provisioning system based on SharePoint
Overlake Hospital Medical Center is a 337-bed, nonprofit regional medical center offering a full range of advanced medical services to the Puget Sound Region. Led by a volunteer Board of Directors, Overlake employs nearly 2,400 people and has more than 1,000 active and courtesy physicians on staff.
Overlake Hospital has been looking for a solution for automatic provisioning of various types of users, from full time hospital employees to students and volunteers, in a wide range of discrete medical applications used in the hospital. The role-based access control system needed to be able to ensure HIPAA privacy regulations and improve the provisioning and deprovisioning process.
The solution supports complete user’s account lifecycle:
- Create accounts in active directory, create corresponding accounts in each medical application not connected to Active Directory.
- Set required permissions in each application according to the established role-based permissions matrix and update permission as requested.
- Automatically initiate the de-provision (deactivation) process at the user’s contract expiration date.
The current permissions’ status and requests history for each user is available for the Information Services department through the reporting system. Each request workflow is also available for review in order to ensure all request information is auditable: what permissions were requested, by whom, who approved the request, who executed it, when was it completed, and so on. Any new medical application OH needs to give users permissions for can be easily added to the provisioning solution.
Benefits and Results
- Addressed auditing and compliance requirements.
- Reduced the time required for medical application administration.
- Improved data security.
- Ensured de-provisioning of employees when access was no longer required.
- Unified provisioning process for various discrete medical applications.
- Unified provisioning process for various types of Overlake Hospital employees.
- Increased maintainability and accountability. All users’ permissions status for all medical applications can be accessed in a single repository.