pinSpark provides Relief for Healthcare Organizations
The Pinnacle pinSpark role-based access governance suite is
ideally suited to solve healthcare organizations’ two major IT
access management headaches:
Complying with HIPAA’s
IT security and privacy requirements
Managing the complex
and time-consuming process of provisioning users with IT accounts.
Healthcare providers and health
insurance organizations are required by law to protect patient data
from theft, loss or leaks. Healthcare organizations must also be
able to prove to internal and external auditors that patient data
is, in fact, secure from unauthorized access by employees and
others. At the same time, however, the IT staff must constantly
provision hundreds, or thousands, of medical and administrative
employees with IT accounts and passwords. Each new wave of incoming
medical residents means a potential backlog in the provisioning
queue, as IT employees laboriously assign each new staff member
security codes for the several different IT systems that he or she
needs for work.
The potential for human error in
assigning access rights, and the resulting loss of compliance with
HIPAA and other security regulations, is huge.
The pinSpark role-based access
governance system helps to solve this problem for healthcare
organizations by providing several key functions:
Role-based
provisioning. By using a role management package to create
profiles--or role-- that link functional job duties to the required
applications and systems, IT managers can provision healthcare
workers with multiple accounts much more quickly. The pinSpark
system mines information on employees and IT systems, and suggests a
set of roles for the entire organization. Those roles are then
exported to a third-party provisioning or identity management system
and used to speed the assignment of IT accounts.
Separation-of-duty
alerts. Conflicting or inappropriate access is flagged and reported.
When roles or access rights appear to violate a security policy,
pinSpark warns the IT manager of the potential problem.
Auditing and
certification. The pinSpark software regularly scans roles and
assigned accounts and checks them against security guidelines. It
also provides a compliance auditing process so that IT managers can
check for compliance with specific regulations, such as HIPAA, and
generate a certificate of compliance upon completion.
Multiple reporting
options. The IT manager can use both canned reports and customizable
templates to track a variety of factors, including SOD violations,
policy compliance, and changes to existing roles. Executives and
supervisors can also view key data on a customizable dashboard.
