May 20, 2012, 7:06 AM — It's an ideal in identity management: a centralized role-based access control system that supports single-sign-on (SSO) user access to authorized applications tied into the human resources systems for automated provisioning and de-provisioning, and the ability to integrate physical-security identity badges for room access.
Such a system doesn't usually happen overnight and in fact it often doesn't happen at all. But this Holy Grail of identity management is something that's been pursued by Health Quest, the healthcare group of hospitals and other facilities in counties north of New York City with more success than you usually hear about.
For Health Quest, it's been a multi-year project at a cost that has reached "into the low seven figures," according to Chief Information Security Officer David Sheidlower. The long-term commitment to a unified identity management system for 6,000 employees as well as authorized physicians with outside practices that regularly use Health Quest resources has netted the kind of information security controls that aren't usually achieved.
Take, for instance, the physical-access badges based on HID Global technology that about 4,000 medical staff use for entry into restricted rooms in the medical facilities. With help from technology provider Identropy, the HID-based physical-access control identity badge system was integrated into the logical-access controls so that the badges can also be used for computer authentication as well. There is controlled access to what clinical applications are appropriate to each person.
With help from a USB interface from RFIdeas, the badges used by medical staff can now authenticate to the hospital's computers, which are often set up like kiosks, to the network's SSO control point, Novell Identity Manager.
Novell Identity Manager is the SSO check point in the network for Health Quest's 6,000 employees to gain authorized entry to computer applications, including the hospital medical records. Identropy worked on custom coding that was needed to bridge the physical-access control and Novell Identity Manager systems.