How New York City Health + Hospitals Built a Strong Identity Program During COVID-19 With SailPoint


The pandemic has affected nearly every sector, but the healthcare industry has been disrupted like no other. Healthcare systems have expanded their workforces and redeployed virtually overnight in order to meet the challenging needs of the crisis.


NYHHC is an integrated health care system of hospitals, neighborhood health centers, long-term care, nursing homes and home care. Being the largest healthcare system in the US, they needed a solution that could automate the user lifecycle processes across their eleven hospitals and handle the large volume of access requests they receive. Such a crucial time has demonstrated how and why identity governance is not only a business enabler but also a business accelerator.


We connected with New York City Health + Hospitals, a customer of identity security company SailPoint, on their biggest wins from their identity program and results that other healthcare organizations, especially during the COVID-19 era, can reference for their own programs.

Read more in this Q&A with Andrew Greenspan, senior director of identity and access management of New York City Health + Hospitals below:


What was the problem that NYHCC needed to solve?


"When I first joined NYHCC nine years ago, the identity program consisted of two in-house, incumbent identity access and management products. They were slow and disjointed, creating a headache for our IT team and potentially exposing big security gaps. Being the largest healthcare system in the US, we needed a solution that could automate the user lifecycle processes across our eleven hospitals and 100 clinics to handle the large volume of access requests we receive."


What kind of solution was NYHCC looking to implement? What features or capabilities did the solution absolutely need to have?


"We were in need of a solution that would first help us consolidate process and access across our network. At the time, there were different onboarding and offboarding processes across the eleven hospitals, creating confusion and added labor. My main goal was to implement a solution where we were able to consolidate that into one automated process. With SailPoint, the process went from provisioning a user – that is, setting up login credentials for the systems they need to access – in days to provisioning a user in an hour. Anytime a healthcare professional is forced to wait for identity provisioning, lives can literally be put at risk.

This risk, of course, was amplified with the COVID-19 pandemic. With the focus of lifecycle management in mind, I sought to ensure that provisioning processes were solid for every location and done similarly in every location. In a crisis or disaster scenario, many elements come together to enable patient care, not least of which is the ability to quickly assemble a large number of clinical and non-clinical personnel. Ineffective or insufficient identity provisioning can create numerous risks – which we did not have to worry about since choosing to work with SailPoint."

Talk about the implementation of SailPoint - what was it like standing up the deployment? What kind of support did SailPoint offer?


"With SailPoint, our program didn’t have to “adapt” because the solution was able to meet the demanding requirements. The onboarding process was rapid and seamless, while still maintaining the confidentiality and availability of protected health information that flowed through the health system, such as the applications and platforms.


We performed a multi-tier phased implementation and broke into 7 distinct phases. As one phase started the construction phase, we started the planning phase for the next. This shortened the program by over a year, allowing us to implement the first into production in 4 months with our connector for AD and PeopleSoft with an external connector for one of the other agencies we are required to integrate with. We added several hospitals in each phase and in the final phase we incorporated our Epic EMP connector for all hospitals that were on Epic at that point. As more hospitals converted to Epic we added those with just an update to the selection rule."


What were the results of the deployment? What were you impressed with?


"With SailPoint, NYHCC has built a strong identity program that can stand up to our changing business needs. We now have accelerated provisioning user access from days to an hour. We also have been able to automate the lifecycle processes for employee (EMP) records with the Electronic Health Record (EHR) system.

The pandemic has affected nearly every sector, but the healthcare industry has been disrupted like no other. The healthcare systems have needed to expand workforces and redeploy virtually overnight in order to meet the challenging needs of the crisis. Since having already partnered with SailPoint, NYHCC was able to successfully adapt to the pandemic’s demands while smoothly onboarding 10,000 new employees in just a six-week period – our biggest win from the identity program. This alone was a major success compared to the previous year where we only implemented 6,900 which took over a year."


###