healthcare it consolidated
DESCRIPTION
Panel Discussion about IT Healthcare, Featuring Kaiser Permanente, PwC, and OracleTRANSCRIPT
<Insert Picture Here>
Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics
Agenda
• Panel Discussion
• Challenges and Implementation Overview
• The Solution Behind the Implementation
• Q&A
Panel Discussion
Jason W. ZellmerDirector, Strategy and Information
ManagementKaiser Permanente Information
Security
Viresh GargDirector
Oracle Identity Management
Rex ThextonManaging Director, Advisory
Services
PricewaterhouseCoopers
PwC Health Information Privacy & Security (HIPS) & Oracle Security Practice Overview
PwC
PwC Healthcare Information Privacy & Security (HIPS) Service offerings
5
PwC
PwC - Oracle Security Overview
6
Our practice has years of experience in Security and Identity & Access Management with over 1000 professionals in NA.•PwC is the leading Oracle IdM partner for five consecutive years
•PwC has completed over 150 implementations over the last 4 years
•PwC is the only Oracle partner to be a four time Titan Award winner
•PwC has conducted more 11g implementations than any other Oracle partner
•PwC has been nominated to Oracle’s Deputy CTO program since its inception
•PwC is involved in a significant % of all large Security Deals at Oracle
•PwC is the only Diamond Partner with advanced specialization area in identity
PwC
Kaiser Implementation Overview
7
Kaiser Permanente’s Goals
• Resolve significant deficiencies identified by internal audit for access management controls across the enterprise
• Develop sustainable and cost effective compliance processes through the automation of access management and recertification
• Standardize on a new IAM product suite (Oracle – OIA/OIM) and retire the legacy IAM technology stack (IBM Tivoli)
• Collapse existing IAM functions (help desks, security admins) within the regional business units by expanding the footprint of centralized IAM services
• Implement self-service functionality to enable business users and reduce administrative burden for care delivery staff (doctors, nurses, etc.)
• Objectives to span across: • 7 major business units• 150+ SOX applications• 1300+ HIPAA applications
PwC
Kaiser Identity Management
8
8
Identity Administration Overview at KP (Current State)
Role Life-cycleManagement
Identity Life-cycleManagement
KP- OIA
• Authoritative Source for Roles
• Role Life-cycle Management• Advanced Role Certification
Capability
KP-OIM
• Authoritative Source for Identities• Automated Roles based
provisioning• Identity Synchronization
DefineNew Users
UsersLeaveChange
Events
Refine
Verify
• Access Review by Applications• Access Review performed by line
managers - view users access specific to one application .
Key Pain Points:• Lack of Holistic View• Absence of automated remediation
and remediation validation mechanisms.
• Inability to perform role certification.
Identity Administration Overview at KP (Future State)
PwC 9
Old data learns new tricks: Managing patient privacy and security on a new data-sharing playground
Published: Fall 2011
Data is quickly becoming one of the health industry’s most treasured commodities. Yet, health organizations are acutely aware that sensitive data can be easily compromised. In just the last year and a half, a breach of personal health information occurred, on average, every other day. Breaches erode productivity and patient trust. They’re costly, unpredictable, and unfortunately quite common. More than half of healthcare organizations surveyed by PwC have had at least one privacy/security-related issue in the last two years.
Download this report from PwC at www.PwC.com/us/HITprivacysecurity
PwC 10101010
How to Engage with PwC
Rex Thexton [email protected](908) 868-1386
Danielle [email protected](617) 510-7432
Matthew [email protected](415) 515-0276
© 2011 PwC. All rights reserved. "PwC" refers to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics
Viresh Garg, Director, Identity Management, Oracle
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
IT/Helpdesk Costs
HITECH
EHR Access
Staff Productivity
Patient Care SLA
Meaningful Use
HIPAA
VIP Cases
Sarbanes-Oxley
Secure Access Control
Sustainable Compliance Practices
Healthcare Challenges Are Unique, Acute
Key Elements to The Solution
Identity Warehouse
Resources Identities Entitlements Roles
Risk Assignment
Risk Aggregation
Low Risk
Mainframe
DB
Identity Data Sources
Applications
High Risk
Approve
Reject
Auto Certify Cert360
Med Risk
Events
Building User’s Risk Profile
Closed-Loop Feedback
User On-boarding
User Access Change
User Off-board
SOD Checking
Aggregate
Risk Score
• IT and Business Roles SOD Checks
• Preventative
• Remedial
• Risk Feedback
• User Administration
• Access Certifications
• Automate Roles Based Provisioning / Deprovisioning
• Identify orphaned accounts and take remedial action
• Self-service requests including password management
• Provide risk feedback and audit trail for compliance reporting in Identity Analytics
Automating User Administration
HR System WorkflowEmployee Applications, Systems
GRANT
REVOKE
GRANT
REVOKE
GRANT
REVOKE
Oracle Identity Manager
Automating Compliance Certification
Report Built
And Results
Stored in DB
ArchiveAttested Data
Attestation Actions
Delegation Paths
Delegate
Reject
Certify
Decline
Reviewer Selections
Comments
Set Up Periodic
Review11 Reviewer Is Notified
Goes to Self Service
Automated Action
is taken based on
Periodic Review
Who Reviews
It?
What Is Reviewed?
Start When?
How Often?
Notify Delegated Reviewer
Notify the Process Owner
Automatically Terminate
User
Email Resultto User
22 33 44
Oracle Identity Management Solution SetComplete, Innovative and Integrated
Platform Reduces Cost vs. Point Solutions
46%
Cost Savings
Source: Aberdeen “Analyzing point solutions vs. platform” 2011
48%More Responsive
35% Fewer Audit Deficiencies
Summary
• Boost Security & Compliance• Enforce and prove compliance, prevent privilege
abuse with Identity Analytics• Improve patient care SLA, curb unauthorized
access, reduce costs with Identity Manager tied to Identity Analytics
• Boost user productivity by 80%
• For More Information• Contact: [email protected]
• Call him: 1-781-565-1779
• www.oracle.com/identity
• Blogs.oracle.com/OracleIDM
Q&A
Jason W. ZellmerDirector, Strategy and Information
ManagementKaiser Permanente Information
Security
Viresh GargDirector
Oracle Identity Management
Rex ThextonManaging Director, Advisory
Services
PricewaterhouseCoopers