Today, many healthcare providers are embracing electronic health records, which can cut costs, advance care, and improve outcomes, but can also create new challenges with ensuring patient privacy, an area where many organizations fall dangerously short.
Millions of Americans have been victims of healthcare identity theft, with up to 80 million affected in the 2015 Anthem/Premera Healthcare breach alone
In fact, two out of three stolen records are healthcare records, which often include extremely sensitive information such as names, addresses, dates of birth, Social Security numbers, health and employment histories, and more.
It seems the question has become not if a healthcare provider will be attacked, but when, and more often than not, healthcare data breaches are caused by unauthorized access or disclosure of information, either malicious or simply negligent.
With a proper IAM solution in place, organizations can make sure that their facility has a role-based access framework, and that the proper access is provided to the proper individuals.
Here we outline five of the top Identity and Access Management solutions that healthcare organizations should consider so they can improve their security (and compliance) posture.
Centrify’s IDaaS solution offers secure access to cloud and mobile apps via SSO, user-provisioning, mobile device management (MDM), and multi-factor authentication (MFA) capabilities, and is also compatible with Active Directory (AD).
Centrify provides users with single sign-on access and authentication for Office 365 and the company’s key cloud apps and gives IT centralized access control and visibility. Auditors can see who logged into which apps, when they logged in and for how long — in support of HIPAA compliance and forensics efforts.
Notable customers/partners: Children’s Medical Center, Pfizer, Abbott, Johnson and Johnson, Roche, Norvartis
The Okta identity management service provides directory services, SSO, strong authentication, provisioning, workflow, and reporting, all delivered as a multitenant IDaaS though some components reside on-premise. Aside from standard IDaaS capabilities, Okta also provides MDM and phone-as-a-token authentication capabilities. Okta features a broad partner ecosystem, but lacks slightly in reporting capabilities. Okta announced a HIPAA compliant service instance in May 2016.
Notable customers/partners: Centers for Medicare and Medicaid Services (CMS), HQSI, Geneva Healtcare Group, ZirMed.
California-based OneLogin provides an on-demand IDaaS solution consisting of single sign-on, multi-factor authentication, directory integration, user provisioning, and a catalog of pre-integrated applications. OneLogin is provided via a multitenant architecture and provides strong capabilities and support for access management policy administration, user directory integration, and end-user self-service. OneLogin is a trusted partner of many healthcare organizations and offers single sign-on connectors for Envision Healthcare and TriWest Healthcare Alliance.
Notable customers/partners: AAMC, Acorda, American Addiction Centers, AMN Healthcare, Exos, Lake Health
The Ping Identity Platform is a multi-tenant, web-centric IDaaS offering that provides secure single sign-on from any device and provides administrators with a single dashboard from which they can manage user access for all applications. Ping Identity healthcare technology solutions allow you to not only maintain security and regulatory compliance, but also leverage identities to improve user experiences, build loyalty and collaborate more effectively with your partners. Ping is compliant with mandates such as HIPPA, PCI-DSS and Sarbanes-Oxley, as well as Meaningful Use (MU) requirements and internal standard operating procedures.
Notable customers/partners: VSP, Davita, Lilly, CD PHP, Haemonetics
Notable customers/partners: Molina Healthcare, Beth Israel (Continuum Health Partners), Mount Sinai Hospital, WellPoint.
Latest posts by Jeff Edwards (see all)
- OneLogin and Sumo Logic Announce Integration Partnership - February 23, 2017
- The FBI Has Launched 3 Investigations Into Alleged Russian Election Hacking - February 22, 2017
- Deconstructing Identity Analytics for Higher Risk Awareness, RSAC 2017 - February 22, 2017