Pediatric Health System Moves Closer to Zero Trust
Role-Based Access Controls And Future Integration with Cerner Will Enable HIPAA-Readiness For Healthcare Leader
k
Users
Applications Onboarded
%
Faster
The Opportunity
HIPAA Compliance Demands Identity Modernization
A nationally-recognized pediatric healthcare system operating two state-of-the-art hospitals and a regional network of primary and secondary care clinics needed to ensure that it had appropriate controls in place to safeguard the privacy and confidentiality of its patients’ health information. The Health Insurance Portability and Accountability Act (HIPAA) stipulates that covered entities must restrict access to protected health information (PHI) and can be interpreted as requiring role-based access controls (RBAC).
The health system’s existing identity ecosystem wasn’t up to the task of enforcing RBAC—or many other aspects of Zero Trust-based access management. Its Identity governance processes were almost entirely manual, implemented using a hodgepodge of obsolete solutions that had already passed their end-of- support dates. The technological deficit was compounded by lack of documentation on existing processes. These non-optimized processes resulted in ad-hoc changes with a high risk of disruptions.
The healthcare system’s critical user and physicians data were maintained across a complex mixture of HR systems, spreadsheets, and disconnected applications, leaving stakeholders without centralized visibility. Employees were wasting countless hours performing identity lifecycle management tasks manually, checking multiple systems for duplicate information, and correcting the errors that inevitably resulted from this way of doing things.
The healthcare organization turned to a leading identity and security consultant, CredenceIA, for help. Their quest for a modern, comprehensive Identity Governance and Administration (IGA) delivered as a Software as a Service (SaaS) solution—one that could meet their needs cost-effectively and efficiently—led them to Saviynt.
The Solution
Saviynt’s Out-Of-The-Box Integrations Eclipse Competing Solutions
The health system’s strong partnership with CredenceIA enabled them to build a roadmap to a successful IGA implementation. Together, they were able to accelerate the process of documenting their requirements, with the goal of eventually achieving Zero Trust in the cloud. Saviynt’s cloud- native architecture and out-of-the-box integration with Cerner made it a far better fit for their requirements than competing vendors’ solutions.
CredenceIA helped the healthcare company build out a middleware framework to accelerate the onboarding of applications into Saviynt IGA. The middleware capability allowed the customer to leverage SaaS based EHR integration in future while allowing a decentralized integration approach for their on-prem Cerner implementation. Not only would this accelerate future application integrations, but it would also mitigate security risk, since apps would not need to be exposed in the cloud or over any networks.
'The health system is using Saviynt to manage more than 6,000 end user identities, including clinical staff. It has integrated mission-critical applications into the platform, making it possible to automate access reviews and continuous compliance reporting.
The Results
Realizing Tomorrow’s Efficiencies Today
As the health system’s implementation matures, it has been able to onboard applications into the Saviynt IGA platform in a small fraction of the time it used to take, and teams have been able to automate key tasks across the joiner-mover-leaver lifecycle.
The organization will soon be able to consistently enforce RBAC for all employees, regardless of whether they’re in clinical, technical, administrative, or operational roles. Next steps include onboarding additional applications and adding segregation of duties (SoD) controls across the entire identity ecosystem. Saviynt Application Access Governance (AAG)’s native integration with Cerner will be essential for delivering SoD analytics to provide a granular view of application-level risk.
Lessons Learned
Detailed documentation is the key to rapid ROI.
Even if you’re hobbled by technical debt and manual processes at the beginning, taking the time to thoroughly understand—and document—your existing current workflows can streamline and accelerate preparation for a new IGA solution.
Upfront investments more than pay for themselves.
This team took the time to build a middleware framework that would accelerate application onboarding. This framework will broker greater security and streamline future app integrations using a templated, repeatable process.
Want to make rapid progress with a new IGA solution?
Turn to someone who has done it countless times before. The right partner will have extensive experience to help with identity strategy and roadmapping, as well as with technical implementation questions.
Kunal Mehta
CEO at CredenceIA (Implementation Partner)
More customer success stories
Ready to see for yourself?
Request a personalized demo with a Saviynt identity expert