5 Tools to Consider for Healthcare Identity and Access Management

health-care-identity-managementToday, many healthcare providers are embracing electronic health records, which can cut costs, advance care, and improve outcomes, but  can also create new challenges with ensuring patient privacy, an area where many organizations fall dangerously short.

Millions of Americans have been victims of healthcare identity theft, with up to 80 million affected in the 2015 Anthem/Premera Healthcare breach alone

In fact, two out of three stolen records are healthcare records, which often include extremely sensitive information such as names, addresses, dates of birth, Social Security numbers, health and employment histories, and more.

It seems the question has become not if a healthcare provider will be attacked, but when, and more often than not, healthcare data breaches are caused by unauthorized access or disclosure of information, either malicious or simply negligent.

So how can we solve healthcare’s identity problem? With Identity and Access Management (IAM) solutions, naturally.

With a proper IAM solution in place, organizations can make sure that their facility has a role-based access framework, and that the proper access is provided to the proper individuals.

Here we outline five of the top Identity and Access Management solutions that healthcare organizations should consider so they can improve their security (and compliance) posture.


Centrify

Centrify’s IDaaS solution offers secure access to cloud and mobile apps via SSO, user-provisioning, mobile device management (MDM), and multi-factor authentication (MFA) capabilities, and is also compatible with Active Directory (AD).

Centrify provides users with single sign-on access and authentication for Office 365 and the company’s key cloud apps and gives IT centralized access control and visibility. Auditors can see who logged into which apps, when they logged in and for how long — in support of HIPAA compliance and forensics efforts.

Notable customers/partners: Children’s Medical Center, Pfizer, Abbott, Johnson and Johnson, Roche, Norvartis

Learn more.


Okta

The Okta identity management service provides directory services, SSO, strong authentication, provisioning, workflow, and reporting, all delivered as a multitenant IDaaS though some components reside on-premise. Aside from standard IDaaS capabilities, Okta also provides MDM and phone-as-a-token authentication capabilities. Okta features a broad partner ecosystem, but lacks slightly in reporting capabilities. Okta announced a HIPAA compliant service instance in May 2016.

Notable customers/partners: Centers for Medicare and Medicaid Services (CMS), HQSI, Geneva Healtcare Group, ZirMed.

Learn more.


OneLogin

California-based OneLogin provides an on-demand IDaaS solution consisting of single sign-on, multi-factor authentication, directory integration, user provisioning, and a catalog of pre-integrated applications. OneLogin is provided via a multitenant architecture and provides strong capabilities and support for access management policy administration, user directory integration, and end-user self-service. OneLogin is a trusted partner of many healthcare organizations and offers single sign-on connectors for Envision Healthcare and TriWest Healthcare Alliance.

Notable customers/partners: AAMC, Acorda, American Addiction Centers, AMN Healthcare, Exos, Lake Health

Learn more


Ping Identity

The Ping Identity Platform is a multi-tenant, web-centric IDaaS offering that provides secure single sign-on from any device and provides administrators with a single dashboard from which they can manage user access for all applications. Ping Identity healthcare technology solutions allow you to not only maintain security and regulatory compliance, but also leverage identities to improve user experiences, build loyalty and collaborate more effectively with your partners. Ping is compliant with mandates such as HIPPA, PCI-DSS and Sarbanes-Oxley, as well as Meaningful Use (MU) requirements and internal standard operating procedures.

Notable customers/partners: VSP, Davita, Lilly, CD PHP, Haemonetics

Learn more.


SailPoint

SailPoint’s identity and access management solutions for compliance, user provisioning, and access management give healthcare organizations the ability to streamline access delivery and oversight for clinical, financial and back-office applications – from the datacenter to the cloud. SailPoint also provides out of the box connectors to the most popular EMR solutions, such as Epic, Cerner, and GE Centricity.

Notable customers/partners: Molina Healthcare, Beth Israel (Continuum Health Partners), Mount Sinai Hospital, WellPoint. 

Learn more.


Jeff Edwards
Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff