Password Solution for Regulatory Pain

 
 
By Bill McQuaid  |  Posted 2010-04-08
 
 
 

Regulatory and other challenges unique to the health care sector prompted Parkview Adventist Medical Center, an acute-care hospital in Brunswick, Maine, to re-evaluate its IT investments. Bill McQuaid, Parkview’s CIO and assistant vice president, explains how the institution’s IT team combined all its data into a single Health Care Information System, while deploying a single sign-on solution combined with finger biometrics. These changes reduced IT support costs and resource requirements, while also increasing user productivity.

For years, Parkview Adventist Medical Center had taken a best-of-breed approach with interfaces to health care information systems, deploying a variety of niche solutions for everything from admissions to radiology. Besides making IT management increasingly complex, this approach led to discontent among the medical center’s 350 clinicians, who complained about the need to constantly sign in and out of critical applications.

SEE RELATED STORY: A Healthy Prescription

In addition, the clinicians were not interested in new applications. That made persuading them to buy into advanced clinical applications a real challenge.

Further complicating matters, strict regulations like the Health Insurance Portability and Accountability Act (HIPAA) were put in place to protect patient information. Another area of contention was the Computer Physician Order Entry (CPOE) system, which requires doctors to use computers to order their own products.

SEE RELATED STORY: Reaching Stage 6

Under these restrictions, we had to protect patient information, while giving clinical staff the ability to walk up to any workstation and securely log onto the network. The staff needed real-time access to applications and information that would enable them to provide timely care and service to patients. What we needed was a solution that could address all these issues and concerns.

One password, One Fingertip

Our leadership IT team set out to combine all the institution’s data into a single Health Care Information System (HCIS). After evaluating a number of technologies, we determined that clinical applications from Medical Information Technology (MEDITECH) would best serve the hospital’s needs. We also saw an opportunity to strengthen security and relieve the clinicians’ login/logout pains by deploying a single sign-on (SSO) solution combined with finger biometrics.

When our IT team began investigating SSO solutions that would work with the MEDITECH system and support finger biometrics, we received advice from reseller Forward Advantage. This led us to Imprivata OneSign, an appliance that strengthens network and application security by enabling easy, secure SSO to any application, whether Web, client/server or legacy. We found two features particularly useful for us: the all-in-one package and the easy deployment.

The SSO technology lets each user sign on to all our applications using a single password. Plus, we incorporated finger biometric scanning into the solution, which enables our doctors and nurses to log on to any PC with a single fingertip swipe. Because finger biometrics offers strong authentication, this improves IT security and helps meet compliance guidelines.

Users enroll one or more fingerprints via a scanner, which records them in a file associated with each user’s identification information. Thereafter, when logging on, the user scans his or her fingerprint, which is compared with the print on file to complete the authentication process.

The finger biometric readers are placed on stationary PCs or on computers on wheels (COWs) throughout the hospital. This gives clinicians the convenience of full access to the applications they need to be effective, while helping the hospital comply with HIPAA.

We knew our IT team would need the clinicians’ support to implement a new HCIS system, so when we went live with OneSign, we gave access to only a few clinicians. When others saw how easy it was to gain access to applications with SSO and finger biometrics, they became more interested in the project. Our staff and clinicians rushed to sign up for the training that was required before they could use biometrics.

A Valuable Lesson

With SSO and finger biometrics, the IT team was able to deliver full access to all hospital information with just one finger, which resolved the hospital’s security issues. (See “A Healthy Prescription” below.) In just six months, the IT staff implemented 29 MEDITECH modules, and shortly after that, the number grew to 43 modules. Within two days, the SSO solution was up and running.

Educating clinicians, staff, IT personnel and others helped us introduce the new technology. You can spend all you want on IT, but there’s nothing more powerful than education to overcome user resistance.

Bringing users on board early is crucial. If the value of the technology to them is obvious, they will make the adoption simpler and faster.

We also learned that conducting a comprehensive review of available solutions is invaluable. We discovered the importance of tying strong authentication with SSO, and learned that combining finger biometrics with SSO was an easy, efficient way to strengthen security, improve productivity and save money.

Perhaps what is most gratifying to us is that Parkview, a small hospital in Maine with a shoestring IT budget, became the 23rd hospital organization in North America to achieve Healthcare Information and Management Systems Society (HIMSS) Analytics Stage 6 status. (See “Reaching Stage 6” below.) Only 90 hospitals out of 5,166 are on the Stage 6 list.

Overall, the SSO and finger biometrics deployment eliminated the need for physicians and staff to memorize multiple passwords. With the help of our partners, we have cut help desk costs and improved employee productivity. Plus, clinicians are spending less time logging in and out of network applications—which has improved the security of patient data and overall patient care.

Bill McQuaid, the CIO and assistant vice president at Parkview Adventist Medical Center, is responsible for setting the center’s IT and security strategies, selecting vendors and implementing secure, cost-effective technology systems.