Single Sign On access to the electronic health record (EHR)
Lately, numerous healthcare organizations have shown interest for Single Sign-On. With several audits and regulations in mind, the healthcare market is working hard to improve access security. Group accounts are replaced by individual accounts and password complexity requirements are tightened. Passwords must now meet increasing demands, such as a minimum length, contain a strange character and sometimes exclusion of known words such as the department name or the name of the institution. In addition, passwords must be changed regularly and simply increasing a digit is not allowed.
Privacy and access control
The enhanced access control is a good thing to ensure patient privacy and potential abuse of data. Unfortunately, these measures have a downside. Stronger access control not only makes it more difficult to gain access to systems and applications but access becomes more difficult for the care giver. The care giver is frequently required to access data quickly from multiple applications and multiple workstations. If all of these applications need a complex / strong password and these passwords are all different, it quickly results in frustration among the users! The IT department is quite often blamed and can become overwhelmed with password reset requests. To be able to quickly access the desired applications, users often place a note under the keyboard or on the side of the monitor with the passwords. It goes without saying, that from a security perspective this highly undesirable!
Access with Single Sign In
Fortunately, there is a strong security solution that combines a high degree of usability for the above problems. Enterprise Single Sign-On (SSO) allows care givers to quickly access applications and systems yet guarantees a level of optimal security. Enterprise SSO allows users, after logging in once, to access all applications and systems where the user is authorized. The SSO software then captures the login screen and provides quick access to data. The user now only needs to remember one password or in case of a secure card system, only use the card with code and skip the password altogether.
Authentication
At first glance, it appears that this solution might weaken the security since all major applications are now are behind a single access. In practice, the access security with SSO has greatly improved. The condition is that the user authentication is very well protected. Think of a strong password that should be changed regularly or the use of access cards (UZI card, RFID pass, smart cards, tokens or biometrics) and possibly combined with a code. If this card can also be used to log on to the computer and access to the EHR and other healthcare systems, the user friendliness for the healthcare market is optimal. Of course a high level of user friendliness also means a higher price tag. Authentication via a token card or biometrics takes a significantly higher investment than implementing single sign-on through a complex password. With the cuts in healthcare market and increasingly tight budgets, often the choice is made for single sign-on through a complex password. This still results in very fast access to data and provides significant user friendliness without high investments and long implementation times.
Technically, both offer a strong access security solution that fully meets the requirements of most auditors and regulations. The purported weakening of the security access brought on by implementing Single Sign-On appears unfounded in practice. Because the users only need to remember one password or even just carry a card, having to have the characteristic post-it style notes under the keyboard or monitor disappear and attackers can no longer easily access vital data. Also, the IT department can now implement a strict password policy without fearing major resistance from users.
Fast-user switching
In relation to Single Sign-On, the term fast-user switching is frequently used. Through fast-user switching, it is possible that users can quickly log on and access information, such patient data, in the Medical Records systems. The delay caused by logging on and off the Windows operating system is bypassed. In some networks, this log off/on can take several minutes and this is very discomforting, especially in the healthcare market. With Fast User Switching in combination with SSO, changing the user context is handled within the SSO environment and therefore a user can change from one account to another within 10 seconds. This functionality is appealing to doctors who, while performing their rounds, often have to logon to multiple workstations. For many hospitals, a long standing fear was that the abolition of group accounts would result in long delays while logging on shared computers. After all, the employees must identify themselves with their own username and password before they can access medical records. With fast user switching, there is no longer the long delay. Users can log in quickly on different systems -especially in combination with a card system, the user can access the information in various systems and applications within a few seconds.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment