bst2012 - Fotolia
Healthcare organizations have not been shy in adopting cloud services, despite the concerns that many of them had around regulatory compliance. The addition of those services has made it so that more users have to log on to multiple applications and systems hosted in different environments. This development helped push IT departments to look for identity management products that can address cloud and on-premises authentication needs, while improving security and productivity for healthcare users.
Devices used by healthcare professionals should be guarded by strong security settings to protect patient's health data. By frequently changing passwords and ensuring they are complex, users have a lower risk of causing a data breach. Strict password policies -- while good for security -- are tough on users because they are typically required to maintain complex passwords for multiple systems at once. The quantity of different password policies associated with each application makes it a common occurrence to see users spending valuable work time at login screens and resetting passwords. As a result, the benefits of single sign-on (SSO) platforms have become even more apparent -- and -- popular in healthcare. A healthcare SSO allows users to maintain one account that automatically logs them into multiple applications without needing to remember different passwords.
Not all authentication is accomplished through entry of a username and password at a login screen, as many application vendors are allowing for identity federation. This is the process in which an SSO can securely communicate with an application and request a security token for a user and authenticate that user without requiring them to directly enter their account information.
The benefits of single sign-on in healthcare
There are benefits of single sign-on that apply to healthcare organizations beyond the consolidation of passwords and facilitation of application login. Today's SSOs can enhance overall security for users. With the centralized identity management systems included in many of today's SSO platforms, IT departments can enforce security policies, manage users and oversee any subscriptions users have associated with their specific cloud accounts, all from one place. An IT team can also implement specific practices to lock user accounts when too many unsuccessful attempts are made to access a single account, particularly if those efforts originate from an external network that is considered suspicious.
On the reporting side, healthcare SSO products can offer centralized access logs. That helps with complying with different regulatory requirements, such as HIPAA, it's also an opportunity to gain insights into when and where users spend the majority of their time.
As IT departments look into the best SSO products available to them, they must consider how these platforms will support with their cloud services, mobile users and security practices. Medical facilities must also project the long-term return on investment of a potential healthcare SSO platform. Critics of SSOs point out that these products, if breached, can expose the account information contained within many systems. The risks of SSOs are less than those of non-SSO users because those without SSOs tend to reuse the same passwords for their internal and external applications and store their passwords in unsafe areas.
A new threat to a password manager could expose users' info
Mobile device security a goal of healthcare providers
Part of a healthcare security series addresses authentication and encryption