Improving Efficiency and Protecting Patient's Information by Automating the Identity and Access Management Process

Improving Efficiency and Protecting Patient's Information by Automating the Identity and Access Management Process

Credentialing staff and vendors to have access to the acceptable programs in an exceedingly timely manner and defend access to those systems was imperative for Memorial healthcare System, particularly if a variety of those systems provided access to non-public health information (PHI). From an IT perspective, the additional criteria included time-efficiency and agility to provide access to those systems.

A few years past, our provisioning method was done manually. We had to make, modify, or disable access to all or any accounts for workers and vendors one by one. With this setup, it could simply take an analyst up to a half-hour to make all requested accounts for each user.

With the shortage of standardization, there are delays and inconsistencies once processing access requests for brand spanking new staff or vendors. we tend to understand it had been necessary for the U.S.A. to hunt out a vendor we tend to might partner with to style an automatic method which may standardize the provisioning of accounts and increase our potency in providing the right access required.

Memorial Healthcare System engineered a task database that defines the applications and level of access each role needs to have supported the work functions and site of each worker or vendor. Our current Electronic Health Record (EHR) was the most drivers when building this role database, ensuring acceptable access to patient info was assigned to our ultimate users. The clinical, business and technical groups, alongside our Human Resources Department, collaborated to identify what applications and therefore the level of access needed for each job role.

After Identity Governance, our current Identity and Access Management system was implemented. What accustomed manually take up to a half-hour, it’s currently being processed automatically in seconds for several accounts at an equivalent time. For workers, the creation of the accounts, changes to their role thanks to transfers or promotions, or account terminations all happen automatically once there's any change in our Human Resources system. For vendors, we use the Identity Governance Portal to enter the seller information and choose an appropriate role. All accounts are automatically created with acceptable access supported the outlined role. By automating the provisioning of user and application accounts, our System Access analysts will now concentrate on a better quality of service, supporting our customers with extra access requests, and ensuring they need what they have related to the extent of access during a timely manner.

Another nice feature enforced was the power to watch once vendors’ accounts were set to expire. Before this implementation, vendors' accounts would expire, interrupting business operations and delaying any work the seller was performing while the access was valid by the sponsor then reinstated by the System Access team. With this new feature, the sponsor is notified via email 14 and seven days before the expiration date. The sponsor has the power to simply request an extension of the expiration date if required, avoiding any access interruption for the seller, therefore, saving money to the organization.

We also partnered with the seller to style the amount Access Review (PAR) method for all applications that are a neighborhood of Identity Governance. This is often an automated/online report sent quarterly to all or any employee managers and sponsors of vendors to verify if the applications and therefore the level of access granted to their direct reports remain correct.

The manager or sponsor can validate their current access, request a change, or submit a termination request if the direct report doesn't need access to a specific application. These requests go on to the MHS System Access Team, which expedite the tactic and keep a log of what was requested and by whom.

This electronic Periodic Access Review is fast and straightforward and has helped the US hugely to stay our patient data safe by removing unnecessary access to big systems and guarded Health data (PHI) in a very timely manner.

We are constantly adding new applications to Identity Governance and refinement our role database to continue improving the provisioning process at MHS.

Read Also

Achieving Information Security in Healthcare

Achieving Information Security in Healthcare

Dan Costantino, CISO, Penn Medicine
Impact on Diabetes and Hypertension Control Operational Schemes using Telemedicine Techniques

Impact on Diabetes and Hypertension Control Operational Schemes using Telemedicine Techniques

Anu Banerjee, Chief Quality and Innovation Officer, Arnot Health
HealthCare as it could Be in 2030

HealthCare as it could Be in 2030

Alan V. Abramson, Ph.D. SVP of Information Services & Technology and CIO, HealthPartners
Incorporating the Patient Voice into Trial Design: Insights Support Recruitment Success

Incorporating the Patient Voice into Trial Design: Insights Support Recruitment Success

Kelly Franchetti, Vice President, Global Patient Insights & Engagement, ICON plc and Mapi Group
Clinical Informatics and the Promise of Advanced Technologies

Clinical Informatics and the Promise of Advanced Technologies

Michelle Woodley, Chief Nursing Information Officer, St. Joseph Health
3 Elements for Advancing Population Health Strategies

3 Elements for Advancing Population Health Strategies

Patrick Young, President of Population Health, Hackensack MeridianHealth