Healthcare is one of most regulated industries with intense scrutiny to secure sensitive patient health data. There are several challenges that the industry faces, including:
Segregation of Duty (SOD) is a highly effective control, prescribed in NIST (Special Publication 800-53 AC-5) and routinely recommended by auditors to be implemented in the Professional Billing (PB), Hospital Billing (HB) and Shared Security modules of Epic. However manual SOD analysis is extremely cumbersome and remediation even more complex, making Healthcare Providers to shy away from deploying it.
Saviynt introduces industry’s first comprehensive SOD management system for Epic that automates analysis, provides remediation recommendations and integrates preventative SOD check in access life-cycle management. With over 180 SOD rules and controls, the module is tailor-made for Healthcare Providers where a typical automatic SOD analysis can be completed in as little as 3 weeks.
Saviynt has industry’s most advanced solution for Epic template design, provisioning and management. Some of the capabilities of the workbench include:
One of the key requirements for Meaningful Use Stage 1 and 2 is to perform security audit logging and reporting. Most healthcare providers have implemented traditional SIEM solutions to address this requirement.
However, in order for security to be effective, there needs to be automatic corrective action when system detects suspicious or critical actions are performed. Saviynt’s Epic connector not only manages access but also collects usage and audit logs from Epic system and provides a seamless review of activities vis-à-vis user access. This analysis of usage logs also enriches access life-cycle management processes e.g. periodic access review, template design, etc.
Saviynt’s specialized connector for Epic provides multiple mechanisms (APIs and flat-file) to establish automation and ensure user, access and template are provisioned in accordance to compliance and security policies.
The entire provisioning life-cycle is automated via an intuitive Access Request and Review System that is risk-driven and triggered via authoritative feeds from HRMS, contractor management, etc.
Next Generation Access Governance and Intelligence for your Critical Healthcare Applications