Tips for Implementing Healthcare SSO and Strong Authentication
We often hear of security getting in the way when it comes to clinicians wanting immediate access to patient data. Since it's better to hear from one's peers, Imprivata asked some of its healthcare customers for tips on implementing single sign-on and strong authentication to eliminate password management headaches and how it facilitated making it easier for clinicians to get access to the records they need.
As we turn our attention to HIMSS 2009, we want to share our customers' advice, thoughts and concerns on how best to navigate through the employee access management obstacles:
'Make your users part of the process.' Seek their advice and learn their needs. We set up a physician steering committee to help guide our identity management strategy. It not only helped us to find the right product for our users' needs, but it helped us when the time came to roll out to the users. They were invested and ready to adopt the new system. Dr. Michael Westcott, Chief Medical Information Officer, Alegent Health
'Perform due diligence to find the best form of strong authentication for each of your user groups.' Remember that different user groups have different requirements for access. Make sure that the solutions that you are considering are flexible enough to accommodate the access needs of all groups - today and down the road. Dr. Stephen Patterson, Chief Medical Information Officer, H. Lee Moffitt Cancer Center - Tampa, Florida
'Understand the workflow of your shared workstation departments.' If more than one person will be using a given workstation, you must validate that the SSO solution will not harm or break the existing workflow. Some SSO vendors handle fast-user-switching well, others do not. A quick-and clean-log-off can be as important as a quick logon. Find and work with your workforce experts. They will be a huge part of your success-if you enlist their help at the beginning. Christopher Paidhrin, HIPAA and Security Officer, ACS/Southwest Washington Medical Center, Vancouver, Washington
The full 6-page paper, 'A Healthy Dose of Advice for Managing Clinician Access to Patient Data' is a quick read that outlines 20 tips that you may find useful to get the most out of healthcare access management initiative. Do you have any tips to add to the list? If so post them in the comments section for others to see.
Also, if you're at HIMSS 2009 in April, come by the Imprivata booth. And, check out Imprivata customers OhioHealth and Southwest Washington Medical Center when they talk about ‘Paperless Hospitals' and ‘HIPAA Audits', respectively. More details are available on our HIMSS 2009 events page.
Hope to see you there!
--David