Using LDAP authentication to limit EHR data access

With role-based LDAP authentication, "naming models" define the types of patient information an end user can and can't access. This technology improves information security and reduces errors.

In health care applications, role-based authentication, in which users are placed into a group with common information

access levels, helps ensure that protected health information (PHI) stays that way. Shielding PHI ensures the quality of the health services provided, and prevents errors. One way to implement role-based authentication for an electronic medical record (EMR) system is to use the Lightweight Directory Access Protocol (LDAP).

Role-based authentication guarantees that a user accessing an EMR system has the credentials, or appropriate qualifications, to provide the right level of care to a patient. This is the goal that health care organizations are seeking for the new generation of EMR applications.

Here's a typical series of patient encounters that involve an EMR system:

  • A patient is checked in at the front desk by an individual who can access only appointment and demographic information.
  • In the examination room, a nurse can record only the patient's vital health information (weight, blood pressure and temperature) and confirm a medication list.
  • The patient then meets with a physician, who diagnoses a medical problem and issues orders to a lab or pharmacy.

The EMR system needs to know that the three individuals providing a service to this patient all have the appropriate level of authentication and the correct credentials to do so.

Implementing LDAP authentication

LDAP directories provide two important features needed to authenticate a user of a clinical application. The first feature is single sign-on, which allows a clinician to sign on once and have all his credentials passed through to other clinical applications for authentication. This eliminates the need to sign in to each application individually. The second feature is role definition. Within the LDAP directory, roles can be defined according to one's job competency, authority, and responsibility, thereby limiting the information that certain users see when they log into an EMR application.

Based on such directories, the EMR system can query the LDAP credentials to see whether the user who authenticated to the system is allowed to write prescriptions, order lab tests and write or even read all or part of a patient's medical record.

LDAP directories store information, known as objects, for people, servers, printers and roles. The basic cell information stored in an LDAP directory, or database, is referred to as an entry. Each entry is a collection of attributes that describes a unit. An entry's attributes can be referenced through mnemonic strings. This attribute and value can be passed to the EMR applications and allow the authenticated user access to features only a physician would be allowed to use.

LDAP technology uses naming models to define how entries are identified and organized. Entries are placed into a hierarchy that depends on a unique identifying name, known as the distinguished name (DN). DNs are set up into a sequence of relative distinguished names, or RDNs, which serve to describe the location of the entry in the hierarchy, the same way a file's location is described by the path names in a computer operating file system.

Other authentication systems, such as Kerberos, do not provide such options, and basic operating system authentication does not provide these features. Most clinical applications use their own proprietary authentication tables or password files, but they tend to be limited to basic functions, such as being allowed or denied access to the application.

Basic due diligence can prevent a multitude of user authentication headaches when it comes time to implement your EMR system.

Key LDAP authentication questions for vendors

When you consider purchasing an EMR application, keep the following questions in mind:

  • Does this application use LDAP authentication?
  • Does this application support single sign-on through LDAP?
  • Does this application support pass-through authentication for accessing legacy or other vendor clinical applications?
  • Does it support role-based entries within LDAP directories?
  • Does it allow access-based attributes within LDAP directories?

Have the vendor supply a flow diagram that describes exactly how its authentication method works. This basic due diligence can prevent a multitude of user authentication headaches when it comes time to implement your EMR system.

Al Gallant is director of technical services at Dartmouth Hitchcock Medical Center in Lebanon, N.H. Let us know what you think about the story; email editor@searchhealthit.com.

This was first published in November 2010

Dig deeper on Electronic medical records security and data loss prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.