When it comes down to why the Albany, Ga.-based Phoebe Putney Memorial Hospital, a 450-bed community-based hospital, decided to implement a single sign-on (SSO) solution, the reason wasn’t complex or profound. Quite simply, as Phoebe Putney Memorial director of tech services, Michael Elder, puts it, the hospital’s physicians were dealing with multiple log-in passwords from various different systems, even within its EHR from McKesson Corp. (San Francisco, Calif.).
“We knew it was becoming a bigger and bigger problem as we rolled out these new applications for clinical systems, EMRs, and those types of things,” Elder says.
After going through a vendor selection process, Phoebe Putney chose Imprivata’s (Lexington, Mass.) OneSign Single Sign-On for the SSO solution. The hospital went through a year-long implementation process throughout its entire organization, starting with nurses and working their way to the physician community. The physicians were so impressed, Elder says, they wanted to see if they could up the stakes even more.
“They were saying it would be nice in my physician dictation rooms if I could get in and out even quicker, so we put in biometric readers a few years ago for them. Those worked really well, they appreciated that technology,” Elder says. Biometric readers allow for physicians to use their fingerprints for authentication purposes.
What began as a way to reduce complexity for physicians has since evolved into something that has provided greater efficiency and security at Phoebe Putney, Elder says. Along with the SSO solution, the hospital has used VMware’s (Palo Alto, Calif.) VDI enterprise virtualized desktop solution to create a one-click roaming session for its practitioners. “You can go into one room, log in, and what you can do is disconnect your session, go into the next room and pick up right where you left off,” Elder says.
This kind of efficiency could mean added dollars for a hospital. Last year, a study from the Traverse City, Mich.-based research firm, the Ponemon Institute, concluded a hospital could save up to $2 million per year through increased physician efficiency with an SSO solution. Ponemon, which interviewed 400 health IT workers for the study, determined an SSO solution saved clinicians approximately 9.51 minutes or $11 per day on average. Extrapolated out, this number totals $2,675 per clinician per year, according to Larry Ponemon, Ph.D. and founder of the Ponemon Institute.
Ponemon, which looked at a wide array of industry solutions including SSO products from Imprivata, Microsoft (Redmond, Wash.), IBM (Armonk, N.Y.), Healthcast (Boise, Idaho), Carefx (Scottsdale, Ariz.), and several others, says the added efficiency came in the form of reduced calls to the IT helpdesk, reduced log-on errors, improved workflow, and increased patient time. Like Phoebe Putney Memorial, Ponemon found most SSO users got a solution to improve physician satisfaction, but found it came with added benefits.
Larry Ponemon, Ph.D
Security and Meaningful Use
From a security standpoint, even though more people looked at added efficiency as the top benefit from an SSO, others said it also helped reduce data breaches, according to Ponemon’s research. Additionally, of the respondents in the study, 62 percent said an SSO improved their organization’s ability to comply with data protection and privacy efforts in regulatory acts such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Ponemon says like a moat protecting a castle, SSO acts as a form of security for early authentication access.
For Phoebe Putney, the biometric reader makes the SSO security nearly perfect, according to Elder, who notes, “It’s kind of hard to lose your finger.” In addition, their SSO solution will time-out after 15 minutes in a private space of inactivity, 30 minutes in a public space. Their SSO implementation was so successful, Phoebe Putney’s sister medical facility, both are part of the Phoebe Putney Health System, Phoebe Sumter Medical Center (Americus, Ga.), adopted an SSO solution using badges, which allows for tap-in and tap-out access. However, the emerging HIPAA requirement that an organization needs two forms of authentication to access protected health information slightly complicates things in terms of security, admits Nicholas Sheridan, Phoebe Sumter PC technician.
Besides the benefits of security and efficiency, another interesting nugget from Ponemon’s study was the fact that 60 percent of the respondents said the SSO solution supported their organizations ability to demonstrate meaningful use of an EMR, as required by the American Recovery and Reinvestment Act/Health Information Technology for Economic and Clinical Health (ARRA/HITECH). According to Ponemon, this comes down to efficiency.
“Our thought was if you basically had the ability to access critical information, confidential data more quickly, it would make your IT function more efficient, and ultimately, more cost-efficient,” Ponemon says. “What are the reasons why technologies in healthcare aren’t as widely used as they should be? And we think the average clinician accesses 7-8 applications in their normal job function. As a result, every time you have to sign in and remember a password, it creates inefficiency. If you’re looking to get more value out of your EHR, an SSO is a tool that makes it easier for the end-user.”
Phoebe Putney’s Elder says he saw the SSO as a tool that would help physicians adopt their McKesson EMR. “It made it easier for them to access the information they needed. It’s kind of a no-brainer to implement,” he says.
Mobile and Opportunities Abound
As the healthcare world continues to go mobile, Ponemon says SSO can be an effective authentication access point for those applications, just as they are with web-based applications. However, he says in order for these consumerized devices, such as Apple’s iPad, to be effectively implemented with SSO, there must be a physician-IT collaborative effort to ensure effective deployment. Once that happens, he says mobile applications are no different than web-based applications, in terms of SSO implementation.
While Phoebe Putney Memorial Hospital doesn’t have its mobile devices implemented with SSO quite yet, Elder says the hospital is looking at other opportunities to expand. Specifically, he says, it is looking at putting the biometric readers in patient rooms.
As for what technology leaders in hospitals should know if they are interested in implementing an SSO solution in their organization, Elder says take your time, don’t be too aggressive, and debug as you go. He also says 5-10 minutes of physician training with an SSO makes a world of difference. Ponemon says organization leaders should have a full understanding of access and privileged users before they implement an SSO.
“If you just accept those privileges and deploy sign sign-on, you basically are continuing the same insecurities that existed before,” says Ponemon, who adds that if you are going to do it, make a commitment across the enterprise. “Marginal deployments [of SSO] I’ve found aren’t as successful as an enterprise level deployment.”