LIBERTY ALLIANCE. Case Study: Aetna Enhances Secure Provider Portal with SSO and SAML 2.0. The Company. Key Objectives



Similar documents
IDDY. Case Study: Rearden Commerce Delivers SaaS Via Federation WINNER

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

Privacy, Security, and Trust with Federated Identity Management

New Zealand Sets the Pace for SAML 2.0 Deployments

Managing Trust in e-health with Federated Identity Management

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

EduTech Deploys Federated Identity for Maximum Impact

AmeriHealth Caritas District of Columbia. Administrative Ease & E-Solutions

White paper December Addressing single sign-on inside, outside, and between organizations

RealMe. Technology Solution Overview. Version 1.0 Final September Authors: Mick Clarke & Steffen Sorensen

The Role of Federation in Identity Management

Physician Health Care Provider. Quick Reference. CIGNA HealthCare 2006

Kantara Initiative Workshop. Identity as Security Glue for the Cloud. Matthew Gardiner CA Inc. & Chris Sharp MEDecision. Title of Presentation

IDDY. Case Study: ConAgra Deploys SSO for Travel Planning

Gaps in Patient-Centric Healthcare Standards. IEEE Health IT Standards Study Group March 29, 2006

CCUMED Complete Behavioral Health EHR and Practice Management Solutions

Centricity Group Management. Complex challenges demand proven solutions

AT&T Healthcare Community Online - Enabling Greater Access with Stronger Security

Dr. rer. nat. Hellmuth Broda

Case Study: Bluewin Implements Liberty Alliance Specifications for Single Sign-On

Federation Proxy for Cross Domain Identity Federation

Blue Cross Blue Shield of Georgia. Frances Phillips Senior Network Relations Consultant And Ron Lawrence Director of Network Management

SAML SSO Configuration

Identity Management for Interoperable Health Information Exchanges

Securing Physician and Patient Portals for HIPAA Compliance

Need a healthcare package that fits in with your practice?

The Top 5 Federated Single Sign-On Scenarios

HIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions

Practice management system criteria checklist

Helping provide financial security Medicare Supplement Insurance

Identity Management. Critical Systems Laboratory

AT&T Healthcare Community Online

Flexible Identity Federation

The Primer: Nuts and Bolts of Federated Identity Management

HIMSS Interoperability Showcase 2011

Single Sign On. SSO & ID Management for Web and Mobile Applications

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

A Guide to Choosing the Right EMR Software. A Guide to Choosing the Right EMR Software

Google Apps Deployment Guide

Helping provide financial security Medicare Supplement Insurance

Identity Management Overview. Bill Nelson Vice President of Professional Services

Managed Care Organization and Provider Forum Region 3 June 24, 2013

Identity: The Key to the Future of Healthcare

The Primer: Nuts and Bolts of Federated Identity Management

M E D IC A RE SUP P LEMENT INS URANCE. P L A N S A, B, F, High Deductible F, G, N HELPING PROVIDE FINANCIAL SECURITY

Basics of the Healthcare Professional s Revenue Cycle

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

The Patient Portal Ecosystem: Engaging Patients while Protecting Privacy and Security

Improving Security and Productivity through Federation and Single Sign-on


M E D IC A RE SUP P LEMENT INS URANCE BASIC PLAN WITH OPTIONAL RIDERS EXTENDED BASIC PLAN CO-PAYMENT PLAN HIGH DEDUCTIBLE PLAN

SCRIPT FOR PROVIDER/ACO PHONE INQUIRIES. What is an ACO?

Application Provider Opportunities

Extend and Enhance AD FS

Cloud SSO and Federated Identity Management Solutions and Services

How to select a practice management system

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Business Transformation

How To Use Zh Openemr

Get EnABELed with ABELMed

Open Source Identity Integration with OpenSSO

Achieving meaningful use of healthcare information technology

Introduction to SAML

Lesson s From the Granddaddy of Federation

SINGLE SIGN ON FOR HEALTHCARE PROVIDERS AND CONSUMERS

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Provider Solutions. Sutherland Healthcare Solutions

Clever School District Whitepaper

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Uniting IAM and data protection for greater security

Provider Solutions. Sutherland Healthcare Solutions

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

A secure and auditable Federated Identity and Access Management Infrastructure. Serge Bertini Director, Security Canada

Evaluating IaaS security risks

An Oracle White Paper Dec Oracle Access Management Security Token Service

Case Study: EIfEL Makes E-Learning and Resume Sharing Secure with Liberty Standards

1) How does my provider network work with Sanford Health Plan?

HIMSS Interoperability Showcase 2011

Secure the Web: OpenSSO

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

OPENIAM ACCESS MANAGER. Web Access Management made Easy

NATIONAL HEALTH POLICY FORUM. January 2010

EDI Solutions Your guide to getting started -- and ensuring smooth transactions bcbsga.com/edi

Case studies in Identity Management for Meeting HIPAA Privacy and Security Requirements

Understanding your Aetna UN PPO Plan and Medicare Part B medical benefits

Kaiser Permanente Affiliate Link Provider Web Site Application

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Standards and Interoperability: The DNA of the EHR

EHR AND IHIS DEVELOPMENT. Standards, Perspectives and Approaches. Rudi Samoszynski International Consultant Health Systems

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

Dental Orientation. Molina Healthcare

The Benefits of an Industry Standard Platform for Enterprise Sign-On

How to Best Select an EHR and The new HITECH Stimulus Act What you need to know

Frequently Asked Questions

NextGen Patient Portal User Guide. Version 2.0

D.I.M. allows different authentication procedures, from simple confirmation to electronic ID.

