Remediate your Segregation of Duty (SOD) for Epic Healthcare


Organizations face several challenges to comply with healthcare regulations

Healthcare is one of most regulated industries with intense scrutiny to secure sensitive patient health data. There are several challenges that the industry faces, including:

  • Constantly evolving regulatory requirements such as HIPAA, HITECH, Meaningful Use leading to increased regulatory pressure and penalties
  • Insider misuse of privileges – one of the biggest threat to the security and privacy of patient data
  • Increased sources of risk from business associates
  • Escalating threats from inside and external sources intent on compromising patient data
  • Managing user security across multiple systems platforms and ancillary systems

Comprehensive SOD Management & Remediation

Segregation of Duty (SOD) is a highly effective control, prescribed in NIST (Special Publication 800-53 AC-5) and routinely recommended by auditors to be implemented in the Professional Billing (PB), Hospital Billing (HB) and Shared Security modules of Epic. However manual SOD analysis is extremely cumbersome and remediation even more complex, making Healthcare Providers to shy away from deploying it. Saviynt introduces industry’s first comprehensive SOD management system for Epic that automates analysis, provides remediation recommendations and integrates preventative SOD check in access life-cycle management. With over 180 SOD rules and controls, the module is tailor-made for Healthcare Providers where a typical automatic SOD analysis can be completed in as little as 3 weeks.

Still resorting to designing Epic templates using spreadsheets?

Saviynt has industry’s most advanced solution for Epic template design, provisioning and management. Some of the capabilities of the workbench include:

  • Template impact analysis simulates changes being made to multiple users and / or raise any potential SOD violations
  • Automatic role – template recommendations with ability to compare templates, split or merge templates
  • Template life-cycle management with version control and integrated review / approval before template changes are confirmed
  • Periodic review to maintain currency and accuracy of templates and classes
  • Ability to extend Epic templates / role model to other clinical and non-clinical systems

Break-The-Glass and Critical Access Review & Reporting

One of the key requirements for Meaningful Use Stage 1 and 2 is to perform security audit logging and reporting. Most healthcare providers have implemented traditional SIEM solutions to address this requirement.

However, in order for security to be effective, there needs to be automatic corrective action when system detects suspicious or critical actions are performed. Saviynt’s Epic connector not only manages access but also collects usage and audit logs from Epic system and provides a seamless review of activities vis-à-vis user access. This analysis of usage logs also enriches access life-cycle management processes e.g. periodic access review, template design, etc.

Automated Provisioning to Epic

Saviynt’s specialized connector for Epic provides multiple mechanisms (APIs and flat-file) to establish automation and ensure user, access and template are provisioned in accordance to compliance and security policies.

The entire provisioning life-cycle is automated via an intuitive Access Request and Review System that is risk-driven and triggered via authoritative feeds from HRMS, contractor management, etc.