SAVIYNT FOR Epic
Application Secure for Critical Enterprise Applications
SAVIYNT FOR EPIC
Organizations face several challenges to comply with healthcare regulations
Healthcare is one of most regulated industries with intense scrutiny to secure sensitive patient health data. There are several challenges that the industry faces, including:
- Constantly evolving regulatory requirements such as HIPAA, HITECH, Meaningful Use leading to increased regulatory pressure and penalties
- Insider misuse of privileges – one of the biggest threat to the security and privacy of patient data
- Increased sources of risk from business associates
- Escalating threats from inside and external sources intent on compromising patient data
- Complicated security management within EMR platforms and ancillary systems
Comprehensive SOD Management & Remediation
Still resorting to designing EPIC templates using spreadsheets?
- Template impact analysis simulates changes being made to multiple users and / or raise any potential SOD violations
- Automatic role – template recommendations with ability to compare templates, split or merge templates
- Template life-cycle management with version control and integrated review / approval before template changes are confirmed
- Periodic review to maintain currency and accuracy of templates and classes
- Ability to extend Epic templates / role model to other clinical and non-clinical systems
Break-The-Glass and Critical Access Review & Reporting
One of the key requirements for Meaningful Use Stage 1 and 2 is to perform security audit logging and reporting. Most healthcare providers have implemented traditional SIEM solutions to address this requirement.
However, in order for security to be effective, there needs to be automatic corrective action when system detects suspicious or critical actions are performed. Saviynt’s Epic connector not only manages access but also collects usage and audit logs from Epic system and provides a seamless review of activities vis-à-vis user access. This analysis of usage logs also enriches access life-cycle management processes e.g. periodic access review, template design, etc.
Automated Provisioning to Epic
Saviynt’s specialized connector for Epic provides multiple mechanisms (APIs and flat-file) to establish automation and ensure user, access and template are provisioned in accordance to compliance and security policies.
The entire provisioning life-cycle is automated via an intuitive Access Request and Review System that is risk-driven and triggered via authoritative feeds from HRMS, contractor management, etc.