By definition, healthcare is human work and is characterized by relatively high influx, turnover, absenteeism, personnel changes and fluctuating roles. All this leads to changes in access rights for available information and communication technology (ICT) and healthcare systems. Organizations with fewer than 300 employees can track changes and rights manually, but for larger organizations, manual processing takes an enormous amount of effort and introduces the risk of errors.

Healthcare institutions also have to cope with cost management, process-oriented operation, risk management, legislation and regulations. Using an automated identity and access management system can help in this regard. Care institutions face four major challenges: finding the most efficient change process possible for personnel changes, saving costs, reducing risks and compliance.

Changes and Change Processes

Identity and access management systems can streamline the user account management process by managing access privileges to systems and applications during an employee’s tenure, through provisioning; role-based access control (RBAC); and workflow management.

Provisioning automatically creates a user account via connectors with an HR system, enabling changes to the HR system to be executed directly in the network. This gives new employees immediate access to the required systems and will automatically disable the user account if the employee leaves the organization.

In healthcare institutions, a distinction is made between various roles based on locations, departments and jobs. For most employees, authorizations at the organizational level and at the departmental level can be assigned immediately. For extra authorizations, RBAC translates roles in the organization into specific access rights.

Since multiple departments and employees are involved in managing user accounts, employee-submitted requests must be approved and processed in the network by the ICT department and/or functional application management. Current processes often utilize paper forms, e-mail, telephonic approval and subsequent corrections. With an identity and access management system combined with workflow management, everything from requests to processing are accommodated in electronic workflow.

Cost Savings

With identity and access management, healthcare institutions achieve a substantial cost saving over a short time. The required changes are executed automatically, and it saves time and money for application managers and the help desk. Legislation obliges care institutions to use complex passwords, but this often results in implementation issues such as password reset calls. An identity and access management system that includes password management solutions can prevent these issues. Through self-service password resetting, end-users can reset their passwords by answering a number of challenge questions. Their password can be reset or their account unlocked without intervention by the help desk.

Reducing Risks

As mentioned above, automating user management tasks (provisioning) ensures, among other items, that employees who leave the company no longer have access to systems and applications. In combination with RBAC, the security of the data (including the privacy) of clients, employees and corporate information is guaranteed.


Healthcare providers are eliminating shared user accounts for compliance reasons. This is making the login procedures for end-users more complex, as they are required to remember multiple login procedures and use highly complex passwords. Tools4ever’s single sign-on (SSO) solution, E-SSOM, caters to this concern by allowing users to log in once and no longer having to enter credentials for each authorized application.

Login procedures can be further simplified by combining fast user switching with a user ID. Users can access applications by inserting their smart cards and log out by removing it. An addition to this is Follow-Me, which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. This yields considerable time savings, particularly for specialists making their rounds who need to access data via various computers.

Dean Wiech joined Tools4ever in April 2006 and is responsible for the Tools4ever Inc. operations in the United States. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it. or 516-482-4414.

Digital Edition