Hospital saves time, improves EMR access control—Part 1
Grady Health System faced a challenge shared by health organizations the world over. How could it provide appropriate access to its Epic EMR system for full-time and temporary staff members more efficiently, while maintaining compliance?
I recently caught up with Sean O’Connor, Executive Director of Information Services at Grady, to learn how the hospital is answering that question with a unique approach to identity management enabled by Microsoft Identity Manager (MIM).
Introduce us to Grady Health System.
We’re the largest hospital in Georgia and the premier level-one trauma center in Atlanta. We have more than 900 beds and see around 620,000 patients per year. And we’ve been named one of the most wired hospitals in the U.S. by Hospital and Health Networks Magazine four years in a row.
When it comes to identity management and authentication for your Epic EMR, what was the challenge that you needed to address?
Our information security team was provisioning, maintaining, and terminating identity accounts manually, and it was just taking up too much of their time. They were supporting more than 5000 employees and 2000 non-employee providers. Each month, we have approximately 200 new employees and 200 employee terminations plus 120 to 140 position changes or name changes. So our first priority was to automate and standardize the identity management process to increase efficiency and improve compliance.
How does your MIM solution help you comply with regulations such as HIPAA for limiting access to patient records?
Any level of security has to be deemed appropriate to a person’s role and what they do in the organization. Our MIM solution uses our PeopleSoft human resources system as the source of truth for a person’s job title and the department they work in, among other things. It directly ties access to our Epic EMR to that source of truth so people can see only what they’re supposed to see and perform functions in the Epic EMR appropriate to their role.
This process applies to both our full-time employees as well as temporary employees who we bring in from a temp staffing agency. Temporary staff information is entered into the HR system so that the same workflows and standards for identity management can be enabled.
How is the solution helping you achieve your goal of increasing efficiency?
The way it has automated and standardized identity management saves time and streamlines the process for everyone involved – from our technical team, to managers, to staff members. For example, when we hire someone new, MIM automatically creates an Active Directory account for that person. It configures employee ID, title, and department. It adds security group and distribution group membership. And it creates and activates an Office 365/email account for the new hire. What’s more, it automatically sends a notification to the hiring manager that the new team member is set up with the appropriate access.
The level of automation that Microsoft identity management has granted us really helps us get our end users their accounts in a timely fashion. While this obviously helps with productivity as new employees are able to hit the ground running, a secondary benefit is that it sets a good first impression with our new hires because it shows that we are operationally strong. I’ve had several people tell me that they were amazed at how quickly they received their access when compared to some of their past experiences.
Stay tuned for part two in this blog series in the coming weeks, which will cover quantified time savings and other benefits Grady Health is experiencing with its identity management solution. In the meantime, please let us know if you have any questions or feedback via email, Facebook, or Twitter.