Demo Passwordless Login
Get a Free Trial

The Nevis Experience
for Health Info Net AG

Download Flyer

HIN looks to Nevis for secure logins in the healthcare sector

Aaron Akeret

Was Kunden über Nevis sagen

«The ongoing development of the HIN platform is taking place in close cooperation with Nevis. Our mutual goal is and remains the digitalization of the Swiss healthcare system and the continued push for the added user convenience and efficiency that come along with it.»
Aaron Akeret, Solution Engineer & Enterprise Architect, HIN

Initial Situation

HIN relies on Nevis AG solutions for Identity and Access Management (IAM), the verification of user permissions. Our quick and seamless solution as well as the flexibility to incorporate new authentication procedures were crucial to our cooperation which began in late 2013.

The migration of the IAM process proved very challenging as there were already 100 connected services at the start. The way these services are accessed was completely replaced, a process akin to an open heart operation. End-to-end testing was particularly challenging. The main issue here was to resolve initial performance problems: the HIN client to be installed on the respective workstations, the one usually used by doctors in private practices, contained added restrictions that limited the performance of the Nevis browser-optimized solution. As such, the solution had to be optimized for HIN’s requirements. Moreover, a lazy migration was impossible. Instead a big bang migration had to be performed – so a hard transition from the old to the new IAM system.

Solution

Today, all applications offered by HIN are protected by Nevis IAM. This involves automated reconciliation of data from the ERP system with the identity management, which creates users and assigns roles. Depending on which applications users obtain from HIN, they receive different permissions in the identity management. Reconciliation between the ERP and IAM takes place in real-time.

Application security is accomplished using various mechanisms including a web application firewall. This eliminates the possibility of data extraction through SQL injection or cross-site request forgery (attacks via the web channel). Passwords are only stored as a hash value and password policies define both the required length of the passwords as well as how frequently they should be changed. The solutions were audited and certified by KPMG in accordance with the Swiss eHealth standard – including the data center in Switzerland, which ensures that sensitive data does not leave the country’s borders.

The high level of flexibility of Nevis solutions is fully exploited by doctors for both the electronic health record and the Covid code web application. Both rely on Nevi’s secure authentication and integrate third-party applications to add a necessary range of functions.

About HIN

In the Swiss healthcare sector, Health Info Net AG (HIN) is considered the standard for secure communication and it assumes the role of electronic identity provider (IDP) for healthcare professionals and facilities. In this capacity, HIN assigns certified electronic identities that allow healthcare professionals to easily and securely log in to relevant professional applications like referral portals or the EHR (electronic health record). HIN services facilitate secure communication and cooperation within the HIN community as well as secure access to web applications – current examples include the EHR in Switzerland as well as the SwissCovid app.

More Customer Stories

Healthcare and Life Sciences
Clinerion – Patient Network Explorer
Clinerion – Patient Network Explorer
Secured access to Clinerions' patient network explorer using passwordless two-factor authentication in accordance with the Nevis FIDO standard
Banking
PostFinance – Passwordless Access to Accounts
PostFinance – Passwordless Access to Accounts
How PostFinance doubled the number of customer interactions thanks to Nevis. Once the account is activated, the customer logs in securely via fingerprint.
Banking
UBS – E-Banking Access Management by Nevis
UBS – E-Banking Access Management by Nevis
Since 1997 and until today, Nevis protects the most important access points of UBS clients: e-banking, phone, mobile banking, Multimat ATMs, OFX and UBS Quotes.