IT Infrastructure - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  IT Infrastructure


Kaiser Takes Authentication Wireless



 By: Matt Hines
2007-01-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this IT Infrastructure story.


Rate This Article:
Poor Best
The health care giant has revamped the system used by its hospital employees to sign into IT systems, placing an emphasis on ease-of-use and improved security to stay out of the way of caregivers.

The biggest challenge facing health care giant Kaiser Permanente when it was considering options for rebuilding its IT authentication system wasnt related to integration or total cost of ownership. Rather, it was finding a technology that would not stand in the way of its employees.

Serving as the central nervous system for a network of over 400 North American hospital and health care facilities that employ over 150,000 people, Kaiser was looking for a way to lock down access to its sensitive patient data that didnt prevent doctors and nurses from doing their jobs at full speed.

There are many tales of authentication systems that have failed to find favor with health care workers, with industry professionals citing examples of caregivers finding low-tech solutions to circumvent technologies that get in their way. These include methods as simple as leaving passwords written on post-its stuck to shared workstations, or allowing two-factor USB fobs to remain plugged in around the clock.

With the regulatory requirements of HIPAA (Health Insurance Portability and Accountability Act) hanging constantly over their heads, Kaisers IT executives needed a more secure way to log workers into protected databases, but the project couldnt be perceived as a roadblock by its users or it would be much harder to make the system do its job.

"We have all the usual password management challenges that are so notorious, but we also had an even more significant business problem, as every request to sign-on reduces the effectiveness of the care our doctors and nurses are able to provide," said Nathan Harris, enterprise architect at Kaiser, which is based in Oakland, Calif.

Resource Library:

"Our primary driver wasnt password management, but improving the workflow for care delivery providers in order to improve the quality of care for customers while facilitating better security."

Adding even more complexity to the project is the fact that Kaisers hospitals operate almost entirely as independent businesses, and traditionally made their own decisions when selecting authentication tools, leading to a patchwork of many different technologies that the firm would be forced to replace or integrate.

After considering a number of different alternatives, Kaiser decided in December 2005 to employ a system that pulls together two specific technologies, an enterprise single-sign on application made by New York-based Passlogix, hitched to active RFID proximity cards designed by Ensure Technologies of Ann Arbor, Mich.

Using the system, initially installed on all of Kaisers shared and clinical workstations, users sit down at a machine which automatically detects the presence of the Ensure card via its wireless RFID transmitter and prompts them to enter their password.

Click here to read about the trouble with meeting HIPAA compliance regulations.

When a user walks away from a machine armed with the system, it automatically locks itself, providing increased security in the event that end users forget to sign-off, or get pulled away by some pressing medical situation.

The authentication technologies have also been tailored to demand additional passwords for specific applications, adding a third layer of protection for Kaisers most sensitive files.

"Theres no question that this combination has substantially improved security over our previous systems, and its also significantly reduced costs related to support of traditional passwords," Harris said. "Enterprise single sign-on was the only thing that could give us complete coverage in regards to authentication, and proximity cards were the only technology that met our strict log-off scenario; and both systems have additional benefits in terms of supporting workflow."

Harris said that Kaiser considered SSO (single sign-on) technologies, which allow users to log into multiple systems using one password, made by a number of larger vendors, including IBM and CA. However, the company found that those technologies required manual production of individual account scripts, making them labor intensive and expensive to maintain.

Ensures RFID card technology was the best the health care firm encountered, Harris said, but its SSO tools were too immature to be used in such a large, distributed environment.

What helped Passlogix win the deal with its v-Go SSO package was the products ease of integration, and the fact that the software maker already had the system up and running at other massive, distributed customers, according to Harris. The installation went relatively smoothly, he said, with integration with Microsofts Active Directory providing a crucial manner of blending the Passlogix software with the firms existing user databases.

The only serious headache experienced during the projects roll out was integrating the system with Kaisers patient records applications, made by Epic Enterprise Software, which are notoriously tough to work with.

"Weve experienced the challenges youd expect in any large enterprise deployment of SSO. A certain percentage of applications are programmed oddly and hard to integrate, and some software makers have better solutions for that than Passlogix, but those were too small to scale," Harris said. "Overall were very pleased and impressed with the technologies used in this project.

Harris said that various Kaiser business units that are not yet up and running on the new authentication system will continue to install it, and he said the company has additional projects planned for the first half of 2007.

Passlogix officials said the Kaiser project serves as a great example of the manner in which its tools can help large, complex organizations tackle their authentication problems.

