UZ Brussel

Keycloak

How IS4U streamlined and secured the registration for UZ Brussel’s PrimUZ patient portal

To give patients access to their own patient data about upcoming or past consultations, information concerning medication or vaccination, and so on, UZ Brussel developed the PrimUZ patient portal. UZ Brussel and its partner hospitals wanted to guarantee a smooth, secure and reliable registration as well as multiple login options. They counted on IS4U, the Identity and Access Management (IAM) competence center of the Cronos Group, to make that happen. IS4U’s solution met UZ Brussel’s need for data protection and user friendliness without compromise.

The client

UZ Brussel is a university hospital affiliated with the Vrije Universiteit Brussel. Almost 4,000 employees see to the care of both Belgian and foreign patients. Every year the hospital has more than 30,000 admissions and almost as many day-care visits, with an additional 360,000 consultations for various medical specialties. Clinicians collect and update all relevant information about these patients in an electronic patient file platform called PrimUZ.

The numerous patients at UZ Brussel can in turn consult their personal patient file via PrimUZ before and after an admission or consultation. As patient data are highly personal and often contain sensitive information, UZ Brussel turned to IS4U to take the registration and access module, which ensures an easy login process, to a higher level in terms of security, user-friendliness and cost efficiency. IS4U started with a thorough needs assessment followed by workshops in which possible technological solutions were presented to UZ Brussel.

Consolidating technologies for cost efficiency

UZ Brussel was looking for a cost-efficient solution to consolidate different software technologies, as PrimUZ is not only used by UZ Brussel, but also by partner hospitals such as Jan Palfijn in Ghent or AZ Rivierenland in the Antwerp region. By switching to Keycloak, Red Hat's open source identity and access management solution, all hospitals can now provide their patients with a user-friendly and highly available tool which guarantees an easy and secure sign-in to PrimUZ at all times.

“Our old solution was based on a reverse proxy with a one-time acquisition cost and a recurring maintenance cost. For our partner hospitals this was not an ideal situation. With Keycloak they enjoy a significant and necessary cost reduction,” according to Robin Demesmaeker, Manager ICT Infrastructure at UZ Brussel.

Expanding sign-in options

A second challenge UZ Brussel faced was the need to expand PrimUZ's login possibilities. “Authentication of a patient's registration was already possible with eID or via SMS, but the itsme app also had to be included in the list of options. Especially as the app makes it very convenient for patients to validate their identity,” says Robin Demesmaeker. The integration with the Federal Authentication Service, which can be used for eID and itsme login options, was also taken care of by IS4U.

Moreover, for foreign patients, who don't have access to eID or itsme, SMS verification used to be the only possible registration method. Yet with a foreign phone number, they did not always receive an SMS on time so an alternative was much needed. That is why IS4U provided an integration with support for the Time-based One-Time Password (TOTP) algorithm. This allows patients to confirm their login with a string of dynamic digits of code via authentication apps such as Google Authenticator.

So the solution with Keycloak guarantees a smooth link with eID, the itsme app, SMS authentication as well as TOTP apps. The single sign-on software enables patients to log in once, after which they automatically have access to all the information in their patient record via PrimUZ. “Given that Keycloak is open source, we could easily adapt the software. For UZ Brussel this meant we wrote plug-ins to ensure the integration with SMS OTP for the different SMS providers of partner hospitals. By virtue of the open source framework, we didn’t have to start from scratch, which enabled us to deliver the custom-made solution even faster,” says Brahim Raddahi, Security Operations Engineer at IS4U.

The finishing touch

IS4U didn’t stop there. The Kontich-based scale-up assured that partner hospitals can easily integrate and use the Keycloak solution. In that way, their access management of PrimUZ works flawlessly. Additionally, IS4U advised the internal team of UZ Brussel on how to implement custom theming for each partner hospital. This makes sure that the look-and-feel of the portal corresponds with their respective corporate identities and branding guidelines.

UZ Brussel and its partner hospitals also enjoy the advantage of central authentication to secure other applications in a similar way. Finally, IS4U’s experts are on the ready at all times when questions arise or support is needed.

Result: IT department unburdened

UZ Brussel now has a future proof solution in its hands to offer its patients a reliable and straightforward login process to access their personal patient files. The access management solution is not only open source, but also functions as a central platform which means that other applications in the hospital’s environment can use the same login method without extra hassle.

“I look back on the collaboration with IS4U with great satisfaction,” says Robin Demesmaeker. “They unburdened our IT department which, in turn, is now able to focus more on further developing the core of PrimUZ. IS4U offered security, ease of use with a greater array of login possibility and fluent scalability to our partner hospitals. All of this within budget. I find it impressive how IS4U quickly understood our needs, even in the challenging environment inherent to hospitals.”

In need of an Identity and Access Management solution?

Our experts advise and inspire you in determining the right Identity and Access Management strategy.

With the right strategy, your applications will be ready for the future.