George Clooney, Identity and Access Management and You

To save time, many hospitals leave one user logged into a terminal, allowing anyone to view sensitive data.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

You may have more in common with George Clooney than you think. It's possible that your personal medical records are being seen by doctors, nurses and clinicians who have no part in your care, simply because many hospitals fail to implement adequate identity management and information security practices.

And while your records probably won't get leaked to the press, as Clooney's did earlier this year, it's still an important privacy issue.

On September 21, George Clooney and his companion, Sarah Larson, were treated at Palisades Medical Center, North Bergen, N.J., for injuries that resulted from a motorcycle accident. Shortly thereafter, 27 members of the Palisades medical staff were suspended for inappropriately accessing and possibly releasing Clooney's confidential medical history to the press.

"The fact is that this happens every day," said Rob Seliger, CEO and co-founder, Sentillion. Sentillion, based in Andover, Mass., is an IAM (identity and access management) provider to the healthcare industry. The company is working to prevent incidents like Clooney's with its Vergence Clinical Workstation and other tools.

It's not that caregivers are malicious, or that the healthcare industry is slow to embrace technology, Seliger said. Information leaks and shoddy clinical workflow processes happen when the very technology that's supposed to ease the administrative burden on doctors, nurses and clinical staff actually throws up impediments to patient care.


Logging into and out of numerous clinical applications can add up to hours of a caregiver's time; time better spent on patient care, Seliger said. Many hospitals simply leave one user logged into a system, allowing anyone to view sensitive data that happens to be pulled up in a system, he said. Oftentimes, there can be numerous workstations with visible patient data left open all along a hospital hallway, especially since computers on wheels, or COWs, are increasingly popular in hospitals, he said.

"No one's going to log into five or six or more applications over 100 times a day, especially not while giving care and making, in some cases, life-or-death decisions," Seliger said.

There's not often an audit process either, Seliger said, making it even more difficult to track who accessed what patient data where and when. "Healthcare workers will eagerly accept and embrace any technology that improves patient care," Seliger said, and will just as quickly find ways to bypass technology that gets in the way of delivering that care.


To read more about hospital personnel allegedly sneaking peeks at George Clooney's medical records, click here.

Sentillion's Vergence integrates single sign-on capabilities with an unlimited number of clinical applications, Seliger said. Caregivers sign onto a clinical workstation once and have access to relevant patient data across any combination of applications, even if those apps require different authentication schemes or credentials, he said.

Fast user switching allows personnel to log on and off in seconds, and Vergence also uses provisioning to grant or deny caregiver access to applications and records based on pre-configured roles within the hospital system.

Once a caregiver has logged in, the system automatically loads all applications that person needs. A single patient selection feature automatically tunes all loaded applications to that same patient, reducing the time it takes for caregivers to scan through, for example, x-rays, lab results and medical history, Seliger said, all of which may be scattered across disparate applications.


Vergence, which is currently in use at over 500 hospitals in the United States, Canada and the UK, supports a variety of strong authentication techniques, including fingerprint biometrics, active and passive proximity cards, tokens and other third-party authentication devices, Seliger said. Security features are modular, so that hospitals can choose which access method or combination of methods best fits their environment.

The Vergence solution enables health care organizations to meet or exceed national, regional and local security and privacy statutes like HIPAA (Health Insurance Portability and Accountability Act), and offers a variety of integrated reporting and tracking tools, Seliger said. The solution is compatible with all types of existing systems within a hospital, including terminal based, Web, Windows and Citrix-hosted systems, said Seliger.

Reducing barriers to integrating safe, secure and simple access to clinical applications means that your personal health information remains private and secure, Seliger said. If only George Clooney could say the same.


Check out's Health Care Center for the latest news, views and analysis of technology's impact on health care.