Radiology Ltd. removes application passwords, Saves 5 min/login and improves HIPAA compliance
- Long login times and multiple passwords
- Written down passwords posed security threat
- No audit trail for HIPAA compliance
- Reduced login time by 5 minutes
- Simplified login to the swipe of a fingerprint
- Clean audit trail meeting HIPAA requirements
Radiology Ltd. is one of the largest physician-owned group practices in Tucson and one of the top 50 largest private radiology practices in the US, providing diagnostic imaging services for more than seventy years. Locally owned and operated, Radiology Ltd. has 10 imaging centers across southern Arizona reading for three hospitals and carrying out more than 650,000 studies per year. With more than 45 board certified radiologists and more than 400 technical, clerical and administrative personnel Radiology Ltd. is dedicated to providing professional and technologically advanced imaging services. Radiology Ltd. radiologists also subspecialize in areas such as body imaging, breast imaging and intervention, cardiac radiology, interventional radiology, musculoskeletal imaging, neurointerventional radiology, neuroradiology and positron emission tomography (PET) nuclear medicine.
The business challenge
Radiology Ltd. employees had to log in to multiple different systems multiple times per day creating frustration and delays in accessing patient information. Radiologists and technicians interact with multiple systems as part of their interpretation process: PACS, RIS, enterprise document management systems, dictation systems, to name a few. As an affiliate of multiple hospitals, Radiology Ltd. staff need to access multiple versions of each of these systems depending on where the patient record has come from. Many of the workstations that are used to access image information are in high traffic, shared areas. In order to meet HIPAA requirements the applications timeout after a short period of inactivity to ensure the privacy of data – but if the radiologist is performing a procedure, this can lead to multiple re-authentications. Switching between applications, application timeout and the sharing of workstations between radiologists, technicians and researchers combined to create an issue where staff would be logging into a machine up to 8 times a day and having to launch and log in to multiple different applications within that session.
“To try to eliminate the constant re-launching of Windows and the applications, we had implemented a generic login to the desktop but this didn’t provide the level of audit data that we required to meet the HIPAA requirements,” commented Ron Cornett, Director of Information Technology at Radiology Ltd. “HIPAA wants information to be kept as secure as possible; radiologists want to be disturbed as little as possible. We needed a solution that provided us with the security to meet our HIPAA requirements while at the same time, taking away the pain of the re-authentication to the system and waiting for applications to load.”
A second concern was a number of remote workstations located within the hospitals with which they contract. The workstations reside in employee-accessible areas within the hospital and have direct network access to the Radiology Ltd. practice. The risk of internal exposure of protected health information to unauthorized staff required these workstations to be secured and provide a complete audit trail for each access.
The Imprivata OneSign solution
Radiology Ltd. selected Imprivata OneSign® Single Sign-On with Fingerprint Biometric Identification to provide a single login to all of the users’ applications. Fingerprint Biometric Identification provided the fastest, simplest way to access applications. “Imprivata’s No Click Access® literally enables the Radiologists to log into all of their applications by simply swiping their fingerprint – no typing of usernames or passwords and not even clicking a mouse.” Further integration enables Imprivata OneSign SSO to automatically launch all of a user’s applications and any dependent processes such as selecting the correct folders for the enterprise document management systems, minimizing the delay when switching between systems and also greatly simplifying the tasks that the user has to carry out. “The shared workstation capability that enables us to have windows logged in but secure the desktop and all the applications provides a solution that is fast and secure giving us the audit trail that we need for application access to meet our HIPAA requirements.”
In addition, the same solution was applied to the remote workstations in the partner hospitals to provide a consistent simple user experience and a single point of management and compliance reporting for both local and remote users.
Imprivata Professional Services provided the initial training to SSO-enable all the applications. “Within a couple of days we had our applications profiled and felt confident that we could easily maintain these applications and add more should the need arise,” said Ron Cornett. Roll out of the solution was done over the period of two weeks supported by a simple training class for the users.
Imprivata OneSign has automated workstation access and has significantly reduced the time and complexity of the login process for the Radiologists. “While removing the requirement to remember and input multiple passwords for each of the different systems, OneSign also launches each program needed – this was a manual process for the user previously and caused an issue with software working correctly,” stated Ron Cornett “With this automation, we’ve been able to reduce the total time for a Radiologist to access all their applications by about 5 minutes.”
By removing the use of a generic Windows password, Radiology Ltd has also been able to significantly improve their HIPAA compliance with every application accessed now being attributed to the correct user. Cornett said, “OneSign now provides us with a clean audit trail so that we are able to meet our compliance requirements. This was especially important to the Radiologists.”