PhenixID for Cambio Cosmic

Summary

Cambio Cosmic is a healthcare informations- and process application used widely within the healthcare and welfare sector. Cambio Cosmic handles high sensitivity information such as patient journals which requires a high level of protection while still maintaining an ease-of-use for end users.

PhenixID delivers strong login and authorization for Cambio Cosmic to provide a secure and easy login experience on any type of device – desktop, tablet or cell phone – while still meeting security standards and best practice requirements.

PhenixID also delivers account provisioning for Cambio Cosmic to provide automatic on- and off-boarding of users to keep manual updates to a minimum.

Background

Cambio Cosmic is a healthcare informations- and process application used widely within the healthcare and welfare sector.

The applications from Cambio Cosmic are delivered for different devices such as desktops and tablets.

Cambio Cosmic application platform varies from web-browser based, rich client (.exe) to native apps for tablets.

Cambio Cosmic handles high sensitivity information such as patient journals which requires a high level of protection while still maintaining an ease-of-use for end users.

To make sure user gain access to the Cambio Cosmic applications in a secure manner, a strong login-method must be used. However, the login, authentication, is not enough. The authentication only tells who you are but not what you are entitled to do in the target application. Your entitlements are fetched in the process called authorization.

On the swedish healthcare- and welfare market, the common login-method is to use a smart-card. The smart card, issued by SITHS or EFOS, allows the user to login to different applications, such as Cambio Cosmic.

Given the fact that some Cambio Cosmic applications are only used on tablet devices, it comes with some issues connected to the authentication procedure. How can I connect a smart card to the tablet? Is there a more mobile-device-friendly method, such as a mobile app, that can be used for login? Is it possible to handle a shared devices with multiple-users-per-device scenario when it comes to access?

Regardless device and authentication method, how can we be sure that the user only gains access to the Cambio Cosmic data he or she is allowed to, based on his or her entitlements?

Onboarding new organizations, known as provisioning,  to use Cambio Cosmic should be quick and automatic without manual procedures.

Solution

Authentication and authorization

Securing authentication (login) and authorization (entitlements) to Cambio Cosmic is solved through technical industry integration standards.

For authentication on tablets, smart card readers can be used to utilize smart card authentication. This, however, comes with technical issues and a lack of user-friendliness. Instead, new initiatives are coming which utilize login via a mobile app for login instead of a smart card. Mobile EFOS is such an initiative. PhenixID OneTouch is another such solution.

These mobile apps can be installed on cell phones or tablets.

The mobile app login methods can also be used to login to Cambio Cosmic on a desktop. The user initiates the login procedure on the desktop by entering a userID, for example a HSA-id. Using the mobile app, the login procedure is completed by entering a pin code on the mobile phone. This is called out-of-band authentication.

Some mobile apps for login allows for many users which solves the issue with multiple-users-per-device.

Provisioning

Automatic user provisioning is a feature that will handle the process of onboarding new organizations to Cambio Cosmic applications.

PhenixID

Authentication and authorization

PhenixID provides solutions to handle authentication and authorization for Cambio Cosmic on any device.

PhenixID provides login-methods based on smart cards and mobile login apps to make sure the user can login on any device.

The mobile login app PhenixID OneTouch allows for multiple users which solves the issue with multiple users per device (shared device).

These images shows example of the PhenixID login screen for Cambio Cosmic on desktop, web browser and tablet.

Features

• Combine one or more login methods: SITHS, EFOS, Mobile EFOS, PhenixID OneTouch, eIDAS, SAMBI and more.
• Provide different login methods based on Cambio Cosmic application
• Provide different login methods based on device type
• Provide different login methods based on location
• Smart mapping feature for out-of-band authentication. User must not know complicated user ID (for example HSA-id), instead, something more user-friendly can be entered
• Easy procedure to tailor-make look-and-feel
• Fetch user attributes and entitlements from one or more sources such as Active Directory, LDAP, SQL
• Quick and easy deployment with expertise support from PhenixID
• Based on industry standards to make components pluggable

Provisioning

PhenixID provides, in collaboration with Tieto, solutions to quickly provision users to Cambio Cosmic from various data sources, typically the user directory of the organization.

Features

• Fetch users to provision to Cambio Cosmic from one or more sources, such as Active Directory, LDAP, SQL
• Create reports based number of Cambio Cosmic users etc

References

More resources

• Showcase of Cambio Cosmic login on iPad: https://youtu.be/8XOKnLxkH4s

Please contact PhenixID to find more information about our solutions for Cambio Cosmic.