In 2006, participants in the HIMSS Leadership Survey predicted that single sign-on (SSO) would become the most prominent technology that providers would look to adopt in the next two years.
That forecast proved to be quite accurate.
According to data collected by Chicago-based HIMSS Analytics, roughly 29 percent of hospitals are currently automated with SSO and another 4 percent are under contract to implement the technology. The adoption numbers are up about 11 percent from two years ago, but there is still a large chunk of facilities that aren't actively pursuing SSO. In some cases, it's because facilities have installed a suite of applications with a consistent architecture and therefore don't need the technology, says Mike Davis, executive vice president at HIMSS Analytics. But for others, there are burning questions that exist about SSO, like what features are most important when selecting a vendor, what to expect with implementation, what type of facilities and environments are best suited to the technology, where context management fits in, and whether SSO truly is a “must-have” solution rather than something that would be “nice to have.”
Researchers at KLAS (Orem, Utah) sought to address these issues in a report released in February called “Single Sign-On Context Management,” which provides a database of information about the technologies based on comments from users. “We hope that through this publication, others will start to focus on where there are opportunities for improvements within clinical workflow,” says Paul Pitcher, KLAS research director and author of the report.
“Identity, access management, security and privacy are hot topics, and providers are looking for answers,” he says, adding that while SSO doesn't solve all of those issues, it is a crucial component.
Davis agrees, noting that the facilities most likely to seek out — and benefit from — SSO technologies are those that have disparate systems, such as the 800-bed, three-hospital network Lehigh Valley Hospital and Health Network (LVHHN) in Allentown, Pa.
“We're best of breed here, which really pushes the need for SSO,” says Gregg Zahour, director of IT services at LVHHN, who chose to install Fusion by Carefx (Scottsdale, Ariz.), which is integrated with Islandia, N.Y.-based CA's eTrust SSO solution. “Doctors want to have a one-stop shop,” Zahour says. “They want to go to one or two screens and get all the information, and it's our job to deliver that.”
Getting it started
Once the decision has been made to deploy SSO, a facility needs to identify what specific tasks the technology will be relied upon to address.
Michael Krouse, CIO at Columbus-based OhioHealth, had three primary objectives in mind when Dublin Methodist Hospital (Dublin, Ohio) opted to implement the OneSign platform from Lexington, Mass.-based Imprivata. The first issue was productivity, which he felt was significantly compromised by the fact that clinicians had to remember so many user names and passwords when bouncing between as many as five systems. The second factor was patient safety. “When you have a complex environment, it leads to shortcuts,” he says. “And when you have shortcuts, you begin to compromise your security and privacy policies.”
The third issue deals with authentication, a topic that is particularly relevant in states such as Ohio, which have adopted stringent policies to help more effectively govern the distribution of prescription medications. The Ohio State Board of Pharmacy requires that anyone involved in the administration of medications provide positive identification both before and during the processes of dispensing the medication. Three states have passed similar laws and 10 more are in the process of adopting legislation, according to Krouse, who expects the initiative to roll out nationwide in the near future. As a result, he says, the industry could see a significant spike in SSO deployment.
A push to implement SSO wouldn't surprise Davis. “You don't implement SSO because of ROI. You implement it because of regulatory requirements and risk mitigation,” he says. “What you're trying to do is make sure you don't violate HIPAA laws or security relative to exposing patient information. That's probably the biggest thing.” (See sidebar for more information.)
At Dublin — an all-digital facility that opened its doors in January — the SSO implementation was a relatively smooth one. Not only were there no hard-wired applications, which made it easier to physically move devices, but the biometric readers and fingerprint scanners are built directly into the notebook computers carried around by physicians. “It's certainly made life a lot easier and it's why we were able to do some of this pilot stuff at a brand new facility,” says Krouse.