How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon Institute Research Report
How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison Ponemon Institute, June 2011 Introduction Ponemon Institute is pleased to present a comparative analysis of Imprivata Single Sign-On (SSO) with other companies that offer SSO technology. The analysis is based on a research study sponsored by Imprivata to determine what IT practitioners think about the influence SSO is having on the healthcare industry. Single sign-on automates the login process, enabling clinicians and IT practitioners to login only once to their desktop in order to gain faster access to applications removing clicks, keystrokes and complex passwords. In light of the rigorous data security requirements in the healthcare industry, SSO and authentication management are almost always deployed together. The combination is growing in popularity because, as shown by our research, it increases employee productivity, reduces helpdesk calls, and strengthens security. We surveyed a total of 404 individuals who work for healthcare organizations and who use SSO technology. They work in private and public hospitals or integrated delivery healthcare systems. Most of the respondents work in IT functions such as operations, data security, IT compliance, quality assurance, network management, helpdesk operations and other key MIS functions. Of the 404 participants in the study, 65 are customers of Imprivata. Bar Chart 1: Frequency of competitor SSOs used in healthcare organizations Microsoft Sentillion Vergence 19% Imprivata IBM Tivoli Access Manager Encentuate HealthCast exactaccess 1 14% 16% Carefx Fusionfx 12% All others combined CA Technologies Passlogix v-go Single Sign-on Novell SecureLogin 7% 6% Bar Chart 1 shows the frequency of seven SSO products or brands that are known to compete with Imprivata s. Twenty-nine companies represent the other category, which is composed of nominal companies in the SSO marketplace. Comparison of to other SSO providers 2% 4% 6% 8% 1 12% 14% 16% 18% 2 We compare to an aggregate sample of its competitors based on IT practitioners responses to survey questions about clinician satisfaction, efficiency, economic impact and security. Most of our findings compare respondents who use versus those who use another single sign-on (competitor) solution. This cluster of competitors includes seven leading SSO providers as shown in Bar Chart 1 above. Ponemon Institute Research Report Page 1
Clinician satisfaction Bar Chart 2: Is your SSO solution important to increasing clinician satisfaction? 9 8 7 6 5 4 3 2 1 8 73% 1 11% 12% 3% Yes No Unsure According to Bar Chart 2, 85 percent of users believe SSO increases clinician satisfaction within their healthcare organization. In comparison, 73 percent of respondents using other SSO solutions believe this to be true. Survey respondents were asked to rank the order of six most likely reasons for deploying SSO in their healthcare organization. While not shown in a graphical presentation, users rank clinician satisfaction as the number one reason for using this solution. In contrast, improved security is the number one reason for using competitors solutions. Efficiency Bar Chart 3: Does your SSO solution simplify access to applications and data? 10 9 8 7 6 5 4 3 2 1 92% 81% 1 8% 4% Yes No Unsure In our survey we defined efficiency as the total time and related cost savings experienced through the use of SSO versus other authentication methods or not using SSO at all. Bar Chart 3 shows 92 percent of users versus 81 percent of competitor solution users believe SSO simplifies access to applications and data within their healthcare organization. Ponemon Institute Research Report Page 2
Bar Chart 4: Why do you believe single sign-on improves efficiency? Directly observed improvements 3 3 Word-of-mouth or comments from clinicians or other users Experienced improvements as a user 26% 2 23% 21% Measured productivity improvements 7% Informal belief or gut feel 9% 1 1 2 2 3 3 4 Bar Chart 4 shows a majority of both and other SSO users say they have either directly observed productivity improvement (35 vs. 30 percent) or personally experienced efficiency gains as a single sign-on user in the workplace (21 vs. 23 percent). Bar Chart 5: Does single sign-on improve healthcare operations? Significant improvement and some improvement combined Improves the efficiency of clinical operations Improves physician access times to EMR applications 63% 69% 82% 88% Improves the efficiency of IT operations 7 Improves the efficiency of administrative activities Improves physician adoption of EMR applications 67% 73% 71% 1 2 3 4 5 6 7 8 9 10 Clinical, IT operations and administration all realize improvements in efficiency. According to Bar Chart 5, 88 percent of users, versus 69 percent of other SSO users, state single sign-on improves the efficiency of clinical operations. Seventy-five percent of users versus 61 percent of other SSO users state single sign-one improves the efficiency of IT operations. Finally, 73 percent of users versus 67 percent of other SSO users believe single sign-on improves to the efficiency of administrative activities. Seventy-one percent of users versus 61 percent of other SSO users believe SSO facilitates clinician adoption of electronic medical record (EMR) applications. Further, 82 percent of users versus 63 percent of other SSO users believe single sign-on reduces physician access times to EMR applications. Ponemon Institute Research Report Page 3
