Blogs Home
Tuesday, August 16, 2022 12:00 PM

Save Time by Synchronizing Active Directory and MEDITECH Expanse

Written by Devin Dustman, Support Programmer - iatricSystems, Inc.

UserSync Connectivity Blog Header

Hospital IT staff have multiple projects competing for their time and expertise so it’s more important than ever to eliminate tedious, time-consuming tasks. One such task is updating information in multiple databases as the organization gains and loses employees.

For many hospitals, this means updating profiles in the Active Directory (AD) network database, then manually entering the same information into a MEDITECH EHR. Now a better approach is available — synchronizing your Active Directory and MEDITECH EHR databases so user information only needs to be entered or deleted once.

Duplication of Effort Is Inefficient and Unsafe

Active Directory and MEDITECH are separate systems, each requiring a user name and password. When a new user is created in Active Directory, someone has to look up that user’s data and enter the same information into the MEDITECH Universe. This often requires input from two different departments, with network administrators setting up users in AD and IT analysts performing a similar role in MEDITECH. Despite their best efforts, mistakes occur, leading to additional delays and users being assigned incorrect access permissions.

If an employee leaves (or is terminated), another 2-step process is involved. The user’s Active Directory account has to be disabled, and the user also has to be removed from the MEDITECH database. If both steps are not performed promptly (or forgotten), the result can be unauthorized, continued access to patients’ protected health information (PHI).

A Single Source of Truth: Automated Syncing Between Databases

An automated solution saves time and improves security by continuously monitoring Active Directory for any changes and simultaneously applying those changes to the MEDITECH database.

Here’s how it works:

  • When a new staff member comes on board, a network administrator creates a new Active Directory account. The user is automatically set up in a new MEDITECH account, assigning credentials and applying access permissions as defined in the AD.
  • User names in each system have the same mnemonic pattern (e.g., FIRST_NAME DOT LAST_NAME) to prevent confusion about whether a user in one database is the same as the user in the other.
  • Once the MEDITECH account is live, the user receives an automated email explaining their access permissions and providing a PIN if one was assigned. (This means that an IT analyst no longer needs to perform this step manually.)
  • When a user’s account is disabled in the Active Directory database, their MEDITECH EHR account is disabled simultaneously, eliminating the risk of a former user lurking where they don’t belong.

With information entered only once, the connected databases provide a single source of truth for user data. Constant, automatic refreshes between the two systems mean that updates no longer fall through the cracks.

What’s Next?

Does your hospital run on MEDITECH Expanse and you are having trouble with database communication? Contact us at to learn more about UserSync™, database synchronization software that seamlessly links your Active Directory with the MEDITECH world. Your IT staff can now save hours each week to focus on higher priority tasks while improving the security and integrity of your EHR database.