Identity and Password Management in Healthcare

As of late, Tools4ever has been implementing more solutions on the healthcare market and I wanted to take a look at our clients and ascertain if there are common issues that this market sector needs to address. Not surprisingly, there were a number of common themes in these accounts.

Shared User Accounts
One of the top reasons for implementing Identity Management in healthcare is the need to eliminate the “shared” accounts. Quite frequently, all the nurses on a floor will have one or more shared computers. Everyone utilizes the machine utilizing a common, generic account. The issue becomes security and privacy. It is impossible to restrict access or determine who is doing what and when.
Identity management solves this issue typically by linking an HR application to the Active Directory and creating individual logon accounts. Fast user switching, available in Vista and 7 makes this a quick process for busy healthcare professionals. Further, the Tools4ever Single Sign On product allows for credentials of users to be provided automatically fro authorized applications when utilizing fast user switching.

Downstream Provisioning
Active Directory and email systems are just one of the many applications that require user accounts. Pharmacy, medical records, radiology and IP phone systems are just the surface of what users need to have access accounts set-up and managed. By setting simple templates based on department and titles, it is possible to configure accounts in a majority of the applications and assign appropriate group and distribution lists as well. In more complex environments, the use of web-based workflow utilizing single or multi-level approval can be the first step in completing and advance Role Based Active Control (RBAC) matrix.

Stale Accounts
By far one of the most common issues, and the one with the most potential for security breaches, is the potential for stale accounts – accounts still active when an employee, consultant or temporary employee leaves. Tools4ever provides several of options for dealing with this issue. The first is to detect a terminate date or flag in the HR system during a daily synch and immediately disable the account. Another option is to scan the Active directory daily for unused accounts. IF an account has not been used in for example, 60 days, automatically send an email to the user’s manager notifying that the account will be disabled the next day if no action is taken. Finally, by implementing a strict policy of requiring a “disable on” date when creating accounts for consultants or temporary employees, automated email notification can take place warning of the impeding disable at 5 ,3 and day prior, allows time for an extension to be entered.

For further information please visit our website Tools4ever, Inc., or Click Here to download a health care case study or brochure.