Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Similar documents
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Password Management Before User Provisioning

How can Identity and Access Management help me to improve compliance and drive business performance?

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Automated User Provisioning

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

Identity and Access Management

Regulatory Compliance Using Identity Management

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Identity and Access Management Point of View

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Alleviating Password Management Demands on Your IT Service Desk SOLUTION WHITE PAPER

Extending Identity and Access Management

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Softerra Adaxes Enterprise Directory Solution

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

VERGENCE TM : TECHNICAL DATA SHEET

The Return on Investment (ROI) for Forefront Identity Manager

The Top 5 Federated Single Sign-On Scenarios

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Identity & access management solution IDM365 for the Pharma & Life Science

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

TOP. Steps to Success. TOP 10 Best Practices. Password Management With a Plan.

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

Secure network guest access with the Avaya Identity Engines portfolio

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Self-Service Active Directory Group Management

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Integrated Identity and Access Management Architectural Patterns

Department of Information Technology Active Directory Audit Final Report. August promoting efficient & effective local government

Windows Least Privilege Management and Beyond

Security management solutions White paper. Extend business reach with a robust security infrastructure.

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Leveraging the Synergy between Identity Management and ITIL Processes

etoken TMS (Token Management System) Frequently Asked Questions

NetWrix SQL Server Change Reporter

Streamline Enterprise Records Management. Laserfiche Records Management Edition

Integrating Hitachi ID Suite with WebSSO Systems

Passlogix Sign-On Platform

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Presentation to House Committee on Technology: HHS System Identity & Access Management

Securing the Cloud through Comprehensive Identity Management Solution

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

Oracle Role Manager. An Oracle White Paper Updated June 2009

CA Service Desk Manager

Cayosoft Administrator. Modern Administration. Cayosoft.com. Unify, Simplify and Secure Microsoft Administration. Features at a Glance

Track-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution

Choosing an SSO Solution Ten Smart Questions

SAM Enterprise Identity Manager

LANDesk Service Desk. Outstanding IT Service Management Made Easy

How To Create A Help Desk For A System Center System Manager

NetWrix SQL Server Change Reporter

The Unique Alternative to the Big Four. Identity and Access Management

WHITE PAPER. iet ITSM Enables Enhanced Service Management

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Course 50382A: Implementing Forefront Identity Manager 2010 OVERVIEW

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Kaseya IT Automation Framework

Novell to Microsoft Conversion: Identity Management Design & Plan

JIJI AUDIT REPORTER FEATURES

Business-Driven, Compliant Identity Management

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

Supplier Information Security Addendum for GE Restricted Data

Identity and Access Management Memorial s Strategic Roadmap

Advanced Configuration Steps

RSA SecurID Two-factor Authentication

Oracle WebCenter Content

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Identity and Access Management: The Promise and the Payoff

Securing Remote Vendor Access with Privileged Account Security

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

How To Manage Security On A Networked Computer System

User Management Tool 1.5

Extend and Enhance AD FS

Authentication: Password Madness

DOCUMATION S CUSTOMER SERVICES SOLUTION

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Business-Driven, Compliant Identity Management

The CIO s Guide to HIPAA Compliant Text Messaging

MassTransit Leveraging MassTransit and Active Directory for Easier Account Provisioning and Management

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

Transcription:

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS The promise of reduced administrative costs and improved caregiver satisfaction associated with user provisioning can be realized through a wide range of implementation approaches. Given the significant and unique challenges user provisioning poses to healthcare organizations, many providers will benefit by employing a phased approach to implementation. provision foundation (formerly Sentillion provision and recently acquired by Microsoft) enables these providers to deploy basic workflows that manage the creation and termination of Active Directory and Microsoft Exchange accounts while retaining the flexibility to add additional systems and data over time. Through a combination of deployment technology and an entry-level, fixed price services plan tailored specifically to the healthcare industry, the provision foundation approach creates a lower risk, low cost path to realizing speed benefits while positioning the healthcare organization to seamlessly evolve to a more comprehensive provisioning deployment. HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT Healthcare organizations face unique complexities when automating user provisioning. Many caregivers and other key resources are not employed directly by hospitals and are often contracted or are temporary employees (such as students, residents, Locum Tenens, and agency staff). This increases the risk of personal healthcare information (PHI) being compromised as well as posing challenges in providing access to the systems required to initiate immediate patient care. Further, the wide diversity of job functions and specialties within a healthcare organization place unique burdens on those tasked to define roles and manage access privileges on a granular basis. Also, healthcare IT professionals are stretched to the limit as they grapple with a variety of complex, enterprise and departmental-level, clinical and business implementations, leaving fewer resources for a comprehensive user provisioning development and deployment. While the benefits of a full user provisioning system are well-documented, these complicating factors require a practical approach: Creating a baseline for deployment via the establishment of Active Directory and Microsoft Exchange accounts and growing from there. While the benefits of a full user provisioning system are well-documented, there are complicating factors that require a practical approach, like the creation of a baseline for deployment via the establishment of Active Directory and Microsoft Exchange accounts and their continued growth.

