IBM Tivoli Identity and Access Assurance

for healthcare

M.A.Azeem
2984433
Health care Regulations
 Public interest and government regulations, such as the
European Directive on Data Privacy, HIPAA, and
French decree number 2007-960, are requiring providers
to be vigilant about who accesses systems, and for what
purpose, putting more pressure on providers.

 HIPAA Rule requires appropriate safeguards to protect

the privacy of personal health information, and sets
limits and conditions on the uses and disclosures that
may be made of such information without patient
authorization.
Healthcare Providers
 Providers are rapidly deploying electronic
medical records and computerized physician
order entry (CPOE), which is driving demand
for clinical applications and IT infrastructure
security.
Regulations now require that users sign on to
access electronic protected health information
(ePHI) with their own credentials, that all access
must be logged, and that applications must log
out if there is inactivity.
Healthcare Needs

Healthcare providers need a comprehensive

solution that helps make sure the right users
have access to the right patient record in a
timely manner, providing comprehensive
identity management, access management, and
user compliance auditing, and affordable
operational costs.
 A healthcare solution should meet the following
requirements:
 Clinician Productivity

1. Fast, secure access to patient records

2. Comprehensive support for clinical workstations and
network access points
3. Support for standards-based patient context
management
 Security and compliance
1. Help with regulatory compliance
2. Support multi-factor authentication
3. Converged physical and logical access
4. Comprehensive, flexible security policy
5. Access assurance
6. Integrated user provisioning
7. Centralized user administration
8. Support for health information exchanges (HIEs)
9. On-demand audit reports
 Reduce Operational Cost
1. User self-service
2. Integration with existing infrastructure
3. Ease of deployment
4. Scalability
Tivoli Identity and Access Assurance for healthcare

 IBM Tivoli Identity and Access Assurance is a solution

for healthcare that enables providers to simplify,
strengthen, and track access to patient records from
access points across the Healthcare provider network.
 Meets all of the key requirements of a healthcare
identity and access compliance solution. It enables
caregivers to share clinical workstations through fast
user switching via shared, private, or roaming desktops.
Users can have a wide choice of identity credentials.
Access automation support and patient context
synchronization simplify access.
Tivoli Identity and Access Assurance for
healthcare
The central functions of the solution are:

User provisioning

Unified single sign-on

Event analytics and reporting to facilitate

compliance
IBM Tivoli Identity and Access Assurance can help
healthcare providers with
 Improve caregiver productivity and satisfaction
1. Unified single sign-on and single sign-off for clinical
and business applications
2. Comprehensive shared workstation workflow
management
3. Support for HL7
4. CCOW context switching
5. Comprehensive coverage of network access points
6. Unified access using building access badges
Tivoli Identity and Access Assurance for
healthcare
 Enhance security and compliance

1. Application sign-on and sign-off enforcement

2. Choice of authentication factors
3. Comprehensive coverage of access needs for all users
4. User-centric event capture, reporting, and archival with
regulatory-specific reporting
5. Integrated user provisioning with many applications
solutions
6. Centralized administration of user access
Tivoli Identity and Access Assurance for
healthcare
 Reduce operational cost
1. Integrated self-help
2. Ease of integration with existing infrastructure
3. A proven, scalable architecture
 Features
Comprehensive shared workstation workflow management
 Through its unified single sign-on component, IBM Tivoli
Identity and Access Assurance provides session
management capabilities for clinical workstations.
Shared , Private, Roaming -Desktops

Support for patient context management

 It supports patient context management for CCOW and non-
CCOW compliant applications as part of the HL7 suite of
standards, and can enable compliant and non-compliant
applications to provide integrated context management
across a provider’s clinical suite.
Comprehensive coverage of network access points
 IBM Tivoli Identity and Access Assurance provides
comprehensive coverage of network access points such
as personal and shared workstations, virtualized remote
access terminals, Web portals and extranets

Unified access
 By supporting existing building access cards, IBM
Tivoli Identity and Access Assurance delivers a unified
access solution
Health information exchanges
 Health information exchanges (HIEs) facilitate access to and
retrieval of clinical data to improve healthcare

Application sign-on and sign-off enforcement

 To ensure accountability for access to patient records and data
privacy, HIPAA and similar EU and global regulations require
that users sign on with their own credentials

Choice of authentication factors

 The IBM Tivoli Identity and Access Assurance solution lets
health care providers choose from a variety of user credentials,
including building access badges, contactless badges, iTag,
mobile devices, biometrics, and USB smartcards or tokens.
with RFID enter a password to log in.

Contactless card Users are identified as they approach the workstation. Clinical staff requiring Fast Log on
They enter a password to log on.

Mobile device Users receive a code on their mobile device and use this Remote Physicians
code with their username and password to log on.

iTag Users leverage any personal device or photo badge with With iTag, users do not need to
smart labels to enable two-factor authentication. carry a separate token for
authentication.
Biometrics Users use their intrinsic physical traits such as This solution is an alternative to
fingerprints and palm prints to log in. physical credentials for clinical
staff

Smart USB Key, Smart Users insert a smart USB key, a smart card , or a token This solution is best for users who
card or Token and enter a password to log in. require a higher level of security
protection.

One-time password or Users carry an authentication token , which is used to This is best for remote users who
Token generate a one-time password .They use this password need a second factor to log in
with a PIN to log in. remotely to their corporate portal

Strong Passwords Users enter a User Id and strong password to Log on. Is Best for any group whose risk
profiles do not warrant a second
factor , or where a second factor is
not viable.
User-centric event capture , reporting , & archival
 HIPAA and similar privacy safeguards require healthcare
providers to implement audit controls for health information
technology (HIT) systems with patient information.

Support for user provisioning

 Centralized provisioning and de-provisioning of user access
rights to healthcare systems is critical to helping healthcare
providers manage clinicians and contract staff.

Centralized administration and access certification

 Centralized administration and ongoing governance of user
access to resources is vital to helping healthcare providers
maintain security and compliance while minimizing
operational costs
Summary
Tivoli Identity and Access Assurance can help you manage
user identities and access to resources with a centralized,
automated identity and access management
infrastructure and closed-loop user compliance
capabilities

 Reduce help desk costs associated with password

management.
 Integrate new identities from mergers and acquisitions.
 Reduce application development costs relating to
security coding.
 Minimize the complexity of responding to internal and
external controls and regulations.
 Optimize productivity and costs by automating best
practices for
repeatable tasks.
 Enable IT staff to focus on higher-value activities.
 Provide the agility needed to capitalize on new business
opportunities by
 removing barriers to innovation.