NorthBay Health
from kickoff to first external audit with Wardengate evidence
Replaced a shared break-glass account model with identity-bound access for EMR infrastructure, imaging systems, and pharmacy databases. The structured evidence exports carried the weight of the HIPAA audit cycle with no supplemental screen recorder.
The challenge
Clinical engineering and IT shared break-glass credentials for EMR and imaging infrastructure. HIPAA auditors wanted named identity proof for every administrative session touching PHI systems — and the team had no single source of truth.
The approach
- Federated Okta groups for clinical engineering, IT ops, and vendor support.
- Onboarded EMR, PACS, and pharmacy database tiers as separate policy scopes.
- Enabled session recording at the gateway with HIPAA-oriented export profiles.
- Ran a 14-week pilot with two hospital sites before enterprise rollout.
Results
- Shared break-glass accounts eliminated for in-scope PHI systems.
- First external audit completed with a single evidence bundle per control family.
- Vendor access windows tied to active change tickets with automatic expiry.
“Our auditor asked one question and opened one file. That had not happened before.”
More case studies
Financial services
A Fortune 500 financial services firm
92% reduction in standing privilege across production
Transportation and logistics
Lumen Logistics
0 standing ssh keys in production after the v2 rollout
Industrial manufacturing
Axon Manufacturing
63% faster vendor access reviews for ot and control systems