What Is SSO and Why Should Healthcare Organizations Implement It?
Single sign-on, or SSO, allows users to sign in securely just once within a defined period that typically lasts the length of a user’s shift. SSO uses a single credential to enable access to all of a user’s authorized applications without them having to keep track of multiple passwords. Once this “single sign-on” is complete, all subsequent authentications can be done simply with the tap of the user’s badge.
It’s critical that healthcare technology serves clinical users, allowing them to spend more time with their patients and less time fussing with technology, says Mark McArdle, chief products and design officer at Imprivata.
“SSO is a major driver of clinical efficiency and cybersecurity by replacing multiple manual logins with a single secure login. With SSO, clinicians can simply tap a badge to log on to devices and workstations throughout their shift, maximize their time with patients and eliminate the frustration of continual password prompts,” he adds.
SSO solutions can streamline access while improving security and user productivity, and when integrated with strong authentication methods, they can help avoid passwords altogether.
“This is particularly important in healthcare, where a typical clinician interacts with a large number of clinical applications, each requiring a username and password,” says McArdle. “There are many secondary authentications that can re-prompt for a password for things like drug administration and witnessing workflows.”
Increasing protection of their IT environments is a major reason for healthcare IT teams to consider implementing SSO solutions. Healthcare as an industry is a primary target for cyberattacks due to the large volume of valuable protected health information (PHI) involved, attributes about a patient that uniquely identify them and can be used by cyberattackers to commit extortion, fraud or identity theft.
“Lucrative patient records on the dark web, initiatives to expose legacy applications to a remote workforce without proper security controls and outdated authentication standards sitting in front of applications where PHI is stored contribute to a higher breach risk profile for every healthcare organization,” says Adam Crown, group product marketing manager for healthcare solutions at Okta.
In addition to the elevated cybersecurity threat looming in healthcare, organizations also must contend with the impacts of complex legacy IT environments; remote work creating new access requirements; and the unplanned, rapid deployment of technology solutions early in the pandemic perpetuating an environment of many usernames and passwords. Mergers and acquisitions also put pressure on CIOs to integrate legacy and modern business systems quickly and securely.
How to Determine if a Healthcare Organization Would Benefit from SSO
“All healthcare organizations can benefit from SSO, because it dramatically improves clinical workflows by simplifying the user experience for clinicians,” says McArdle.
Remote work and traveling clinicians can bring new risks to a healthcare organization. As cyberattacks increase and impact patient care and trust, organizations that embrace SSO can improve their cybersecurity risk while delivering productivity and workflow improvements.
“A CIO or CMIO could evaluate the number of authentications a typical clinician experiences during a shift and derive the effective ‘lost patient care time.’ The average care provider saves an average of 45 minutes per shift when using an SSO-enabled system. And the benefits for SSO on clinician quality of life are real, particularly as they dealt with the enormous challenge of COVID-19,” McArdle explains. “Entering a password 60 times a shift is a burden, and it leads to bad cybersecurity hygiene that opens the organization up to real risks.”