RX for Faster AccessBy Bob Violino | Posted 2006-12-22 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Identity management software gives your company more control over who accesses business applications. It also makes it easier to add or cut off access on the fly. But why is that so difficult?
RX for Faster Access
Continuum Health Partners, a nonprofit hospital system in New York that comprises six hospitals and has more than 15,500 employees, in 2005 hired Novell to help improve systems access and desktop management, and address requirements to protect the privacy of patient records.
Novell's information-technology services group maintains all e-mail, authentication, file, print and identity infrastructure for Continuum's hospitals and 300 clinics. For identity management, Continuum began using Novell's Identity Manager software in January 2006, says Ken Lobenstein, chief technology and chief security officer at Continuum.
With Identity Manager, Continuum's I.T. department can automatically issue each employee in the organization a single ID number and password, rather than multiple passwords—sometimes as many as 10—as in the past.
The software also provides tighter access controls and enables better tracking of who accesses patient data and when. This helps Continuum comply with HIPAA, as well as with sections of the FDA's Code of Federal Regulations Part 11, which is designed to ensure that electronic records and signatures are trustworthy and compatible with FDA procedures, Lobenstein says.
Continuum evaluated other ID management products, but since the company already relied on Novell for directory and messaging services, the vendor's identity management system seemed "a natural choice," Lobenstein says. He estimates that the total cost to implement the system will be about $1 million.
With the tool, employees can now access e-mail, medical records databases, purchasing and personnel systems in 10 seconds or less with a single ID and password. Without the software, it can take up to five minutes for people to gain access to the systems they need to perform daily tasks.
Lobenstein says Continuum expects to reap other benefits, such as improving its process of granting access rights to as many as 400 different software programs, once the company links the identity management software with other data sources, including an HR directory and a nursing management system.
Personnel data from those sources will be fed into Identity Manager, which will be used for providing and taking away access rights, Lobenstein says: "It will reduce the time it takes to get an account set up from two or three weeks to an hour or so." It will take an hour or less to close an account when an employee leaves, instead of as long as one month, because the current process relies heavily on paper reports and manual processing.
The tool will help with the annual arrival of several hundred resident physicians. Each receives credentials before using the hospital systems. In the past, about a dozen workers manually collected and entered data to authorize access.
Now, Continuum downloads information about the physicians from a directory of the Association of American Medical Colleges into Identity Manager. In addition to time savings, the process helps Continuum avoid data entry errors by allowing direct electronic feeds among systems.
The biggest challenge with the technology? The up-front task of ensuring there is a single identity for each person, Lobenstein says. "We have literally hundreds of systems and have information about people scattered throughout those systems," he says. "There are a number of instances where data is not readily matched. There's no easy way to know that Ken Lobenstein in one system is the same person as Kenneth Lobenstein in another. You have to sort through pieces of information to determine that."
He says Continuum made a significant investment of time in the initial loading of identities from multiple sources, and then verifying that matching algorithms linked records from those multiple sources correctly.
Lobenstein, who did not provide metrics on Continuum's security improvements, says: "Security has three components: availability, integrity and confidentiality. The identity management program will support all three. By using identity management to provision new accounts quickly, we ensure systems are more readily available as members of the workforce are added."