Single Sign On not enough?

A major concern for hospitals is the security and accessibility of their computers, applications and data. Clinicians often share a common user name and password with several of their peers in an area of the hospital in order to make it easy for them to sign on the computer and not have to waste time switching users. With several users logged in together, it is impossible for the hospital to track what each individual user is doing in the system to construct an audit trail. Recently, HIPAA reviewed these practices and recommended changes to improve the security risks. They no longer want user names and passwords to be shared and instead want each user to be identified in the system.

The most practical solution to this problem is the use of a Single Sign On product. Single Sign On would allow each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials. Results from a Single Sign On pilot in the healthcare market revealed some concerns though with Single Sign On. Their concern was that the e-mail applications of the users might be available to others. The users voiced concerns that they felt very protective over their e-mail and wanted to make sure that no one is viewing their personal information.

This concern could be easily alleviated though with Two-factor Authentication. Two-factor Authentication would ask users to present two forms of identification (pass card, pin code, USB token, etc.) in order to access the workstation which would ensure security of their e-mail accounts. The conjunction of Single Sign On and Two-factor identification solves the HIPAA problem of security while also addressing the users concerns of privacy of their email accounts. The Two-factor Authentication also allows for fast user switching thereby reducing time spent by clinicians waiting on their profile to load.

More information on Single Sign On and Two-factor Authentication on our website.