Automating Healthcare
Solving business problems with savvy automation

User Access Request Tracking

Business problem
The IT user access team, which handles all requests for access to enterprise systems, was using a home-grown Microsoft® Access™ database to track all requests. Not surprisingly, the shared database was slow and periodically became corrupted, requiring hours of work to rebuild. The team needed a tool that was reliable, fast and integrated with other databases.

Keep it simple
All system access requests are made via the IT Requests application on the intranet. These requests are routed to the user access mailbox via e-mail. User access staff review the request and decide exactly what access the requestor needs. At this point, they need a way to track each part of the request until it is completed.

Because we already display computer account data in People Profiles, it made sense to integrate user access tracking into that application. In the Computer accounts section, a "Create new Account" link (only visible to certain IT staff) offers a list of types of accounts and a request status (pending, active, etc.). To add a new request to the queue, one can select the type of account and a status and update the page (shown below).

The new request is displayed with the other accounts with a "Pending" notation (shown below).

Note: If the request is for a network account, the provisioning process is fully automated. As soon as the network request is added to the queue, an automated script uses an algorithm to select a network login for the user and create an account in Active Directory.

Still in People Profiles, user access staff can then select "Account Maintenance Queue" from the application menu and select the specific queue (shown below).

All incomplete requests in that queue are displayed. To complete the request, user access staff simply change the status (shown below) and, for new accounts, input the temporary password (to be changed at first login).

The user comment field may be used for any purpose, including reasons why a request is on hold (shown below) or the date when a worker switched between employee and non-employee status.

The intranet data quality dashboard provides a quick tally of pending requests in each queue.

There are also links for pre-populated e-mail messages for user access (shown below).

Once user access receives a signed security agreement, they use the first link (shown above) to send worker's department manager an e-mail message containing userID and temporary password (shown below). It is the manager's responsibility to get this information into the hands of the worker.

If the account is for a clinician, a different message is first sent to the department manager (shown below).


  • Although most IT groups use the Remedy (formerly Magic) task management system, a simpler, faster tracking process worked better for the user access group.
  • User access has a fast, stable process that is tightly integrated with all other data about workers and their system accounts.

Lessons learned

  • The simplest solution is almost always the best. We could have forced user access to use the same task management system as the rest of IT, but that would have made their tracking more complex and time-consuming, and there was no compelling reason why their tasks needed to be tracked in the same place as everyone else's.

Posted 19 July 2008


Custom Applications
ADT Event Alerts
Clinical Operations

Integrated Clerkship

On-call Schedules
People Profiles
Chronic Disease

Security Badge Requests
Charge Capture
Mental Health Treatment
      Plan Tracking

Earned Time Calculator

Supervisory Tree
E-mail Distribution Lists
User Access Requests
HR Requests
Employee Health &

Interpreter Dispatching
Generic Patient Registry
Conference Room

Tuition Reimbursement
Equipment Rental
Code Cart Tracking
Nursing Audits

Show me the data
Growing a Data

Building a Data Portal
Reporting on Full Auto

Intranet Design
Driving With Databases
Speeding with Static

Transparent Security
      and Permissions

Redesigning the

Who works here?
Organizational buckets
System access: Who
      has what?

System access: Use
      it or lose it

Integrating Security

Integrating Provider

Creating A Supervisory

Data Quality Dashboard


RSS Feed