SAVIYNT FOR Epic
Identity and Access Lifecycle Management for Better Patient Care
Organizations face several challenges to comply with healthcare regulations
Ensuring the security and privacy of sensitive patient health data makes healthcare one of the most highly regulated industries. For IT organizations, the ability to ensure compliance and mitigate risk includes being able to effectively:
- Manage access for transient care providers across large hospital and clinical systems, including non-employee doctors and nursing staff
- Constantly adapt systems to the ever-evolving regulatory requirements, such as HIPAA, HITECH, and Meaningful Use
- Manage inadvertent or malicious misuse of user access privileges to ensure the security and privacy of patient data
- Monitor and mitigate threats from data breaches across multiple systems, platforms, and environments – including cloud.
Comprehensive SOD Management
Segregation of Duty (SOD), is a highly effective control prescribed by National Institute of Standards and Technology. NIST Special Publication 800-53 AC-5 addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activity without collusion. Saviynt recommends implementing the standard to the Professional Billing, Hospital Billing, and Shared Security modules for Epic as a best practice. Saviynt for Epic is a comprehensive separation of duty (SOD) module offering over 180 pre-configured rules, controls and easy-to-use workflows so you can enhance your identity and access lifecycle management program to automatically detect, prevent and protect your Epic system against potential SOD violations.
Advanced Epic Template Design
Saviynt for Epic offers advanced capabilities for Epic template design, provisioning, and management including:
- Simulated impact analysis when changing multiple user templates to mitigate potential SOD violations
- Automatic template recommendations with ability to compare split or merge user role templates
- Template life-cycle management with version control and integrated review / approval before template changes are confirmed
- Periodic reviews to ensure current, and accurate templates and classes
- Ability to extend Epic role model templates to other clinical and non-clinical systems
Epic Break The Glass©, and Critical Access Review and Reporting
One of the key requirements for Meaningful Use Stage 1 and 2 is to perform security audit logging and reporting. Many healthcare providers implement traditional security information and event (SIEM) solutions to address this requirement. Saviynt for Epic enhances SIEM capabilities by offering easy-to-view, automated identity lifecycle management including periodic audit, analysis and corrective action of suspicious activity.
Automated Provisioning to Epic
Saviynt for Epic provides an intuitive, risk-based, Access Request and Review System. Connected via API- and flat-file-based mechanisms, authoritative feeds from HRMS and contractor management systems can be managed to automatically detect and correct user role and access templates to comply with security and compliance policies.