Implementation of a single sign-on system between practice, research and learning systems

Saptarshi Purkayastha; Judy W. Gichoya; Abhishek Siva Addepally

doi:10.4338/ACI-2016-10-CR-0171

Applied Clinical Informatics, Table of Contents

Appl Clin Inform 2017; 08(01): 306-312
DOI: 10.4338/ACI-2016-10-CR-0171

Case Report

Schattauer GmbH

Implementation of a single sign-on system between practice, research and learning systems

Saptarshi Purkayastha

¹Department of BioHealth Informatics, Indiana University Purdue University, Indianapolis

,

Judy W. Gichoya

²Department of Radiology and Imaging Sciences, Indiana University School of Medicine, Indianapolis

,

Abhishek Siva Addepally

¹Department of BioHealth Informatics, Indiana University Purdue University, Indianapolis

› Author Affiliations

Abstract

Full Text

PDF Download

Keywords

Integrated information systems - electronic health records - educational needs - single sign-on - Security Assertion Markup Language - SAML - Central Authentication System - CAS

References

References
1 Meaningful Use Regulations | Policy Researchers & Implementers | HealthIT.gov [Internet].. [cited 2016 Dec 20]. Available from: https://www.healthit.gov/policy-researchers-implementers/meaningful-use-regulations
2 Niazkhani Z, Pirnejad H, Berg M, Aarts J. The impact of computerized provider order entry systems on in-patient clinical workflow: a literature review. J Am Med Inform Assoc JAMIA 2009; 16 (Suppl. 04) 539-549.
3 Mazlan EM, Bath PA. Impact of health informatics implementation on clinical workflow: A review.. In: Proceedings of the World Congress on Engineering and Computer Science. 2012
4 Zheng K, Haftel HM, Hirschl RB, O’Reilly M, Hanauer DA. Quantifying the impact of health IT implementations on clinical workflow: a new methodological perspective. J Am Med Inform Assoc JAMIA 2010; 17 (Suppl. 04) 454-461.
5 Jha AK, DesRoches CM, Campbell EG, Donelan K, Rao SR, Ferris TG, Shields A, Rosenbaum S, Blumenthal D. Use of Electronic Health Records in U.S. Hospitals. N Engl J Med 2009; 360 (Suppl. 16) 1628-1638.
6 D’Costa-Alphonso M-M, Lane M. The Adoption of Single Sign-On and Multifactor Authentication in Organisations - A Critical Evaluation Using TOE Framework. Issues Informing Sci Inf Technol 2010; 7: 161.
7 Furnell S. Authenticating ourselves: will we ever escape the password?. Netw Secur 2005; 2005 (Suppl. 03) 8-13.
8 Borycki E, Kushniruk A, Armstrong B, Joe R, Otto T. Integrating Electronic Health Records Into Health Professional and Health Informatics Education: A Continuum of Approaches. Acta Inform Medica 2010; 18 (Suppl. 01) 20.
9 Koppel R, Smith S, Blythe J, Kothari V. Workarounds to computer access in healthcare organizations: you want my password or a dead patient?. Stud Health Technol Inform 2015; 208: 215-220.
10 HL7 Standards Product Brief – HL7 Context Management Specification (CCOW). Version 1.6. [cited 2016 Dec 20]. Available from: http://www.hl7.org/implement/standards/product_brief.cfm?product_id=1
11 Oreku GS, Li J. End User Authentication (EUA) Model and Password for Security. J Organ End User Comput 2009; 21 (Suppl. 02) 28-43.
12 Mykkänen J, Porrasmaa J, Rannanheimo J, Korpela M. A process for specifying integration for multi-tier applications in healthcare. Int J Med Inf 2003; 70 2-3 173-182.
13 Maliki TE, Seigneur JM. A Survey of User-centric Identity Management Technologies.. In: The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).. 2007 p. 12-7.
14 Sun S-T, Beznosov K. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems.. In ACM 2012 p. 378-390.
15 Halling TD, Douglas C. Hahn. Bringing interlibrary loan services under a single sign on umbrella. Libr Hi Tech 2013; 31 (Suppl. 01) 76-86.
16 Birk P, Chao C-Y, Chung H, Mason C, Reddy K, Venkataramappa V, Riddlemoser D. System and method for secure network state management and single sign-on.. US20050154887 A1, 2005 [cited 2016 Oct 14]. Available from: http://www.google.com/patents/US20050154887
17 Dhamija R, Dusseault L. The seven flaws of identity management: Usability and security challenges. IEEE Secur Priv 2008; 6 (Suppl. 02) 24-29.
18 Hardt D. The OAuth 2.0 authorization framework.. 2012 [cited 2016 Dec 20]; Available from: http://tools.ietf.org/html/rfc6749%3E
19 Recordon D, Reed D. OpenID 2.0: A Platform for User-centric Identity Management.. In: Proceedings of the Second ACM Workshop on Digital Identity Management.. New York, NY, USA: ACM; 2006. [cited 2016 Dec 20]. p. 11-16. (DIM ’06). Available from: http://doi.acm.org/10.1145/1179529.1179532
20 Chinitz J. Single sign-on: Is it really possible?. Inf Syst Secur 2000; 9 (Suppl. 03) 1-14.
21 Manadhata PK, Wing JM. An Attack Surface Metric. IEEE Trans Softw Eng 2011; 37 (Suppl. 03) 371-386.
22 OpenMRS Releases 2015 Annual Report | OpenMRS.. [cited 2016 Aug 18]. Available from: http://openmrs.org/2016/02/openmrs-releases-2015-annual-report
23 A Business Case for Single Sign On. Healthcare IT News.. 2011 [cited 2016 Dec 20]. Available from: http://www.healthcareitnews.com/blog/business-case-single-sign
24 Sun S-T, Pospisil E, Muslukhov I, Dindar N, Hawkey K, Beznosov K. Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model. ACM Trans Internet Technol 2013; 13 (Suppl. 01) 2:1-2:35.
25 Li Z, He W, Akhawe D, Song D. The emperor’s new password manager: Security analysis of web-based password managers.. In: 23rd USENIX Security Symposium (USENIX Security 14).. 2014 p. 465-479.
26 Hope P, Zhang X. Examining user satisfaction with single sign-on and computer application roaming within emergency departments. Health Informatics J 2015; 21 (Suppl. 02) 107-119.

Supplementary Material

Online Supplementary Material