Access Request and Compliance Case Study


Cigna-HealthSpring chose Core Security to help the organization focus on maintaining compliance with federal regulations such as HIPAA, HITECH and SarbanesOxley while automating the user access process. 

With Compliance and Access Request, CignaHealthSpring can now:

  • Automate manual user access review processes 
  • Easily analyze, review and certify user access enterprise-wide
  • Protect private patient data by ensuring least privileged access 
  • Extend the ability to create accounts and enable or disable access to business managers 
  • Integrate IAM with existing applications such as ERP, claims processing and EMR


Cigna-HealthSpring is one of the nation’s largest and fastest-growing providers of Medicare Advantage health care plans with more than 1.2 million members and a national stand-alone prescription drug plan. The company employs thousands of healthcare professionals and other employees across 12 states in the Southeast.

The Challenge

Maintaining compliance with federal health regulations such as HIPAA and HITECH are a requirement for healthcare organizations such as Cigna-HealthSpring. Like all publicly traded healthcare companies, Cigna-HealthSpring must also comply with federal regulations such as the Sarbanes-Oxley Act and conduct regularly scheduled audits. The organization operates with a lean IT department that must provide its ever-changing workforce with rapid access to more than 150 different applications. Before implementing Compliance and Access Request, Cigna-HealthSpring manually managed user access and compliance monitoring. While workable, the process, which involved a five-person team entering data into spreadsheets for departmental manager review, was time-consuming and resource-intensive, and would not scale to support anticipated growth. In addition, the process was vulnerable to mistakes such as transcription errors and depended on emails, which were sometimes lost or forgotten. Meeting compliance requirements was challenging and absorbed a three-person team full time for three months to complete.

The Approach

To improve the accuracy, speed and scalability of its compliance capabilities, Cigna-HealthSpring implemented Compliance and Access Request. These solutions easily integrated with the health plan’s existing applications, such as PeopleSoft enterprise resource planning (ERP), claims processing and membership management systems. 

Cigna-HealthSpring is able to more accurately provision access privileges within Compliance, and Access Request automatically creates audit trails and automates the creation of work orders for IT staff.

The Result

With Core Security solutions in place, Cigna-HealthSpring has created a streamlined process that automates compliance, increasing efficiency and improving audit reporting. 

Certification reports, including quarterly access exceptions, monthly temporary contractor access reports and annual access certifications, all have the same look and feel for easy reference. 

No longer a manual process, the system now automatically compiles the managers’ responses and sends instant notifications on open action items to the IT security and compliance team. 

Automated compliance processes and workflows eliminated transcription errors and forgotten emails that were common in the manual process. Automatic data extraction and parsing reduced the chance of missing a privilege or a user. 

Automation also eliminated the likelihood of sending a request for review and approval to the wrong manager because they are delivered directly to the executives who have the best knowledge of who should have access to which resources.


“Compliance and the protection of sensitive information are critically important to our Medicare Advantage operations, so building a strong Information Security program has been key for Cigna-HealthSpring.” 

- Andy Flatt , SVP and CIO Cigna-HealthSpring

See Identity Governance Solutions in Action

CTA Text

Find out how the right identity governance solution can help you mitigate identity risk in your organization.

Request Personalized Demo