Twitter Facebook Google Plus Linkedin email Print Pdf


EPSM Morbihan – A psychiatric hospital maintains the confidentiality of patient records

Posted on 05 October 2010 by Pierre Picard

Ensure safe mobility

The primary mission of EPSM (Public Institution of Mental Health) in Morbihan, France, is to provide psychiatric care for children, adults and seniors. It combines a number of health and social facilities for consultation, medical care and accommodation. Besides its main hospital site, EPSM Morbihan manages 40 decentralized consultation sites – psychological, medical and day hospital centers that facilitate the social reintegration of patients.

To treat and manage patients, doctors and nurses are required to walk frequently around many buildings and sites in the main hospital. EPSM Morbihan has therefore deployed a Citrix-based virtualized architecture to realize substantial savings on IT investment and enable health professionals to access medical applications everywhere. Via simple terminals, doctors and nurses use 20 medical applications, including patient record management.

But are clinicians really mobile if they have to enter passwords whenever they access the stations and launch applications? This lost time penalizes their relationship with patients, most of whom require constant attention. EPSM Morbihan therefore decided to strengthen security while eliminating the constraints of passwords, using instead France’s CPS healthcare professional smart card for authentication.


Increasing time spent with patients

EPSM Morbihan selected Evidian Enterprise SSO for its compatibility with the national health professional smart card and its many features specially adapted to hospital activity (kiosk mode, roaming sessions, delegation…) Enterprise SSO is coupled with Evidian’s directory synchronization utility, resulting in an end-to-end security solution: from the registration of a user and her access rights to strong authentication on kiosk PCs.

“Ensuring patient access to care is a major requirement for our institution, as well as privacy,” says Claude Salomon, head of information system of the EPSM Morbihan. “We chose Evidian for its integrated solution, which provides identity management, connects to our identity repositories and forward individual roles to applications by validating users’ access rights.”

“The Evidian solution brings us substantial benefits on a daily basis. Security is ensured with strong authentication and name based access to kiosk sessions. Clinicians have quickly adopted the system. Their work is made easier by the roaming session and SSO access to applications, so they have more time to dedicate to their patients.”

Claude Salomon, Head of Information System, EPSM Morbihan

Facilitating the job of clinicians

It was important for EPSM Morbihan’s staff to spend as little time as possible on purely technical aspects and focus on how the solution was to be used. The Evidian solution natively takes into account kiosk stations, roaming sessions, the CPS smart card, Citrix environments and typical medical applications. Therefore, the project was able to focus on the needs of clinicians.

“With Evidian, we chose a non-intrusive solution. We are not a development center and don’t want to modify applications from public and private publishers. Evidian allows us to manage all our use cases. For instance, clinicians share desktops in kiosk mode – most of them do not have an office of their own. A nurse may be required to work in a common office, a pharmacy or even a doctor’s office in his or her absence – roaming sessions are fundamental to us. So we wanted to enable mobile work: when clinicians move around in care units, they are followed by their work environment” says Claude Salomon.

Enhanced Security

The project made it possible for EPSM to streamline its security policy. While clinicians previously logged into generic sessions, the solution now links every login to a clearly identified health professional.

Each smart card is linked to an individual. The Evidian solution maintains a genuinely comprehensive identity repository from human resources data. It includes health professionals employed in the hospital, but also nursing students, interns, trainees or suppliers” says Claude Salomon. “Every time a card is assigned to an individual, the Evidian ID Synchronization tool updates our LDAP identity repository. And when the person leaves, he or she vanishes from the directory and can no longer access EPSM Morbihan’s information system.

For the 6 people in the IT department, the project has significantly reduced the number of calls due to password loss. While users previously needed to remember up to three passwords, they now only need a PIN code. And when they lose their card or forget their PIN code, a simple procedure allows them to obtain a temporary password to perform their work.

Facts and Figures

  • • Hospital covers an area of 330,000 inhabitants.
  • • Capacity for 1000 patients.


  • • 1300 IT users.
  • • 20 applications.
  • • 700 PCs with Citrix XenApp.


  • • Strong authentication access.
  • • Use professional smart card for login.
  • • Single Sign-On to applications.


  • • Increased confidentiality of patient records.
  • • Procedures simplified and secured on kiosk PCs.
  • • Strong reduction of helpdesk calls.

For more information >>>

Comments are closed.