[MT-L] Meditech and Single Sign-on

[Pidgeon, Mark]

Hello.

 

We’re a MAGIC 5.66 hospital and currently don’t have Single Sign-on (SSO) setup between Meditech and our Active Directory (AD). We do use fingerprint readers by Digital Persona Altus, which simplifies logging in for our users, but is still not truly SSO. I know Meditech has MLogin & Meditech Security Officer (MSO), along with a conversion process, and I was wondering if anyone has gone through this process and might have any feedback. Was it painful to do the conversion? Did you do a mass conversion or did you do it by department? Is the authentication process using MSO quick, or does it take several seconds to actually get into Meditech? How do you handle users that log into kiosks/public PCs? Any feedback would be greatly appreciated.

 

Thanks.

Mark

 

Mark A. Pidgeon

Sr. Systems Analyst

Saratoga Hospital

211 Church St.

Saratoga Springs, NY  12866

Phone: 518-580-2693

Fax: 518-693-4534,,,,2693

mpid...@saratogacare.org

 

 

 

 

 

This e-mail communication and any attachments may contain

confidential and privileged information for the use of the

designated recipients named above.

If you are not the intended recipient, you are hereby notified

that you have received this communication in error and that

any review, disclosure, dissemination, distribution or copying

of it or its contents is prohibited. If you have received this

communication in error, please notify Saratoga Hospital

immediately by e-mail at pri...@saratogacare.org and

destroy all copies of this communication and any attachments.

[Andrews Chris]

We are Magic/CS 5.67 and looking at potentially implementing SSO as well, would love to hear the same feedback!

 

Chris

 

 

Chris Andrews Application Specialist Health Information Technology Services

This information is directed in confidence solely to the person named above and may not otherwise be distributed, copied or disclosed. Therefore, this information should be considered strictly confidential. If you have received this email in error, please notify the sender immediately via a return email for further direction. Thank you for your assistance.

[Bill Wohlers]

We are a Magic 5.67 hospital.   We are currently in the process of implementing Meditech MSO.    The bulk of the conversions have been done as we completed all the nursing units and a number of other departments.

Our implementation process has been mostly 1 department at a time,  however, all the nursing areas were done together.

The change did result in a higher number of calls to the Help Desk for awhile.   But that has since settled down.

Once using the MSO authentication going into Meditech Live or Test is but a second or 2.   Very quick.

Public PCs is a little bit of a pain.   Users have to remember to enter their mnemonic and then hit ENTER and enter their password and then ENTER again.  

Using the mouse or TAB key will not authenticate you.  It will actually bring you to the Meditech log on screen,  which will continue to work until after your old Meditech password has expired.   

Meditech has in Development a proposal to allow the TAB key and mouse clicks to work.    But that is going no where fast.  This is by far the worst issue. 

When converting a user the TAB key and mouse clicks causes the same issues.  Otherwise,  converting is very quick and easy to do.

Let me know if you have any other questions.

Bill Wohlers

Information Security Officer

Technical Project Leader

Information Systems

Holyoke Medical Center

572 Beech Street

Holyoke,   MA.   01040

Tel:  413.534.2741

Fax: 413.534.2753

wohler...@holyokehealth.com

 

 

 

 

>>> Andrews Chris <andr...@HHSC.CA> 2/1/2017 12:02 PM >>>

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately and destroy all copies of this communication and any attachments. For further information regarding Holyoke Medical Center's privacy policy, Please visit our Internet web site at http://www.holyokehealth.com

[Gevaert,Gary]

We attempted to go with Meditech MSO and abandoned the project after testing it as it became too painful/confusing for our end users. We ended up purchasing a SSO solution which will help us bridge the conversion gap and also provide us with other features like badge login, obscure screen, dynamic printer assigns, etc.

 

Some of our pain points were:

1.     Public PC’s, we had to set them up in a separate domain for Meditech to recognize them as ‘public pc’s’ and therefore present the appropriate login screen (multiple login screens in fact as it will prompt you for both the AD one and the typical Meditech on a public PC as it doesn’t know whether the user sitting down is already converted or not)

2.     Public PC’s – users logging on had to follow an extremely precise process :

a.     They cannot use Tab

b.     They have to remember to ‘escape’ past the first login screen if they weren’t converted yet to using AD

c.     They have to enter in the correct domain (we have a multi domain environment); it did not default the domain to the correct one like windows does

d.     If they did not follow the order of user/pass/domain when filling in the login screen then the screen would simply go back to asking for your login info again, no alert/error

3.     Multi-role accounts – For every role a person had they needed to have a unique windows AD account. Wow! We have a lot of multirole users who have a single windows AD Account and multiple Meditech accounts. (just one of the issues around this is – which account gets the email address attached to it?)

4.     Conversion process – depending on what kind of user you were there were different conversion steps. It got to the point where I had a 4 page document (with lots of pictures) and users had to find their correct section which was a no-go.

5.     There is a conversion list that users go on when you enable the system (i.e. live), you take them off the list when you want them to get the conversion confirmation screen and then get converted (which takes a second). Sounds great but unfortunately that quickly became a problem because:

a.     The list is not sorted alphabetical or any manner that we could see so if you wanted to convert by department you had to scroll through the list to find the users one at a time. (and when you have 5000 users it can be a real pain)

b.     Second, you cannot add anyone new to the list so our plan to convert by department would not have worked as all new hires (of which we have dozens per week) would have been live right away thereby short-circuiting our rollout plan

 

That’s just off the top of my head…

 

Once we had it working in test (for our core group) it worked great, it was nice and fast but it was decided that all the other issues made it a no-go and we looked at purchasing an app.

 

Hope this helps

 

Gary Gevaert PMP | Project Manager, Information Services | Niagara Health

IT 2South, Welland Site, 65 Third Street, Welland, Ontario, L3B 4W6

(905) 378-4647 ext 44806  |  gary.g...@niagarahealth.on.ca

 

>>>> Practice Random Acts of Kindness and Senseless Acts of Beauty <<<<

 

From: Meditech-l [mailto:meditech-...@mtusers.com] On Behalf Of Pidgeon, Mark
Sent: Wednesday, February 1, 2017 9:56 AM
To: medit...@mtusers.com
Subject: [MT-L] Meditech and Single Sign-on

 

Hello.

CONFIDENTIALITY NOTICE: This electronic communication and attached material is intended for the use of the individual or institution to which it is addressed and may not be distributed, copied or disclosed to any unauthorized persons. This communication may contain confidential or personal information that may be subject to the provisions of the Freedom of Information and Protection of Privacy Act or the Personal Health Information Protection Act. If you have received this communication in error, please return this communication to the sender and permanently delete the original and any copy of it from your computer system. Thank you for your co-operation and assistance.