Pediatric Health System Moves Closer to Zero Trust

The Opportunity

HIPAA Compliance Demands Identity Modernization

A nationally-recognized pediatric healthcare system operating two state-of-the-art hospitals and a regional network of primary and secondary care clinics needed to ensure that it had appropriate controls in place to safeguard the privacy and confidentiality of its patients’ health information. The Health Insurance Portability and Accountability Act (HIPAA) stipulates that covered entities must restrict access to protected health information (PHI) and can be interpreted as requiring role-based access controls (RBAC).

The health system’s existing identity ecosystem wasn’t up to the task of enforcing RBAC—or many other aspects of Zero Trust-based access management. Its Identity governance processes were almost entirely manual, implemented using a hodgepodge of obsolete solutions that had already passed their end-of- support dates. The technological deficit was compounded by lack of documentation on existing processes. These non-optimized processes resulted in ad-hoc changes with a high risk of disruptions.

The healthcare system’s critical user and physicians data were maintained across a complex mixture of HR systems, spreadsheets, and disconnected applications, leaving stakeholders without centralized visibility. Employees were wasting countless hours performing identity lifecycle management tasks manually, checking multiple systems for duplicate information, and correcting the errors that inevitably resulted from this way of doing things.

The healthcare organization turned to a leading identity and security consultant, CredenceIA, for help. Their quest for a modern, comprehensive Identity Governance and Administration (IGA) delivered as a Software as a Service (SaaS) solution—one that could meet their needs cost-effectively and efficiently—led them to Saviynt.

The Solution

Saviynt’s Out-Of-The-Box Integrations Eclipse Competing Solutions

The health system’s strong partnership with CredenceIA enabled them to build a roadmap to a successful IGA implementation. Together, they were able to accelerate the process of documenting their requirements, with the goal of eventually achieving Zero Trust in the cloud. Saviynt’s cloud- native architecture and out-of-the-box integration with Cerner made it a far better fit for their requirements than competing vendors’ solutions.

CredenceIA helped the healthcare company build out a middleware framework to accelerate the onboarding of applications into Saviynt IGA. The middleware capability allowed the customer to leverage SaaS based EHR integration in future while allowing a decentralized integration approach for their on-prem Cerner implementation. Not only would this accelerate future application integrations, but it would also mitigate security risk, since apps would not need to be exposed in the cloud or over any networks.

'The health system is using Saviynt to manage more than 6,000 end user identities, including clinical staff. It has integrated mission-critical applications into the platform, making it possible to automate access reviews and continuous compliance reporting.

Lessons Learned

Detailed documentation is the key to rapid ROI.

Even if you’re hobbled by technical debt and manual processes at the beginning, taking the time to thoroughly understand—and document—your existing current workflows can streamline and accelerate preparation for a new IGA solution.

Upfront investments more than pay for themselves.

This team took the time to build a middleware framework that would accelerate application onboarding. This framework will broker greater security and streamline future app integrations using a templated, repeatable process.

Want to make rapid progress with a new IGA solution?

Turn to someone who has done it countless times before. The right partner will have extensive experience to help with identity strategy and roadmapping, as well as with technical implementation questions.