Ensuring the auditability of the IS by mastering identities and authorisations
With its 807 beds and 121 places, the Bourg-en-Bresse Hospital is the base establishment of a Territorial Hospital Community (THC). In order to respond to the need of its workers, it uses the ENOVACOM Identity Manager solution for the management of access and attribution of authorisations.
There is a real drive to simplify the process related to national recommendations for the implementation of digital hospital systems.Florent Séverac
Key benefits in choosing ENOVACOM Identity Manager
To ensure the management of accounts and quality authorisations process, the Bourg-en-Bresse Hospital Centre (HC) has set up a staff directory with the help of ENOVACOM Identity Manager. The DISO Florent Séverac and the ISM (Information Systems Manager) Thomas Plantard reveal to us the essential features of such a project which brings its staff to a genuine Single Sign-On (SSO).
First of all ensuring the consolidation of data
In order to ensure a quality deployment, they decided to create a centralised staff directory and to proceed step by step. “The automation of authorisations project is currently running on three applications”, says Thomas Plantard. “First we decided to ensure the consolidation of data, seeing as the staff directory that we created automatically searches notably for their personal information, identity, type of contract, job and place of allocation, in the Human Resources software”.
These new measures represent a radical change in practice, as the accounts were previously done manually by the ISM for the applications, by the Information Medical Department for the EHR or prescription software, or by the departments.
Then putting into the practice the connection flow and the physical access controls
“Secondly, we also have put into production the Active Directory flow, which, on a PC at the Hospital, allows us to log into an email inbox, certain application software and resources shared by functional units”, he adds.
“If you ask us, this pairing of FU / application is very important to obtain the right authorisations. Finally, the last operational flow is the control of physical access to new buildings”. With this first phase completed, other applications will benefit from the directory’s parameters. “In the first trimester of 2016, we should be setting up the access and authorisations to the Pharma prescription software, the Convergence administrative management which gives access to the EHR, and Bluemedi, the quality management software” Thomas Plantard announces.
A procedure functioning which could spread to the whole of the THC and hospital groups
This new philosophy means taking into account numerous parameters in order to get all of the information on staff activities. “It is important to manage informing the identities well, in relation with medical affairs and the Human Resources manager”, he remarks. “You must now give the data in real time and we have, for example, planned to update the directory three times a day to follow staff movements closely. In time, this centralised directory management could be used on the whole of
Time has come for the Single Sign-On of Bourg-en-Bresse Hospital
Another sizeable objective is to simplify staff access to applications and secure their authorisations. “The Single Sign-On (SSO) is still a goal we have to achieve, the directory being its basis”, remarks Thomas Plantard. “It is about giving a unique and complex authentication code to workers to access all of the applications that they are authorised to. Today, a user has to remember 8 to 10 passwords to do it. There is a real drive to simplify the process. The SSO, long-awaited by staff by the way, will be effective when all essential applications will have been configured – I think this will be in 2017”. The directory is therefore the golden key of the system. But how can we proceed so that it is relevant and complete?
Initiating a real quality of exchanges between all departments
“The key steps of such a project come under several areas”, concludes Thomas Plantard. “You must first of all have a real quality of exchanges between the DIS, the HR and the other departments like the DIM. The variety of parameters which come into play, like the job features, the allocations in the departments, the regulation, require good communication and thinking ahead to the information which will be presented in the directory for maximum precision without relying on particular cases relative to temporary workers or trainees. You must then create an authorisation matrix. For this operation, we have drawn up an Excel file of 700 lines and 20 columns indexing, according to the paring of application/FU, access to a directory, email inbox, application software etc.
We have worked for several weeks with the HR and the DIM to finalise this matrix. It’s something we have to do to limit exceptions which could come up to the maximum and ensure complete information.
About the Users
As the reference establishment for the county, Bourg-en-Bresse Hospital serves the 300 000 inhabitant surrounding catchment area. Made up of three sites, it proposes a large field of activity.