Identity Governance - Where Data Access meets Compliance
In today’s compliance and regulation driven world, managing who has access to sensitive patient records is a thorny issue. Too much security and clinicians can’t get to the information they require to do their job. They waste valuable time trying to access systems, or they develop workarounds to circumvent security, just to get the job done. We all know what we mean here – smartcards left in readers, shared login details, sticky notes with passwords written on. It’s the stuff of compliance teams’ nightmares.
SSO – the doorway to enhanced value
Single sign on (SSO) provides fast access to systems, without the need to remember multiple complex login credentials. However, this is just the tip of the iceberg in terms of potential benefit to the healthcare organisation. Where SSO provides exponential value, is in its interoperability with other systems, for example, Identity Governance (IDG).
Automated role-based user profiles
With IDG precise role-based user profiles can be set up and assigned to staff during the on-boarding process. This means that they are able to hit the ground running, as soon as they step inside the ward, clinic, or out in the community, with access to all the applications they require, set up automatically. As people move roles within the organisation, they are simply assigned a new user profile, and when they leave, their account is de-provisioned immediately. Roles can be set up and managed centrally with input from department heads and managers. The process is automated making it as quick and efficient whether the person is permanent, bank, contract or agency staff.
Time saved puts focus on patient care
This automated approach to providing access to clinical applications and patient records enables clinicians to focus on providing excellent patient care, barely noticing the technology.
For other departments too such as IT, Security, Compliance and HR, IDG provides many additional benefits, and not least, considerable time and resource savings as manual tasks are automated.
IT no longer needs to manage user access during the on-boarding or off-boarding process. Furthermore, when a self-service portal is set up, users are able to manage their own passwords (a huge saving in terms of calls to the ServiceDesk for password resets), and request access to new applications, which can be approved or declined by their manager.
Security is maintained, with access to sensitive patient information tightly controlled on a ‘least privilege’ basis – staff have access to what they need, and no more. When staff leave user accounts are closed, which reduces the possibility of disgruntled ex-staff causing mischief – as was the case in this story: https://www.theregister.co.uk/2020/01/20/stoke_on_trent_hospital_hacker_9000_cardiac_images/?utm_source=dlvr.it
For the Compliance team, IDG provides a clear audit trail of who has access to what applications and records. User behaviour can be analysed, and any anomalies be logged. This not only ensures compliance with data regulations, it also demonstrates compliance – a key requirement of GDPR.
For more information about how Imprivata can help your organisation to streamline and automate user access based on roles, and improve Compliance, visit: https://www.imprivata.co.uk/uk/imprivata-identity-governance.