By Dean Wiech, Managing Director, Tools4ever
As the U.S. economy slowly improves, healthcare facility IT budgets are likely to remain flat or see only modest increases in 2013. This means IT departments will continue to look for ways to make their organizations and infrastructures run more efficiently. Below are several areas that will be of particular interest to the technology departments in the healthcare industry.
Self-Service Applications for End Users
Healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, and so we’ll likely see an uptick in self-service applications for IT end users.
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
South County Hospital in Rhode Island recently realized the benefits of a self-service reset password application. Its help desk averaged 20 to 25 password reset requests a month, each requiring about 30 minutes to complete because of the arduous process of receiving the call, placing a work order, resetting the password and then contacting the users, most of whom were busy clinicians. Once the self-service application was put in place, users no longer spent precious time contacting the help desk and waiting for a reply.
In addition, two-factor authentication (2FA) enhances security in this area. Delivery of a one-time use PIN code via SMS or email ensures the person resetting the password is the actual employee who has rights to the system and the ability to request password changes.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Traditionally, this requires that the end user contact the helpdesk or initiate a tedious paper process requiring multiple signatures. By using workflow processes, the employees can easily initiate the request from a Web page on the company Intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. If an automated provisioning process is in place, involvement from the IT department may not be necessary, or they may only need to perform the final step when notified via the workflow system.
Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, ensuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Use of Single Sign On
In hospitals and healthcare settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.
Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between user profiles.
With several users logged into one machine, it is impossible to track how each employee is using the system. Therefore, shared accounts are being eliminated, leaving employees with the task of having to remember several credentials. Often, these credentials need to contain special characters that are difficult to remember and that need to be changed frequently, which leads to employees being locked out of their accounts.
Single sign on software will continue to be a trend in 2013 because of its ability to alleviate this issue. It is a tool that enables end users to log in just once, after which access is granted automatically to all of their authorized network applications and resources. In addition, other solutions can be paired with single sign on, such as fast user switching, which allows users to log in and out with a badge or pass card.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted. This process will continue to occupy a large portion of IT resources. Providence Hospital in South Carolina was one such hospital that needed to reform its process. According to hospital leaders, they had more demands on the department and weren’t getting any additional staff because of economic factors. As such, hospital employees needed to work smarter and employ tools to help create more efficiency.
By automating its account management, the assignment of group privileges and permissions to individual users can now easily be completed with a Web form. The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
About the Author
Dean Wiech is Managing Director at Tools4ever, which supplies a variety of software products and integrated consultancy services involving identity management.