Single sign-on: What 2008 holds

By Patty Enrado, Editor

ORLANDO, Fla. — Healthcare organizations know that implementing complex passwords and strong authentication strengthens the protection of patient data, but the inconvenience and distraction caused by these practices are significant pain points for both clinical users and IT staff.

Bill McQuaid, CIO and assistant vice president of Parkview Adventist Medical Center, focuses on the single sign-on solution in his education session 82, “Protecting Patient Data: Hospital Shares its Secrets and Tells All,” Tuesday, Feb. 26 at 1 p.m. in Room 207A. McQuaid will present the challenges his hospital faced and how he balanced user convenience with security and HIPAA compliance.

Parkview Adventist Medical Center’s experience exemplifies what many healthcare organizations are facing and the solution they are turning to. There has been a lot of activity in the healthcare industry surrounding SSO. A number of SSO vendors will be exhibiting at HIMSS08, and a few executives from these companies took the time out to discuss what they feel are important trends for 2008.

Integration was on the minds of some executives. Paul Brient, president and CEO of PatientKeeper (Booth 2600), expects healthcare organizations to enact integration strategies that allow users to access patient data from multiple, disparate systems. “They are using this as a way to leverage their investment in 10-20 years of healthcare information systems infrastructure and attract and retain physician business,” he said. “Single sign-on solutions are a critical component of these integration strategies and are one of the essential ‘last mile’ pieces that give physicians the fast and easy access they need to take advantage of the full benefits of integration.”

“We’re seeing an increased need for integrated, enterprise-wide privacy, security, auditing and relationship management systems,” said Mychelle Mowry, vice president of global health industries at Oracle (Booth 3441).

Guarding against inappropriate access is essential, Mowry said, especially as clinical data is gathered from multiple clinical and financial systems. An SSO solution would eliminate clinician frustration with multiple sign-ons and IT professional frustration with the cost and risks of multiple sign-on maintenance. “Organizations require an integrated approach that facilitates access for authorized users while ensuring security,” she said.

Integrating SSO solutions with some form of strong authentication is another trend SSO vendors anticipate. “Bundled sales of SSO integrated with strong authentication methods such as smart cards will continue to grow as it did in 2007 especially among organizations looking at converged physical/logical access solutions where they see SSO as a key driver of adoption among employees,” said Simon Wakely, vice president of business development for ActivIdentity.

Ali Pabrai, CEO of ecfirst (Booth 8580), also sees an uptake in healthcare organizations combining an SSO solution with strong authentication. “SSO and context management is also equally high on the radar of organizations to provide a singular, unified view of patient information across platforms and applications,” he said.

Baber Amin, senior product manager for Novell (Booth 2201) cited integration as the most significant enterprise SSO trend for 2008. “The need for better security of identity information is driving a push towards integrating strong authentication devices with legacy systems,” he said. More and more healthcare organizations are using SaaS and Web front ends, thereby driving the need for seamless integration of enterprise single sign-on with Web access management solutions, he noted. “Healthcare institutions are also increasingly integrating single sign-on with other identity management solutions, particular roles-based tools, as they can lower costs and maximize the return on their identity technology investments,” Amin said.

Joan Mehn, CEO of HealthCast (Booth 6387), noted that customers are implementing SSO solutions as a foundation prior to implementing CPOE or electronic medical record initiatives. She also noted the rise of physician input in the selection of an SSO solution. With the majority of users being physicians, it makes sense.

“HealthCast has always believed that software must enhance clinical workflow for deployments to be successful and to enable clinician behaviors to change,” she said. ”Today, we see physician satisfaction becoming a major decision factor driving SSO purchase – more physician leaders are participating in SSO selection as hospitals choose solutions that balance HIPAA compliance with clinical productivity and user satisfaction.”

Mehn said a physician recently told the company that its solution, eXactACCESS, freed up an hour each day that translated into more time spent on patients. “That is both the trend and the outcome that we see increasing,” she said.

David Ting, founder and chief technology officer of Imprivata (Booth 1738), sees the rise of mobile devices such as tablet PCs and wireless units as a driver for SSO implementation. While these devices provide greater mobility, being stylus driven makes password entry difficult. “Imagine a doctor having to retreat to a virtual keyboard every time a password is required – including further strong authentication at the transaction level,” he said. “This is not an effective practice.”

Ting believes SSO solutions can solve this problem. “Whether the support for the strong authentication is with the tablet, or further in at the transaction level, SSO solutions will have to work with the healthcare organization’s workflow,” he said. “In conjunction with the fingerprint authentication technology already built into these wireless devices, SSO will address increasing policy and identity-based regulatory compliance requirements that are being mandated by the industry (i.e. countersigning, multifactor authentication).”
This solution will allow the authentication of all transactions, which would eliminate compliance and policy risks. “More importantly, the doctors, nurses and clinicians will be able to remain fully connected with the patient,” he said.

Patrick Harding, chief technology officer for Ping Identity, cited a surge in healthcare organizations using hosted software and business process outsourcing (BPO) as a driver for single sign-on demand. “With employees traversing the Internet with highly sensitive data, the connection has to be secure to protect the user, enterprise and service provider,” he said. ”Organizations are planning on connecting dozens, hundreds and even thousands of partners, but they need an easy-to-use, secure, rapidly deployable solution.” Harding noted that rapid deployment is essential and software that automatically establishes connections with protocols such as SAML and WS-Federation are ideally suited to deliver SSO that works over the Internet.

NaviMedix, which automates communications between providers and their business partners, will be participating in the HIMSS Interoperability Showcase. Tom Morrison, co-founder and executive vice president, noted, “The biggest trend we see now, which we forecast to continue for the next few years, is the death of the single-payer Web site. Most of the big national insurers are migrating to multi-sponsor solutions that allow providers to interact from one central place with payers, as well as many other healthcare organizations, using secure single sign-on.”

Robert Seliger, CEO of Sentillion (Booth 6463), acknowledged the hype and activity of SSO deployments of the last year, but he expects a shakedown. “In 2008, as healthcare organizations deploy or try to deploy these systems, it will become apparent to the entire industry which solutions work and which ones don’t,” he said.

If your healthcare organization is on the lookout for an SSO solution, kick some tires with these vendors at HIMSS08.