Signing Up for Single Sign On

By assigning one password for all applications, single sign on (SSO) technology gives clinicians speedy access to the apps they need. Armed with SSO, users needn’t write down (then lose) passwords. So what’s the catch? These techniques won’t streamline access if all necessary apps aren’t included under the SSO umbrella, and health IT leaders must make sure their organizations’ password protection and security policies can accommodate an SSO framework.

Time-saving touch

Clinicians at Holy Spirit Hospital, a 316-bed community hospital in Camp Hill, Pa., began using a biometric SSO system from Imprivata in 2008 to access applications in the hospital’s Eclipsys EMR. Roughly 300 to 500 clinicians work in the facility on a regular basis, making secure, easy access to EMR apps a necessity, says Richard Schreiber, MD, FACP, CMIO at Holy Spirit.

“SSO definitely saves time logging in to the network, and subsequently into individual applications,” says Schreiber. The Imprivata system uses a fingerprint reader to identify a clinician, which automatically logs the user into the network, and subsequently into selected applications without the need for further authentication. “There is no doubt that going up to an SSO machine, putting my finger down and getting into the network to quickly jump into an application within a few seconds is clearly an advantage,” he says. “As a general tool, it’s superb.”

However, SSO is not infallible, as Schreiber learned. “Different types of authentication recognition complicate the configuration,” he says. Because Imprivata functions differently within Microsoft Windows at the network level than at the application level, an organization must precisely understand what information the system is providing to the network, he says.

“We have automatic settings that log off users, which we have set to shorter time limits on the SSO devices because it is so easy to log back on to the system. This gives us some enhanced security, and certainly better protection of protected health information,” Schreiber says. “However, the security behind SSO introduces special problems with faxing and e-prescribing. At the moment we don’t have the correct configuration to allow for that feature using SSO.” The lack of fax capability could become a bigger problem if proposed Drug Enforcement Agency (DEA) regulations concerning e-prescribing of controlled substances are approved, he says. “We are actively looking for a solution to this. All of our other applications work smoothly with SSO.”

Passwords and policies

In addition to a traditional username/password authentication system deployed in 2005, the University of California San Francisco Children’s Hospital began piloting an RFID-based technology early this year. Clinicians carry an RFIDeas passive proximity badge that enable them to “tap and go” into the hospital’s Epic EMR application via Microsoft/Sentillion Way2Care software, says Seth Bokser, MD, MPH, medical director for IT.

SSO has allowed the facility to mitigate user authentication problems, says Bokser. “Our help desk gets 8,000 to 10,000 calls per month [and] 15 percent of those calls concern user-authentication problems,” he says. “There would be even more if we asked our users to remember five username-and-password combinations instead of one.”

Users were generally pleased with the convenience of all-in-one access, but they were challenged because UCSF Children’s did not change the requirement to update passwords for the individual applications under the SSO umbrella, says Bokser. UCSF recently changed the password-update policy from 90 to 180 days, and “we’ve now managed to auto-populate expiring application passwords to make this password-update process easier,” he says. “But it still seems like extra work for users to update passwords for individual applications when they are accessing them through SSO.”

Nevertheless, SSO technology is gaining ground in healthcare. “The goals of security and user efficiency were at one time perceived as being opposed. What we’ve seen is a rapid and exciting evolution of our thinking and our technology, including SSO, that empowers us to bring these two goals much closer together,” says Bokser.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.