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Transcription:

Case Study: Aetna Enhances Secure Provider Portal with SSO and SAML 2.0 The Company Aetna is one of the nation s leading diversified health care benefits companies, serving approximately 37.2 million people with information and resources to help them make better informed decisions about their health care. Aetna offers a broad range of traditional and consumer-directed health insurance products and related services, including medical, pharmacy, dental, behavioral health, group life and disability plans, and medical management capabilities and health care management services for Medicaid plans. Customers include employer groups, individuals, college students, part-time and hourly workers, health plans, governmental units, government-sponsored plans, labor groups and expatriates. Key Objectives Aetna sought to provide role-based access control to a portal that would offer healthcare providers access to Aetnahosted applications and transactions through a single signon (SSO), and delegate office administration of this access to providers. The Initial Drivers for Single Sign-On Aetna conducted research to help identify and better understand what their healthcare providers needed. Focus groups showed us that our providers wanted a portal that they could access for multiple payers, said Chere Parton, head of Aetna Provider esolutions. Then separately, we defined our internal needs which included having the capability of providing additional products and services to these providers in a highly secure way. Aetna s Deployment Wins a 2008 IDDY Award Aetna was recently honored by the Liberty Alliance with an IDDY Award (IDentity Deployment of the Year). The IDDY recognizes identity-based applications built using Liberty Federation (including SAML 2.0), Liberty Web Services, Liberty People Service and Liberty Advanced Client specifications. Aetna s deployment is garnering raves throughout the industry. It stood out to the IDDY judges for the following reasons: Aetna and NaviMedix have successfully collaborated around the Liberty principles of party federation. They ve established re-use through interoperability standards and avoided pointto-point solutions. Using SAML 2.0, they are also positioned for the circle of trust and ID assurance principles in their enterprise architecture continuum. From a business perspective, this collaboration has enhanced the experience between Aetna and its providers. Aetna s Secure Provider Web site via NaviNet offers a superior security model to support its strategic direction of offering important information only to the appropriate users in a provider s office. This model positions Aetna to support clinical decision tools, i.e., patient care alerts, and a host of upcoming clinical initiatives. - 1 -

Moving Forward: Addressing Privacy and Security Aetna made a strategic decision to convert a home-grown portal, internally designed and constructed at Aetna, to an externally hosted online provider portal that would not only include a variety of tools, transactions and content hosted by Aetna, but would also include interfaces with third-party Internet Application Service Providers and Content Service Providers. If you want a good challenge as an IT security strategist health care is the place to be, said Aetna s Head of Security Architecture Mark Coderre. We have the ultimate need for accuracy and privacy given customer interests in online health information and privacy. Beyond those industry-specific concerns, Coderre said, Aetna s challenges were similar to those any organization faces when seeking to share confidential information: Identifying the legal agreements that need to be in place to protect trusts Coordinating the technical and legal requirements of multiple parties Agreeing at an early stage about the definition of identity Avoiding the privacy risks of collusion Strong deployments come from careful business analysis, which Aetna has certainly done well. Liberty s specifications follow the same process of first identifying needs and quantifying needs, with very careful attention paid to privacy and global policy considerations, and then creating technological solutions. We applaud Aetna for such a sound process, which is clearly reflected in a smooth, successful deployment. We are very pleased to award Aetna with a 2008 IDDY Award for this excellent work. -Britta Glade Director of Marketing, Liberty Alliance Aetna addressed these issues via SAML 2.0, a standard for exchanging authentication and authorization data between security domains. The question of what makes up an identity is critical because it forms the basis of the SAML assertion, said Coderre. If that s ambiguous, then the sanctity of SAML doesn t mean anything. This is a critical issue since the portal uses SAML 2.0 for single sign-on with an integrated Federated Identity Management process allowing providers seamless access to information across all systems. - 2 -

