Single Sign-On (SSO) Challenges in Healthcare
Is Your Organization Compliant with Identity Management Requirements?
Complimentary PDF Document on SSO Best Practices for Healthcare
NEWPORT BEACH CA USA -- HIT/HIPAA UPDATE NEWS SERVICET -- NOVEMBER 7, 2007: The challenge for many types of organizations is that users want easy and secure access to aggregated data across multiple systems. These systems include mainframe, distributed, Internet as well as mobile devices. Critical patient data typically resides on disparate systems and applications across multiple platforms. Employees want to review all relevant sensitive data before making decisions related to their job role and responsibility. There is a strong need to support the capability to centrally monitor and report (audit) access across all applications. This requirement can be met by using a combination of a single sign-on (SSO) and context management solution.
With a secure SSO solution, end-users will need to remember one password for access to key systems and applications they are authorized to use. With a context management solution, employees can access client records in multiple applications seamlessly. In this ecfirst.com executive briefing we examine the area of SSO and context management. We look at context management from the perspective of the healthcare industry where clinicians have to be able to see relevant patient information across multiple applications and databases. We review best practices for organizations to consider as they get started with initiatives to address user credential and integrated information challenges.
For example, take the case of a healthcare environment. This environment is particularly challenging because it requires:
- Caregivers may share a limited number of workstations
- Applications and information accessed is typically very sensitive and spread across several systems and applications
- Compliance requires audit trail of access to patient information
- Sign-on typically expected in seconds (quality of care is impacted by ability to access integrated information about patient across several applications)
Organizations typically struggle with physicians, nurses and others who must remember and use multiple sign-on information for many applications they need to access patient information from. A key area to address compliance requirements, reduce the possibility of errors, and provide faster access to integrated patient information is SSO and context management.
Organizations want an easy-to-deploy solution that is secure and efficient and simplifies accessing multiple password-protected Windows, Linux, Web and host-based applications. Users who share workstations need to be able to switch in seconds instead of performing a time-consuming full logon/logoff procedure.
It is critical for businesses to implement both SSO and context management. SSO is the beginning and provides for a unified logon experience. Context management is what enables clinicians in the healthcare industry to use their precious time efficiently by being able to quickly view all patient information from several applications integrated in their screen.
An integrated SSO and context management solution enables employees to quickly access authorized customer information by logging in only once. They then only need to select the customer once, select an encounter or an event once and have multiple applications synchronize to support a unified, singular view of the records. Both compliance requirements are met and the security of the organization is enhanced because it removes password vulnerabilities and provides for a graceful logout of applications.
In the ecfirst.com complimentary brief PDF we examine the broad area of identity and access management of which single sign-on is a key component and we review requirements related to context management. This work is based on compliance requirements that organizations are required to meet.
DISCUSS YOUR SINGLE SIGN-ON (SSO), IDENTITY MANAGEMENT AND COMPLIANCE CHALLENGES WITH ECFIRST.COM - HOME OF THE HIPAA ACADEMY.
E-mail Lorna for a complimentary copy of the SSO Exec Brief PDF for Healthcare.
ABOUT ECFIRST.COM:
ecfirst.com is a leader with rich hands-on experience delivering world-class security regulatory compliance solutions including a 2-day on-site assessment service to establish SSO requirements and priorities. The ecfirst.com Regulatory Compliance Practice delivers deep expertise with its full suite of services that include single sign-on, context management, contingency planning/Business Impact Analysis (BIA), vulnerability assessment, as well as managed compliance, security and IT infrastructure solutions.
ecfirst.com assists organizations with their compliance initiatives for a secure information infrastructure that is compliant with the HIPAA regulation. ecfirst.com can help you with your HIPAA challenges and priorities. ecfirst.com solutions help your organization implement the security safeguards required as a result of the HIPAA legislation. ecfirst.com, an Inc. 500 business, serves a Who's Who client list that includes numerous hospitals, state and county governments, and hundreds of organizations.
For more information, please visit www.ecfirst.com.
ABOUT HIPAA ACADEMY:
HIPAA Academy delivers compliance solutions across the United States every day. Our deep knowledge of the HIPAA and other regulations such as PCI DSS, FISMA as well with standards such as ISO 17799:2005 is substantiated with hands-on experience implementing technical solutions in the healthcare industry. The HIPAA Academy introduced the industry's first, and today's leading, credentials for HIPAA skills certification: Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSS). HIPAA Academy training courses and certification exams are now available on-line.
For more information, please visit www.HIPAAAcademy.net
# # #
