Securing Your Electronic Health Records
By Naresh Persaud-Oracle on Aug 09, 2011
Thanks to all those who joined our webcast on securing electronic health information records. According to the survey by healthcare IT News many organizations are depending on the EHR vendors to take care of the security requirements; however, a more systematic approach has to be taken in order to meet the compliance and "meaningful" use requirements . Mark Ford from Deloitte did a great job of setting the context around the legislation and the changing requirements. Thanks for all of the great questions on the webcast and I want to take the time to make sure we capture the answers. I will post a replay. Mike mentioned the Aberdeen report comparing the platform vs the point solution this may provide some benefit as you think about your road map.
- Question: Looking at certification review with regard to clinician access - we have lots of cases where clinicians have excessive access - what else can I do with regard to a layered ?
- Answer: So there are two things that we would recommend - many of the excessive access issues can be prevented in the first place by provisioning ( See Oracle Identity Manager) users based on a pre-defined job role. This model works well and can speed up the audit. The second thing that organizations are doing is complimenting certification review with detective monitoring provided by Oracle Security Governor . To streamline the certification review portion - Oracle Identity Analytics has some easy to use reporting that can make this less cumbersome.
- Question: We have primary care physicians scheduling appointments through our web interface from different parts of the state - can your solution help us manage their user passwords.
- Answer: Yes - if you are using a web interface then we could enable self service password management for your connecting physicians. You can provide this capability with Oracle Access Manager - also consider the ability for your connecting physicians to connect directly to your external portal with Federation capabilities
- Question: Is there a role life-cycle management capability in the Oracle stack. How would I get started in that process
- Answer: Yes Oracle Identity Analytics provides this - you can download it from our site
- Question: SSO is well understood by all, but what about signing off? Multiple apps running over one SSO, how do you manage the signing off of individual apps?
- Answer: This a great question - there are many circumstances where this is required - so with Oracle ESSO there is an ability for sign of where ESSO cleans up the cache so that someone else can use the terminal - we find this case in healthcare a lot.
- Question: We are a hospital with lots of VIP celebrity patients - how can we secure access to specific the specific vip patient data .
- Answer: We get asked this a lot - feel free to reach out to us and we can setup a conversation with a couple of our customers who are solving the same problem. Basically, there are a number of ways to solve this. At a detective level our security governor can detect when the incidence has occurred we can also use the Oracle Entitlements Server to guard the data directly at the application level. Would be happy to schedule a demo.
- Question: What if we have an existing HR system like Peoplesoft can we use that to drive the access provisioning of our clinicians.
- Answer: Yes if you have Peoplesoft or any other HR system - we can connect and drive provisioning from this source. There are is a white paper on this on our website.
- Question: Given that there are lots of offerings in the product stack - where should we get started - can we start with any product in the stack
- Answer: Because we have integrated the stack - customers can start from any point depending on the need. One paper that might be helpful is the recent Aberdeen report that talks about the tremendous cost saving of going with the platform approach.
Hope these answers provide you what you need. If you have follow up questions you can post them as comments below and we will answer them. Thanks again for joining us and we look forward to chatting again soon.