N.Y. nurses service finds single sign-on enables its mobile workforce to use its multiple, disparate cloud apps.
(click image for larger view)
Slideshow: 6 Top-Notch E-Prescribing Options
The shift to cloud computing has exposed a series of worrisome dichotomies in healthcare, an industry that handles sensitive data and thus has unique privacy requirements.
Consider the Visiting Nurse Service of New York (VNSNY), which supports a largely mobile workforce of more than 14,000 healthcare providers. The cloud allowed the organization to make decisions on technology for business services without having to get the IT department fully involved, according to chief information security officer Larry Whiteside Jr. But that also meant different areas of the enterprise chose different cloud hosts.
Similarly, cloud technology helped mobilize data for thousands of field workers, but having to log into multiple systems was a chore. "The cloud was bringing economics of scale and cost savings in one area, but was bringing complexity in other areas," Whiteside told InformationWeek Healthcare. "We forgot that we had done so much work to get to a single ID, and now we're going away from it," he added.
About a year ago, the IT department was brought to the table after Whiteside learned that disparate business units were making IT decisions without consulting one another. "There needed to be an identity standard ... that could be extended to the cloud," Whiteside said.
VNSNY, which serves 140,000 patients in the New York City area, contracted for access management, identity management, and single sign-on services from Symplified, a Boulder, Colo.-based vendor specializing in cloud security.
In the first quarter of 2011, the VNSNY implemented Symplified technology, which itself runs in the Amazon cloud, Whiteside said. Then the IT department started building connectors to each remotely hosted application. Connectors pass security credentials to the cloud-based apps behind the organizational firewall.
"Symplified actually stores nothing," other than the URLs to access each application, Whiteside said, adding that there is no industrywide standard for user authentication. "So there's a lot of hand-holding [with] these third-party applications," he noted. Likewise, users do not need to install software on their workstations or mobile devices.
With the connectors in place, remote workers and other VNSNY employees who don't want to remember multiple user names and passwords simply apply to the IT department for single-sign-on access. The system allows the organization, not the vendor, to retain control over provisioning the proper level of access to each user, even though apps reside in the cloud. "The users are happy and the technology people are happy," Whiteside reports.
One problem the Symplified technology has not yet addressed is the "bring-your-own-device" phenomenon sweeping across healthcare (and other industries). The Visiting Nurse Service assigns mobile devices to thousands of workers based on job function, but plenty want to use their own smartphones and tablets on the organizational networks.
"We say we're not supporting it, but that doesn't stop them from trying it," Whiteside said. "Where there's a way to get around it, people are going to try."
As healthcare providers of all shapes and sizes start implementing electronic medical records systems, security must be a top priority. Here's what you need to be thinking about to ensure your system is locked down. Download the report here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.