A better way to secure data: Introducing Federated SSO to benefit Hospital IT

Every day, healthcare systems and their partners manage vast amounts of sensitive patient data. Each hospital visit, test result, and billing record represents personal health information – and a potential target for cybercriminals. In fact, as of October 3, 2025, 364 hacking incidents had been reported this year to the U.S. Department of Health and Human Services Office for Civil Rights, breaching the personal health information of more than 33 million Americans, according to the American Hospital Association’s Cyber and Risk Intel Blog.¹

Many times, these cyberattacks exploit vulnerabilities in a system’s identity and access management protocols. A strong authentication system verifies the identity of individuals requesting access, ensuring that users really are who they claim to be.

Why authentication matters

By definition, authentication is the process of verifying the identity of a user or system before granting access to sensitive information. Unauthorized access to data can lead to identity theft, financial loss, and even disruptions in patient care. Effective authentication protects healthcare’s digital ecosystem, helping clinical and administrative systems run safely and smoothly.

Modern authentication methods

An authentication method such as single sign-on (SSO) allows users to log in once to access multiple systems, such as EHRs or lab systems, without re-entering their credentials. A study done on a COVID Vaccination Center showed how SSO enabled setting up of 500 staff accounts in just 25 minutes, speeding up the vaccination process during the pandemic.²

Whereas SSO works within a single organization, Federated Single Sign-On (SSO), or federated identity management, extends the SSO principle across multiple organizations or disparate domains that trust each other, without sharing or duplicating user accounts. For example, with Federated SSO, a regional health network can allow a physician from one hospital to securely and safely access patient records from another related network or hospital via shared, trusted credentials.

Single sign-on authentication is stronger when used in conjunction with additional authentication methods such as multi-factor authentication (MFA), token-based access control system, or context-based authentication.

Among these methods of authentication, Federated SSO is especially valuable for healthcare, where hospitals, labs, telehealth providers, insurers and other partners must connect across multiple domains and systems.

The MDIP Federated SSO upgrade

For these reasons, the latest release of our data management software, Philips Capsule Medical Device Information Platform (MDIP) 2024-1, incorporates Federated SSO.

With Federated SSO, MDIP users authenticate once through their hospital’s identity system, based on trust relationships established between an Identity Management Service (IMS), Identity Provider (IdP), and Service Provider (SP).

Here’s how the key elements of the Philips Capsule MDIP Federated SSO work together to secure authentication:

• Identity Management Service (IMS)
  The IMS is a Philips Capsule software component of MDIP. It acts as a secure gateway between MDIP and a health system’s Identity Provider. IMS manages the trust relationship with the IdP and federates authentication to the hospital identity system. IMS provides authenticated user information securely to applications and systems, while also managing user authorization, so that authenticated users have appropriate access to resources and services based on their roles and permissions.
• Identity Provider (IdP)
  The IdP is a customer-provided third-party system, such as Windows Active Directory or Microsoft Entra, that verifies credentials and authenticates users, without each application having to handle credentials separately. The IdP enables centralized user management and stronger security by relying on hospital IT policies and authentication protocols. Using the customer’s own authentication services allows the MDIP Capsule Command Console to be in compliance with the customers’ authentication policies.
• Capsule Command Console (Service Provider)
  The Capsule Command Console is the Service Provider (SP) that the user wants to access. As the SP, the Capsule Command Console relies on the IMS for verified authentication instead of asking users to log in again.

Why Federated SSO for MDIP

Implementing Federated SSO simplifies authentication for MDIP users. Federated SSO relies on the health system’s own authentication method and policies to keep MDIP authentication in compliance.

The benefits of Federated SSO:

• Better user experience
  Federated SSO eliminates the need to remember and manage multiple usernames and passwords. Users log in once — or not at all, depending on domain trust — and gain access to all connected services. This streamlined experience reduces login fatigue.
• Improved security compliance
  By removing direct credential handling from individual applications, Federated SSO simplifies and improves a health system’s security posture. Centralized authentication allows for consistent enforcement of strong IT policies, including multi-factor authentication (MFA). This not only reduces the risk of weak or reused passwords but also supports compliance with regulations like HIPAA and other global standards.
• Time savings
  Less time spent logging in means more time focused on meaningful work. For IT teams, centralized identity management simplifies access control, reduces password-related support requests, and may lower the overhead of maintaining multiple authentication systems.
• Vendor-neutral integration
  Federated SSO supports any preferred Identity Provider through MDIP, giving organizations the freedom to choose the solution that best fits their infrastructure — without vendor lock-in.

Future Trends in Healthcare Authentication

The next generation of system security will rely increasingly on AI and machine learning to detect anomalies and events, while also predicting and preventing breaches before they happen. Federated SSO improves the work of AI algorithms by centralizing authentication events, so that the algorithm has a 360o view of activity to potentially detect malicious patterns more accurately. In this way, these technologies can provide more sophisticated and adaptive security measures making it even harder for unauthorized users to gain access.

In the meantime, health systems should routinely assess their security measures and update them to address emerging threats. Annual or semiannual audits are good practice to follow, as are prioritizing staff training and adopting advanced authentication technologies wherever possible to deter unauthorized system access.

Next Steps

To take advantage of MDIP Federated SSO, existing customers can upgrade to the latest version of MDIP. A third-party identify provider, such as Windows SSO or Microsoft Entra, is required to use MDIP Federated SSO. Please reach out to your Philips Capsule representative to discuss how implementing the latest version of MDIP with Federated SSO might benefit your patients.

For new customers, Federated SSO is part of the MDIP installation by design, providing secure and streamlined access on day one.

We’d love to hear about your current authentication system and how it works for you. Please reach out to MDIProdMgmt@philips.com to share your feedback and explore how our team can support you.

About the author

Christopher Cage is a Senior Product Manager working on Medical Device Integration and Data Management at Philips Capsule.