Abstract
COVID-19-related vaccine demand and delivery volume challenged delivery organizations as few crises have. Imperatives to ensure security of patient information, defend against cybersecurity threats, and accurately identify/authenticate clinician identity for patients remained unchanged. Deployment of identity access and management (IAM) and single sign-on (SSO) can accelerate operationalization of a vaccine delivery center when urgently needed in a crisis. Innovative application of existing IAM/SSO technology, combined with an identity governance solution, greatly accelerated vaccine delivery. Secure access enabled by IAM technology facilitated a rapid expansion (25 minutes) where 500 new vaccine delivery personnel were identified and authenticated during a period of high pandemic incidence. Existing digital identity solutions enabled a vaccine delivery organization to accelerate secure IAM of clinical staff during the peak of the COVID-19 pandemic. Existing IAM investments and capabilities that are widely implemented in nations with mature health information technology systems can greatly accelerate standing up emergent vaccine delivery capabilities and sites in the midst of a public health crisis.
Keywords: COVID-19 vaccination, emergency vaccine delivery, identity and access management, single sign-on
Background: single sign-on and identity access management in routine hospital workflows
Single sign-on (SSO) and identity access management in routine hospital workflows. For many clinicians, electronic health records (EHRs) have low usability and are regarded as a time-consuming interruption to an already busy workflow and to patient care.1–3 The imperative to maintain the security of protected health information (PHI) has historically involved password protection of EHR access, resulting in a need for clinicians to continually refresh complex passwords, which can impede clinical workflow. Hospitals have reported that clinicians typically login to 8–10 or more applications. 4 Entering, updating, and re-setting passwords uses time better spent on delivering patient care.
SSO is a technology solution that eases and expedites clinician access to the EHR, and is a core platform within a hospital’s identity and access management (IAM) strategy and capabilities. SSO enables clinicians to login as usual by keyboard at the start of a clinical shift, and then streamlines all reconnect logins for the rest of the shift. SSO limits keyboard login to once a shift and accelerates access to clinical applications including the EHR and its PHI, eliminating the need for clinicians to create and remember complex passwords. Hospital objectives in implementing SSO are to provide clinicians expedited access to their clinical applications and the EHR, and to eliminate time expended in managing passwords. Once logged in at shift start, clinicians subsequently swipe a proximity identity badge on card readers sitting beside computer workstations. The proximity badge logs clinicians in and out as they access the EHR and clinical applications throughout a shift and as they roam the hospital/clinic. When a clinician is inactive on a workstation, or moves to another workstation, the badge reader accesses the current state of the last computer used, automatically locking workstations when clinicians leave, and reauthenticating them upon return to where they last left off. SSO reduces repetitive, manual logins and expedites authenticated access to the EHR and clinical applications for the balance of the clinical shift, after which keyboard login in the usual fashion is repeated once again in order to enable another shift of expedited SSO access via badge logins.
SSO provides support for varied applications used in clinics and hospitals. New applications can be profiled and deployed rapidly with SSO without coding. Password administration automates application password change processes, eliminating a burden for clinicians, who can focus on patient care rather than creating new passwords. By automatically launching/opening needed applications, time is liberated from the computer keyboard for patient care. SSO implementation has been demonstrated to have a highly favorable impact with respect to clinician time liberated from keyboard/EHR to instead engage in care delivery, and in net financial return on investment.5–7 The introduction of SSO technology has been shown to facilitate adoption of key component functionalities of the EHR, including electronic clinical documentation, as well as related clinical applications.8–12
SSO is a well-established, tested and tried IAM technology capability in wide use in the United States and the United Kingdom, among other nations. For example, the specific vendor SSO solution deployed in this use case, from Imprivata, is currently deployed in 2320 US healthcare facilities and 158 UK hospitals and care delivery organizations. Imprivata’s OneSign SSO product is widely regarded as delivering value to clinician workflows and has demonstrated reliability and stability, including near 100% up time operationally, with ability to profile most commonly used clinical and administrative workflow applications. However, the use of SSO and an identity governance application to greatly accelerate IAM specifically during emergency stand up of a vaccination delivery clinic during a public health crisis is a novel and important application of this technological capability.
IAM and an unprecedented urgency to scale population vaccine delivery during COVID-19
COVID-19 surges in patient volume disrupted the already complex digital identity and information environment of modern hospital/health system care delivery, and greatly accelerated the adoption of telehealth/telemedicine. During the early phases of the pandemic, hospitals needed to ramp up clinical staff rapidly in order to manage an increased volume of very ill patients and patient triage. Clinicians and administrative staff had to significantly alter and adapt their workflows and worksites, and individuals not serving in direct clinical care roles often worked remotely. All of the components of hospital COVID-19 response had to be completed while maintaining rapid, secure access to critical care delivery and operational applications, and confidential PHI/ data. New, nontraditional treatment locations and care delivery in tents, and mobile units at and hotels were established, and had to use existing information technology (IT) infrastructure and capabilities to support both safe, effective patient care and information security and identity authentication. Vaccine delivery services were expanded dramatically, as well as improvised into new settings and environments in order to significantly increase public outreach and access.
