Identity and Access Management in Healthcare: Automation, Security and Compliance

Guest post by Dean Wiech, managing director, Tools4ever.

Dean Wiech
Dean Wiech

Identity and access management (IAM) in healthcare continues to be a growing part of the industry. The management of identities, user accounts and access to both data and applications is a large task for hospitals and healthcare organizations. In the healthcare industry especially, the need to follow strict access and security rules and regulations exists, which makes IAM even more challenging. This need has led to newer solutions to meet the needs of healthcare organizations.

Here are the top four account management issues in healthcare that can be significantly improved:

Onboarding of Employees

The first issue that many healthcare organizations face is efficiently onboarding new clinicians and employees. For example, when a new doctor or nurse begins employment, they need their account created, and the correct access to the systems and applications they require in order to assist patients. The issue is, too often, new employees are waiting idle while all of their access and accounts are created.

By streamlining and automating the account management processes, this issue can be improved. Automating the process allows administrators to easily enter new employee’s information into a source system, such as the HRM system and check off which systems the employee needs access to and accounts in; and the new accounts are automatically created.

Changes to Accounts

Next, there is the issue of movement or changes to an employee account throughout their employment. Often, clinicians need to contact their manager to ask for permission for a change to or additional access, who then in turn needs to contact IT or HR to have the change carried out.

IAM software with workflow management capabilities has evolved to assist with this situation. A web portal with workflow can be set up so that employees can easily request changes to their account and then have it securely carried out.

As an example, a nurse moves to a different unit, or floor, and needs access to a different set of data or applications. A nurse can easily request the access through a portal and the request is automatically sent to the correct people for approval. Once the approval is given, the change automatically is made. If the request needs multiple levels of approval, it will move to the next person in line. In addition, all of these changes are logged so that the healthcare organization knows exactly what changes are made, when they were made and who approved them.

Continue Reading

HIMSS15 Trade Show Vendor Highlight: Tools4ever

In this series, we are featuring some of the thousands of vendors who will be participating in the HIMSS15 conference and trade show. Through it, we hope to offer readers a closer look at some of the solution providers who will either be in attendance – with a booth showcasing and displaying key products and offerings – or that will have a presence of some kind at the show – key executives in attendance or presenting, for example.

Hopefully this series will give you a bit more useful information about the companies that help make this event, and the industry as a whole, so exciting.

Elevator Pitch

Tools4ever is focused on ensuring secure and compliant user and authorization management, which is often complicated within healthcare institutions because of the relatively high employee turnover and absenteeism. Deploying an automated identity administration solution that integrates with EHR systems will automate the user account lifecycle and help to resolve these problems. In addition, healthcare employees often need quick, but secure access to many different systems and applications. Tools4ever’s password management solution can help reduce many of the password issues clinicians’ experience.

About Statement

Tools4ever distinguishes itself through a no nonsense approach and a low total cost of ownership. In contrast to comparable identity management solutions, Tools4ever delivers a complete solution in just weeks rather than months or years. Thanks to this approach, Tools4ever is one the largest vendors in IAM with more than 5 million managed user accounts. Tools4ever delivers a variety of software products and integrated consultancy services covering identity management and access management, such as user provisioning, password management, and single sign-on (SSO).

Founder’s Story

Jacques Vriens established Tools4ever in 1999 and has expanded Tools4ever into a global software company. The initial focus was on tools for system administrators but building upon the knowledge and experience gathered in the early years, he quickly expanded the product portfolio into identity and access management.

Continue Reading

Health IT Savings Must Factor into ROI

Dean Wiech
Dean Wiech

Guest post by Dean Wiech, managing director, Tools4ever.

No matter the industry, each time a purchase is made, business leaders always want to know what they are getting in return for their financial investment. Questions frequently asked include: “How is this going to help me?” and “What is my return on investment?” Another phrase, often uttered by “Mr. Wonderful” Kevin O’Leary from the popular show Shark Tank is, “What am I getting for my investment?”

By examining the answers to these questions, business managers and organizational leaders must ensure that their budget is being adhered to and that purchases by the organization are considered, or proven, not to be a “waste” of money.” Often, return on investment (ROI) is a combination of both “hard” and “soft” costs and savings, which can often be difficult to determine. The “hard” cost is easy to define: What am I spending now versus what will I be spending on a different product, solution or system, or by doing nothing? Alternately, how is this solution going to allow me to save money in the long run? In this scenario – “hard” costs and savings — there is a definitive dollar figure that is able to be applied to implementing a solution.

“Soft” savings are a bit more of a complex issue; they are more difficult to determine and to document. For example, time and labor saved, or stress saved by employees completing a task that takes 10 minutes versus 35 minutes are soft savings. Soft savings also might be seen in improvements in customer service or in the customer experience. It is difficult to put a dollar amount on these scenarios and improvements, but they do impact a business, its success and its financial performance.

Time is money, of course, but in the case of healthcare perhaps it’s more fitting to say that “time is life.” This savings equates to valuable potential life-saving time, as we well know, and, in turn, improves patient care. As healthcare organizations seek ways to allow clinicians the ability to focus more on patients rather than on information technology, there are some solutions available — many that that are often overlooked that allow them to reach their goals. Some of these technology solutions provide a direct correlation between a physician’s ability to enter an information system, retrieve or enter information and get back to focusing on patient care. Essentially, with these types of solutions, like access and identity management, physicians can get back to work more quickly and their interaction with the technology is reduced.

Continue Reading

Easily Managing Access to Healthcare’s Multiple Systems

Dean Wiech
Dean Wiech

Dean Wiech, managing director, Tools4ever.  

In any industry passwords can be a hassle to manage, but perhaps this is no more true than healthcare. Password strategies are put in place to keep data secure, including patient’s information, but they often cause headaches for clinicians. And since every minute matters in the clinical setting, any process that takes longer than necessary can become a major problem when patient outcomes hang in the balance.

Since providers often need to access their own systems, as well as patient data and treatment history quickly, to assist patients, something as simple as getting locked out of systems or forgetting credentials to accounts is time consumer and tedious to overcome. Contacting the helpdesk and waiting to get passwords reset wastes what little time caregivers have to with patients. Simplifying password resets can give critical time back to caregivers and support staff in the care setting.

Easier said than done, of course. Many healthcare organizations resist implementing any type of password solution because they don’t want to bombard clinicians with yet another new technology. One of the major reasons being that they assume the implementation and training time are lengthy and because they’re currently bogged down by a variety of other pressing issues, such as meaningful use and preparing for the transition to ICD-10 in October 2015.

Also, because healthcare organizations must abide by strict rules and regulations, implementing password solutions can sometimes be an issue. In addition, healthcare’s leaders need to ensure that any new technologies implemented follow these regulations.

An Easy Solution to Password Reset Issues

Several leading healthcare organizations have opted to use self-service password reset solutions to easily solve their password reset issues. Just as banking websites allow consumers to reset their passwords, end users can easily reset their passwords after correctly answering security questions that they previously provided answers to. Clinicians simply click the “forgot my password” button and can easily reset their password from anywhere at any time. This allows clinicians to proactively solve the problem without have to contact another department for help.

Continue Reading

Password Thievery Means It’s Time to Change — Your Password

Dean Wiech
Dean Wiech

Guest post by Dean Wiech, managing director, Tools4ever.

Once again, the media abuzz with a massive theft – 1.2 billion email addresses and password – by a hacking group supposedly based out of Russia. In a case like this, it does not matter how secure your password is – lots of characters, number, upper and lower case, etc. — because the hackers accessed the providers and pulled the information. This type of attack is much different than someone breaking into your computer or smart device and stealing the confidential information from there where a thief might be able to directly access all your accounts. In this case, they “might” be able to access your email account and then again, they might not.

There a couple of interesting items left out of all the various stories. First, were the passwords encrypted? It seems that any self-respecting form that is strong passwords in conjunction with a user name would do something as simple as an encryption algorithm and not store them in plain text. If they were encrypted, were they stored using an irreversible hash with a leading edge algorithm? Many techniques are readily available to insure encryption with hashing, salting and obfuscation, cannot be easily broken, if at all.

The other thing that has not been explicitly mentioned is what sites were hacked. We hear that upwards of 500,000 websites could have been hacked, but no one is coming forward to name any specific sites. Were Facebook, Gmail, Hotmail or other major sites compromised? If so, why are they not sending out notifications to change passwords in a similar fashion to what eBay did back in May when they were attacked?

Let’s assume, for a moment, the providers figured no one could ever hack into their systems so the passwords were stored in plain text along with the email addresses. How can we protect ourselves from these diabolical hackers? The answer is quite easy – change your passwords on all of your accounts and do it on a regular basis. If all 1.2 billion users that had their information stolen did this tomorrow, the hacked information would become useless overnight.

Continue Reading

Health IT Thought Leader Highlight: Dean Wiech, Tools4ever

Dean Wiech
Dean Wiech

Dean Wiech, managing director of Tools4ever, a global provider of identity and access management solutions, has worked in healthcare for more than 25 years. Here, he discusses how IAM enhances the ROI for health systems, and how the solutions make patient care more efficient, how they work in healthcare, and how systems and records can be made more secure — for patients and providers — because of the technology.

Tell me about yourself and your experience in healthcare.

I have been actively selling software solutions in the healthcare market for 25 years. I have sold and/or managed teams in about 50 percent of the country.  I have always focused on solutions that provided a definable ROI based on productivity and time savings.

Tell me about Tools4ever. How does the company serve the space? Tell me about your products and how they are used in healthcare.

Tools4ever is a company that focuses on the identity and access governance space. We assist the healthcare market in insuring that the lifecycle of user accounts are managed in a timely and accurate manner. We also have solutions that save care providers time by eliminating repetitive login tasks and avoiding the need to call the help desk for password resets

How is Tools4ever different than some of the competitors in your space?

I believe our primary differentiator is time to implement. We can get the basics up in running in a few days to a few weeks, depending on the solution. The majority of our competitors take months to years to complete an install. The result is the healthcare organization can realize a much quicker benefit from the product and a quicker ROI.

What’s your footprint like in healthcare and who are some of the organizations you work with? How do you help them?

We have numerous hospitals and long-term care providers across the country. One example is South County Hospital in Rhode Island. It utilizes our Self Service Reset Password Management (SSRPM) solution to allow end users to reset forgotten network passwords. We then synchronize that password to several other solutions to allow a reduction in the number of credentials the employee needs to remember.

Another example is a major university hospital in New York City. It uses our user management solution for several tasks. The most recent example is provisioning patients to the network to allow them to view their records on a mobile device provided by the hospital for the duration of their stay. We also implemented a password self-service reset function to allow the patients to reset their passwords without a further burden on the help desk.

Continue Reading