Case Study: How Mercy Medical Cedar Rapids Made Password Management a Positive Employee Experience

Mercy Medical Case Study

The company

Mercy Medical Cedar Rapids
One of the largest and fastest-growing Named one of the nation’s top 50 cardiovascular hospitals, Mercy Medical Cedar Rapids provides superior service and quality by going the extra mile for their patients and their patients’ families.

Industry
Healthcare

Company size
3200 employees

The challenge: Taking the pain out of password security

Every second counts when it comes to serving patients, which is why healthcare spaces have a need for speed like no other industry. And today, healthcare organizations are busier than ever. Unfortunately, many healthcare providers are finding their speedy care interrupted by time-consuming security protocols, like outdated password management.

At Mercy Medical Cedar Rapids, every employee is committed to providing a great healthcare experience, but trying to manage passwords was slowing down care. In response to the delay caused by password management, Mercy Medical first tried a sticky (but unsafe) solution.

“To provide fast patient care, our healthcare providers felt they needed to attach sticky notes with passwords to their monitors. It was a HIPAA nightmare.”

Gabe Kimbro,
Chief Information Security Officer, Mercy Medical Cedar Rapids

While sticky notes with login and password information on computers were a temporary solution to achieving easy access, Mercy Medical wanted a long-term, secure solution. After evaluating its cybersecurity situation, Mercy Medical realized that any poor password habits were rooted in good intentions and the need for quick access. The IT team wanted to provide a password management solution that would empower its people. 

“Instead of just talking about how to be better about security or writing people up for not following protocol, we wanted to make password management something that enables our employees.”

Gabe Kimbro,
Chief Information Security Officer, Mercy Medical Cedar Rapids

Mercy Medical takes security seriously and has an entire cybersecurity sub-committee to provide additional governance for the organization; but Mercy Medical also knows that collaboration across the entire team is the best way to build strong security. They wanted to make a password management change that would have a positive impact on the health organization’s culture.

“Our goal is to build a culture of security. When we have security built into our processes, our employees can focus solely on patient care.”

Gabe Kimbro,
Chief Information Security Officer, Mercy Medical Cedar Rapids

To find a password management solution that would enable a collaborative security culture, Kimbro knew his team needed to approach security differently than many other organizations do. “In healthcare, if our employees have to choose between patient care and password security, they’re going to focus on patient care,” says Kimbro. Mercy Medical needed to find a way to be HIPAA-compliant without compromising patient care. 

The Mercy Medical security team believed that password security and patient protection could go hand in hand, but they needed a password management solution that checked all the right boxes to facilitate employee buy-in.

What were those boxes?

Box 1: Employees had to want to adopt the solution. This meant it had to be user-friendly, make people’s lives easier, and most importantly: save them time.

Box 2: The solution needed to strengthen security and HIPAA compliance. 

Box 3: The solution had to integrate seamlessly into employees’ daily tasks, enabling healthcare providers to focus on patient care. Single sign-on (SSO) would be a plus.  

The solution: Teaming up to adopt a HIPAA compliant solution

After a thorough search, one password management solution kept showing up at the top of the list and checked all the boxes: Dashlane.

“The security team was drawn to the solution because it was easy to see how Dashlane would have a positive impact on our employees,” Kimbro explains. 

The Dashlane browser extension was a major highlight because many employees work with external sites. The security team also loved the Dark Web Monitoring feature, which monitored if any sensitive information was being posted on illicit sites. Plus, they could easily set up multi-factor authentication (MFA). Most importantly, Mercy Medical discovered that Dashlane could be used for personal and work passwords, anytime, anywhere. “The convenience of having passwords at your fingertips no matter where you are or where you’re working was exactly what we were looking for,” Kimbro shares. 

More on Dashlane

For more information on Dashlane, check out our business page or get started with a trial.  

The result: A bill of clean (password) health

Going from a sticky security situation to a secure vault, Mercy Medical turned poor password management into an opportunity to improve password security with employee buy-in. “Dashlane helped us enhance our security posture, but even more importantly, it helped our employees perceive cybersecurity differently and feel like they’re part of the solution,” Kimbro shares. Dashlane did more than just change perspectives on password security: It also created new partnerships. 

Dashlane did more than just change perspectives on password security: It also created new partnerships. 

“Our security team can now act as a partner instead of an enforcer. Employees no longer view password security as a hindrance, but as a help. Dashlane helped us make password management a positive experience.”

 Gabe Kimbro,
Chief Information Security Officer, Mercy Medical Cedar Rapid

And the best part? Protecting patients’ and employee information has never been so easy because employees want to use Dashlane. “Thanks to Dashlane, I am 100% confident that our patient data is more secure and it’s easier for our healthcare professionals to be HIPAA-compliant,” Kimbro explains. “Dashlane lets us customize its features so we can ensure that our staff aren’t sharing their professional passwords, but they can safely share their personal ones, like wifi passwords.”

Healthcare providers at Mercy Medical appreciate having streamlined access to the websites that they use every day; features like auto-login and the ability to maintain passwords in-app have sped up access by 60%. “It’s not every day that we have a product that increases our security posture and speed of access,” shares Kimbro. The benefits that Mercy Medical’s employees are seeing don’t stop at the end of their shift: Each employee enjoys a free Family plan and can invite up to five others to join Dashlane at no cost.

“Employees’ professional and personal lives run a little smoother with Dashlane,” Kimbro says. “People love how Dashlane simplifies once tedious day-to-day processes.” 

Mercy Medical employees are realizing value and convenience from the password management solution in ways that the healthcare organization didn’t initially anticipate but has whole-heartedly embraced. “For example, it even makes online shopping and checkout faster, so we’ll be doing a standing educational outreach around Black Friday,” Kimbro explains. “Making security personal helps make it more relevant.” 

Moving forward, the prognosis looks excellent for the partnership between Mercy Medical and Dashlane. Mercy Medical has begun to onboard every new employee with Dashlane and is seeing adoption rates as high as 90% with new employees. 

“We try to show how practical and easy-to-use Dashlane is and that gets people interested,” Kimbro shares. 

Ready to get started?

Discover more about Dashlane by signing up for a free trial or getting in contact with us directly.

    Dashlane

    Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

    Read More