Securing remote access with Imprivata Confirm ID

Key facts

Industry: Healthcare

Location: Davenport, Iowa

Beds: 665

Challenges

  • Enabling secure access to clinical applications from outside the hospital network
  • Creating a broad, connected security strategy
  • Ensuring convenience for users

Results

  • Securely access desktops from anywhere
  • Fast, convenient authentication via push token notification
  • Tightly integrated single sign-on and remote access solutions

Genesis Health System is a 665-bed system based in Davenport, Iowa, that offers a full continuum of care services in a 12-county region that covers Eastern Iowa and Western Illinois.

When the decision was made to move to virtual desktops, the IT team at Genesis also started to consider selecting and implementing a solution for two-factor authentication. Implementing such a solution would help to combat phishing attacks, as well a support a larger, enterprise-wide security strategy.

“The best way for us to mitigate risk is two-factor authentication,” says Dave VanDerHeyden, Infrastructure Manager at Genesis. “Being able to verify someone’s identity via their credentials, if they were set up to use two-factor authentication, is a great step toward ensuring the security of our health system.”

But VanDerHeyden and the team at Genesis needed to ensure that the two-factor authentication solution they put in place would be convenient for care providers and would support, not impede, established workflows.

The solution

After evaluating several two-factor authentication providers, Genesis selected Imprivata Confirm ID for Remote Access™ to help ensure secure but convenient access from outside the health system.

“Ultimately, whatever solution was selected will need to be used by our physician community,” says Dr. Anthony Carbone, CMIO at Genesis. “It had to be easy to use, it had to be reliable, and it had to be a solution that wouldn’t frustrate you while you were using it. Imprivata Confirm ID for Remote Access checked all of those boxes.”

Imprivata Confirm ID offers secure, yet convenient, authentication methods, such as push token notification, that can be leveraged across various workflows within the health system. This enables Genesis to meet its IT security requirements with an authentication workflow that is seamless for end users.

“Our physicians are happy with Imprivata Confirm ID for Remote Access,” says Carbone. “And the push token notification is quick and easy, so their workflows aren’t interrupted.”

Working with Imprivata: A trusted, strategic partner

Genesis Health System knew and trusted Imprivata as a strategic IT partner before implementing Imprivata Confirm ID for Remote Access – they had already been using Imprivata OneSign® for their single sign-on (SSO) needs.

“Continuing to build our partnership with Imprivata made us feel more comfortable,” says VanDerHeyden. “Because Imprivata OneSign and Imprivata Confirm ID are so tightly integrated, enrollment and management became much easier.”

Seeing the results

With Imprivata Confirm ID for Remote Access, Genesis Health System has bolstered their security strategy and helped to guard against phishing attacks.

“We’ve allowed remote access to all of the VDI desktops in our health system,” VanDerHeyden explains. “And implementing two-factor authentication from Imprivata made me feel much better about allowing that to happen, because I trusted the system we had in place.”

Perhaps the greatest benefit, though, is for clinicians, who are now able to securely access their desktops – and patient data – from anywhere.

“Our physicians are able to access crucial patient information from wherever they happen to be,” says Carbone. “And, with two-factor authentication in place, we can be sure that the security of the data is maintained. It’s a win-win for everyone.”

Down the road

Now that Genesis is using Imprivata Confirm ID for Remote Access, they’ve started thinking about how they can add two-factor authentication to a broader set of users and workflows.

“We’re looking to implement two-factor authentication everywhere,” says VanDerHeyden. “And knowing that we would be able to work with a trusted partner for all of our two-factor authentication needs gives us confidence that we can continue to improve security across our enterprise.”

 

PDF: