Sunnybrook adds ID management to key IT systems

A Toronto acute care hospital is in the process of developing an organization-wide identity management solution for 5,000 employees that will eliminate repeat log-ons and provide medical workers with a single point of access to multiple systems.

Sunnybrook and Women’s College Health Services, which includes the Orthopaedic and Arthritic Hospital, Sunnybrook Health Science Centre and Women’s College Hospital, will start rolling out Sentillion Inc.’s Vergence identity management suite early in the new year. Sunnybrook and Women’s, which is affiliated with the University of Toronto, is planning to deploy the software at its emergency site first and then to other departments.

The application provides authentication and single sign-on (SSO) capability across numerous applications that make up the hospital’s electronic health care record (EHR). Staff will also be able to access systems via proximity card identifiers using Ensure Technologies’ XyLoc technology and fingerprint biometric technology from Identix Inc.

Sam Marafioti, vice-president of corporate strategy and development and CIO of Sunnybrook and Women’s said the implementation will enhance patient care by reducing clinicians’ time to access information.

“It will greatly enable the treatment of patients that come through there by making sign on seamless and more importantly, getting them to patient information much more quickly than having to sign on to the different systems that currently house it,” said Marafioti, also the hospital’s chief privacy officer.

Currently, hospital staff sign in to Windows NT and then enter a user ID into the EHR system. The hospital’s EHR is stored within a central repository that receives and sends data on an ongoing basis to different clinical departments.

If the worker needs to leave the computer to attend to a patient, for example, the hospital’s privacy policy as mandated by the province’s Personal Health Information Protection Act (PHIPA), requires them to log off and re-log in when they return. Sentillion’s product suite allows staff to log on once to access all systems, eliminating repeat log ons. The emergency system, for example, has its own local system to capture other information such as ambulance and triage data that currently requires a separate log on.

“This is going to tie all those different systems together under one authentication providing access to all of those systems at once,” said Marafioti.

At a recent identity management conference sponsored by Sun Microsystems Inc., Ontario Privacy Commissioner Ann Cavoukian said organizations need to think of privacy as a business issue rather than an IT-related one. Paul Roscoe, senior vice president of field operations at Sentillion, agreed, saying the company develops privacy software that is proactive in protecting patient privacy.

“There’s a built in ability to lock down public workstations so that they’re only displaying information to care givers at point of care and when they require it and they aren’t accessible to the general public or to people that don’t have access to that info,” said Roscoe.

With identity theft on the rise in all industries, the latter is a greater threat to many organizations — rogue employees that will use their privileges to take down systems or steal confidential data. While there’s been an explosion of media reports on identity theft in the retail and banking sectors, it’s also increasingly becoming an issue in the health care sector, said Marafioti, who urges the industry to start addressing it now.

“We need to be ahead of the curve on the issue and up there with the best practices that are available across the industry,” he said. “I’m not sure the health-care industry has thought enough about the issue. The issue is pervasive enough across other sectors that we’re going to have to step up our attention to what technology we throw at the issue.”

Likewise, Roscoe said identity theft is a key issue for its customers on both sides of the border in terms of security and management.

“Identity management is not only about protecting people’s identity but about protecting assets to health information system from access by the right individuals and the right identity,” he said.

Other health-care organizations — including the New Brunswick Regional Health Authorities, St. Joseph’s Health Centre in Toronto and Vancouver Coastal Health — have also purchased Sentillion’s ID management products.

Comment: info@itbusiness.ca

A Toronto acute care hospital is in the process of developing an organization-wide identity management solution for 5,000 employees that will eliminate repeat log-ons and provide medical workers with a single point of access to multiple systems.

Sunnybrook and Women’s College Health Services, which includes the Orthopaedic and Arthritic Hospital, Sunnybrook Health Science Centre and Women’s College Hospital, will start rolling out Sentillion Inc.’s Vergence identity management suite early in the new year. Sunnybrook and Women’s, which is affiliated with the University of Toronto, is planning to deploy the software at its emergency site first and then to other departments.

The application provides authentication and single sign-on (SSO) capability across numerous applications that make up the hospital’s electronic health care record (EHR). Staff will also be able to access systems via proximity card identifiers using Ensure Technologies’ XyLoc technology and fingerprint biometric technology from Identix Inc.

Sam Marafioti, vice-president of corporate strategy and development and CIO of Sunnybrook and Women’s said the implementation will enhance patient care by reducing clinicians’ time to access information.

“It will greatly enable the treatment of patients that come through there by making sign on seamless and more importantly, getting them to patient information much more quickly than having to sign on to the different systems that currently house it,” said Marafioti, also the hospital’s chief privacy officer.

Currently, hospital staff sign in to Windows NT and then enter a user ID into the EHR system. The hospital’s EHR is stored within a central repository that receives and sends data on an ongoing basis to different clinical departments.

If the worker needs to leave the computer to attend to a patient, for example, the hospital’s privacy policy as mandated by the province’s Personal Health Information Protection Act (PHIPA), requires them to log off and re-log in when they return. Sentillion’s product suite allows staff to log on once to access all systems, eliminating repeat log ons. The emergency system, for example, has its own local system to capture other information such as ambulance and triage data that currently requires a separate log on.

“This is going to tie all those different systems together under one authentication providing access to all of those systems at once,” said Marafioti.

At a recent identity management conference sponsored by Sun Microsystems Inc., Ontario Privacy Commissioner Ann Cavoukian said organizations need to think of privacy as a business issue rather than an IT-related one. Paul Roscoe, senior vice president of field operations at Sentillion, agreed, saying the company develops privacy software that is proactive in protecting patient privacy.

“There’s a built in ability to lock down public workstations so that they’re only displaying information to care givers at point of care and when they require it and they aren’t accessible to the general public or to people that don’t have access to that info,” said Roscoe.

With identity theft on the rise in all industries, the latter is a greater threat to many organizations — rogue employees that will use their privileges to take down systems or steal confidential data. While there’s been an explosion of media reports on identity theft in the retail and banking sectors, it’s also increasingly becoming an issue in the health care sector, said Marafioti, who urges the industry to start addressing it now.

“We need to be ahead of the curve on the issue and up there with the best practices that are available across the industry,” he said. “I’m not sure the health-care industry has thought enough about the issue. The issue is pervasive enough across other sectors that we’re going to have to step up our attention to what technology we throw at the issue.”

Likewise, Roscoe said identity theft is a key issue for its customers on both sides of the border in terms of security and management.

“Identity management is not only about protecting people’s identity but about protecting assets to health information system from access by the right individuals and the right identity,” he said.

Other health-care organizations — including the New Brunswick Regional Health Authorities, St. Joseph’s Health Centre in Toronto and Vancouver Coastal Health — have also purchased Sentillion’s ID management products.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+