The pandemic and resulting surges in patient volume amplified the importance, and indeed the centrality, of securing and managing digital identity across the healthcare delivery system in an emergent crisis, including facilitating the implementation of mass vaccination efforts. Having core identity authentication and access management capabilities in place enabled hospitals and other care delivery organizations to leverage existing technologies in innovative ways to support and improve their COVID-19 institutional response effort, including those focused on secure IAM. Identity authentication and access management remained critical to securing the trusted digital identities of clinicians and patients during the pandemic, including many administrative and support service personnel, whether on site in the care facility or working remotely. IAM also facilitated efforts to prevent hospital infection of visiting family members, and also facilitated effort to prevent hospital transmission of SARS-CoV-2 among care facility clinicians and staff. 13 Table 1 presents a summary of eight use cases in which hospitals and health systems deployed IAM to reduce viral spread in their facilities, and to enable safer and low risk communications between infected patients and clinicians and between patients and visiting family members.
Table 1.
Use cases of IAM technology deployed in hospital COVID-19 response.
| Use case functional focus | Use case hospital value |
|---|---|
| Infection control and patient safety | SSO enabled clinicians to attest being symptom-free at shift start |
| Infection control and patient safety | SSO deployed for exposure and contact tracing of facility clinicians |
| Infection control and patient safety | SSO deployed to enable mandatory clinician temperature checks and reporting |
| Infection control, patient safety and PPE supply chain management | Inpatient telehealth consults and virtual inpatient rounding in isolation units to reduce infection risk and rate of PPE consumption |
| Infection control and patient/family well-being and psychosocial support | Mobile devices enabled virtual visits between isolated patients and families |
| Infection control and expedited authentication and workflows | SSO rapidly authenticated into mobile devices without touching screens |
| Infection control and maintenance of facility organizational effectiveness and work productivity | Secure access enabled for rapid expansion of personnel working remotely |
| Organizational staffing management, accountability and work productivity | SSO monitored attendance of temporary workers |
SSO, single sign-on; IAM, identity access and management; PPE, personal protective equipment.
This discussion will focus on a population and public health use case of IAM technology to rapidly stand up a COVID-19 vaccine clinic in the United Kingdom. IAM enabled role-based access to rapidly on-board clinical care, vaccine delivery and support staff in the face of high patient volumes and vaccine demand, an imperative during the pandemic. This involved rapidly provisioning clinical application access to accommodate the substantial ramp up in vaccine delivery and administrative staff needed to manage high patient volumes needing acute care, as well as populations requiring vaccination.
Methods
The National Health Service (NHS) in Northern Ireland, Health and Social Care (HSC), is similar to the NHS in England, delivering care free of charge and providing social care services including home care services, family and children’s services, day care services, and social work services. The South Eastern HSC Trust is one of the five Health and Social Care Trusts that provide healthcare, public health, and social services across Northern Ireland, including immunization services. The South Eastern Trust provides integrated health and social care services to multiple communities, serving a resident population of 354,651. In addition, acute care delivery at the Ulster Hospital serves a wider population.
In December 2021, in response to the highly transmissible SARS-CoV-2 Omicron variant, the Department of Health asked the Trust to set up a Regional COVID-19 Vaccination Center to facilitate the delivery and public uptake of COVID-19 booster vaccinations. Owing to the rapidly developing epidemiological and disease control situation, the new facility sought to be operational in 5 days. In order to execute this mass vaccination initiative, clinical and administrative staff were deployed and recruited as needed, many of whom were retired nursing and medical staff, as well as nursing and medical students. Additional administrative staff were also deployed to support the effort. Most of these new, temporary staff had no prior secure EHR, SSO and related information system IAM profiles, but nonetheless required immediate access to clinical information systems. Using the Trust’s existing system for provisioning new user accounts would not have deployed rapidly enough, and manual provisioning would divert organizational focus and resources from critical areas such as launching the vaccine center’s operations in a timely manner.
Vaccine delivery organization setting
A newly and rapidly deployed Regional COVID-19 Vaccination Center in the South Eastern HSC Trust was implemented to facilitate the delivery and public uptake of COVID-19 booster vaccinations. The Center would operate 12 h per day, 7 days per week, with a maximum vaccine delivery capability of up to 4000 individuals per day.