"In the health care industry HIPPA is a driver to a certain degree, but the biggest driver as in this case is ease-of-use, and weve worked hard to make things as simple as possible for end users," said Scott Bonnell, vice president of business development at Passlogix.

Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.





  Reader Comments: Kaiser Takes Authentication Wireless
>>> Be the FIRST to comment on this article!
 

 
 
>>> More IT Infrastructure Articles          >>> More By Matt Hines
 


x}r8s;iW1ŋvI%5e[KU-EB!)ܳ~fMZllDf"H$#I"nZΔ\¦d>}O$wB} ΚUQR c7,(bP<HwO7n[SY0Ra᳙*,Q  tjOt0]2t6;k>%o4ekOi cߨ_Z``1Zt|Rl j9iݑ |i @I>R(#Ѻ!QQyIږyD6D'J;ߣ*c7 ݹx8/DeO‡d^b{Aq25;^;0k}BQ5w0NK <[8$c5nCUVekF֠6^:6 ȅC׷z$nRvn7oZ 205E2Z"[XdTZ ӱku8r 08juj=nf-n@w(6\'p}j F1 9 \ ZIa^jl<mCɤ:ZdI}9e,f4öۢCCٰo4RihuE9*ՆRn9?Wcm9NeW4ϷF{RU5MQUu7ۺs om%k%Cq;Cr=?'[7;AzW@o&1`ZLTQRhf Rc@GY7^z5(ƭ~㖯[FIS# ԏ40"ÌJ0~̢J=vgsKrؽ d=9;uO}1fPk5M~"3h ؕgxg4X:nN;77Nf@Nפ;~q>15M0\±¬:֪V1?!MXCEC0JCR ?#3 Yo]}<>$7Y ;gËs`םBm۲ܽ,BZKEןk3ReQ So,nHˤdM2Tc]NjoN\ hYK37Bs_?]p a4f@t&&h)5?&Ʈb.L2:~)mZ—W/(AK/-ڊ5|*(if);΀/3A.r)i!  6=aB+^,4l=j\GכUsNVt];3eя1-+}יNn >~]xD18,]evr`\Է7ZϏRQ^Tr[h 32ud8԰1n҉âx^QAI{G|NMk1ouI=DC#ɠ:ڴ{\ZgV34!!&mЀ 'p'bdx c 04&ztH۠h&rkIO7.[A? ; O`p]&; xk= `DykwCXb LTM@#/@X]7$(@+9=P9nزc@|j. Jg:;r-Ea1CwDħH.B$(ZȻ"!Alu [$t XV0(VFFvGBj+6ODs@PGҹ;uGjRF;7 +=*%nqR%e 932YIf=?n1!UG ,D`v9J,L.Y ϴ6jԭerY9ҴFhڛНL,Â%bi]ym6,`b IG$%\Ew,;t3Awq=7^߄s dw`T4fs)wdmrn)s7UBsNHB/W2 \_&AB5 6d:ɤPl';oWfqm?XĞ?x8[0,Y^W꺰/]5%@0mE"CaiNR} IJ^z`׽YAʫ&-JjE)jB4i/#Y /m0܉k}>aD6#BQڞ>-B.,g \ipj^DZLhKAqA0*L]y.*?/VN0\n}Oєa˘;|q7Nm*IrIQ)kMf9oi3ۉiȈ0Aq_8Rd" @ 4~x *O$BZ--UŨN=M9 =`q0zK&a@qӞrFVyUBYaH=ykR^K?N QYj8+0y/o'L zN¢ g-h'(0ZN * RIS֍ۅ'wa*r1g6~ziO0b:`{7=;'[(4OQX9)6>b(Z56Xk<v?).~zF9pTjgHUWt",#?sy>?UU{MyR̚,+Ajm>a,0r6l\Xbbק$oyJu8e3 +S`e3*~~hKJ]ad|?T\S=@Q>M}ݤ1p NM<t H҇!JSO (:7mFRV%~ͳ~cEZdЯdL AKl!