How athenahealth Created a Secure, Scalable Healthcare Ecosystem

athenahealth uses technology to break down barriers in the healthcare system—and successfully, given it is used by over 40% of Americans. The company, founded in 1997 as a women’s health and birthing center, has evolved into an industry leader offering cloud-based services for both providers and patients. 

athenahealth focuses on electronic health records, revenue cycle management, patient engagement, care coordination, and point-of-care mobile apps, all with the goal of helping healthcare providers deliver smarter experiences. athenahealth has a huge reach, serving 160,000 providers and 110 million patients with 8,000 different portals across the US. 

“We’re building a healthcare ecosystem,” says Patrick Hursen, athenahealth’s Director of Engineering. “As we started expanding what we were doing, building more micro services and mobile apps, mergers and acquisitions of some of our other apps. We realized we have a bunch of different apps and users, but we didn't necessarily have an easy way to tie them all together.”

To help create the seamless and secure universal experience Hursen was looking for, athenahealth implemented several of Okta’s Customer Identity Products, including Authentication, Authorization, User Management, Adaptive MFA, and B2B Integration. athenahealth also adopted DynamicScale to ensure an optimal user experience  at all times, even during traffic spikes.

Meeting strict healthcare protocols 

The first step in achieving a cohesive but personalized experience was to consolidate identity across all portals, so neither patients nor providers had to remember multiple usernames or passwords to access information or services. 

Although athenahealth had long been building its own software, the company decided to work with a partner to provide identity management for its overall ecosystem. Being in the healthcare sector comes with strict and complex security protocols, including HIPAA compliance. 

“You think identity is kind of a simple thing,” says Hursen. “But when you talk about how it needs to tentacle into all the different workflows, it's pretty complex. We needed to focus on healthcare rather than keep up with security and build new MFA solutions, so we partnered with the experts at Okta.”

The right foundation to build on

athenahealth wanted to expand even more—but it needed to set a solid identity and technology foundation to build around, customize, and scale. The company also had to position itself to be ready for new users, security risks, regulations, product integrations and even acquisitions.

Okta’s infrastructure, secure and compliant out of the box, was exactly the authentication platform for the job. The breadth and functionality of Okta’s APIs were also important, says Hursen.

“Okta had the general overall architecture to be able to configure how we wanted our users or our services to do things. And it allowed us to iteratively start building.”

That building process included creating a global login for all of athenahealth’s apps. But developing a common login that would correctly handle password flow, sessions, and passing along tokens, was a huge undertaking. Hursen and his team realized that a customizable solution was right in front of them.

“That was when we looked into the Okta sign-in widget. And we realized that open-source code basically had 75% of what we needed, the majority of what we needed, and we could move faster by taking that and customizing it.”

Ready to scale

Hursen and his team started athenahealth’s Okta rollout by integrating service to service, and then tested a handful of use cases with a small number of users. Then it was time to open up the new Okta-powered patient portal to a wide audience.

“The thing that was a little scary about going through this journey was we knew that once we released this whole big thing, we'd have millions of users on Day One,” Hursen says. “The good thing about it was, it's predictable. We knew what we’d have once we turned it on. We were able to do a lot of planning and a lot of testing along the way.”

The Okta Customer Success team partnered with athenahealth as the rollout grew closer, helping to prepare for the instant scale-up, protect against malicious or illegitimate traffic, and allocate rate limits for each API.    

“They helped us calculate what we thought we’d need, and develop a process to quickly increase that if we saw spikes or unexpected things,” Hursen says. “And, as we did that rollout over a few weeks, we had a war room set up with Okta where we could quickly talk, pivot, and update.”

Telehealth in the time of COVID-19

Because athenahealth had already built a strong identity foundation with Okta, the organization was set up for success when COVID-19 hit. Hursen’s team members were already able to work remotely—he has seen productivity actually increase during the pandemic—and Hursen has been able to onboard complete teams remotely.

Hursen and his team had long had plans to develop telehealth within the organization. This year those plans moved from the back burner to high priority. Having Okta infrastructure in place made developing, launching, and scaling up a telehealth application a possibility.

“We were able to quickly get teams involved across our different divisions, including a few of my teams, to quickly build a telehealth application on the clinician and patient side,” he says. “We were able to go from just general conception to alpha in six weeks, then, to beta just five or six weeks after that.”   

Less worry, more time for innovation

“When we looked at a few of the [identity management] competitors, one of the biggest factors was Okta's ongoing dedication to uptime reliability and stability,” says Hursen. “It's not having to worry about those things ourselves—not having to do support or patches on our systems—has allowed us to focus and get back to innovating.”

To learn more about how athenahealth used Okta to build scalable apps and a seamless user experience, check out athenahealth’s webinar.