Sharp HealthCare Provides Secure Access to Patient Information with Courion's Enterprise Provisioning Suite; Achieves Transparent Compliance for HIPAA Privacy and Security Requirements.
Sharp HealthCare, based in San Diego, California, consists of a diverse user community including in-hospital staff of more than 12,000 as well as medical groups and 2,600 physician offices utilizing more than 400 applications. Given the increased diversity and mobility of Sharp HealthCare's workforce, the organization wanted to ensure that the right people have immediate and appropriate levels of access to critical information to meet the needs of its patients as well as meet strict compliance requirements.
Sharp selected Courion's ComplianceCourier(TM) to help it provide better monitoring and control of IT access throughout its network of users as dictated by HIPAA regulations. Sharp's implementation of Courion's ComplianceCourier access verification and policy enforcement solution allowed the organization to better manage the access rights of remote non-staff clinicians. Sharp HealthCare has strengthened patient privacy and the quality of patient care by automating the process that ensures users are granted only the IT access that is necessary for them to perform their jobs.
"The challenge we faced prior to using ComplianceCourier is that many of the independent physicians' offices we work with are not Sharp employees but have access to information about patients on the Sharp network ," said Linda Hill, Manager, Technical Assistance Center for Sharp HealthCare. "With ComplianceCourier, we have now automated the process by which our staff or the independent physician office managers can review, accept, disable or change access to IT resources based on periodic revalidation of our 2,600 independent physician offices - a previously impossible task."
Prior to deploying an automated solution to focus on the ongoing verification of user access, Sharp HealthCare had two designated client providers (Sharp employees) visit several hundred doctor's offices to physically inspect the users' status and corresponding account access. Due to the sheer number of offices and time required to complete each review; the client providers could complete an assessment of each office only once per year. The manual access verification process was not only overwhelming, but it was labor intensive and put a strain on Sharp's IT staff resources.
The large percentage of remote non-staff users created additional access verification challenges due to limited visibility into their status within the organization. Sharp needed a way to provide seamless access across applications and ensure clinician access within the medical network is terminated upon departure. With Courion's ComplianceCourier, Sharp was able to automate the clean up and minimize the risk of orphaned accounts caused by access rights that were no longer valid or users who were no longer with the organization. Sharp was also able to:
--Reduce disabled accounts to 5 percent from 25 percent on an ongoing basis
--Compare access rights per user to what is appropriate for the users' roles and accept, amend or disable the access rights as needed
--Adjust user access across a variety of systems in minutes instead of hours, days or weeks
--Allow clinicians to regularly update user/access information and incorporate the access verification process into their termination policies
--Close the security gap caused by an estimated 14 percent annual attrition across remote office clinicians
--Push accountability for compliance out to the line of business by requiring either the office managers or medical leads to accept, disable, or change access for 8,500 accounts
--Link the access review attestation results to reconciliation actions - whether that means that account access is immediately suspended, or additional access is required based on the current needs of the clinician
Sharp HealthCare also implemented Courion's PasswordCourier(R) password reset and synchronization solution to reduce the number of passwords employees have to remember, enforce stronger passwords to strengthen authentication and access management policies and provide a fast, secure, cost-effective way to reset expired and forgotten passwords without calling Sharp HealthCare's corporate help desk.
"In a healthcare environment that is constantly affected by changing users, infrastructure and regulations, Sharp HealthCare has been able to leverage ComplianceCourier to successfully deliver automated access verification in support of HIPAA and enforce corporate policies," said Deb Pappas, vice president of market strategy for Courion Corporation. "Sharp HealthCare is a perfect example of a healthcare organization that can effectively achieve compliance without sacrificing users' access to the critical information they need to do their jobs."
Many leading healthcare organizations use Courion's Enterprise Provisioning Solutions including Blue Cross Blue Shield Alabama, Capital District Physician's Health Plan, Children's Hospital Boston, Evanston Northwestern Healthcare, Harvard Pilgrim Health Care, The Health Alliance, HEALTHSOUTH, Highmark, Inc., Indiana University Medical Group, Kaiser Permanente and VCU Health Systems.
About Sharp HealthCare
Consistently ranked as the number-one integrated health care system in Southern California by Modern Healthcare, Sharp HealthCare is San Diego's most comprehensive health-care delivery system, recognized for clinical excellence in cardiac care, women's services, cancer, orthopedics, multi-organ transplants, rehabilitation and behavioral health services. For more information about Sharp HealthCare, call 1-800-82-SHARP or visit www.sharp.com.
Courion enables complex organizations to rapidly respond to constant change. Unlike traditional identity and access management technologies, Courion's Dynamic Community(TM)-based Provisioning empowers organizations to deliver transparent compliance, sustained efficiencies and improved business velocity, by effectively adapting to and leveraging their changing business operations, technology infrastructure and organization. Over 265 enterprise customers worldwide including 60 of the FORTUNE 500 utilize Courion's Enterprise Provisioning Suite(TM) to securely automate routine, manual processes for user provisioning, password management, industry and regulatory compliance, profile management, and digital certificate management. For more information, contact Courion's headquarters in Framingham, MA, USA at 508-879-8400 or visit www.courion.com.
Courion and PasswordCourier are registered trademarks. ComplianceCourier, Dynamic Community and Enterprise Provisioning Suite are trademarks of Courion Corporation.