Faster and safer login to computers and applications at the Jihlava Hospital

Multi-Factor Authentication (MFA) and Single Sign-On (SSO) simplify and speed up logging on shared computers. This helps increase the efficiency of medical staff.

Realization 2021

aricoma avatar
https://www.buzzsprout.com/1710535/10436812-reference-rychlejsi-a-bezpecnejsi-prihlasovani-k-pocitacum-a-aplikacim-v-nemocnici-jihlava
Audiostory
00:00 00:00

Customer profile

The Jihlava Hospital, a contributory organization, is a medical facility in Jihlava and is the largest hospital in the Vyso─Źina Region. It provides health care, which includes outpatient and inpatient basic and specialized diagnostic and therapeutic care, necessary preventive care and pharmacy activities. It has 712 beds and offers 56 medical specialties. It employs 1 500 people. Around 7 500 operations are carried out annually, of which one third are acute. Around 25,000 patients are hospitalised and 400,000 outpatient treatments are carried out annually.

In 2020, we started looking for solutions to simplify the process of user login on end devices. The hospital environment is very specific, with a large number of computers shared by up to dozens of users.
The Imprivata project started with us as a PoC and immediately became a very popular part of the operation. It makes it significantly easier to log into applications - using an employee ID card - and also helps us meet the Cyber Act requirements for multi-factor authentication. The benefit of the new solution was significantly demonstrated during the covid pandemic, when hygiene compliance became an even more pressing issue. At a time when healthcare workers spend most of their working hours in protective suits, card logging is somewhat impractical. That's why the supplier came up with an improvement - replacing the cards with contactless wristbands.

Mgr. David Zažímal

Deputy Minister for Informatics and Cybersecurity

Baseline and project objectives

In the course of their daily activities, doctors and nurses use a large number of applications and systems, which they access from various computers in wards, examination rooms, inspection rooms, and different parts of hospitals. At the same time, users have to access company e-mail, Intranet, etc. on a daily basis. In order to ensure high security due to the sensitivity of medical type data, the Jihlava Hospital was forced to gradually switch from group accounts (as "Sister1") to named accounts (First Name - Last Name) to ensure unmistakable user identity in accordance with the requirements of the Cyber Security Act.

This brought with it two fundamental problems. One is the number of applications and web services that needed to be logged into constantly. The second is the large number of so-called shared computers - these are found, for example, in examination rooms or nurses' stations where staff change frequently during working hours and where repeated logging in and out of or into the operating system took up a lot of time.

This way of working has become unsustainable in the long term. Users resorted to not logging off the computer. This allowed multiple users to work under someone else's identity.

The Jihlava hospital decided to purchase a solution that would enable the use of existing employee ID cards (tags used for the access system, parking lot entry or ordering meals) for authentication to the entire application environment. The goal was to provide a high level of security in accessing applications while also dramatically speeding up logins and logouts.

Benefits

  • Secure access to health records,
  • saving users' time when working with PCs,
  • making it easier and faster to log in to computers and applications,
  • reducing the number of requests to reset forgotten passwords,
  • eliminating the need to remember multiple passwords for different applications,
  • two-factor logins to computers as an effect of deploying the solution.

Solution

End devices - computers, laptops - are equipped with a reader for contactless NXP MIFARE cards. The Imprivata Agent component is installed on the end device, which provides multi-factor login using the attached card and entering an optional PIN. Initial card and PIN setup can be done by the user in a self-service environment. The user may use one or more "objects" for login, e.g. a card and a contactless wristband.

Logging in and out takes a few seconds - simply by placing the card on the reader, the user is "switched" from the existing user to the new one. At the same time, the SSO (Single Sign-On) module works, which automatically logs the user into applications (FONS Enterprise, PACS, JIVEX, Lekis, LIMS, Operis and others), without the need to enter the login name and password from the keyboard. The endpoints are in "hybrid Azure AD join" mode, which means they are both members of the on-premises Active Directory and Azure Active Directory. This enables seamless (SSO) logins to applications running on Microsoft Azure and Microsoft 365 platforms as well (Word, Excel, OneDrive, Outlook, Teams, etc.).

The pilot deployment in the surgery department and the immediate positive feedback from healthcare professionals has raised a wave of interest in other departments. The extremely positive reception by pilot users helped to speed up deployment in other parts of the hospital. 

In the next stage, Self-Service Password Reset was introduced. The user can change a forgotten password or PIN by himself without having to contact the Helpdesk. The high availability of the solution has also been successfully increased - a third Imprivata OneSign server is now running in the Microsoft Azure cloud. This makes the solution resilient to an entire data center outage. The plan for the next stages includes the deployment of Imprivata Mobile Device Access (MDA) to access patient records from Android mobile devices. In addition, a gradual expansion of the Imprivata solution for specific application areas such as tablets in operating rooms is underway.

The use of IT services has been crucial for Jihlava Hospital, especially in the covid era, when they were able to streamline their work. By using the Microsoft 365 platform, patients were able to use Microsoft Forms to fill in short questions about their health status, which were then evaluated by Microsoft Flow. This resulted in the elimination of patient contact with symptoms and an overall reduction in the number of patients waiting outside the hospital. This reduced the need for staff to deal with administrative issues and allowed them to focus on the actual treatment of patients. From the Microsoft 365 ecosystem, Jihlava Hospital uses Teams, Power BI, Logic Apps, etc. in addition to the aforementioned applications. By limiting personal contact and creating a digital environment, the smooth running of the hospital was maintained and the safety of not only patients but also employees was ensured.

Used technologies

  • Imprivata OneSign®
  • Imprivata contactless Mifare® card readers
  • Microsoft 365 (Forms, Flow, Teams, ...)
Share

DO NOT HESITATE TO
CONTACT US

Are you interested in more information or an offer for your specific situation?

By submitting the registration form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.