By Ian Aitchison, Senior Product Director, Ivanti
A survey by Compdata validates what healthcare organizations are experiencing everyday: one of the highest employee turnover rates in an overall job market whose turnover rate is going up every year. The 2018 survey shows healthcare at a total turnover rate of 20.4 percent, bracketed by hospitality, at 31.8 percent and manufacturing and distribution at 20 percent. The implications are clear for healthcare IT and security professionals – a significant part of their job is onboarding new personnel, revising access as personnel change roles, and securely offboarding employees to guard against risk.
As a result of this constant employee churn, organizations are focusing more on the discipline of identity management, the process of granting people access to applications and data, and any other systems or ‘entitlements’ that they need to be productive. And it's about managing an employee's identity life cycle as they go through their tenure at an organization. Employees tend to gain access to an increasing array of resources, as they change positions or move to different departments. When they leave, offboarding can be a nightmare, often with employees leaving while still retaining access to some applications, and thereby opening the door to compliance violations.
Compliance And Efficiency Implications
Employee onboarding and continual identity management was becoming a challenge for UMC Health System, a Lubbock, Texas-based healthcare organization which operates a 500-bed acute care hospital, 38 urgent care and primary care clinics, and is the academic teaching hospital for Texas Tech University Health Sciences Center School of Medicine. UMC Health System employs 4,800 employees and supports 3,100 external and private users. On average, they were onboarding 75 new employees every week, and twice a year, they had to process over 400 requests from Texas Tech Health Sciences Center School of Medicine for new residents, new nurses, new nursing students, and to support their clinical practices.
“We began our journey before automation. It was not efficient. It was paper-driven. And it was a very manual, physical process to literally take paper between departments to get accounts set up. It would take upwards of two to three weeks to complete that process,” recalls Justin Fair, Director of IT Infrastructure for UMC Health System.
The onboarding delays were problematic for effectively meeting compliance standards. Nurses would be hired, get onto their unit, but not yet have access to the tools they needed to log into the electronic health record (EHR) to chart patient data. It was tempting to simply log in with another nurse’s credentials, a HIPAA violation. Similarly, physicians were being delayed in getting access to the clinical tools designed to protect patients. And on the ancillary support side there were users in accounting and finance who could not log into their computers, which could delay getting funds processed or received.
Moving To Modern Processes
UMC Health System needed to move from this arduous, inefficient, manual process to one employing modern automation, and a full complement of identity and access management tools. They began to search for a solution that could accomplish a dramatic shift in their culture, from a manual-driven, siloed process to an automated system in which HR and other departments would become more tightly integrated, and in which data could flow easily from HR and other departments to the identity management solution. Among the objectives were automating key operational processes, such as granting access privileges, managing over 300 applications, and account provisioning for private practice and external users.
This level of change is an evolutionary process at UMC Health System. The healthcare provider knows migrating to automated processes is a cultural shift as well as a technological change. “And within organizations, sometimes that's a difficult change because if you're used to having a piece of paper as people naturally are, they may be uncomfortable with relinquishing that piece of paper and going to something that is electronic. So that was another change hurdle that we had to overcome,” said Fair.
The change to an automated identity management system, which UMC Health System began in 2016, has resulted in significant improvements in efficiency and access to patient care records. They reduced their average onboarding process from seven to five steps, and dramatically cut average time for provisioning from two to three weeks down to two days.
Another major efficiency achievement was the automated provisioning of their Cerner Electronic Health Records (EHR) system. UMC Health System has between 5,000 and 8,000 active users within Cerner Millennium, depending on the time of year. “If a clinician does not have access to the electronic health record, they do not have access to the tools that are meant to help them from a patient safety perspective. And as healthcare is driven around patient safety, reimbursements and efficiencies, that is a significant risk for us. And so accomplishing that, was significant for us from a business perspective,” said Fair.
Looking ahead, UMC Health System will be automating the provisioning of over 3,000 external user accounts. “There are definitely considerable efficiencies that can be realized with automation, that results in both soft and hard dollar savings from the business side,” Fair noted.
Here are five considerations in moving to a secure, automated identity management process:
Servicing Workspaces Of The Future
The workspace of the future is becoming even more virtual, more based in the cloud, and less tied to a physical location. At the same time, the number of devices people are using, and the endless array of applications in use, demand healthcare organizations move to more automated processes to control this complex environment. Servicing patients, staff, physicians, and all stakeholders is challenging against the backdrop of cyber threats and compliance requirements. An efficient, automated identity management solution, with cooperative buy-in from HR, line-of-business managers and executives, is an
Important step in improving the overall productivity and data security of a healthcare organization.
About The Author
Ian Aitchison is Senior Product Director for Ivanti.