Guaranteed medical confidentiality without compromising effective care
Protect your personal data, Electronic Health Records, professional smartcards and more. Access to health information must be increasingly easy and fast, without compromising confidentiality in any way.
Evidian offers identity and access management solutions that are tailored to the specific requirements of healthcare establishments (high staff turnover, 24/7 operations). Our solutions simplify the allocation and use of access rights so that doctors can give patients their full attention. In addition, they can help achieve compliance with regulations such as the HIPAA Security Rule.
Evidian can provide a shared Identity and Access Management (IAM) solution dedicated to large Hospital Groups. This architecture is adapted to small facilities by rationalizing infrastructure costs and answers the transversal needs (shared resources between entities) of Hospital Groups.
Nantes University Hospital using Evidian solution won the European Identity & Cloud Award 2015 "Best Identity and Access Management Project". Discover more about this project in the KuppingerCole report.
Confidentiality of medical files
As roles are pre-defined on the basis of the duties and departments of each staff member, you can be sure that only authorised staff can access the right information at the right time. Evidian solutions guarantee that you can meet the confidentiality requirements for medical ethics and the CNIL (French Data Protection Agency).
Vital information available 24/7
With Evidian solutions, doctors are identified using a smartcard or badge – no password is needed on any terminal. If the card or electronic badge is lost, Evidian offers a range of secure backup identification solutions for immediate emergency access. For example, the most recent Evidian innovation, QRentry, lets you unlock a session with your smartphone using a QR code.
In hospitals and elsewhere, there is a trend for increasing use of personal mobile terminals. Evidian solutions give doctors fully secure access to patient information from their medical surgery, using their smartphone or tablet. These solutions can also be used for establishing mobile sessions for bedside access in hospitals.
For interns, placement students, external staff, staff-managed devices, etc. Ensuring that individuals are held responsible for their actions means that personal access to information must be granted for each level of authorisation. By using automated identity management solutions, Evidian can rapidly deliver customised access rights. Kiosk mode allows the management of fast user switching on multi-user terminals, ensuring both efficiency and confidentiality.
Hospitals are responsible for the confidentiality of medical data. With Evidian solutions, not only you can divide up access rights, but also rapidly assess the measures taken and present an access record for checks and audits.
Nantes University Hospital [+]
Evidian Identity and Access Management solution has been successfully deployed by Nantes University Hospital (Centre Hospitalier Universitaire de Nantes). The European Identity & Cloud Award 2015 for "Best Identity and Access Management Project" went to the Nantes University Hospital for its innovative approach in solving healthcare issues.
The Nantes University Hospital project involved setting up a multi-functional corporate smart card, and optimizing identity and authorization management. Implementing the Evidian solution has strengthened the Hospital's security policy when it comes to accessing medical data, in particular to comply with the national confidentiality directive.
The identity management project involves 12,000 employees, more than 2,000 external staff, 7,000 workstations and more than twenty application; with a 20% annual turnover and job rotation of medical personnel. The roll-out of the solution at Nantes University Hospital has been backed up by change management support for users, involving senior management from the Hospital and its Corporate Communications Department.
"The Evidian solution manages the kind of complex scenarios typically found in a university hospital: rapid switchover of a PC session in shared mode, roaming sessions for the same user logging on to different PCs in the same day... Evidian also manages the workflow of authorizations, from the point where a new employee joins the hospital (upstream provision of user IDs, implementation of rights policies) to their departure (removal of identities and rights)," explained Cedric Cartau, Information Systems Security Manager at Nantes University Hospital.
"We valued the solution's ability to implement authorization policies that are not only set centrally, but must also be defined by the departments actually responsible for policies in their own functional areas: the software knows how to do it all, but it still has to be expressed unambiguously," Cedric Cartau added.
Warrington & Halton NHS [+]
Warrington and Halton Hospital deploys Evidian's Enterprise SSO solution for its heavy and light client workstations to simplify and secure access to hospital applications for its 2,500 healthcare employees. It creates strong authentication by means of the national card and the certificate "CfH card".
CHU of Angers [+]
The CHU of Angers, which is using Evidian's identity and access management functions for many years, has decided to upgrade the current solution by installing the Evidian IAM Suite for an extended perimeter to 7200 users. This solution includes identity management, authorization, strong authentication by CPS and RFID card and SSO on heavy client, thin client and web.
EPSM of St-AVE [+]
The ESPM of Morbihan has implemented the Evidian IAM Suite for the creation of its identity repository, powering and synchronization of existing repositories, strong authentication based on CPS certificates and SSO.
The EPSM of Morbihan currently operates the solution for 1500 users.
View other case studies
EPSM decided to strengthen security while eliminating the constraints of passwords, using instead healthcare professional smart card for authentication.