Identity governance for the systems that touch ePHI — and the contractors who rotate through them.
Hospital IAM teams have a specific problem the cloud-first vendors don't address: Epic, Oracle Health (Cerner), and legacy clinical systems sit alongside Workday, Okta, and AWS — and the contractor population (residents, locums, travel nurses, vendor reps, BAA-bound third parties) rotates every 30-90 days. Termination-to-revoke gaps on ePHI systems are an OCR enforcement risk waiting to happen.
30-Day Proof of Revoke on your real Epic + AD + cloud stack. Outbound-only mTLS. Immutable SHA-256 evidence chain. HIPAA § 164.308 mapped. BAA available with the Founding Partner agreement. SOC 2 audit underway, target Q3 2026.
A rotating contractor population, an 18-month enterprise IGA migration, and an OCR audit letter in the same quarter is not hypothetical — it's last Tuesday. STRATUS proves closed-loop revoke across your scoped systems in 30 days, with auditor-grade evidence, while the bigger program continues.
4h 17m
Average termination-to-revoke gap across FY2025 enterprise studies. In healthcare the gap compounds with credentialing, on-call rosters, and visiting-clinician arrangements legacy IAM was never designed to track.
8 seconds
Closed-loop revoke across AD, Okta, and AWS in lab validation — HR event in, sealed Evidence Pack out. Production timing varies by connector maturity, approval policy, and clinical-system workflow.
0 ports
Hybrid Connector Gateway dials outbound over mTLS from inside your VPC. No inbound listener, no VPN tunnel to clinical networks, no firewall change request to the hospital network team.
Methodology: 4h17m reflects the mean termination-to-revocation gap across 47 enterprise studies (FY2025). 8 seconds is the measured lab time across AD, Okta, and AWS. Customer production timing varies by connector maturity tier, approval policy, target system API rate limits, and workflow-dependent paths.
Many EHR environments were not designed around modern IGA-grade lifecycle APIs. STRATUS treats them as legacy targets — discover and evidence work today through existing user-management surfaces; certify is partial; revoke is workflow-driven or partner-dependent depending on your specific EHR configuration and gets validated explicitly during Days 1-7 of the POC. Maturity is named, not promised.
The fastest-turning identity population in your hospital is the one most likely to keep live access after their contract ends. STRATUS treats contract-end events as first-class HR signals — not afterthoughts — and fans out revoke across the systems that contractor actually touched, with sealed evidence for the compliance file. Travel-nurse rotations stop being a quarterly cleanup project.
Break-glass access in clinical environments isn't optional — but it's the most-reviewed line item in any OCR audit. STRATUS captures break-glass grants as explicit elevated-access events with rolling expiration, paired approvers, and a hash-chained record that survives the patient-care-first urgency that created it. Auditor sees the why, the who, and the proof it auto-expired.
Every revoke, every certification, every break-glass grant, every contractor offboarding lands in an independent immutable evidence chain separate from your application and database audit controls — under Object Lock in Compliance Mode, with customer-controlled retention, tamper-evident within the configured evidence boundary. When OCR sends the letter, you produce proof, not policy.
The frameworks healthcare orgs actually have to satisfy. STRATUS doesn't claim certification on your behalf — it gives you mapped policy rationale and the evidence to defend the control.
"Workforce access management for ePHI."
"Mapped policy rationale, not a certification claim."
"Heightened access controls for substance-use-disorder records."
"Credentialing + privileging tied to system access."
STRATUS is not HITRUST CSF certified and not HIPAA-attested today; alignment is documented and a BAA is available with the Founding Partner agreement. Full mapping and the Healthcare Evaluation Packet available under NDA — request via [email protected].
You don't have to wait 18 months for the next phase of your SailPoint program to deliver value on contractor offboarding and EHR-side revoke evidence. STRATUS sits adjacent, runs the 30-day Proof of Revoke on the systems your current program hasn't reached, and produces independent OCR-ready evidence — without disturbing what's already running.
Traditional IGA audit trails often depend on application-layer and database controls. STRATUS sits adjacent and writes SHA-256 hash-chained Evidence Packs to S3 Object Lock in Compliance Mode — independent of the source IGA's audit layer. Same compliance evidence requirements. Independent proof layer.
The clinical targets your IGA struggles with — Epic, Oracle Health, legacy AD edges, contractor on-call rosters — are governed via outbound-only HCG. No firewall change requests to the EHR vendor's hosted environment. No VPN to clinical networks.
Plug in the Hybrid Connector Gateway. Within 72 hours we surface every former employee, contractor, locum, travel nurse, and vendor still holding live access across your scoped systems. By Day 30 you have a closed-loop revoke on a real production target with an auditor-grade Evidence Pack sealed in S3 Object Lock. Paid Founding Partner engagement, credited toward year-one contract upon conversion.