Healthcare Cloud Brings Access Control Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service
News
12/5/2011
11:51 AM
50%
50%

Healthcare Cloud Brings Access Control Concerns

N.Y. nurses service finds single sign-on enables its mobile workforce to use its multiple, disparate cloud apps.

6 Top-Notch E-Prescribing Options
(click image for larger view)
Slideshow: 6 Top-Notch E-Prescribing Options
The shift to cloud computing has exposed a series of worrisome dichotomies in healthcare, an industry that handles sensitive data and thus has unique privacy requirements.

Consider the Visiting Nurse Service of New York (VNSNY), which supports a largely mobile workforce of more than 14,000 healthcare providers. The cloud allowed the organization to make decisions on technology for business services without having to get the IT department fully involved, according to chief information security officer Larry Whiteside Jr. But that also meant different areas of the enterprise chose different cloud hosts.

Similarly, cloud technology helped mobilize data for thousands of field workers, but having to log into multiple systems was a chore. "The cloud was bringing economics of scale and cost savings in one area, but was bringing complexity in other areas," Whiteside told InformationWeek Healthcare. "We forgot that we had done so much work to get to a single ID, and now we're going away from it," he added.

About a year ago, the IT department was brought to the table after Whiteside learned that disparate business units were making IT decisions without consulting one another. "There needed to be an identity standard ... that could be extended to the cloud," Whiteside said.

[ Doctors are using tablets, smartphones, and mobile EHRs in their medical practices, but are slow to adopt cloud computing and telemedicine. Learn why. ]

VNSNY, which serves 140,000 patients in the New York City area, contracted for access management, identity management, and single sign-on services from Symplified, a Boulder, Colo.-based vendor specializing in cloud security.

In the first quarter of 2011, the VNSNY implemented Symplified technology, which itself runs in the Amazon cloud, Whiteside said. Then the IT department started building connectors to each remotely hosted application. Connectors pass security credentials to the cloud-based apps behind the organizational firewall.

"Symplified actually stores nothing," other than the URLs to access each application, Whiteside said, adding that there is no industrywide standard for user authentication. "So there's a lot of hand-holding [with] these third-party applications," he noted. Likewise, users do not need to install software on their workstations or mobile devices.

With the connectors in place, remote workers and other VNSNY employees who don't want to remember multiple user names and passwords simply apply to the IT department for single-sign-on access. The system allows the organization, not the vendor, to retain control over provisioning the proper level of access to each user, even though apps reside in the cloud. "The users are happy and the technology people are happy," Whiteside reports.

The setup is secure enough for VNSNY to support electronic prescribing of controlled substances just by adding the necessary second authentication factor, should demand arise, Whiteside said.

One problem the Symplified technology has not yet addressed is the "bring-your-own-device" phenomenon sweeping across healthcare (and other industries). The Visiting Nurse Service assigns mobile devices to thousands of workers based on job function, but plenty want to use their own smartphones and tablets on the organizational networks.

"We say we're not supporting it, but that doesn't stop them from trying it," Whiteside said. "Where there's a way to get around it, people are going to try."

As healthcare providers of all shapes and sizes start implementing electronic medical records systems, security must be a top priority. Here's what you need to be thinking about to ensure your system is locked down. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
News
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Slideshows
Flash Poll