Improving Efficiency and Protecting Patient's Information by Automating the Identity and Access Management Process

Improving Efficiency and Protecting Patient's Information by Automating the Identity and Access Management Process

Credentialing staff and vendors to own access to the appropriate programs in an exceedingly timely manner and defend access to those systems was imperative for Memorial healthcare System, particularly if a number of these systems provided access to personal health information (PHI). From an IT perspective, the extra criteria included time-efficiency and agility to supply access to these systems.

A few years past, our provisioning method was done manually. we had to form, modify, or disable access to all accounts for workers and vendors one by one. With this setup, it could simply take an analyst up to half-hour to create all requested accounts for every user.

With the shortage of standardization, there have been delays and inconsistencies once processing access requests for new staff or vendors. we tend to realized it was necessary for U.S.A. to seek out a vendor we tend to might partner with to design an automatic method which might standardize the provisioning of accounts and increase our potency in providing the proper access required.

Memorial healthcare System (MHS) engineered a task database that defines the applications and level of access each role ought to have supported the job functions and site of every worker or vendor. Our current Electronic Health Record (EHR) was the main driver when building this role database, ensuring acceptable access to patient info was assigned to our ultimate users. The clinical, business and technical groups, along with our Human Resources Department, collaborated to spot what applications and the level of access needed for every job role.

After Identity Governance, our current Identity and Access Management system was implemented. What accustomed manually take up to half-hour, it’s currently being processed automatically in seconds for several accounts at the same time. for employees, the creation of the accounts, changes to their role due to transfers or promotions, or account terminations all happen automatically once there is any change in our Human Resources system. For vendors, we use the Identity Governance Portal to enter the vendor information and choose the suitable role. All accounts are automatically created with the appropriate access based on the outlined role. By automating the provisioning of user and application accounts, our System Access analysts will now specialize in higher quality of service, supporting our customers with extra access requests, and ensuring they need what they have associated with level of access in a timely manner.

Another nice feature enforced was the ability to observe once vendors’ accounts were set to expire. before this implementation, vendors accounts would expire, interrupting business operations and delaying any work the vendor was performing while the access was valid by the sponsor and then reinstated by the System Access team. With this new feature, the sponsor is notified via email 14 and 7 days before the expiration date. The sponsor has the ability to easily request an extension of the expiration date if required, avoiding any access interruption for the vendor, therefore, saving money to the organization.

We also partnered with the vendor to design the period Access Review (PAR) method for all applications that are a part of Identity Governance. this is an automated/online report sent quarterly to all employee managers and sponsors of vendors to verify if the applications and the level of access granted to their direct reports remains correct.

The manager or sponsor can validate their current access, request a change, or submit a termination request if the direct report not needs the access to a particular application. These requests go directly to the MHS System Access Team, which expedite the method and keep a log of what was requested and by whom.

This electronic Periodic Access Review is fast and simple and has helped US hugely to keep our patient data safe by removing unnecessary  access to important systems and protected Health data (PHI) in a very timely manner.

We are constantly adding new applications to Identity Governance and refinement our role database to continue improving the provisioning process at MHS.

At Memorial, patient privacy is everyone's responsibility!