Consumer Identity and Access Management (CIAM) Implementation for a Healthcare Organization

Overview:

This healthcare organization operates 39 hospitals and over 700 medical offices, boasting a workforce of more than 300,000 individuals, which includes over 87,000 physicians and nurses. By 2022, it had accrued a membership of 15 million, with 216,776 employees, 23,597 physicians, 63,847 nurses, 39 medical centers, and 724 medical facilities. In the contemporary healthcare landscape, the surge in regulatory requirements and the escalating reliance on electronic health records have underscored the necessity for cost-effective and streamlined identity and access management. The existing legacy Access Governance system was responsible for user authentication, Single Sign-On (SSO) through Header-based Web Access Management, internally developed Knowledge-Based Authentication (KBA) for profile updates and password resets. 

Challenges

The deeply ingrained integration of the legacy Authentication platform, spanning both web and mobile applications, presented significant challenges due to its reliance on session cookies, header variables, and secure APIs. Operating across eight regions in the United States, the healthcare organization encountered the complexity of maintaining region-specific accounts for users who relocated between regions.

Solutions

In response to these challenges, the healthcare organization pursued the implementation of a modern Consumer Identity and Access Management (CIAM) platform. The objective was to replace the legacy Access Governance system and establish a contemporary CIAM platform utilizing OAuth and OIDC protocols for user authentication and SSO across both web and mobile applications. The organization selected Ping Identity Suite as the foundation for the CIAM platform and partnered with TechDemocracy for implementation. 

TechDemocracy’s assistance proved invaluable in executing a swift transition from the legacy system to the new CIAM platform within a remarkable 12-month timeframe. Leveraging its healthcare domain expertise, accelerators, and utilities, TechDemocracy facilitated the following:

• Migration of a 15 million-user repository from Legacy LDAP to Ping Directory. 
• Development and establishment of a parallel authentication platform using Ping Federate for seamless application transition.
• Consolidation of disparate authentication platforms from various regions into a unified CIAM platform. 
• Transformation of mobile apps from traditional web view mode to a Native mode using the CIAM Ping Identity platform.
• Implementation of Risk-based Multi-Factor Authentication (MFA) for consumers through SMS or email.
• Establishment of frictionless, stable, and on-demand scalability through an automated infrastructure setup and deployment process.
• Integration with mission-critical applications through OAuth and OIDC protocols via PingFederate. 
• Integration of access management for the EPIC healthcare platform. 
• Rapid onboarding of disconnected applications and streamlined access review configurations. 
• Creation of a fully automated platform using Ansible for Ping Identity products, ensuring efficient new installations and configuration promotion across more than 20 environments.

Benefits

The migration and implementation efforts yielded significant benefits for the organization: 

• Seamless onboarding of applications to the CIAM platform.
• Establishment of a unified CIAM authentication platform spanning multiple regions. 
• Transition from header-based Web Access Management to industry-standard OAuth and OIDC protocols. 
• Substantial cost savings through the elimination of legacy system renewals. 
• Reduction in errors due to data cleansing, resulting in minimal downtime. 
• Attainment of compliance and audit requirements. 
• Remarkable 85% reduction in incidents and service tickets within the first two months post-migration. 
• Optimized utilization of resources, including personnel, systems, and time.