing.
  • Create and implement a secure, Web-based badge application process to collect all prerequisites (training confirmations, proof of identity, background checks, picture capturing) that are needed to confirm work assignment eligibility and security checks related to contract workers.
  • Implement an automated badge application review and approval process.
  • Implement an automatic termination of physical access immediately upon expiration of prerequisite criteria for all locations within an organization’s facilities.
  • Delegate administration of contracted workers to the worker’s company to comply with the hospital’s processes, thereby increasing accountability and saving time and money for hospital administrators, including those in human resources (HR).
  • Ensure the access management systems can support easy badge and company access audits for real-time compliance as well as mitigating and reducing risk.

Merging Physical Identity and Access Management

Although the above list may first appear to be daunting and expensive to implement, modern physical identity and access management (PIAM) types of software offer a fully automated solution to manage contractor identities and physical access, mitigate risks, and minimize error-prone manual processes. PIAM solutions can also help manage staff identities, including physicians, nursing staff, and other full-time employees within the organization.

PIAM solutions can leverage data from multiple departments within an organization—such as HR, physical access control systems, and other security systems—to generate identity authentication and access provisioning decisions.

Software that can generate security and access decisions based on an organization’s rules can benefit a healthcare facility and its employees by saving time and reducing risks. For example, automated physical security workflows across the enterprise can provide real-time visibility of all relevant access data, along with data-driven recommendations to predict and suggest physical access rights with full transparency and explanations. This facilitates implementation of a “one badge solution” across all of the organization’s facilities, allowing authorized personnel to easily gain access to where they need to be, easily, quickly, and securely.

By controlling and regulating contractor access, PIAM ensures that each contractor’s level of system access adheres to strict cybersecurity policies. Crucially, these systems employ advanced encryption for all contractor records, rendering them impervious to ransomware threats. In addition to compliance being part of contractual obligations, a PIAM system can actively verify contractor identities—validating identifications, matching photos with identification documents, and confirming medical credentials when necessary. This level of verification and access management not only controls and oversees contractor entry, but also significantly reduces the risk of ransomware infiltration through unauthorized or vulnerable access points—enhancing the overall cybersecurity posture in the organization.


Janette Evans is the director of healthcare projects for Vector Flow. She partners with healthcare organizations across North America to help solve their physical identity and access management challenges. Evans is passionate about helping healthcare organizations harness the power of their data to enhance security and compliance, mitigate risks, and decrease costs. Based in Dallas, Texas, Evans has been a member of the security industry for more than 14 years. For more information on PIAM software offered by Vector Flow, click here.