• E-mail
• Print
• RSS

Satisfy users with single sign-on: How to balance cost, security when picking a solution

HIM Connection, April 18, 2006

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Satisfy users with single sign-on
How to balance cost, security when picking a solution

The transition to EHR may eventually eliminate the clutter of paper records, but it won't get rid of the mess of multiple-user passwords and incompatible password requirements across several applications.

To achieve full buy-in, users (e.g., doctors, nurses, and clinicians) may need the convenience of accessing multiple applications with one password instead of entering a unique password for each database, reference, and imaging program. Single sign-on (SSO) products can satisfy this need and reduce calls to an overburdened help desk, improve your security posture, and increase employee satisfaction.

Employee satisfaction drives the success of SSO. "In order for an SSO project to succeed, it has to be easy," says Gregg Laroche, director of product management for Imprivata, an identity management vendor in Lexington, MA. "If you make it difficult to use or scare users by giving them a lot of new things to learn, new interfaces to deal with, or client software they have to manage, you're going to fail."

However, no matter what your users expect, SSO must be worth the investment. Total ownership costs range from $40 to $100 (or more) per user at a facility with 1,000 users, Laroche estimates.

Large organizations are more likely to look into an SSO, says Harry Smith, CISSP, principal and founder of Timberline Technologies, a Lakewood, CO-based security consulting firm. "In a small arrangement, you've probably got synchronized passwords anyway," he says. "It's hardly worth going to all the trouble for a group of five users."

Calculate your ROI

As with any project, balance projected costs with the return on investment (ROI). There are several advantages to SSO, but the easiest to calculate are the savings generated by reducing the number of password resets needed when users forget their application passwords.

To calculate the possible ROI from these resets, do the following:

1. Determine how much a password reset costs your organization. Laroche estimates the average cost is $25-$50.
2. Multiply this cost by the number of times per year an average user requires a password reset for any application.
3. Multiply this amount by the number of applications the average user accesses.
4. Multiply this figure by the number of users.

    

The result is the cost of your organization's password reset calls per year.

Soft savings-benefits you can't measure in dollars-such as time and improved clinician workflow, are also associated with SSO adoption. Although important, these are difficult if not impossible to calculate, says Charles Christian, FCHIME, FHIMSS, director of information systems and chief information officer at Vincennes, IN-based Good Samaritan Hospital.

Christian deployed Imprivata's SSO product, OneSignT, at the 267-bed community acute-care facility because of clinicians' password loads-four to five passwords, depending on their areas of responsibility. He also had security concerns regarding Good Samaritan's transition to an EHR. Although the legal medical record is still paper-based, approximately 85% of a patient's medical records is online and available during treatment.

Editor's Note: This article was adapted from the newsletter Electronic Health Records Briefing published by HCPro, Inc.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive