protecting unattended desktops from unauthorized

In clinical settings where desktops are located in highly
accessible areas, and/or shared amongst multiple physicians
and other clinicians, security best practices dictate that users
manually lock their desktop to defend against unauthorized
access to patient information records. Unfortunately, this
best practice is easily forgotten or ignored, exposing the
organization to patient privacy breaches and potential
patient safety issues. Physicians, nurses and other clinicians
benefit from increased access to clinical content at the
point of care. EMR applications provide instant access to
comprehensive patient information, providing clinicians a
historic and current perspective on the progress of patient
treatment. With this increased access comes increased
risk of patient privacy exposure. From accidental data
entry errors stemming from shared workstation use to
privacy snooping, unattended desktops pose a real threat
to hospitals and clinicians. Effectively using security access
technologies to automate clinical processes provides
healthcare organizations with the opportunity to deliver
both increased patient safety and patient privacy.
Traditionally, IT professionals have relied on inactivity timers
to terminate computer sessions when users step away
and fail to manually lock their desktops—if no mouse or
keyboard activity is detected over a period of time, the
desktop is configured to automatically terminate the user’s
To date, this approach has been ineffective. Inactivity
periods set too short lead to user frustration and
inconvenience when sessions are terminated too quickly.
Inactivity periods set too long create a serious security
risk—exposure to unauthorized access.
However, a new and revolutionary solution to protecting
unattended desktops now exists!
OneSign Secure Walk-Away closes a critical security gap
in the protection of confidential information assets by
automating the process of securing the desktop when a user
‘walks away’.
OneSign Secure Walk-Away is an add-on to Imprivata
OneSign® Authentication Management. Imprivata OneSign
Authentication Management replaces weak Windows
desktops and remote VPN passwords with a broad range
of strong authentication options to enable centralized
and flexible authentication management at the desktop,
network, application, and transaction-level.
Once a user has securely authenticated to the desktop
using OneSign Authentication Management, OneSign
Secure Walk-Away uses a combination of computer vision,
active presence detection, and user tracking technologies
to identify an authenticated user and automatically locks
the desktop upon their departure. The result allows
employees to do their job without modifying their regular
work patterns or burdening them with the task of manually
locking the desktop.
OneSign Secure Walk-Away flexibly supports different
user workflows, including demanding shared workstation
environments where multiple users require constant fast and
secure login and logout to information assets.
• Protects unattended desktops from
unauthorized access
• Takes the burden of desktop security out of
the hands of clinicians
• Non-disruptive to clinical workflows
• Prevents users from sharing sessions
• Completely automated, requires no user
Simplifying and securing user access to patient information
OneSign Secure Walk-Away is an integrated component of Imprivata OneSign Authentication Management. Imprivata
OneSign Authentication Management replaces weak Windows desktops and remote VPN passwords with a broad range of
strong authentication options—including finger biometrics, proximity cards, smart cards, many national and government
ID cards, One-Time-Password tokens, and an employee’s physical location, to enable centralized and flexible authentication
management at the desktop, network, application, and transaction-level.
Imprivata OneSign Authentication Management is a module of the Imprivata OneSign platform. The Imprivata OneSign
platform converges authentication and access management, seamlessly integrating strong authentication, application single
sign-on, user provisioning, physical access control systems, and event reporting, to enable centralized access policies that
enforce every aspect of access across all users, rights, locations, and conditions.
Managed from a single, easy-to-use Web-based administrative console, the Imprivata OneSign platform is delivered in
a purpose-built, highly secure and self-contained hardened appliance. Non-invasive to your organization’s existing IT
infrastructure, Imprivata OneSign requires no change to user directories, applications, or physical access control systems, and
it does not require additional staffing or specialized management skills.
Designed for flexible and rapid enterprise deployment and easy integration, Imprivata OneSign’s appliance-based solution
dramatically minimizes implementation time, infrastructure needs, and installation costs—accelerating your return on
investment and lowering your ongoing support costs.
Operating System
•100 to 5000 Lux
•Windows XP Professional
•Evenly diffused lighting
•Windows Vista
Supported Cameras
•Pentium 4 Hyperthreaded: 2.4 GHz +
•Logitech Pro 9000
•CoreDuo or Core2Duo 1.6 GHz +
•Logitech Pro for Notebooks
•1 GB RAM for Windows XP
•Privacy filter
•2 GB RAM for Windows Vista
Imprivata Healthcare Division: Simplifying and Securing
User Access to Patient Information
Belgium | Germany | Italy | Singapore | UK | USA
1 877 ONESIGN | 1 781 674 2700 |
Copyright © 2010 Imprivata, Inc. All rights reserved. Imprivata and OneSign are registered trademarks of Imprivata, Inc. in the U.S. and other countries. The
Application Profile Generator and OneSign Agent are trademarks of Imprivata, Inc. All other trademarks are the property of their respective owners.