The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventor, to the extent it is described in this background section or elsewhere herein, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
Access to medical information systems is carefully monitored and stringently regulated. In the healthcare field, access to patient information and other stored data is limited to those users with authorized access. And that authorization often involves stringent screening processes, processes that are manually implemented and time consuming. Moreover, when access is needed to different healthcare systems, differences in system architecture and design present particular challenges to the authentication process.
While these problems are particularly apparent in the healthcare field, many organizations and enterprises face technical challenges in managing user access to information and computer applications. The information often contains private, secured data. The information often contains complex and unrelated data. For example, the information collected and stored on a particular patient may be voluminous, rendering it impractical to grant a healthcare professional access to all of the patient's information.
Further, those who have access to information may only need access to certain types of information and no other types of information. The same is true for access to computer applications, as well of course. In healthcare field, for example, a point of care professional may need access to certain medical information through certain software applications, while a hospital administrator may only need access to certain other medical information through other software applications. The result is role-specific information access.
Unfortunately, given the fragmented nature of information systems and computer applications, authenticating and provisioning the right information to the right user is exceedingly difficult. Single Sign-On (SSO) cloud based systems have been developed, and with varying degrees of success. SSO and similar systems purport to offer true single points of user login, where a user can log into and access multiple different independent software systems. A user logs in with a single identification (ID) and password, without needing to use different usernames or passwords. In some instances, the same single authentication credentials are used for each targeting application. In other instances, the single authentication results in a token passed to each target application that manages their access.
There is still, unfortunately, a lack of consistent operation in these SSO cloud based systems. Furthermore, they lack decisional control over access grants and are agnostic to current security conditions and system loads, which can slowdown the authentication process and network operations. For organizations and enterprises, with thousands of users being on-boarded and off-boarded, the limitations become paramount.