/`.R(S/F fT]Z/)+iQ/ ~ dwm PG c[,{q O,}U]v8$#/;Rˏ.F4r`R=(; J@S䆷G$bw}WszV^;{隿ðwOQ區҈FsѾ~߻_>I#r޻J^'+΃ G7*y!ˁB<'uti)qfڎ7MJ,$LmkC2 xidDi%ҿt9`\Rh5c-ͅHg“S&amD}8cZ[E_aY,d20K7$>T1r$`$X)XCu:\Olgu~{( m D785C*QFW22EhiA&u'6g <"D69FdD~FpEr}#&B}XyKw8Ť3DJ^KkhVˮM^<~xZR̅0OC]9$gEQ,гOFMbc cE˙)vR6x}y9b1݁ne)ܱr0jw{操~{Oj9ЛsL٩EݘtvzNhMss {:`1 Tu0؁H*Er o5 & Omzcl3ȲÈǥ·rt χkҾexjwa~%yX@2oBwOH4b5yÿ뢧G r;k_=g䢅a-ɛAT{0tKdؗe{qOKr<]1hng4lLSI")V57`\8%r +dxrt2ע @7Yu (f~\;pGʠ%ccmf}ݸw[f1vifGP%(!I>]awP;_z˞6YiEu/K\-"Pn'ZY|>Oז%0)7>t<^<zLNhdq%̦6՟XK}[П|i aXC{t5.lq|e@a-p>s&Gk [xjϤuΡ Fߩn,l sYә4([32R֞+Ѡ@ٗP< S= cðX) gqSuFh/O/+`T͍*>#^b@M T&B <2wVn )  :|'Cq$_7 -BgPBٳ>SJ`@ MPA}uY.5*nQj ) [Xm"EŴR0%q^9Kq,SC:]X =H=>H0Rۀ):9=BNpH  G'&Z#LiJLDB b[o\Z>zYS5&3^gMh ԱLi`^A XT?p+PYj| y*k3ވXkSN\Pӹ\ 19` '@, b&W_\wp]–^Dh>2[=6IСgT+x'$,m9JSz>K%}0KOH"\ M\_JMRU445gRb(I@D qޔ(Oƛ ϯqz1E${2c'nH*iʶ,\yQ%6cfdf&< 37Pc7]g'MAHp0_J uz-vvbTٖM/.,s˗4RݏwJ7"%I9NٖW@PRk4rTK"%Aqzd b(djJmlˆb/5 ;H@gV@MjA3XX+X8([ 4Y( Wp DDnN,UT0㪛X^p 7Oř(_\U͓͓͓͓=Fg?ד諗ws- wKƼ^xS~vifx!aH}G >)+CGRP6O>}iuGukd XBBz4ja TUiׇ] a4,| 72ok[L*7Zc o` [ Q <^$j-01o+נYL S%lɉ[,Flyi8թ%3EKm_!`hJV*7H@HS$D^!v"@k[r3;k[nc ÃL0Oѷyl$BкOd,8"bnt9kLӈ_/ʖl^yqK 92tAu?J0hb޻>ތ1CyzJy=oὪ.IW@dI H} htU}q:jGx+xŏ@j[nTFH/ k_8zc5)_$mBܥ_̥6ڣۤ(+a\ENebJ~=zh+D3^/.0Ѱ<<<<_ǴQ]u!IupK5&!?Lf:\<_/2=z=yM قdsH:zN-Cz6:V-J L /(<\"p =@7 APY"ோ+^ZK3SBJ˜$c !FO1]? vqLD?7U'h-=x}wΎc,0.bNfmSgJ7+%bGx5N]^@?ln$¦{6(?`yL~g9$wl%Dץ4C mj)Z_U…=gb/{M%XlY DRzusHH(_Ht9sBko;z_g^V(#ЧVUc:a_gۥ^zG.ʹvjeS_WH^~&4"w]y OF K(?fHޘSwKB5Π.ka!d;1LHj~ж}A+=V4 mY[`8ċY{_<@VE6bVܽ+敲4^S;d5:]Ft$@m5AɼWHj|ubC"4t86g/wfs&e<+ ,l~j$$=VF98\!O}@5>f&3h Νko(j {Ij闶U9oInl0Wm@{5IqE)!ZpP]}zUc4ck<" Dtpq`vw/xq{Q5L"-,'c0/';`^hRaX27$CkS1_`txZډRB{odB I@N cˡWq\ozW 8p'!^:]Lc QEv 㽻WԄm% DXePй H$Z۠[dн^<#hHY$/:Oļ\^snod0؞`-,9+cYZ`3+n{l+ZKɶ8+YlwIE%M'39ݱt X j1Qq߷~m>9`Vm$MZ4@%K.