Allscripts Case Study
Allscripts Corporation is an enterprise healthcare information technology solutions provider to more than 1,500 major healthcare facilities, including academic medical centers, hospitals with pediatric facilities, and community-based hospitals of all sizes. Allscripts’ software applications provide workflow and knowledge support to smooth information transfer and patient management between physicians, nurses, managers, and other members of the healthcare team.
As an end-to-end healthcare solutions provider, Allscripts has an extensive product suite that includes a number of server-based software solutions. With more than 1,500 customers being supported by 1,000 support analysts, Allscripts requires remote diagnostics and maintenance of customer systems to meet cost management and customer satisfaction goals. Like many companies that support complex applications for a large and diverse client base, Allscripts maintained several remote support solutions and a wide variety of connectivity types. Phone desk, email and chat, and customer-initiated web support all required a high level of two-party (customer and Allscripts analyst) interaction and were driven by reaction to customer problems instead of proactive management by Allscripts. A wide variety of connectivity types including modems, point-to-point networks, shared desktops, and VPNs were expensive, complex, and not all secure. The combination of applications and connectivity made it difficult to define and manage the process for security. had no single audit, or reporting capability.
Allscripts customers include all of the hospitals on America’s Best Hospitals Honor Roll, and nearly half of the more than 100 organizations that have received Magnet Recognition Program status – the highest award an organization can receive for the quality of nursing care – use Allscripts solutions. Allscripts customers include Boston Medical Center, Cleveland Clinic-Easter Region, The National Institutes of Health, and University of Michigan Hospitals and Health Centers.
Key Healthcare Industry Issues
Hospital departments transfer and share electronic patient data (ePHI) – data that needs to be accessible in real time with views of the information appropriate to the needs of specific departments. Data flow, application interconnectivity, and reliability are essential for efficient healthcare operations. Application failure, data corruption, or even slow performance are potentially life-threatening and unacceptable for healthcare organizations trying to maintain standards of care. Quality applications and support ensure the continued efficiency, accuracy, and timeliness of information transfer, and all of these lead to better patient outcomes.
Privacy Regulations Compliance
Security, privacy, and financial regulations have placed health care providers in an increasingly controlled environment. HIPAA is the most influential, but other regulations such as Sarbanes Oxley, EC 95/46, California SB 1386, and others define requirements for security, managing information, and reporting. Protection of data is extended past the healthcare provider to include the vendor supplying software and systems. Failure to meet statutory requirements can lead to disastrous results. In one case, Choicepoint, an information provider to insurance companies, received, at the time, the largest civil fine in FTC history ($15 million) for compromising the personal information of 145,000 US residents. Compliance with these regulations creates requirements for added process, infrastructure, and application features to enable and enforce the process.
Allscripts Support Requirements
With 1.5M (1,500 customers x 1,000 analysts) potential support connections, Allscripts needed a scalable solution that minimized the complexity and cost of managing large numbers of connections.
As a solution provider to HIPAA regulated entities, Allscripts needed to provide solutions that enabled compliance. User control with unique logins for 1,000 employees at 1,500 access points and audit controls to track and record all system access and activities are key features of meeting HIPAA requirements.
In order to reduce the complexity and costs associated with multiple methods of connectivity, Allscripts needed a single platform to consolidate remote support access and still work with multiple customer platforms. Browser-based access with client-side components was needed to provide simple, quick, and inexpensive means of establishing and maintaining remote support connections. A consolidated platform also reduces the hardware and software costs associated with managing remote support. Allscripts analysts often use proprietary diagnostic tools to aid in remote application support and speed problem resolution. As customers include more and more operating systems, Allscripts needed a way to control the growing licensing cost of proprietary tools.
In SecureLink, Allscripts found a solution that provided the perfect combination of control, flexibility, and security. The SecureLink server manages, audits, and records all of the remote support connections between Allscripts and its customers. SecureLink Gatekeepers, installed on customer servers, enable and define the limits for each remote support connection.
The SecureLink server runs on a secure hardened platform of Linux and offers a single point of control for support access to customer systems. SecureLink Gatekeeper can be installed and set up in minutes providing simple, customer-driven access management by defining the hosts, ports, files, directories, and applications that Allscripts support analysts are allowed to access.
Allscripts with SecureLink Results
Allscripts began to see positive results shortly after rolling out SecureLink. SecureLink’s platform independence gave Allscripts the ability to consolidate its remote support connections on a single platform regardless of the customer’s operating system. SecureLink’s ease-of-use reduced setup costs and improved connectivity response time. As a result, Allscripts saw its support efficiency increase and the cost of connectivity drop by 87%.
SecureLink’s direct, native access to customer servers allowed Allscripts’ support analysts to use whatever tools they needed to resolve a service issue, eliminating duplication of license fees, further reducing cost and time to problem resolution. SecureLink’s ability to let customers strictly define access for each remote support connection, combined with robust audit and reporting functionality allowed both Allscripts and its customers to generate historical audit reports and detail log files capturing who accessed the system, what was done (at the command level), and what tools were used. This satisfied the HIPAA concerns of even the most security-conscious customers.
- A single platform for managing remote support connections to all OS platforms to all customers, reducing connectivity complexity and cost and improving efficiency.
- Direct, native access to the customer server allows Allscripts support analysts to use their favorite, proprietary resolution tools without paying additional license fees, which increases efficiency and decreases time to resolution.
- Simple, flexible customer-managed access controls allowing compliance conscious healthcare providers to restrict access appropriately and increase security.
- Predefined, controlled access to customer applications reduces the time required by customer IT staff to participate in problem resolution, which reduces costs and improves customer satisfaction. SecureLink’s feature allowing trusted vendor remote access without customer involvement meant Allscripts could solve problems without requiring customer involvement.
- Multiple remote connections for a single support session allow Allscripts to apply additional service representatives for faster problem resolution. The SecureLink server brokers secure access between the Allscripts technician and the customer’s network.
- Detailed audit, reporting, and real-time monitoring capability for every remote support session, enabling security process definition and proof of HIPAA compliance.
Access the Case StudyDownload this case study
“By converting our customers to SecureLink’s remote support network, we were able to save our customers money on their connectivity costs, enhance the reliability of the connection, improve our response and resolution times, all while increasing the security and auditing capability of the customer’s systems. Not bad for 15 minutes work!”
ROBERT BELL, COMPUTER SECURITY OFFICER, VP OF PRODUCT SUPPORT