Authentication Methods

Your organization, in this case, a multi-hospital health system, has just purchased and is in the process of implementing a drug dispensing system to be used by pharmacists and nurses to obtain and administer drugs to patients.

There is a wide range of drugs that are needed for patient care all the way up to heavy narcotics.

How would you recommend setting up authentication standards for this type of system?

What controls/techniques would you put in place to ensure you knew who was pulling what from the system?

Would you go as far as to use a form of dual-factor authentication knowing operationally the clinical staff are typically in a hurry and don’t have time to deal with all this “authentication” business…after all, they’re in the business of providing patient care, not managing access- what roadblocks do you foresee and what operational/political balancing act will you have to perform for buy-in to such a program where it relates to authentication?