Aetna s Solution Aetna was able to convert its existing proprietary portal to a more sophisticated, delegated access portal operated by a third-party provider, NaviMedix. Beginning in Fall 2007 and reaching completion in June 2008, Aetna deployed the portal to offices representing 300,000 providers and staff, scalable to 500,000. The portal supports 30 transactional functions, including Claim Status Inquiry, Referral, pre-certification, Eligibility and Benefits. NaviMedix, a leading innovator in automating health care provider communications, had worked with Aetna previously, and Aetna chose NaviMedix for this project after a thorough search. NaviMedix s experience in role-based security systems was a major factor in Aetna s choice, as was its ability to give providers access to multiple payers while allowing each payer to offer differentiated products and services through the portal. The solution puts the responsibility to oversee access to the portal in the hands of physicians and healthcare providers, rather than in Aetna s. Previously, we would try to understand the structure of each [provider s] office, said Chere Parton. Whether one person should have access to eligibility, or a pre-certification transaction, or a referral transaction. It s difficult to know that, as a health insurer. The new portal puts those decisions in the hands of the healthcare providers. How It Works: Federation in Action Federated ID Management aligns IDs and roles between NaviMedix as an IDP, and Aetna as an SP-IDP. In this model, Aetna is positioned as its own hub, between upstream portals and downstream service-providers, with an insulated method to reassert IDs and entitlements in a transitive manner. The Federated Identity Management process keeps identification information in both systems synchronized. This ensures that access to information is regulated consistently irrespective of the point of entry of the user. This helps in meeting HIPAA PHI (Protected Health Information) requirements. Aetna has been a leading force and early adopter in the federation space, said Matthew Gardiner, Principal at CA, a longtime Aetna solutions provider. They ve been matching technology to real business requirements. They ve continued to adapt early and often. They are recognized market leaders. - 3 -

New Features The new portal offers several attractive new features for healthcare providers: Providers can set access within Aetna s Secure Provider Web site for different users, with increased, HIPAA-compliant security options. For example, health care providers can give staff, those responsible for appointments and check-in, access to eligibility information only, while accounting staff may have additional access to claim and payment information. Providers security officers can also set up customized access to important messages from Aetna according to users roles. Free real-time transactions are available with Aetna as well as other payers, including major health plans and the Medicare program. Enhanced administrative options provide one-stop service. Only one username and password is needed to interact with Aetna or other health plans. Improved functionality provides customized transactions with more detail and easier navigation. Health care providers can check eligibility and benefits in real time, submit or inquire about claims, review claim payment policies, view and print explanations of payments online within 24 hours of claims processing, obtain electronic remittance advices, access Aetna s education site and conduct many other activities. Easy-to-use support tools help providers use the site and manage transactions. New Services: Care Considerations and the Personal Health Record (PHR) Aetna sends Care Considerations alerts about patients health care to physicians through a NaviMedix platform called Navi- Net. Care Considerations identify possible gaps in care, drug-to-drug or drug-to-disease interactions, and more; they are derived though the MedQuery program, developed by ActiveHealth Management, an independent subsidiary of Aetna. Aetna had previously sent these Care Considerations by phone, fax or mail, but NaviNet allows them to also arrive by e-mail or as electronic alerts when a provider conducts any transaction involving the patient. For example, Parton explained, when a provider makes an eligibility benefit verification the most common portal transaction a Care Consideration, which is based on Aetna s data including claims history, current medical, lab and pharmacy claims and patient demographics, pops up to alert the physician of an issue that requires attention. Electronic delivery offers the advantage of efficiency, timeliness, and no paper to file or lose, as well as the security of all NaviNet transactions. Separately, Aetna has also given members the capability to make their personal health records (PHRs) available to treating physicians through NaviNet. These PHRs include information from Aetna s claims system as well as non-claims medical information entered by Aetna s members (the patients) themselves; patients have the opportunity to review, change and retract access to this information at any time. - 4 -

The Benefits The NaviNet site allows providers to make their own decisions about access to benefits information, and makes that information available in a clear, timely manner. More information about patients improves patient health; members get better care, Parton said, and improved health outcomes. Feedback has been very positive, said Parton, who also explained that the transition to the new portal has been smooth. If anything, I ve been surprised at how smoothly it s gone. ROI of Federation Single sign-on (SSO) was designed between NaviMedix and Aetna applications minimizing redevelopment and giving a common portal presentation to providers. Enablement of web service transactions with federation is also having impact. As a result of this implementation, we expect savings in a number of areas, said Parton. There s reduction in calls to service centers, elimination of paper-based communications and increased utilization of electronic administrative tools. Looking Forward For Aetna, the future of information sharing is now. Federation point-to-point is one thing, but where this will lead is web federation with multiple parties, and Aetna s already got those scenarios, said Coderre. The legal and technical logistics get more complicated as you put more parties together to satisfy a common transaction. Organizations such as Liberty Alliance are essential to navigate this process. Coderre said that Aetna s work with Liberty, the Healthcare Information Technology Standards Panel (HITSP), and the Institute for Information Infrastructure Protection (I3P) has been extremely helpful, and will be even more so going forward. Being able to prove that you can safely link this data is going to be key to a higher adoption of new products such as the Personal Health Record, Coderre said. The cumulative efforts of Project Liberty, HITSP and I3P should be able to provide that safe linking of information without increasing the threat. Liberty s Identity Assurance Framework (IAF) is especially important, he added, Because not every registration is going to be based on in person vetting. - 5 -

About Liberty Alliance Liberty Alliance is the only global identity community with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trust-worthy internet by addressing the technology, policy and privacy aspects of digital identity management. Liberty Alliance is also the only identity organization with a history of testing vendor products for true interoperability of identity specifications. Nearly 80 products and identity solutions from vendors around the world have now passed Liberty Interoperable testing. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty SAML 2.0 Federation, Liberty Web Services, OpenID and WS-* specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org. - 6 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information