Healthcare Technology Featured Article

September 08, 2015

Federation and Federated Identity: The Identity Integration Solution for Post-Merger Healthcare Organizations

Consolidations, mergers and acquisitions are the new normal in the healthcare sector, but providing secure access to different sets of users in a post-merger healthcare organization represents a daunting task for IT teams. Within the newly constituted entity, a portfolio of cross-organization, enterprise-wide applications must authenticate and authorize access for users who are stored across many different identity sources running on different networks. This creates an “n-squared” problem—a multiplication of “n” links between “n” applications and “n” identity sources built on a patchwork of manual configurations, as we see in figure 1. The result is often a system that puts a burden on the user to remember multiple passwords—no single sign-on—and one that’s brittle and costly to maintain.

Figure 1

The good news is that federation standards such as SAML 2.0 or OpenID Connect address the challenge of federating access, and federation has become the most prevalent approach to SSO supported by cloud/SaaS applications. If we combine these established federation standards with a federated identity service—one that federates all the disparate identities from across each merging organization—we have a future-proof solution that can quickly and securely integrate identity and access in the case of a merger or acquisition.

The Challenge: Giving Two Different Populations Secure Access to a Common Application Portfolio

For any security and identity team, it takes hard work to ensure that all users—including employees, members, providers and vendors—have secure access to a set of applications, no matter what storage repositories contain their data. Aside from the different methods and limitations imposed by the applications themselves, with some supporting SSO using federation standards and others supporting only proprietary methods, there is the challenge of multiple identity sources and their different protocols, such as Active Directory domains and forests, LDAP, SQL and more. Following an acquisition or merger the problem is compounded and the goal for these organizations is to mobilize two different workforces.

Fortunately there is a way to solve this challenge using a “federated pattern.”

Federation and Federated Identity: Addressing the Challenge of Connecting Multiple Data Stores with Multiple Applications

From an architecture standpoint, identity federation creates a single point of access, a hub, acting as a smart integration layer between the data stores on the backend and the applications that want to consume that data on the front end, such as Epic or Kronos, as we see in Figure 2. Such an architecture sits between storage silos and their consuming applications, successfully integrating heterogeneous silos and presenting data in the exact manner that each application can consume it. This not only ensures that applications run securely and user experience improves through SSO, it also gives organizations control over what data is shared—and when, where and how that happens, which is essential in an era of HIPAA regulations.  

Figure 2

Beyond Security:  Speeding Consolidations by Giving Applications a Global View of Each User

Identity federation speeds up the consolidation process for healthcare organizations by integrating identity data from across diverse silos to create one global view of the user. This federated systems acts as a rationalized layer containing all the identity data—such as credentials, attributes and group information—needed for SSO and access control and can create different views of identity based on privacy regulations and compliance measures. Data stores can simply be plugged into the service, so rolling out new applications or extending access to new populations becomes a lot easier—think hours instead of months. Federation and federated identity systems are gaining popularity because they save an organization time and money in their integration effort, offering smarter security for healthcare companies as the business evolves and the infrastructure continues to grow.

For more information click here.

About the Author: Michel Prompt, founder and CEO at Radiant Logic, is a successful serial entrepreneur. Prior to founding Radiant Logic, Prompt founded Matesys SA, a company that introduced the first Windows 2.4 file-manager and one of the first visual programming tools for the client/server market. 

Edited by Dominick Sorrentino
By Special Guest
Michel Prompt, founder and CEO at Radiant Logic ,

FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]