Seeking security in the cloud
Envision Healthcare develops a cloud-first strategy to support its mobile workforce, enhance security, and adhere to HIPAA rules.
Need for identity management
As the company grows through acquiring companies, technology plays a significant role in onboarding new teams. IT looks for a solution to help manage identities and secure accessibility.
Okta proves best choice
A primary reason for selecting Okta was its ability to give IT the power to provide much faster access to users newly acquired through M&A. Envision notes a significant overall increase in productivity.
IT values Okta for its seamless integrations and quick uptime. IT gains control over who has access to services as they join and leave the company, and insight into whether users are adhering to company security policies.
From security to accessibility
IT rolls out Okta’s Adaptive Multi-Factor Authentication to secure company data, while providing a seamless way for users to access the tools they need.
Healthcare companies looking for two-factor authentication, the ability to manage their identities, and capabilities to federate with other hospitals—as well as a universal directory—should seriously look at Okta.Mark Hagan, Chief Information Officer, Envision Healthcare
- Sped up integration of newly acquired companies so new employees have immediate access to the apps they need to get their jobs done
- Automated the onboarding process for newly acquired users and provided reporting back to hospitals so they can deprovision their own users, reducing IT’s burden
- Connected users to cloud applications from mobile devices, securely and easily, allowing them to work from anywhere, anytime
- Enhanced the end-user experience with just one set of credentials to remember, virtually eliminating all password resets for IT admins, previously a $100K+ annual problem
- Applied adaptive-risk detection to build extra protection with Adaptive Multi-Factor Authentication while providing hassle-free usability to users
- Delegated administration of hospital staff back to each hospital with inbound federation
M&A growing pains, security challenges
Over the past six years, Envision Healthcare has grown through mergers and acquisitions. Since 2014 alone, they’ve acquired 20 companies. Coupled with an ever-changing IT landscape, IT has faced their share of challenges. “Technology plays a significant role as we've gone through acquisitions and continue to grow and evolve,” Mark Hagan, chief information officer, noted.
Hagan’s department runs IT for Envision Healthcare’s three market segments: American Medical Response, the largest ambulance company in the United States; EmCare, the physician-services business; and Evolution Health business, the post-acute-care services. Hagan is responsible for guiding the technology strategy and teams in each segment.
In terms of leveraging the cloud, Hagan sees a lag between healthcare’s rate of adoption compared to that of other industries. However, using a cloud-first approach is a key part of Envision’s IT strategy. “We look at every application that’s out there and typically look for cloud-based applications first.”
Technology plays a significant role as we've gone through acquisitions and continue to grow and evolve
Envision Healthcare’s employees—from ambulance drivers to hospital healthcare workers—need to be mobile to effectively do their jobs. “They’re accessing applications in many different hospitals across the nation or in ambulances, and the cloud enables that capability much faster and certainly more securely than if we were to try and do that ourselves,” Hagan said.
When it came to managing users in cloud applications, Hagan realized the company was getting what he called “application sprawl,” especially with all the mergers and acquisitions. Employees started to create their own user IDs and passwords. As a result, IT had no control over who was accessing what or if employees were following the proper security practices.
One major concern—true for the industry—was the need to adhere to HIPAA regulations and protect the privacy of patient data.
A quest for security leads to Okta
In healthcare, security is paramount. Hagan realized he needed better control over users in cloud apps and the way they accessed company data. He started on a mission for an identity solution that met the following criteria:
Integrate mergers and acquisitions quickly
Hagan was looking for a more efficient approach than using manual processes to integrate companies that Envision Healthcare acquires. IT needed to find a solution for expediting the process, as IT spent over 1,200 hours per year on domain consolidation projects, and newly acquired employees were oftentimes unable to access the applications they needed to do their jobs for upwards of two weeks.
Manage user access in the cloud apps
IT searched for a solution to integrate their Active Directory systems with their cloud-based applications. They wanted to gain control over who was accessing apps as employees joined and left the company, while also ensuring users followed the company security policies to protect patient data.
Set up easy-to-use multi-factor authentication
Hagan wanted to implement a multi-factor authentication system that was not only easy to deploy, but also easy to use. That meant guaranteeing employees would not have to carry around tokens.
Scalable system that’s always on
Scalability and ease of access were key. Envision Healthcare sees a patient every 30 seconds, so it’s important for physicians and clinicians to access their applications without any downtime.
IT chooses Okta, ensuring user authentication, securing data
In making the decision about which identity system to choose, Hagan looked at both Okta and Microsoft. “We decided to do a little bit of a bake off,” Hagan recounted. “We piloted Okta against Microsoft and had Okta up and running in the test environment in less than a week.” IT was able to demonstrate the value of Okta across three applications—Chronus, SuccessFactors, and Office 365. Hagan also realized Okta ticked the box for integrating users and their apps from numerous acquisitions.
We piloted Okta against Microsoft and had Okta up and running in the test environment in less than a week.
With more and more users accessing apps in the cloud, on-prem or remotely, Hagan made security a priority. “Going with Okta was the best decision since we were positive we had the right access controls in place to ensure that whoever was accessing that data was authenticated and appropriate within our organization.”
With Okta, Envision gains greater agility and a more secure environment
Hagan was sure that if you start with identity management, you’re on the right path for success. Given Envision Healthcare’s level of M&A activity, they have a veritable revolving door of employees coming and going. “One of the things you don’t want are issues around HIPAA because employees have left and still have access to company data,” Hagan explained.
Universal Directory enabled newly acquired users from M&A quick gain access to parent-company apps. Okta also improved security, while decreasing IT administration costs with inbound federation for hospitals. Now, hospitals can manage access for their own staff to ensure access is revoked when employees leave the company.
If you want a cloud-based identity-management system that's easy to use and easy to implement, you go with Okta.
Okta made it easy to deepen data security. “One benefit Okta brought to the table was their ease-of-use deployment methodology for rolling out two-factor authentication as opposed to typical, traditional models that you have to implement,” Hagan pointed out.
Within the first year, IT registered 40,000 accounts using the Okta Identity Cloud and 10 deployed applications across their environment, starting with cloud-based apps and their ERP system. “It’s deployed; it’s working; and we’ve had no issues,” Hagan said. “We’ve had no one report problems of not being able to access or get through.” And two-factor authentication has proven successful.
What’s next? By early 2017, Hagan aims to migrate 120 of their 600 apps to Okta—focusing first on the apps earmarked as high risk.
“Healthcare companies looking for two-factor authentication, the ability to manage their identities well, and capabilities to federate with other hospitals—as well as a universal directory—should seriously look at Okta,” Hagan explained. The bottom line? “If you want a cloud-based identity-management system that's easy to use and easy to implement, you go with Okta.”
About Envision Healthcare
Envision Healthcare is a leading provider of physician-led, outsourced medical services headquartered in Greenwood Village, CO. They provide a broad range of coordinated, clinically based care solutions across the continuum of care from medical transportation to hospital encounters to comprehensive population health services.