Automating Healthcare
Solving business problems with savvy automation
 


Security Badge Requests

Business problem
There was no clear process to request a security badge or to select access rights; names, titles and departments were spelled inconsistently in the security badge database; badges were not inactivated when workers left the organization; workers had multiple active badges. The security badge process needed an overhaul.

First fix the process
There were two fundamental issues to address:

  • Lack of information — the security department existed in isolation, with no data about changes in workers and departments.
  • Lack of controls — without audit tools, there was no real control over who was issued a badge or what rights they were granted.

The lack of controls could only be addressed after the current database was cleaned up. Because there was nothing to connect a person in the security database with any other database, every one of several thousand people had to be researched and identified. Those who had left were inactivated; duplicate badges were inactivated; and every remaining individual was linked to other systems with an ID number. This was all done by IT, and was a huge effort. Several audit reports were developed (see "Security" in Data Quality Dashboard) to provide controls over the process.

The lack of information was addressed by Integrating Security Badges into the larger data flow for the organization, and ensuring accurate, timely data for security about workers, departments and supervisors.

Now automate the process
With a solid base of data and a clear understanding of the security badge process, we could automate the process for requesting badges.

The first screen that everyone sees (regular workers and their managers) is a worker lookup (shown below).

  • The same four menu tabs are displayed for everyone.
  • Anyone can submit a request on behalf of anyone else.
  • All requests must be approved by someone in the supervisory tree over the worker whose badge is being requested, or by the department manager for the worker's primary position.
  • If the requester is already in the supervisory tree over the affected worker, the request is automatically approved.
  • Approve Requests tab only shows approvals pending for the current user, if any.
  • Reports may be run only for the current user or anyone below the current user in the supervisory tree.

Assuming that more than one worker matches the name used in the search, enough information is displayed to ensure that the correct person can be selected (shown below).

Clicking the name of the correct worker loads a blank request form for that worker (shown below).

If the request is to modify badge access, the badge itself does not need to be changed (as shown above). If the badge must be replaced for any of several reasons, the worker name, title and department are displayed as editable fields (shown below). This allows for fine-tuning the title, for example, to fit in the limited space on a badge.

If the request is to modify badge access, the requester can select any publicly-available locations to add to the badge (shown below).

  • If the requester is the owner of the badge or someone in the supervisory tree over that worker, the current permitted locations for the badge are shown.
  • Certain locations are restricted (such as pharmacy) and not displayed on the list. Those locations must be requested via an off-line process and managed directly by the security department (a process decision, not a technical issue).
  • If a new worker needs the same access as an existing worker, a quick shortcut is to copy the locations from the existing worker (the list of locations being copied can be edited).

Each of the locations listed above contains one or more badge readers. To see exactly which badge readers are covered by any location, click the name of the location (shown below).

In this case (shown below), seven readers are included in the selected location. By reviewing this list, the requester can ensure that the worker will have access to all (and only the) necessary doors.

When finished, a final review screen allows the requester to ensure that the request is complete and accurate (shown below). When the request is actually submitted, everyone involved (requester, requestee, approvers) are notified via e-mail at each step in the process.

The approver(s) receive an e-mail with the details of the request and a direct link to the request (sample shown below).

When a manager selects the "Approve Requests" tab, any pending requests for which that manager is an approver are listed (shown below). If the manager is in the supervisory tree over other managers, a link is displayed for requests in all managed departments.

Selecting the link for pending requests in "all of your departments" (shown above) opens a page with the details of all pending requests in those departments (shown below). Each pending request may then be approved or denied.


[Click the image above to see the full size image]

When a request is approved, the confirmation screen includes the details of the request and instructions for the approver to communicate to the worker (shown below).

Anyone may run a security badge report at any time. Workers see only their own requests. Manager see all requests for their department(s) and anyone below them in the supervisory tree. The reporting query offers a fair amount of flexibility (shown below).

For example, a summary report listing all approved requests for a senior manager during a two-month period is shown below.

To see the detail for any request, the manager clicks the name of the worker, and the detail is displayed (shown below).


Name/title/department changes

Whenever a change is detected in any worker's name, title or department, that worker's badge is flagged for the security department. The relevant data about the worker is displayed in a special report (shown below) to allow security to decide whether the change is significant enough to require a new badge.


[Click the image above to see the full size image]


Approving badge suspension
s
When a worker is no longer active anywhere in the enterprise, their badge is flagged in a special list (shown below)for security to determine whether to suspend their security badge. Likewise, whenever a duplicate, active badge is detected in the security badge database, the duplicate badge is flagged for suspension.


[Click the image above to see the full size image]


Display names for access rights

System names are often ugly. They may be stored in all upper case, or abbreviated, or use technical terms. It is generally best to have an alternate, "friendly" name for display purposes. For each security badge access right, security has a tool to define the campus (for grouping), the facility, the display name, and any display restriction. For example, some sensitive areas are restricted to specific users with special permissions (shown below).


[Click the image above to see the full size image]


Outcomes

  • Significantly less time spent on badge process by security staff, with all aspects of badge predefined before worker arrives for photo.
  • Tight control over all aspects of the security badge and access control process (previously impossible).
  • Clearly defined process for requesting and obtaining security badges.
  • Delegation of access level details to managers through an easy-to-use tool.

Lessons learned

  • Don't give up on automating a process if there is some initial resistance. It took three years to get everyone on board for this project, but we eventually won them over and the security department now views the automation as essential to their success.


Posted 20 May 2008

   


Custom Applications
ADT Event Alerts
Clinical Operations
      Dashboard

Integrated Clerkship
      Registry

On-call Schedules
People Profiles
Chronic Disease
      Registries

Security Badge Requests
eSignout
Charge Capture
Mental Health Treatment
      Plan Tracking

Timesheets
Earned Time Calculator
Non-employee
      Management

Supervisory Tree
E-mail Distribution Lists
User Access Requests
HR Requests
Employee Health &
      Safety

Interpreter Dispatching
Generic Patient Registry
Conference Room
      Scheduling

Classifieds
Tuition Reimbursement
Equipment Rental
Code Cart Tracking
Nursing Audits

Show me the data
Growing a Data
      Warehouse

Building a Data Portal
Reporting on Full Auto

Intranet Design
Driving With Databases
Speeding with Static
      Pages

Personalization
Transparent Security
      and Permissions

Redesigning the
      Intranet

Foundations
Who works here?
Organizational buckets
System access: Who
      has what?

System access: Use
      it or lose it

Integrating Security
      Badges

Integrating Provider
      Directories

Creating A Supervisory
      Tree

Data Quality Dashboard

About

 
RSS Feed