Harmonized Access V1
Synchronize Access Algorithm for Identity related user data
Harmonized access, as per protocols established within the organization is tough to achieve. Getting to a one-point management of passwords with bi-directional synchronization of users, groups and roles, is a way towards creating coherent IT systems.
Identity Bridge synchronizes user information in a streamlined fashion to achieve smooth workflows when more than one Identity Management System is involved.
- Enables identity information to flow between IdM platforms along with SSO in a Hybrid setup.
- Allowing dynamically distributed Identity and Access technologies to run in a harmonized manner.
- Paving the way for effective integration and configuration of applications in a hybrid setting.
How to determine EPIC user security? The most prevalent question posted to any Epic Security Team is: “Who has access to what in Hyperspace?” Whether it be asked by the organization’s leadership or an external entity, it behooves the Security Team to be prepared for this question at all times. The Security Team should be the last line of defense as it relates to granting access in Epic. Although the Security Team should not be the primary decision-maker as to who receives access to what, the team should enforce decisions made by others. In order to determine EPIC user security, the following steps must be taken: 1. Prior to Go-Live, application analysts meet with the stakeholders and sponsors in each area that requires Epic access to understand workflows and system configuration needed to function effectively. The application analysts and teams concentrate on providing the access necessary to support the validated workflows. This is where the role of the Security Team is so important. While the application teams are busy granting access, the Security Team should be busy restricting access. Integration tools such as Identity Bridge help in protecting the account as well. 2. The model system must be scrutinized for security and access by the Security Team for ensuring EPIC user security. Records that are delivered with the foundation system, or model system, grant more access than required by most organizations. The reason why most model records can be used without modification is due to the fact they usually “give away the store.” The security classes, roles, menus, activities, profiles, and other security-related records are developed by Epic as a “one-size fits most.” Depending on the policies and procedures of the organization, what is granted in model records may not be permitted or desired for your organization. You may check Identity Bridge as well for such integration. 3. The policies and procedures of the organization – along with HIPAA, HITECH, and other regulatory mandates involving security and privacy – must be considered by the Security Team. Outside of being intimately familiar with HIPAA, HITECH and other regulatory mandates, the first thing the Security Team should concentrate on is understanding the policies and procedures of the organization. Armed with this knowledge, the Security Team can then review the validated workflows with a keen awareness of what the organization allows and what they do not. The Security Team can then address any “breaches” of policy or procedure early in the build stage. As the build matures and User Templates are being created, a methodology of build and review should be agreed upon by the application and security teams. The methodology should center around restricting access, not granting access. With Identity Bridge, you get Harmonized access as per protocols established within the organization is tough to achieve. Further, get one-point management of Passwords with bi-directional synchronization of user, group and role profile data is a way towards creating coherent IT Systems. Ultimately, operational and clinical leadership should decide on the access required for each role within the organization for safeguarding EPIC user security. It is then the Security Team’s responsibility to take that information and make it functional for end users by granting and, more importantly, restricting access.