Operational challenge/imperative created by COVID-19
In establishing and rapidly standing up a new vaccine delivery facility in response to great need and demand during the COVID-19 pandemic, South Eastern HSC Trust faced a challenge of enabling rapid access to clinical systems, including the provisioning of vaccine provider secure identity access and authentication for 500 new temporary staff accounts. This required an agile identity governance solution in order to avoid a slow and labor-intensive manual process of staff on-boarding and profiling. Concern existed that provisioning staff accounts could divert focus from launching other essential clinic operations. Equally critical, however, was enabling consistent access rights to all new, temporary users of the system EHR, with rapid user on-boarding, accurate authentication, and effective information governance and auditing capabilities.
Identity governance solution utilized
At the time, the Trust was already conducting a secure identity governance pilot of Imprivata Identity Governance, which was focused on provisioning IAM to junior physicians, covering three cohort intakes per year. The pilot project involved setting up active directory and exchange accounts for new physicians who required access to 3–10 separate clinical systems.
Results
With the urgent requirement to institute a new vaccination center to drive community uptake and increase vaccination booster rates, the identity governance pilot project was rapidly pivoted to on-board up to 500 new clinical information user accounts. The identity governance solution was able to eliminate an onerous, time-consuming amount of inefficient manual work. The Vaccination Center was able set up 500 staff accounts in just 25 minutes. The solution provided consistent access rights and authentication to all staff, based on their specific roles and needed access to critical information systems.
When the Vaccination Center was closed in late January 2022, staff accounts were decommissioned automatically, ensuring that sensitive, confidential patient data remained protected, as accounts could not be further accessed. The solution also provided a clear audit trail of account provisioning and deprovisioning activity, which supported standards of effective information governance, security and compliance.
Having proven the value of the identity governance solution, the Trust next sought to expand its use of the solution by adopting automatic triggering for junior physicians, so that as they move or alter their clinical roles and workflows, with changing secure information and application access and management needs, their permissions moved with them. It was also deployed to manage the identity and information access needs of nurses and domiciliary staff.
The identity governance solution has enabled NHS Trusts and other, diverse care delivery organizations to introduce precise role-based data and application access for all staff, thereby increasing the productivity of clinical staff by removing access barriers to critical patient information and technology. The solution strengthened data security with much accelerated cyber threat detection, evaluation and remediation. Better managed regulatory compliance, with analysis of usage data via dashboards, was also achieved. IT costs were reduced by automating IAM. In addition, the solution provided a self-service portal for users to manage their own accounts.
Discussion
In the midst of a major public health and clinical care crisis such as a pandemic or an outbreak of a highly transmissible pathogen like SARS-CoV-2, efforts to accelerate and reduce avoidable manual processes in establishing secure IAM at vaccination and clinical care delivery sites are essential. Identity management and governance solutions have a critical role in systematically compressing the time between the decision to institute a new vaccination site and delivery of the first injections into arms. In outbreaks of highly communicable pathogens, compression of the time required between policy and programmatic decisions to expand vaccine efforts and delivery of vaccine is a public health imperative.
In this case study, an identity governance solution enabled deployment of needed secure authentication and access provisioning to 500 vaccine delivery personnel with unprecedented rapidity and effectiveness. This analysis cannot quantify the burden of avoidable community infection prevented in the South Eastern HSC Trust, or the resulting decrease in avoidable care utilization in hospital emergency departments and intensive care units (ICUs) achieved by greatly accelerating secure identity access/authentication–and thus more rapid vaccine delivery. Given the contagiousness of the Omicron variants of the virus during this period, however, these impacts may have been substantial.
Conclusion
The imperatives to ensure the confidentiality of PHI and that only appropriate and authorized service providers and staff have access to critical clinical information systems are not diminished in a crisis, such as a pandemic. IAM systems are essential in enabling the right access of the right personnel to the right patient’s clinical information at the right time. In the case of an acute crisis such as a major communicable disease outbreak, the right time means as soon as technologically and humanly feasible.
Through most of the first 3 years of this pandemic, SARS-CoV-2 has demonstrated surprising and remarkable resilience and unexpected evolution. It is quite clear that, much as the last global pandemic of HIV/AIDS preceding it, COVID-19 will become a lasting focus within the healthcare landscape. With less than three-fourths (70.0%) of humanity vaccinated to any extent against the virus, and only 29.8% in low-income nations receiving at least one dose as of this writing, 14 future variants of greater communicability and potential vaccine evasion are possible. Our healthcare system response and disease control/prevention efforts, including rapidly expanded and deployed vaccine delivery, require ever greater acceleration in the pace of implementation. Given the use case illustration of IAM/SSO technology solutions described here, future delays in enabling hundreds or thousands of care or vaccine delivery personnel to access critical information systems rapidly and securely during outbreak/pandemic response can – and should – be averted.
