Case Study: Harvard Medical School achieves secure, compliant, and rapid identity for NIH research with Auth0

Harvard Medical School Identity Secures NIH Research

Harvard Medical School’s Department of Biomedical Informatics led the NIH-funded Undiagnosed Diseases Network (UDN) to connect clinicians, labs and patients tackling rare, puzzling medical cases. The team faced a complex identity challenge: fast delivery of a secure, user-friendly authentication system that supported self-registered patients, institutional single sign‑on for clinicians, multi‑factor privileged access, stringent FISMA Moderate security and HIPAA‑equivalent privacy, and federation across many independent institutions.

The solution was to use Auth0 as a central identity-as-a-service clearinghouse, enabling social logins, SAML/ADFS/LDAP federation, MFA and a customizable login UI with minimal custom code — a proof-of-concept built in a day and a full framework implemented in weeks. The result: UDN launched on schedule with multiple clinical and lab sites, achieved required security controls and auditing, protected patient data by minimizing stored PII and delegating authentication, drove strong adoption (about 50% patient social logins, ~20% mobile usage) and let the team focus on research rather than identity infrastructure.

Harvard Medical School

David Bernick

Director of Technology, Department of Biomedical Informatics