Password management

Background:

A hospital's EMR system often consists of multiple systems, for example one for viewing radiology images and another for accessing health records from another cluster of hospitals via an exchange, a situation faced by many other hospitals.

Security balance:

Security administrators preach strong security: - using alphanumeric passwords - changing them every 90 days - authenticating on all applications

However, they are also responsible for providing users with access to what they need in a timely manner. As more applications require authentication, users are bombarded with a vast number of different system logins each day with most requiring a different username and password. Users are plagued not only with trying to create new and different passwords, but also with the difficulty of remembering all of them. s a result, network administrators spend more time assisting users with forgotten passwords.

Solutions:

1. Context switching

Within the EMR platform, options are included in the menubar for context switching, removing the need for additional logins. This applies to accessing radiology images, laboratory results and the health information exchange.

2. Single sign-on (SSO)

SSO simplifies the deployment of stronger passwords and help enforce an effective password policy Users should be able to more easily comply with secure password policies that require a ‘strong’ password. The enforcement of the security policies is also centralized, making it easier to manage. There is a full audit trail of application access and password change. These reduce helpdesk “password reset” related costs.

Potential issues: There is an increase in login time and all applications are open to next user should the previous user forget to logout. There is frustration with auto logouts of 15 minutes. Integrating existing applications’ functions with the SSO can be problematic.

Submitted by Daniel Li