Acknowledgments
The author is grateful to the staff and leaders of the South Eastern Health and Social Care Trust in Northern Ireland for their public health service and embrace of technological innovation to improve COVID-19 public health, clinical and organizational response.
Ethics approval and consent to participate: No patient PHI or human subject data were used. Not applicable.
Consent for publication: No patient information or data of any kind was used and thus no patient consent pertains or was required. The achievement explored and evaluated in this article is based on publicly available information. Not applicable.
Author contributions: George A. Gellert: Conceptualization; Data curation; Formal analysis; Methodology; Project administration; Validation; Visualization; Writing – original draft; Writing – review & editing.
Funding: The author received financial support for the research, authorship and publication of this article from Imprivata, but no other grant or other financial support.
The author declared the following potential conflicts of interest with respect to the research, authorship, and/or publication of this article: G.A.G. is a medical advisor on clinical and public health impact evaluation for Imprivata.
Availability of data and materials: No data or related materials exist. Not applicable.
ORCID iD: George A. Gellert 
https://orcid.org/0000-0002-3519-7486
Declarations
References
- 1.Friedberg MW, Chen PG, Van Busum KR, et al. Factors affecting physician professional satisfaction and their implications for patient care, health systems, and health policy. Rand Health Q 2014; 3: 1. [PMC free article] [PubMed] [Google Scholar]
- 2.Verdon DR.Physician outcry on EHR functionality, cost will shake the health information technology sector. Med Econ 2014; 91: 18–20. [PubMed] [Google Scholar]
- 3.Hafner K.A busy doctor’s right hand, ever ready to type. The New York Times, 12January2014, https://www.nytimes.com/2014/01/14/health/a-busy-doctors-right-hand-ever-ready-to-type.html
- 4.Griffith A.Eliminate login nightmares with single sign-on technology. Health IT Outcomes, 2015. https://www.healthitoutcomes.com/doc/eliminate-login-nightmares-with-single-sign-on-technology-0001 [Google Scholar]
- 5.Gellert G, Crouch JF, Gibson LA, et al. An evaluation of the clinical and financial value of work station single sign-on in 19 hospitals. Perspect Health Inf Manag 2019; 16: 1a. [PMC free article] [PubMed] [Google Scholar]
- 6.Gellert GA, Delacerda C, Patel L, et al. Easing hospitalist EHR burden through clinical workstation single sign-on. J Hosp Adm 2020; 9: 24–29. [Google Scholar]
- 7.Gellert GA, Ramirez R, Jacobs WJ, et al. EHR workstation single sign-on: a quantification of time liberated for nurses to care for patients. J Nurs Adm 2020; 50: 462–467. [DOI] [PubMed] [Google Scholar]
- 8.Hope P, Zhang X.Examining user satisfaction with single sign-on and computer application roaming within emergency departments. Health Informatics J 2015; 21: 107–119. [DOI] [PubMed] [Google Scholar]
- 9.Fontaine J, Zheng K, Van De Ven C, et al. Evaluation of a proximity card authentication system for health care settings. Int J Med Inform 2016; 92: 1–7. [DOI] [PubMed] [Google Scholar]
- 10.Franklin R.How single sign-on (SSO) in healthcare improves a provider’s day. Mobius MD, October4, 2022. https://mobius.md/2022/10/04/single-sign-on-in-healthcare/
- 11.Hanover J.Best practices: single sign-on drives productivity, security and adoption when used with EHR at the Johns Hopkins Hospital. IDC health insights no. HI238582, 2012, https://docs.media.bitpipe.com/io_11x/io_115401/item_884892/Best%20Practices_Single%20Sign%20On%20Drives%20Productivtiy%20Security%20and%20Adoption%20When%20Used%20with%20EHR%20at%20The%20Johns%20Hopkins%20Hospitalpdf.pdf
- 12.How single sign-on is changing healthcare: a study of IT practitioners in acute hospitals in the United States. Ponemon Institute, 2011. https://www.ponemon.org/research/ponemon-library/?archive=1309492799 [Google Scholar]
- 13.Gellert GA, Kelly SP, Hsiao AL, et al. COVID-19 surge readiness: use cases demonstrating how hospitals leveraged digital identity access management for infection control and pandemic response. BMJ Health Care Inform 2022; 29: e100680. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 14.Our World in Data. Coronavirus (COVID-19) vaccinations, https://ourworldindata.org/covid-vaccinations