Remote access was a struggle for IPC, a private-practice hospitalist company.
IPC employs physicians who work in hospitals across the country, but those doctors aren't affiliated with specific hospitals. Because of this, they have no offices.
"They're a mobile workforce," said Roie Ederly, IPC's information services director. "They don't have an office to work in. But they still require anywhere-access to patient data, medical billing information and other applications."
But across the company, the physicians and other employees, totaling about 1,200, need access to the same applications from any location and also need to keep that information secure. IPC tried this with PDAs, but Ederly called that a "nightmare." The company built an intranet, but doctors would need separate passwords and would have to authenticate for each application they used, creating the need for single sign-on to get to billing applications, email and other necessary business and reporting apps.
"We had several iterations of our billing application and reporting systems, so our doctors had to perform separate log-ins throughout the day," Ederly said. "This posed a challenge because doctors would get confused on which password went where, or which link they should click. We needed to tie all of our systems into one -- with a unified, single log-in -- and needed to keep it secure."
IPC looked at building its own in-house single sign-on solution, but it was too cumbersome, and hiring programmers to get it running would have been costly. Also, the frequent necessary updates would have been manual.
To facilitate remote access and single sign-on, IPC evaluated SSL VPN offerings from F5 and Aventail. Ederly said that IPC was going in Aventail's direction until some problems surfaced. One notable problem, he said, was that he couldn't find an easy way for Aventail to work with Active Directory for physicians to authenticate on the Web portal with a username and password from a centralized database. Ederly said that Aventail's solution could work with Active Directory, but it would have to be done outside the management GUI's limits. IPC would have to run custom scripts to make possible what they wanted to do.
IPC took F5's FirePass SSL VPN on board for a rigorous testing phase, Ederly said. It integrated smoothly with Active Directory and did everything else IPC was looking to accomplish, including supporting 150 to 200 concurrent sessions.
IPC eventually built a Web portal that doctors could log onto. The portal leads to their email, region-specific content, call schedules and billing information. The main page has a button for physicians to access their applications. When the doctor clicks the button, a FirePass session window opens and they are authenticated and begin working. Physicians are unaware that they have left the portal and are on a secure FirePass page, which meets HIPAA compliance requirements. FirePass can monitor log-ins and perform pattern-based intrusion detection.
IPC also controls access to different parts of the site and different applications, depending on the users. A doctor may see one landing page; a back office administrator may see another.
Since IPC deployed FirePass, productivity has increased, help desk calls have dropped dramatically and billing efficiency has improved, Ederly said. Now, doctors can access information from many more locations than before, including terminal services.
"That used to be a huge pain for the doctors who wanted to do their billing from a public terminal at a hospital," Ederly said. "They simply couldn't -- due to port restrictions -- and would have to take their work home."