Bar Chart 6: How much time does single sign-on save clinicians and IT practitioners? Extrapolated values in minutes per day Time in minutes 16.0 14.0 12.0 10.0 8.0 6.0 4.0 2.0-14.6 14.8 Clinicians 8.1 IT practitioners 9.3 As shown in Bar Chart 6, the extrapolated average time saving for clinicians who use is 14.6 minutes per day, versus 8.1 minutes per day for users of other SSO solutions. Similarly, the time saving for IT practitioners who use is 14.8 minutes per day, versus 9.3 minutes for the cluster of other competitor s products. Hence, appears to lead to greater time saving than the cluster of other SSO providers. Economic benefits of single sign-on Bar Chart 7: Do you believe that the single sign-on solution supports your organization s effort to demonstrate the meaningful use of electronic medical records? 7 6 5 4 3 2 1 59% 2 22% 16% 16% Yes No Unsure Bar Chart 7 shows 61 percent of users versus 59 percent of other SSO users believe single sign-on solutions support their organization s effort to demonstrate the meaningful use of EMR and related information systems. 1 1 The Health Information Technology for Economic and Clinical Health (HITECH) Act (enacted as part of the American Recovery and Reinvestment Act of 2009) defines what healthcare providers need to show in order to qualify for Medicare and Medicaid electronic medical record (EMR) incentives for the meaningful use of certified EMR technology. By putting into action and meaningfully using EMR systems, healthcare providers receive financial incentives. Ponemon Institute Research Report Page 4
We asked both and other SSO users to estimate the cost savings associated with SSO deployment in their organizations. Table 1 reports our extrapolation method for determining these cost savings. As can be seen, we estimate an average annual cost savings per clinician of $4,102 for and $2,278 for other competitors solutions used in healthcare. 2 Table 1: Assumptions for clinicians Calculus Average time saving for clinical staff every day in minutes A = Survey 14.6 8.1 Average number of clinicians using single signon B = Survey 786 763 Time savings for all clinicians per day in minutes C = (A x B) 11,461 6,180 Extrapolated time savings for all clinicians per day in hours D = (C / 60) 191 103 Cost of average clinical staff member per year E = Estimate $135,000 $135,000 Cost of average clinical staff member per day F = (E / 250 days) 540 540 Cost of average clinical staff member per hour G = (F / 8 hrs) 67.5 67.5 Cost savings for clinicians each day H =(G x D) $12,894 $6,953 Cost savings for clinicians each year I = (H x 250 days) $3,223,482 $1,738,231 Cost savings per clinician each year J = (I / B) $4,102 $2,278 Bar Chart 8: Perceptions about SSO and its impact on healthcare organizations Strongly agree and agree response combined Single sign-on improves the security of information, applications and IT infrastructure in my organization Single sign-on improves the efficiency of clinical operations in my organization Single sign-on improves the efficiency of administrative and IT operations in my organization Single sign-on improves my organization s ability to comply with data protection and privacy requirements such as HIPAA Efficiency improvements realized from single sign-on translate into tangible cost savings 54% 7 5 7 53% 7 69% 38% 4 1 2 3 4 5 6 7 8 Bar Chart 8 reports 75 percent of users and 54 percent of other SSO users believe single sign-on improves the security of information, applications and IT infrastructure within their organization. Sixty-nine percent of users and 61 percent of other SSO users believe single sign-on improves their organization s ability to comply with difficult data protection and privacy requirements such as those espoused under HIPAA. 2 The extrapolated savings shown in this analysis are based on the assumption that clinician efficiency improvements reduce headcount. Alternatively, we could assume that the efficiency gain actually generates more time with patients, thus increasing hospital revenues. Ponemon Institute Research Report Page 5
Caveats Ponemon Institute independently conducted all phases of this project including the survey design, survey administration and the analysis of OneSIgn and other SSO users (two separate samples). Despite careful sampling, data collection and analysis procedures, there is always a possibility that the two samples of respondents were not representative of the underlying population of SSO users in the healthcare environment. There is also the possibility that survey questions did not fully capture each respondent s candid opinions about the SSO products that are presently deployed by organizations. Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute Research Report Page 6