About St. Vincent Health
St. Vincent Health is a member of Ascension Health, the nation’s largest not-for-profit and Catholic Healthcare System. St. Vincent Health is Indiana’s largest healthcare employer, with 17 health ministries serving 45 counties in the central part of the state.
In order to comply with HIPAA requirements and protect confidential patient information, St. Vincent Health needed a way of tracking who was accessing its systems. To accomplish this, the organization wanted to streamline and automate its user provisioning processes, while improving security.
With 700 unique healthcare applications and 20,000 users, including 6,000 contracted physicians, nurses and therapists; manually provisioning users was a cumbersome and time-consuming process. New users often waited several weeks to gain access to needed applications, and there was no way of automatically de-provisioning terminated employees.
St. Vincent Health evaluated several identity management vendors before selecting Consulting Services to help implement Identity Manager.
“Consulting Services was outstanding,” said Stephen Whicker, Project Manager for HIPAA Security at St. Vincent Health. “They provided an honest assessment and a detailed road map to reach our goals. They really listened to us throughout the project and cared about our success. We can’t say enough good things about them.”
With PeopleSoft as its authoritative data source, St. Vincent Health implemented Identity Manager to synchronize information across PeopleSoft, Micro Focus eDirectory™, Microsoft Active Directory and its e-mail platforms. The IT staff is also working to integrate key applications for medical record charting, imaging, and CT scanning, as well as its security badge system.
Consulting Services leveraged the Provisioning Module of Identity Manager to create customized workflows that enable managers to approve system access requests electronically. In the past, users filled out a one-page form and faxed requests to the helpdesk who would then have to notify the relevant system owners. Now entering new users in PeopleSoft automatically triggers the creation of a network account and notifies managers for access approvals.
“We have eliminated all the paperwork associated with system access requests and can create or disable accounts in minutes, rather than weeks,” said Whicker. “We have freed up two full-time administrators who no longer need to be stuck at a desk creating IDs and e-mail accounts all day.”
With automated user provisioning, new users can access all the applications they need on their first day and when an employee leaves the organization, their network access is immediately revoked. Password self-service also allows users to automatically reset their own passwords, greatly reducing password-related helpdesk calls.
The IT staff is also working toward role-based access control to applications, based on role definitions and job codes. By integrating more applications with Identity Manager, the organization is working to provide a single ID and password to each user.
“Physicians need regular access to about six applications,” said Whicker. “By connecting and integrating our applications, we can give them access to multiple systems with a single ID and password.”
Automating identity management has greatly improved the organization’s ability to comply with HIPAA requirements with the ability to track system access requests, control access and monitor usage. St. Vincent Health also relies on our Audit for real-time security monitoring and accurate audit reports.
“As we do risk assessments and benchmarking, we find that we are ahead of many other hospitals in many areas,” said Whicker. “With the Solution, we’ve made a big turnaround in controlling access to systems and it shows in improved audit reports.”
With our identity and security solution, St. Vincent Health has reduced its user administration costs by approximately $250,000 to date. The organization can now provision users in minutes, rather than weeks, allowing them to be productive the first day on the job.
Eliminating paperwork for all system access requests has freed up two-full time administrators to work on other projects. Password self-service has also significantly reduced password-related helpdesk calls.
With an electronic audit trail of system requests and identity-based access, the organization has improved its ability to comply with HIPAA requirements.
“Without Novell (now a part of Micro Focus), we would have continued to struggle with manual processes and users would still be waiting weeks for application access,” said Whicker. “We would also feel more vulnerable for the kind of security breaches that can damage a hospital’s reputation. Novell helps us avoid corporate exposure.”