CHALLENGES PATIENT CARE: QUICKLY GRANTING ACCESS Quality patient care requires that healthcare practitioners be granted fast access to basic network and communication resources, such as printers, network drives, shared files, web applications, VPN, and e-mail. Yet in many healthcare organizations, this process can take two weeks or more. provision foundation provides Zero Day Provisioning through simple onboard workflows that enable clinicians to gain this access on the first day that they arrive to treat patients. These workflows can be quickly and easily configured, eliminating the manual work required to set up Active Directory and Microsoft Exchange accounts and freeing up IT resources to work on more complex, clinical application deployments. SECURITY: FAST TERMINATION One of the most common security deficiencies cited by auditors is the ability to quickly disable accounts associated with caregivers leaving a healthcare organization. This lack of relevant controls increases the potential for inappropriate disclosure of PHI and the risk of legal prosecution and damaged reputations. The resulting security holes are exacerbated by the accumulation of privileges as caregivers and administrative personnel are transferred and promoted. Further, the high proportion of temporary professionals flowing in and out of a healthcare organization increases the risk of data leakage. By solidly establishing identities and accounts in Active Directory, provision foundation enables immediate user termination and the disablement of Active Directory and e-mail accounts. COMPLIANCE REPORTING: DEFINING WHICH USERS HAVE What Resources Regulatory pressures require healthcare providers to validate access privileges to ensure that policies relating to PHI are enforced. All transactions related to user and access information are automatically posted to an audit database, including when Active Directory and Microsoft Exchange requests are initiated and approved, by whom, and when. provision foundation also supports the generation of reports that match what resources users have to what they should have according to security policy. This provides the basis for meeting attestation requirements for HIPAA, The Joint Commission, Sarbanes-Oxley, and internal audits with fewer IT and user management resources. Capabilities Unlike traditional provisioning implementations, the provision foundation approach presumes a phased approach in which the scope of the initial implementation is narrowed to a predetermined set of critical, standardized workflows, requiring only the initial population of Active Directory accounts and simple policy decisions relating to Active Directory and Microsoft Exchange. 2

FIGURE 1. PROVISIONING WORKFLOW PROVISIONING WORKFLOWS New Account Creation and Management Create and modify Active Directory and Microsoft Exchange accounts with attributes based on role templates representing users with similar access rights and job responsibilities. This includes the ability to assign users to Active Directory Groups and Organizational Units (OUs). New accounts and account attribute changes are synchronized immediately and automatically reflected in the user interface. 3

User Deprovisioning Enable fast termination of user accounts while retaining information supporting the continuation of patient care. Requestor/Approver Workflow Provide user interface and e-mail based workflow for requests and approvals. Administrative personnel will be able to initiate requests for e-mail access privileges and prompt approvers to verify user and Active Directory access information. Clinical supervisors, specialists, and other managers will be able to verify information associated with Active Directory privileges and approve requests via e-mail. Provide an option for establishing policies for e-mail access (mailbox size, location) based on department code, job code, or facility/cost center information imported from your organization s human resource (HR) system. Contractor Workflow Provide user interface and e-mail based workflow to manage the provisioning of temporary clinical professionals such as medical students, traveling nurses, and Locum Tenens. Includes the ability for approvers to define contractor expiration dates, be alerted to impending expirations, and extend contractor engagements. INTEGRATION Active Directory and Microsoft Exchange Integration Automate the connection between user provisioning actions/workflows and Active Directory and Microsoft Exchange using Microsoft bridge technology. HR Triggers Initiate account creation and user disablement automatically based on user additions and deletions to provider HR systems. Self-Service Profile Management Enable users to create and modify their personal profile information within Active Directory. Provisioning for SSO and Context Management Enable provisioning actions and generate credentials for Vergence (formerly Sentillion Vergence and recently acquired by Microsoft) clinical workstation and Microsoft expresso (formerly Sentillion expresso and recently acquired by Microsoft) SSO solutions. Authentication Validate identity of users via authentication data stored in Active Directory via user name/password pairs or expresso SSO credentials. Automate the generation of user IDs and temporary PINs for initial user access. Password Reset Allow users to reset their own passwords if expired or forgotten without calling help desk personnel. Audit Trails The Microsoft provision logs details associated with the user, such as account add and delete as well as request and approve transactions, including those automatically initiated by the HR system. Store audit line items in a SQL Server database to facilitate the creation of summary and detailed reports for compliance audits describing who took what provisioning actions and when. 4

Compliance Reporting Provide three standard reports: Account Access By User Lists which users have access to which applications Terminated Users Lists users whose accounts have been disabled upon termination and when they were terminated Provisioning Transactions Lists all provisioning actions including name of provisioner and provisioned user, when the action was taken, and for what application Architecture Lay the foundation today and build the framework for future applications 1. One, easy-to-use web interface All users interact with the system via a single, intuitive web interface. The users are exposed to only those provisioning actions that they can take according to security policy. This interface represents a central dashboard for ultimately managing access for all target applications beyond Active Directory and Microsoft Exchange once clinical information systems are added to the workflow. 2. Simple, e-mail based workflows The provisioning engine generates workflows that eliminate the manual effort traditionally associated with managing access privileges. These workflows connect IT/security and clinical staff via a combination of e-mail and various web-based prompts requiring minimal IT intervention. 3. Automatic HR feed Changes in user role/status and account information within the provider s HR system automatically triggers corresponding information to be updated within the web-based provisioning interface. This capability drastically reduces IT resource requirements and generates a high return on investment for provisioning implementations. 4. Infrastructure for audit & compliance reporting provision foundation includes out-of-the-box SQL databases for audit and compliance. The audit database contains a record of every provisioning action taken, by whom, and when. The compliance reporting database provides summary tables that list who has access privileges for which accounts as well as who should have these privileges according to policy. Both databases provide the basis for responding to HIPAA and The Joint Commission audits in an automated, timely manner. 5. One authoritative source Active Directory acts as the single source of truth for user identities and associated attributes, eliminating the complexity and potential for errors associated with managing multiple identity stores. 6. Extensible to clinical applications The provision foundation architecture can be extended to any and all clinical applications without requiring programming-intensive changes to database schemas or elements of the provider s existing infra-structure. This architecture sets the groundwork for automating the provider s complete healthcare provisioning process, including physical items such as pagers and stethoscopes as well as additional identifying information, such as license and DEA numbers. 5

FIGURE 2. PROVISIONING WORKFLOW SERVICES Extensive Healthcare IT Implementation Experience Microsoft provides professional services to support the implementation of the provision foundation. Each member of this staff is exclusively dedicated to the healthcare industry and is an expert in multiple facets of identity and access management (IAM) solutions for clinical, administrative, and personal productivity applications. Microsoft IAM solutions have been implemented at over 219 customers worldwide, including, including 5 of the top 10 pediatric hospitals and 6 of the top 14 hospitals ranked by US News and World Report. 6

Each provisioning project is staffed by a dedicated, healthcare-savvy project manager and business analyst as part of a larger project team. The team follows a formal methodology incorporating defined processes and best practices for provisioning, starting with a discovery and scoping meeting and ending with the completion of mutually agreed upon project milestones. Fixed Priced Services Plan The provision foundation is a tightly managed set of services to deliver provisioning basic policy definition, role templates, workflows, and integration capabilities for Active Directory and Microsoft Exchange in a four week timeframe. Benefits of a Modular Approach Realize early wins By taking a module approach to implementation, healthcare providers can realize tangible physician satisfaction and cost reduction benefits early in the deployment cycle and promote these successes internally to build momentum for a broader deployment of Clinical Information Systems (CIS). Establish policy consensus By focusing on Active Directory and Microsoft Exchange initially, providers can tackle the most basic policy decisions first (such as establishing which Active Directory Groups get e-mail access and what size mailbox is appropriate for which roles), and then apply that knowledge to the deployment of future applications. Accelerate planned and future CIS deployment Identifying and establishing Active Directory accounts is often a critical pre-requisite for CIS implementations. These accounts provide the authoritative source and authentication mechanism for all future clinical applications. Quickly establishing a clear view of all identities and accounts will accelerate the deployment of any CIS system, resulting in improved patient care. A COMPLETE IDENTITY AND ACCESS MANAGEMENT OFFERING provision foundation is one of two stepping stones to a full provisioning deployment. provision foundation plus one offers the same Active Directory and Microsoft Exchange capabilities plus a platform for implementing one clinical information system of the healthcare provider s choice. The provision family, together with Vergence clinical workstation solution and expresso (both formerly from Sentillion and recently acquired by Microsoft), and the Microsoft desktop virtualization solution, represent the industry s most complete, integrated, and healthcare-oriented identity and access management offering. For more information visit us at www.whatsnextinhealth.com or contact us at info@sentillion.com. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information