Mercy Health System increases care provider satisfaction and speeds access to EpicCare EMR with Imprivata OneSign


Locations:64 facilities throughout southern Wisconsin and northern Illinois





  • Password management was a significant burden on IT
  • Need for 8-10 passwords per user was impeding workflows and speed of EMR access in inpatient and ambulatory scenarios
  • User sharing of login credentials created HIPAA compliance risk


  • Simplified access to EMR and non-clinical applications by reducing password headaches
  • Reduced IT helpdesk calls
  • Increased physician satisfaction with fast access and improved workflows
  • Improved HIPAA compliance

Since 1989, Mercy Health System has grown from a stand-alone community hospital with no employed physicians and no ambulatory care centers into a comprehensive, vertically integrated health system offering an extensive network of primary and specialty care physicians, three hospitals, subspecialty centers of excellence, insurance products, long term care, retail services, and preventive health and wellness programs. Today, Mercy operates a 240-bed hospital in Janesville, Wisconsin; a 25-bed hospital in Lake Geneva, Wisconsin; and a 45-bed hospital in Harvard, Illinois. In addition to hospital-based services, Mercy provides clinic-based services, post-acute care and retail services, and insurance products. Mercy sees more than 1.1 million patients annually and employs nearly 4,000 partners, over 400 of who are employed physicians. To fulfill its mission of promoting healing in the broadest sense, Mercy is committed to providing patients with the latest technology, the best medical teams, and expert, compassionate care. 

Mercy’s integrated healthcare system, which comprises 68 facilities serving 26 communities in two states, is supported by a single, centralized IT department. Mercy uses heterogeneous EMR systems, clinical applications, and business programs, and its users log in from PCs, thin clients, Computers on Wheels (COWs), laptops, and tablets in different environments. When a 2010 study revealed that, on average, a Mercy clinical staff member had 8-10 passwords — each with different rules and expiration dates — to access systems during a typical work day, the IT team knew there had to be a better way.

The business challenge

Because Mercy’s user passwords were neither centralized nor on a common expiration schedule, the IT helpdesk received thousands of password resets calls over the course of a year. In addition, as Mercy prepared to deploy EpicCare in its inpatient environment, IT wanted to streamline workflows and speed clinician access in both Epic EMR inpatient and ambulatory scenarios. In addition, they wanted to eliminate all employee excuses for sharing login credentials. With all these challenges converging at once, Mercy’s IT team decided it was time to evaluate single sign-on (SSO) solutions.

“Although reducing helpdesk calls was a key concern, increasing clinician satisfaction was the most important driver,” said Jeremey Burton, System Analyst at Mercy Health System. “We needed to speed clinician access to both EMR and non-clinical applications, enabling clinicians to get in and out of patient charts quickly while securing the workstation for HIPAA compliance purposes.” Burton also wanted a single sign-on solution with support for biometric or dual-source authentication. 

The Imprivata OneSign solution

During the SSO evaluation process, each member of the IT selection team researched and championed an assigned option. Then the team held “Open Labs” with top vendors to get user feedback, evaluating solutions based on ease of use, fast access to EpicCare, compatibility with diverse application delivery formats, and simplicity of configuring new applications. In the end, Mercy selected Imprivata OneSign® Single Sign-On solution. 

Imprivata OneSign simplifies the user’s login process to the tap of a keycard at the workstation, eliminating the need to type a username and password for accessing each application. Strong authentication secures protected health information, while single sign-on seamlessly logs clinicians into the EMR and other applications so they spend less time waiting to access patient records and more time caring for patients. 

“Imprivata OneSign met all of our requirements,” explained Burton. “It performed exceptionally well in our Open Labs, integrated seamlessly with Epic, and received very positive user feedback.” Mercy’s IT team was also impressed with Imprivata’s SmartEpicLock tool which allows IT to flexibly configure different user switching workflows based on the user needs at each workstation while taking advantage of Epic’s built-in functionality for fast and secure locking of records between care providersclinicians in an both ambulatory and inpatient environments.

Mercy’s IT team first rolled out OneSign to the business areas where users had more flexibility and the workflows were less complex. Next, IT deployed OneSign in the system’s 31 clinics, then in ancillary departments like radiology and labs, and finally in all the inpatient areas. Mercy took a “train the trainer” approach to familiarizing users with OneSign.  IT spent about a half hour teaching non-inpatient clinical supervisors how to get users enrolled, gave them a Quick Start guide and a OneSign manual, and sent them off to train their staffs.  On the inpatient side, the IT team provided a 15-minute SSO introduction during EpicCare training, which was all it took to bring users up to speed. 

“No arm twisting was required to get our employees to use OneSign,” said Burton. “Anything you don’t force on people that makes their lives easier is going to be well received.  As word of OneSign spread throughout the organization, people couldn’t wait to get it.” 

The results

Today, Imprivata OneSign offers Mercy care providersclinicians, technicians, business users, and administrative staff fast, easy single sign-on to a wide variety of applications, including the EpicCare inpatient and ambulatory EMR systems as well as timekeeping, email, and learning programs. With OneSign, an end user logs onto applications by tapping his keycard to a workstation. When workflow requires that he switch workstations, another tap of the keycard logs him out — all while maintaining the highest levels of data security.  

“Clinician satisfaction is very high because SSO has improved workflows and delivered faster access to patient records,” said Burton. “Almost 95 percent of our user population adopted OneSign voluntarily. We recently reached out to the remaining 5 percent to reemphasize the benefits of OneSign and to encourage them to use it. Today we have only a handful of users who do not use SSO – mainly users who do not use PCs in their jobs.” 

Mercy’s IT team has enabled on their  own more than 56 applications for SSO to date. Mercy users no longer need to remember multiple passwords to applications that they may use only infrequently. As a result, Mercy has significantly reduced help desk calls for password reset, enabling IT to focus on more strategic projects. 

Imprivata OneSign is a big win from a HIPAA compliance perspective, too. “Previously, some users would complain that logging in and out of a system between each user was too inefficient and impossible in a fast-paced clinical workflow. Deployment of OneSign has eliminated all excuses for sharing credentials by making user login and application access both fast and easy,” added Burton. “It’s not that users wanted to be insecure before we had SSO, but we needed a solution that allowed them to be compliant without sacrificing quality patient care and OneSign provided that.” 

What are Mercy clinicians saying about OneSign?

“Don’t ever take this away from me.”

“I can’t live without this. This makes my life much easier and simpler.”

“Finally, Information Systems is doing something to improve my work life.”