St. Vincent Health is a member of Ascension Health, the nation's largest not-for-profit and Catholic Healthcare System. St. Vincent Health is Indiana's largest healthcare employer, with 17 health ministries serving 45 counties in the central part of the state.
In order to comply with HIPAA requirements and protect confidential patient information, St. Vincent Health needed a way of tracking who was accessing its systems. To accomplish this, the organization wanted to streamline and automate its user provisioning processes, while improving security.
With 700 unique healthcare applications and 20,000 users, including 6,000 contracted physicians, nurses and therapists; manually provisioning users was a cumbersome and time-consuming process. New users often waited several weeks to gain access to needed applications, and there was no way of automatically de-provisioning terminated employees.
St. Vincent Health evaluated several identity management vendors before selecting Novell Consulting to help implement Novell Identity Manager.
Novell Consulting leveraged the Provisioning Module of Novell Identity Manager to create customized workflows that enable managers to approve system access requests electronically. In the past, users filled out a one-page form and faxed requests to the helpdesk who would then have to notify the relevant system owners. Now entering new users in PeopleSoft automatically triggers the creation of a network account and notifies managers for access approvals.
"We have eliminated all the paperwork associated with system access requests and can create or disable accounts in minutes, rather than weeks," said Stephen Whicker, Project Manager for HIPAA Security, St. Vincent Health. "We have freed up two full-time administrators who no longer need to be stuck at a desk creating IDs and e-mail accounts all day."
With automated user provisioning, new users can access all the applications they need on their first day and when an employee leaves the organization, their network access is immediately revoked. Password self-service also allows users to automatically reset their own passwords, greatly reducing password-related helpdesk calls.
Automating identity management has greatly improved the organization's ability to comply with HIPAA requirements with the ability to track system access requests, control access and monitor usage. St. Vincent Health also relies on Novell Audit for real-time security monitoring and accurate audit reports.
"As we do risk assessments and benchmarking, we find that we are ahead of many other hospitals in many areas," said Whicker. "With the Novell solution, we've made a big turnaround in controlling access to systems and it shows in improved audit reports."
With a Novell identity and security solution, St. Vincent Health has reduced its user administration costs by approximately $250,000 to date. The organization can now provision users in minutes, rather than weeks, allowing them to be productive the first day on the job.
Eliminating paperwork for all system access requests has freed up two-full time administrators to work on other projects. Password self-service has also significantly reduced password-related helpdesk calls.
With an electronic audit trail of system requests and identity-based access, the organization has improved its ability to comply with HIPAA requirements.
For the complete success story, see: