20 Practical Tips on Single Sign-On and Strong Authentication from Healthcare IT Professionals



Similar documents
A Healthy Dose of Advice for Managing Clinician Access to Patient Data. Tips for Implementing SSO and Strong Authentication

20 Practical Tips For High Performance Authentication and Access Management

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Boost Healthcare Security and Patient Care with Imprivata Enhanced VDI

Enabling Fast and Secure Clinician Workflows with One-Touch Desktop Roaming W H I T E P A P E R

Virtual desktops in hospitals: streamlining clinical workflows

Enterprise Single Sign-On City Hospital Cures Password Pain. Stephen Furstenau Operations and Support Director Imprivata, Inc.

VMware Point of Care Solutions. for Clinicians and Caregivers

Enterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask

Lots of workers, many applications, multiple locations......and you need one smart way to handle access for all of them.

Day One Employee Productivity and Increased Security: Integrated Provisioning and SSO

How to Optimize Epic Clinical Workflows with Imprivata

Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Successful EHR Change Management

Best Practices: Single Sign-On Drives Productivity, Security, and Adoption When Used with EHR at The Johns Hopkins Hospital

Endpoint Virtualization for Healthcare Providers

2013 HIMSS ANALYTICS REPORT:

North Kansas City Hospital delivers secure, point-of-care computer access anytime, anywhere

How to Implement Imprivata OneSign Single Sign-On and Authentication Management Successfully

The Business Case for Healthcare Access Solution

A Planning Guide for Electronic Prescriptions for Controlled Substances (EPCS)

By David Ting Founder and Chief Technical Officer Imprivata, Inc.

5 Day Imprivata Certification Course Agenda

PCI Data Security Standard

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Passlogix Sign-On Platform

IT S ABOUT TIME REMOVING TECHNOLOGICAL BARRIERS TO IMPROVE PATIENT CARE. Enabling Healthcare. Securely

SchoolBooking SSO Integration Guide

HOW TO ACCELERATE ADOPTION OF ELECTRONIC HEALTH RECORDS

Taming the Mobile File Sharing Beast

Made for MSPs by an MSP

Achieving HIPAA Compliance with Red Hat

Achieving HIPAA Compliance with Red Hat

INTRODUCING TALEO 10. Solutions Built for the Talent Age. Powering the New Age of Talent

and the software then detects and automates all password-related events for the employee, including:

HIPAA Compliance Use Case

Harnessing the Untapped Potential of EHR Systems

Would You Like To Earn $1000 s With The Click Of A Button?

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Adobe unlocks creative velocity.

Improving Clinician Workflow and Efficiency Overcoming IT Challenges at the Point of Care

VMware AlwaysOn Point of Care Desktop. with Indigo Identityware software for Fast Access & Strong Authentication with Roaming Desktops

HIPAA Security Matrix

Alcatel-Lucent OmniTouch 8600 My Instant Communicator Creating More Time for Patient Care through Effective Communications

How Single Sign-On Is Changing Healthcare: SSO Vendor Comparison

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Different Levels of Service for Different Stages of Electronic Medicine

Executive Summary P 1. ActivIdentity

Sybase Afaria. Comprehensive Management and Security for the Mobile Enterprise PRODUCT BROCHURE.

The following outlines an effective, proven process for assuring your practice makes the best, most well informed EHR system and vendor decision:

5 Group Policy Management Capabilities You re Missing

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Cloud Collaboration Study: Benefits of a secure & easy to use collaboration platform

Enterprise IT Shops Attack Single Sign-On and Authentication Challenges with Secure Appliance Platform from Imprivata

Easy to Use, HIPAA Compliant, Heterogeneous Data Protection

The CIO s Guide to HIPAA Compliant Text Messaging

An Oracle White Paper December Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

Big Data at Cloud Scale

How To Use A Vmware View For A Patient Care System

Securing Data on Portable Media.

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

QRadar SIEM 6.3 Datasheet

101 Things to Know About Single Sign On

Vyom SSO-Edge: Single Sign-On Solution for BMC Remedy

Imprivata SSO: Enabling an Effective Password Policy. By Alan Sonnenberg Chief Security Officer, Imprivata, Inc.

IBM Tivoli Access Manager for Enterprise Single Sign-On

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

Flexible Spending Account Administration Best Practices

DICTATION & TRANSCRIPTION. INFO@DOLBEY.com

Make technology your business advantage

How to Select the Right Remote Support Tool

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

CHIS, Inc. Privacy General Guidelines

Chapter 1 Scenario 1: Acme Corporation

EHR implementation requires commitment and planning. When it s done right, everyone benefits.

Top 5 Reasons to Choose User-Friendly Strong Authentication

Advanced Authentication Methods Determining the Best Fit for Your Agency. Strong Authentication. Simplified.

Password Management: History, Costs, Problems and Pain Points, and Solutions

IBM Cognos Express Essential BI and planning for midsize companies

Top Reasons for CEOs to Choose Unified Communications: Bringing Benefits to Users, Business Decision Makers and IT Pros

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

YOUR QUESTIONS ANSWERED. A Practical Guide to VoIP for Small Businesses

Fast and Effective Migration from Novell to Windows Active Directory with VMware Mirage WHITE PAPER

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Server-based Password Synchronization: Managing Multiple Passwords

Eight Ways Better Software Deployment and Management Can Save You Money

10 Hidden IT Risks That Might Threaten Your Business

etoken Single Sign-On 3.0

The Business Owner s Guide to Selecting CRM

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

customer care solutions

Business white paper. Successful EHR Change Management. Roles and responsibilities

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

EMR BIG BOX DISSATISFACTION Pushes Demand for Specialty Specific Systems

Transcription:

20 Practical Tips on Single Sign-On and Strong Authentication from Healthcare IT Professionals

You know your care providers need faster access to patient data, and that accessing applications and searching for patient data is time consuming and frustrating for them. Security requirements get in the way and cause disruption to their workflows. To address these issues, you need to eliminate password headaches and increase care provider satisfaction without negatively impacting patient data security. The answer is single sign-on (SSO) and strong authentication. At times like these, you need expert advice - not from a vendor, but from actual peers who have successfully deployed SSO and strong authentication at their hospitals - from those who have measured the results against the investment, and can share their experiences. So, we approached some of our healthcare customers and asked them what advice they d give to other hospital IT executives who are contemplating the implementation of SSO and strong authentication. What follows are 20 valuable tips for successful procurement, implementation and deployment. 1. Perform due diligence to find the best form of strong authentication for each of your user groups. Remember that different user groups have different requirements for access. Make sure that the solutions that you are considering are flexible enough to accommodate the access needs of all groups today and down the road. Chief Medical Information Officer H. Lee Moffitt Cancer Center - Tampa, Florida 2. Look for a tool that is appropriately sized for your organization. SSO comes with lots of bells and whistles. Enterprise single sign-on solutions that integrate with your existing identity management systems -- in our case, Active Directory -- will save money and maintenance. 3. Understand how the solution(s) you choose work with technologies from other vendors. Multiple vendors can and will work together if you push them. If integration is an important element of your project, bring it up early and don t move ahead without knowing that the vendor is committed to making it happen. Information Security Operations Director OhioHealth - Columbus, Ohio

4. Understand the workflow of your shared workstation departments. If more than one person will be using a given workstation, you must validate that the SSO solution will not harm or break the existing workflow. Some SSO vendors handle fast user switching well, others do not. A quick and clean log-off can be as important as a quick logon. Find and work with your workforce experts. They will be a huge part of your success if you enlist their help at the beginning. 5. Engage your users early on. Before you roll out - perhaps even before you have purchased - do a product demonstration for them. Odds are the users will be blown away with the simplicity of the authentication process and will clamber to sign up. In our case, it was the SSO and Strong Authentication solution that actually got the physicians excited about implementing the entire healthcare IT solution. Parkview Adventist Medical Center - Brunswick, Maine Before you roll out - perhaps even before you have purchased - do a product demonstration for them. Odds are the users will be blown away with the simplicity of the authentication process and will clamber to sign up. 6. Don t reinvent the wheel. In many cases, you can take advantage of the technologies that you already have in place; for example, your proximity cards. Take an inventory of the technologies that your organization already owns and look for solutions that work well with your existing IT environment. IT Manager Spaarne Ziekenhuis - Hoofddorp, Netherlands 7. Talk policy, not just machines. Soft peddling security policy does not work. I tell new employees that Big Brother lives and breathes at the medical center and the last person they want to see is me walking into their bosses offices with audit logs. 8. Consider your remote users. If you have non-employees, remote contractors or partners, how will their provisioning be managed? Do you have one or more authentication data stores (Active Directory, Novell, RADIUS, others)?

