With a needs analysis Apotek 1 ensures the right IAM solution

With the introduction of the Norwegian pharmacies' new industry system, stricter requirements in regards to patient security and privacy were set. Apotek 1 needed an IAM solution and engaged Cloudworks to conduct a needs analysis. They are now left with a solution that meets the security requirements, and ensures good user and customer experiences.

Alexander Friedensburg
14. September 2021

Norway's largest pharmacy chain

Apotek 1 is Norway's largest pharmacy chain with 3,500 employees in more than 400 pharmacies. The company is the country's largest supplier of medicines and services to the municipal health service, including drug reviews.

Need for digitized prescription dispensing

The authorities' introduction of e-prescriptions necessitated a comprehensive renewal of pharmacy systems to facilitate digitized prescription dispensing. Stricter requirements were set to ensure patient security and privacy, as well as ensure that only authorized personnel have access to prescription information.

Apotek 1 needed to modernize and strengthen their technical solution and engaged Cloudworks to carry out a needs analysis. For Apotek 1, it has been important that the solution met the security requirements without compromising either the user-friendliness for the employees or the customer experience.

Strict requirements of security level for login

With the introduction of the new in store data systems, requirements were set for using the highest security level - level 4 - for login. The company's solution at the time was based on local IT infrastructure and decentralized operations in each individual pharmacy.

The analysis project worked with the hypothesis that procurement would be simplified by centralizing user management and standardizing roles. This will lead to scalability, better control and simplification of tasks related to access management and control.

Testing of solutions with simulation and role play

But how can authentication be efficient and user-friendly while meeting security requirements? In order to arrive at an appropriate authentication solution, the Lean Startup methodology* was used. This methodology is used to quickly discover whether a suggested alternative is viable.

For that purpose, a pharmacy was chosen to test various login and logout options. This was tested in practice through simulation and role-plays. Solutions such as fingerprints, application, cards and security key were tested and ranked by specific criteria.

One of the criteria was login time and that the employees through Single Sign-On should have a feeling of working within one tool, and not three. The use of an application such as BankID, would be a time consuming login process. A fingerprint reader, on the other hand, would be more rapid, but had to be excluded due to operational reliability and hygiene.

Thoughtful procurement process

By running a needs analysis before a procurement or implementation process, the chance of procuring a solution that does not cover the needs of the company is reduced. The final report has clear recommendations and provides the necessary insight so that one does not underestimate the complexity of a project or start planning an initiative that exceeds the company's level of ambition.

After completing the needs analysis and concept study, Apotek 1 is left with well-tried and well-developed alternatives. The final report gives the company all necessary prerequisites to be able to procure a good solution.

*Lean Startup is a methodology that aims to reduce the time it takes to develop products and services by launching at an early stage, and make continuous adjustments though learning by meeting with customers.