Northwest Hospital & Medical Center secures access to patient information using building access badges

Why IBM?

An integrated identity management system that provides single sign-on and sign-off, supports shared desktop multi-user work environments, combines physical and logical access systems and works with a variety of keys and tokens for strong authentication

Solution
Encentuate IAM for Healthcare

“Encentuate IAM for Healthcare is the only solution to meet all of our requirements, and out of the box, helped us meet HIPAA compliance regulations.”
Ken Burton, Chief Technology Officer, Northwest Hospital & Medical Center

“The ability to consolidate physical and IT access is a major step in streamlining security for our hospital and helping us to maintain our focus on our patients, rather than juggling passwords.”
Ken Burton

“The pilot project proved that the IBM identity management solution provided the most benefits for our hospital, particularly in the area of HIPAA compliance.”
Ken Burton

Northwest Hospital & Medical Center, located at 1550 North 115th Street in North Seattle, opened in 1960 as a nonprofit community hospital. Currently, it has 281 licensed beds and more than 1,600 employees. Major clinical programs and services include: emergency services; critical care; cardiac care; stroke care; cancer care; childbirth services; rehabilitation care; neurosciences; diagnostic imaging; geropsychiatric center; Gamma Knife^® Center; laboratory services; and education and wellness programs.

Challenges and key requirements
With hundreds of employees in dozens of departments working with multiple applications on shared workstations, Northwest Hospital was looking to enhance security, eliminate workflow constraints and decrease IT help desk calls. Pressed for time in the fast-paced hospital environment, physicians and hospital staff were having to log in and out of applications several times a day, and were required to remember multiple usernames and passwords for these applications. Northwest Hospital was seeking a technology solution that would enable greater productivity hospital-wide.

The organization wanted to combine its current physical access security with its IT network to create one integrated system as part of an overall identity management solution. The system also needed to help staff meet HIPAA standards, which require that access to electronic protected health information (ePHI) must be logged, and applications must log out on inactivity to minimize risk of unintended access. After evaluating several access security solutions, Northwest Hospital selected Encentuate IAM for Healthcare, now part of the IBM Tivoli® software family.

Solution
Encentuate IAM for Healthcare provides single sign-on and sign-off, supports shared desktop multi-user work environments, combines physical and logical access systems and works with a variety of keys and tokens for strong authentication. In response to Northwest Hospital’s demand for an integrated security system, Encentuate staff, now part of IBM, introduced a single RFID hospital ID badge that can be used for both physical and computer access. Once employees swipe their RFID badges to get into the hospital, they are automatically given access to approved areas of the facilities. Their badges are authenticated and their entry in the building is tracked. Once they leave, a simple tap of the card logs them out of the building and their departure time is recorded. The same principle applies at each computer workstation.

Proximity readers were installed at each workstation, and with a simple tap of the same RFID badge, hospital employees have access to all of the applications they are authorized to use. A second tap will then log them out, and the session will be recorded in the network, which will help in tracking employee access to computers and applications. The integrated ID badge eliminates the need for staff and physicians to share passwords and leave machines and applications permanently logged on.

Single sign-on was implemented across more than 30 applications in only two weeks, showcasing the solution’s ease of deployment without significant interruption or interference with current hospital processes and procedures.

“Encentuate IAM for Healthcare is the only solution to meet all of our requirements, and out of the box, it helped us meet HIPAA compliance regulations,” says Ken Burton, chief technology officer at Northwest Hospital. “The solution enabled us to use our existing employee badges for both physical and logical security access, which greatly reduced costs and the need to provision new badges for our 1,600 employees. The ability to consolidate physical and IT access is a major step in streamlining security for our hospital and helping us to maintain our focus on our patients, rather than juggling passwords. The pilot project proved that the IBM identity management solution provided the most benefits for our hospital, particularly in the area of HIPAA compliance.”

Results
By consolidating multiple staff badges and security applications into a single employee RFID badge, the hospital streamlined security and access management, established SSO to multiple applications, and provided true convergence of the IT and physical access systems.

The benefits of the solution for Northwest Hospital include the following:
Reduced costs – The hospital was able to use its existing employee RFID badges for physical and computer access, which has resulted in significant savings and increased efficiencies across hospital areas and departments, including human resources, parking, security and network administration.
Simplified administration – The solution included implementing an integrated and automated process to issue, track and cancel employee badges. Rather than multiple badges, usernames and passwords, the employee ID badge incorporates all the authentication and access rights an employee needs. Administrators also have one-click access to cancel employee badges, which will protect both the hospital’s facilities and network from disgruntled employees.
Productivity gains – Because hospital employees need only a single access card for all buildings, workstations and applications, they will save time from having to manually log on and off throughout the day. The productivity gains also stretch to the IT department, which will have significantly fewer calls related to passwords.
Stronger security – The solution offers SSO with two-factor authentication for workstations and applications. Staff will no longer be required to write down or remember passwords or leave terminals logged on all day at the nursing stations. The consolidated directory of users provides enhanced security that is easier for the staff to use and places the security administrators back in control.
Fully auditable – The single RFID ID badge provides Northwest Hospital with the ability to track what building an employee entered, what machine they logged into and what applications they accessed.
HIPAA compliance – The single sign-on solution provides complete access management and password security that helps Northwest Hospital meet HIPAA’s physical and workstation requirements.

Key Components
Software
Encentuate IAM for Healthcare

For more information
Contact your IBM sales representative or IBM Business Partner, or visit us at: ibm.com/tivoli

You can get even more out of Tivoli software by participating in independently run Tivoli User Groups around the world. Learn about opportunities near you at:
www.tivoli-ug.org

For more information about the Northwest Hospital & Medical Center, visit:
www.nwhospital.org