When the doctor walks up, the computer all but says hello
Computerworld - Strong network authentication can be enough of a problem in an office, but it's even more of an issue in hospitals.
In hospitals "and particularly in our emergency departments -- where clinicians are constantly moving between terminals outside of rooms and patients in them and where terminals may be shared by as many as 50 clinicians in a 24-hour period -- authentication has become a major pain-point for us," says Mick Murphy, chief technology officer at Sisters of Mercy Health System.
The situation is made more complicated because patient information is divided among three separate major systems -- a medical information system from Cerner, a McKesson financial system that holds demographic information, and a picture-archiving and communications system for medical images -- and because each one requires a separate password.
"Logging onto each of these [systems] and searching for the records of a specific individual every time a clinician moves to a new patient is completely untenable," says Murphy. "Our users would revolt. And, in the background, we have to maintain multiple separate user identity files for each user's access to each application."
But the privacy portions of the Health Insurance Portability and Accountability Act require strict accountability for every access of an identifiable medical record. This means that even in a physically secure environment, where only accredited clinicians can enter, everyone accessing the information must be separately identified in an audit trail. In a busy emergency department (ED) with shared terminals, that means that doctors need to log off each time they leave the terminal and each time they need to see a patient record.
And the public nature of hospitals, particularly crowded ED hallways, creates unusual security issues of its own.
"One thing we wanted to do was blank the screen whenever the clinician moved a certain distance away, to avoid leaving sensitive information on display where unauthorized people could see it," says Michael Gutsche, director of information security at the five-state, 18-hospital Catholic health care system.
At the same time, Mercy struggled with the usual problems of provisioning, deprovisioning and reprovisioning that plague many organizations. In recent years, manual methods have become a major productivity roadblock, forcing new hires to wait weeks for access to the data and systems they need to do their work, while behind-the-scenes IT staffers run through checklists, creating user accounts one at a time.
Mercy needed a role-based provisioning system that would let it associate each new hire with the appropriate role, such as "surgical nurse," and automatically generate the needed accounts. And, when someone leaves, allow the hospital to remove that person from the central provisioning system and automatically delete that person's access to background systems. This need is complicated by the typical hospital IT environment, with obsolescent, proprietary systems still playing central roles, because the budget has never allowed their replacement.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Digital Transformation: Creating New Business Models Where Digital Meets Physical
- Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
- Make the Connection: Better Network Connectivity Drives Transformation
- Network connectivity is more than just plumbing. Leading organizations today see high-performance network connectivity as a critical enabler of competitive advantage, and not...
- Virtualizing Government Infrastructure
- All server virtualization solutions are not created equal. The more-with-less agenda for government agencies is tailor-made for server virtualization, which is evolving into...
- Moving Service Management to SaaS
- Today, organizations can enjoy similarly substantial benefi ts by migrating their IT service management functions to a software-as-a-service model. This paper shows how...
- Achieving 360 Degree Network Visibility with Nimsoft
- 360° network visibility is critical for ensuring continuous availability of networks, servers, and applications-anything less could
have costly bottom-line implications.
All Networking White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Unified Communications 101
- What's the best way to implement a unified communications solution for your organization?
- Try the OptiView® XG on your network - FREE
- The OptiView® XG is the first dedicated tablet with automated network and application analysis -- fastest way to root cause. XG raises the...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and... All Networking Webcasts