Take an inventory of the technologies that your organization already owns and look for solutions that work well with your existing IT environment. 9. Write a user deployment plan and share it with your users. Communication with users is critical to success. People are averse to change even when it is for the better. Don t spring a new technology on them. Send email messages and hang posters communicating the benefits of SSO and strong authentication. Let them know what s in it for them. Let them know that their workflow won t change. 10. Develop a tightly managed internal security policy before you deploy any authentication and access management solutions. Though we are not bound by HIPAA, we feel that it is good practice to comply and follow guidelines where ever it makes sense. Our internal policies dictate that certain user access is limited to certain systems. Having our security policy defined and understanding the requirements helped us to come up with a deployment strategy to match that policy. Infrastructure Director The Henry M. Jackson Foundation for the Advancement of Military Medicine, Inc. - Rockville, Maryland 11. Do not over promise. Once they have the convenience of SSO and strong authentication for access to critical applications, department heads will want every user enabled for every application. Stick to your plan and don t promise what you can t deliver. Administrator Lake Forest Hospital - Lake Forest, Illinois 12. Know the cost of failure. If you have to remove the solution for whatever reason, what is that going to require? The nice thing about our solution is that it is architected in a way that is non-intrusive to the applications. That means that it never touches the application code or requires an agent on the server. This was reassuring for me as I could tell myself that if the solution didn t work out, I could just unplug the appliance. With other solutions I would have had to undo a lot of scripting, and the reworking could end up taking longer and costing more than the install.

13. Understand that no two departments (user groups) are the same. Work with your super users well ahead of time. Help them to test, test and test. SSO is simple, but it is a change, and it ultimately affects everyone and everything. Identify unique users and PCs early on and have a plan for them. Systems Administrator The Credit Valley Hospital - Mississauga, Ontario 14. Make your users part of the process. Seek their advice and learn their needs. We set up a physician steering committee to help guide our identity management strategy. It not only helped us to find the right product for our users needs, but it helped us when the time came to roll out to the users. They were invested and ready to adopt the new system. Chief Medical Information Officer Alegent Health - Omaha, Nebraska 15. Plan for auditing and reporting. Know what types of audit and compliance reports will be required by your administration and be sure that your SSO solution can produce the appropriate results. Communication with users is critical to success. Send email messages and hang posters communicating the benefits of SSO and strong authentication. Let them know what s in it for them. Let them know that their workflow won t change. 16. Determine where and how SSO should fit into your IT security strategy. SSO is just one component of a complete identity management program. Yet it is one of the security features that we leverage in all the areas where equipment is used by multiple staff members, for multiple application access. The ability to easily lock a workstation and have all the applications protected is a real plus and requirement. 17. Think like a user. Before you deploy, put yourself in your users shoes and do everything you can to try to break the system. Then test, test, and test. You only have one chance to make a first impression with your doctors and nurses. Parkview Adventist Medical Center - Brunswick, Maine

About Imprivata Imprivata is a leading provider of authentication and access management solutions for the healthcare industry. Imprivata s single sign-on, authentication management and secure communications solutions enable fast, secure and more efficient access to healthcare information technology systems to address multiple security challenges and improve provider productivity for better focus on patient care. Over 2 million care providers in more than 1,000 healthcare organizations worldwide rely on Imprivata solutions. Imprivata is the category leader in the 2012 and 2013 Best in KLAS Software & Services Report for SSO, and SSO market share leader according to HIMSS Analytics. 18. Ask which strong authentication methods the products support directly. Even if you have already decided on a method for today, user requirements and technologies are apt to change, the price of devices can decrease, and you want to be sure that you have choices down the road. Also ask if strong authentication methods can be mixed and matched for different user groups. Network and Applications Analyst William Osler Health Centre - Brampton, Ontario 19. Keep it simple. For organizations whose staff log on to multiple workstations during the day, keeping the look and feel of SSO solutions the same is important. It is important to cut down on confusion. 20. Have a back-up plan. I enroll all ten fingers for each user. That way if a doctor or nurse has a cut or burn on their primary finger, they can move to another. As a last resort, all my users can fall back on a password. So far, we have not had any issues, but I can t take the risk of having a clinician locked out. Parkview Adventist Medical Center - Brunswick, Maine For further information please contact us at: 1 781 674 2700 or visit us online at www.imprivata.com Offices in: Lexington, MA USA Santa Cruz, CA USA Uxbridge, UK Paris, France Nuremberg, Germany Den Haag, Netherlands Copyright 2014 Imprivata, Inc. All rights reserved. Imprivata and OneSign are registered trademarks of Imprivata, Inc. in the U.S. and other countries. All other trademarks are the property of their respective owners. WP-20-Practical-Tips-HC-Ver1-0214

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information