&ڰbD))l3윶ADKOkטPt?cT`LW<00t+PγjNT\OpY}XC3 òL_\}ĭRVWrѭ#*5;]BlfG~e1}MM .OoJAvj$'lp? PmʼD'RS}o cbLro~{@\q 81qF,-E|E|z['Au}>l1i>hb#HB0\M;'ݛyw8^*<.P_{^<s]\ h}Phr"=N9asH ]\W\A]:.|e1sY:^!,\oX|J7bķ |$rkIC9Ҝl5ݛח0Iݻa?Ø {VUZ"cZ1ш@Q>ɹz0`MNNJE< ,iMYC) \”׾;'HJ 1-9YS &).yci 8^yN4(m7,zofR =<RXX_1[5=L꺂OGJBveX zIvKwy9fU#{8~ROSz% %uW0`A i2ag4t\KLK$$ ͈u8ӝHh_]BNפMN]2x<8] {Kr=)lkMߢֳQwqIew9,N-fbv>4mkLJrE:2 .Sx-(B*rKxu< /%qx&\yx函#UzWzuM&YBvs |j%Gj:ٙ%GN\3G 8mx9n:&,8i67a\nq4ħydHB+2[E9yN(S+S~ כO>sʑӇ;@N7O6}Ns>?BgB묷)zr_/]C{90(> r_60۵.r_^sC " ϋO/?A3(?)-/ra|/s2G~.a.sƯ_9 *?sgr#O9}}ʡ   M:Iʙ#g+\8=JW ~TA__y+%iNysYU~vïUX^йZ*7ȑ*dnleڻ:w aqʍz^S_xڝ떽pLڭe]9hwq_l$^c/K^浽$<$xE£B+gٔ@#X{#u'NW6#ﹺKd^)WsU}Ӊ{Z?Ś/Yy<qLk[2'r=9 "X ½q>eybAR-c#]qjVfUtKn\v%v+}`Ga^s52[~r^<^ȬMlNA6K֘E>Y7 xȧx.؇ oRgU]wCg1o'[*8{:I<w R+,^ ,~(cعkjzG"t=HåMH|7u)92l cG-RiejRߓJU0az@DdU:.UF\,)g /(@#غ̷xQ#xC7":aRq p+E!'\Cx'{)«2&dofE߰Raw8coRkx;r$I ?,(n[^AebkO]BcVyxFV,hcU 4bn41lu¿.г$L,E~f&gm ĠG8О#SwˡB~ 22es7r{ܗB΄[W٨CbsR%M d:X~ sa0aŘSkCMHn_!=x@{W`{Kl>dX)2'HDdaw.f]@Nωx6)LWAa2~5Wh0!oAZA2^~nҸ|YIxLŒkL EMmĴ`5LnG[[zhR,gh`Erl9~uZ#Q'8ۈqeA(we6Lm (~%.,wb SEȅ=y Ftx:-s2xLxEWB'?Y˹I0;<%4Id`܂90r^]ɡ=Gy$>},.I sEeבe,&J =B:̈́[vl>1uN@U}c 1*O{ԟ1XDY/ۈY{N6 )4MHβRt]yn()y+6*م70UۃVAxwux D>=sb<#U:.~\*KxҍHIh/>~ElC`A0]eKB$Ч 7EϨn3C>XZc.,s(ŬBSd<)O?'[nEG\<>ai$x #fyc< 9znG}L޴M]:۳i|?Ge Lt<^<@ߦ `ܘ}oDI c_GFu:ꎲ/Asl+6-  `zmF6iޜDR*,&f , ~sfv (@P 91"uz ?;<v7c fk_2we>vį-ǬyvJ~St 7tlm @J] D73B*| X^c 0У,:09G5E6<}܈xj{ݾX 3LUxXUR)4lBTFMۢ®":spx];}{&**kWąnlTLxI;s_߀@>{~w1' 0rcfzwY?W- ɴ{-̅2 !I^xyu~ҕ^)I&_cQd+$*)ؐW k\댠;ecXJX2!&ۅ ?O80Ux|-h\};xrmx0#Ÿrz,ɀGjQ0U9sm j 6Wx/yc|[w00jLP>9-z0~ B\KkÐüpa#s& Ax =`#hxf"nRh1)Lb'k%I電c79Ih>e3c7Dn0Brm d[Lօu\j/cY4~1<99.@OI"cXM1}a`|L3<'\B/0,J!6 CʝX{EkP/iw!$o~V;yv<;J~F a ѸTÓt{φkO,mݸ/;RTFYzhI:N7 AHecڝN}"ӳo .A|Ѿhy6gn&_ !?[e6URA$ᑝ7}M1uc*륭{Q'b(5lS2Ǫ4K_jjJlT˩|Y'~XXqg;\d†[hxb7&;a1Բ*