Successfully reported this slideshow.

Healthcare it consolidated

3,821 views

Published on

Panel Discussion about IT Healthcare, Featuring Kaiser Permanente, PwC, and Oracle

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Healthcare it consolidated

  1. 1. <Insert Picture Here>Managing Risk and Enforcing Compliance inHealthcare with Identity Analytics
  2. 2. Agenda• Panel Discussion• Challenges and Implementation Overview• The Solution Behind the Implementation• Q&A
  3. 3. Panel Discussion Jason W. Zellmer Rex Thexton Viresh GargDirector, Strategy and Information Managing Director, Advisory Director Management ServicesKaiser Permanente Information Security PricewaterhouseCoopers Oracle Identity Management
  4. 4. PwCHealth Information Privacy &Security (HIPS) & OracleSecurity Practice Overview
  5. 5. PwC Healthcare Information Privacy & Security (HIPS) ServiceofferingsPwC 5
  6. 6. PwC - Oracle Security OverviewOur practice has years of experience in Security and Identity &Access Management with over 1000 professionals in NA.•PwC is the leading Oracle IdM partner for five consecutive years•PwC has completed over 150 implementations over the last 4 years•PwC is the only Oracle partner to be a four time Titan Award winner•PwC has conducted more 11g implementations than any other Oracle partner•PwC has been nominated to Oracle’s Deputy CTO program since its inception•PwC is involved in a significant % of all large Security Deals at Oracle•PwC is the only Diamond Partner with advanced specialization area in identityPwC 6
  7. 7. Kaiser Implementation Overview KaiserPermanente’s Goals• Resolve significant deficiencies identified by internal audit for access management controls across the enterprise• Develop sustainable and cost effective compliance processes through the automation of access management and recertification• Standardize on a new IAM product suite (Oracle – OIA/OIM) and retire the legacy IAM technology stack (IBM Tivoli)• Collapse existing IAM functions (help desks, security admins) within the regional business units by expanding the footprint of centralized IAM services• Implement self-service functionality to enable business users and reduce administrative burden for care delivery staff (doctors, nurses, etc.)• Objectives to span across: • 7 major business units • 150+ SOX applicationsPwC 7 • 1300+ HIPAA applications
  8. 8. Kaiser Identity Management Identity Administration Overview at KP (Current State) • Access Review by Applications • Access Review performed by line managers - view users access specific to one application . Key Pain Points: • Lack of Holistic View • Absence of automated remediation and remediation validation mechanisms. • Inability to perform role certification. Identity Administration Overview at KP (Future State) KP-OIM Refine • Authoritative Source for Identities • Automated Roles based Role Life-cycle provisioning Management • Identity Synchronization New Verify Define Users Identity Life-cycle Management KP- OIA Users Change Leave • Authoritative Source for Events Roles • Role Life-cycle Management • Advanced Role Certification 8 CapabilityPwC 8
  9. 9. Old data learns new tricks:Managing patient privacy and security on a new data-sharingplayground ublished: Fall 2011 ata is quickly becoming one of the health industry’s most treasured commodities. Yet, health organizations are acutely aware that sensitive data can be easily compromised. In just the last year and a half, a breach of personal health information occurred, on average, every other day. Breaches erode productivity and patient trust. They’re costly, unpredictable, and unfortunately quite common. More than half of healthcare organizations surveyed by PwC have had at least one privacy/security-related issue in the last two years. ownload this report from PwC at www.PwC.com/us/HITprivacysecurityPwC 9
  10. 10. How to Engage with PwC Rex Thexton Matthew Lawson rex.thexton@us.pwc.com matthew.d.lawson@us.pwc.com (908) 868-1386 (415) 515-0276 Danielle Butke danielle.i.butke@us.pwc.com (617) 510-7432 © 2011 PwC. All rights reserved. "PwC" refers to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.PwC 10
  11. 11. Managing Risk and Enforcing Compliance inHealthcare with Identity AnalyticsViresh Garg, Director, Identity Management, Oracle
  12. 12. This document is for informational purposes. It is not a commitmentto deliver any material, code, or functionality, and should not be reliedupon in making purchasing decisions. The development, release,and timing of any features or functionality described in this documentremains at the sole discretion of Oracle. This document in any form,software or printed matter, contains proprietary information that is theexclusive property of Oracle. This document and informationcontained herein may not be disclosed, copied, reproduced ordistributed to anyone outside Oracle without prior written consent ofOracle. This document is not part of your license agreement nor canit be incorporated into any contractual agreement with Oracle or itssubsidiaries or affiliates.
  13. 13. Healthcare Challenges Are Unique, Acute HITECH Sarbanes-Oxley HIPAA EHR Access IT/Helpdesk Costs Staff Meaningful Use Productivity VIP Cases Patient Care SLA  Secure Access Control  Sustainable Compliance Practices
  14. 14. Key Elements to The Solution
  15. 15. Building User’s Risk Profile Identity Warehouse Applications Risk Assignment Identity Data Sources Resources Identities Entitlements Roles Events DB Risk Aggregation Mainframe Low Risk Med Risk High Risk Auto Certify Cert360 Approve Reject
  16. 16. Closed-Loop Feedback User On- • IT and Business Roles boarding SOD Checking SOD Checks • Preventative User Access User Off- Change Aggregate • Remedial board Risk Score • Risk Feedback • User Administration • Access Certifications
  17. 17. Automating User Administration Oracle Identity Manager GRANT REVOKE GRANT REVOKE GRANT REVOKE Employee HR System Workflow Applications, Systems• Automate Roles Based Provisioning / Deprovisioning• Identify orphaned accounts and take remedial action• Self-service requests including password management• Provide risk feedback and audit trail for compliance reporting in Identity Analytics
  18. 18. Automating Compliance Certification 1 Set Up Periodic 2 Reviewer Is Notified 3 Automated Action 4 Report Built Goes to Self Service is taken based on And Results Review Periodic Review Stored in DB Reviewer Selections Email What Is Certify Result Reviewed? to User Automatically Reject Terminate User Who Decline Notify the Reviews Process Owner It? Archive Delegate Notify Delegated Attested Data Reviewer Attestation Start Actions Comments When? Delegation How Paths Often?
  19. 19. Oracle Identity Management Solution SetComplete, Innovative and Integrated
  20. 20. Platform Reduces Cost vs. Point Solutions48% Cost Savings46% More Responsive35% Fewer Audit Deficiencies Source: Aberdeen “Analyzing point solutions vs. platform” 2011
  21. 21. Summary • Boost Security & Compliance • Enforce and prove compliance, prevent privilege abuse with Identity Analytics • Improve patient care SLA, curb unauthorized access, reduce costs with Identity Manager tied to Identity Analytics • Boost user productivity by 80% • For More Information • Contact: Richard.Caldwell@oracle.com • Call him: 1-781-565-1779 • www.oracle.com/identity • Blogs.oracle.com/OracleIDM
  22. 22. Q&A Jason W. Zellmer Rex Thexton Viresh GargDirector, Strategy and Information Managing Director, Advisory Director Management ServicesKaiser Permanente Information Security PricewaterhouseCoopers Oracle Identity Management

×