Molina Healthcare Builds Operational Efficiency with SailPoint

At our Navigate conference in Austin, we had the pleasure of hearing from a longtime customer, Molina Healthcare. During their session, Veda Sankepally, Manager – Platform Engineering shared their identity journey over the past few years. Here’s a recap on her session and an update on their program from the last time we updated you.

The Road to Automation

Molina Healthcare is headquartered in Long Beach, CA and was created after a physician saw an influx in patients visiting the emergency room for acute illnesses after they were turned away by doctors who would not accept Medi-Cal. Molina Healthcare became the first primary care clinic to treat low-income patients regardless of their ability to pay. Today the company sees over 5 million individuals in 15 states.

Molina Healthcare had developed a homegrown solution to assist with their identity management challenges. This system helped them onboard and offboard employees, which took 10-22 days to complete. As the company grew, the shortfalls of the homegrown tool become more apparent. Molina needed a solution that helped them meet regulatory compliance, had clear ownership and could grow with the demands of the business. The administration costs for provisioning access were rising, and users faced different and conflicting experiences from department to department. “We needed alignment on our systems, processes and the user experience. In addition to cost increases, employee productivity was decreasing due to the extended period of time it took to get them up and running,” Sankepally said.

Sankepally and her team outlined very clear objectives for their revived program. They needed to gain efficiencies by streamlining processes. Another major goal was to leverage an agile solution that would reduce their risk footprint by being able to respond and adapt to changes, while maintaining compliance. “We also wanted employees to have access to systems and tools with the appropriate level of permissions needed to be productive on day one,” she said. Sankepally’s research lead them to SailPoint who became the trusted partner for her vision.

Building on Success

As we mentioned previously, Molina Healthcare tackled self-service access requests and retired their home-grown solution during the first phase of their program. Since then, Sankepally and her team have focused their attention on automating the onboarding and offboarding process and allowing for day 1 user access to systems. “Enabling our employees to be more efficient and successful in their work has been one of the biggest rewards from this program. We have significantly cut down on time-to-access and received tremendous feedback on this piece of the program,” Sankepally shared.

They then went deeper with lifecycle management and implemented a role-based provisioning process. This process pre-populates access based on a person’s role within the business. “This was part of our goal to address operational efficiency. By simplifying the process for granting access by standardizing roles and operationalizing segregation-of-duties management, we have also improved compliance. By assigning roles to users on the basis of their individual job function, role-based access control not only conforms to the security principle of least privileged access but drives operational efficiencies by simplifying the fulfillment of user access,” Sankepally reflected.

Another area that Sankepally and her team have developed is user reviews and the certification process. By reviewing access at the manager and entitlement owner level, the organization is now better-aligned with compliance regulations. Being a healthcare organization, Molina is no stranger to a complex regulatory environment. With a more thorough review process in place, the team can now reduce risk by gaining complete visibility and enforcing the appropriate level of permissions needed for each user. “Compliance assurance was an important goal for the program – from the top-level down. We are much more confident in our ability to meet regulatory requirements with SailPoint,” Sankepally said.

Sankepally closed the session by sharing how, by integrating her identity program with ServiceNow, she’s been able to manage ServiceNow users’ access to different roles and group. When paired with their lifecycle management processes, events are triggered and managed from SailPoint, allowing these critical solutions to work together to stay in compliance. Molina has also extended identity governance to applications that do not support direct provisioning. When something is requested from SailPoint, it automatically creates a service request ticket in ServiceNow, providing closed loop auditing to track ticket completion.

Want to hear more about Molina Healthcare’s identity journey? Check out this podcast with HealthcareInfoSecurity.


Discussion