(Part II in a multi-part post examining IAM in healthcare)
In the first installment of this multi-part series about identity and access management (IAM) in healthcare, we examined the critical importance of IAM in bolstering IT security and enhancing data protection. Recognizing the unique challenges that healthcare presents when implementing an IAM program, we discussed what makes an effective IAM program and why it’s so important to healthcare.
Healthcare’s rapid transition to a fully digital environment has benefitted from the introduction of sophisticated IT tools to the hospital ecosystem and bedside workflows, which have greatly helped improve the delivery of care. In the course of improving care delivery, however, healthcare also experienced something else: greater complexity.
(Gus Malezis, President and Chief Executive Officer, Imprivata)
Today’s modern healthcare delivery ecosystem consists of a much more extensive and expansive population of providers and users, all of whom are operating from multiple locations. Often times, these locations are outside the four walls of the hospital, and furthermore the users access systems through an exploding number of devices and an ever-increasing complement of applications that reside on-prem and progressively in the cloud.
In this post, we will look at the four “planes” of the modern healthcare ecosystem to get an appreciation for the ways that improving care delivery is creating more complexity across the industry – and the pivotal role that digital identity and IAM will play in this environment.
The Four Planes
Healthcare delivery now happens around the clock, with a diverse set of healthcare professionals, each of whom is regularly using all kinds of connected and different devices. By taking the IT tools we have and adjusting them to the dimensions of these rapidly evolving planes, we can continue supporting them and enabling improved care in the healthcare continuum.
Plane I – Who are the users?
Now and into the future, the professionals accessing healthcare systems are multiplying exponentially. Instead of just doctors and nurses – as was the case in the recent past – we now have affiliates, administrative staff, and other external users. This easily doubles, and even triples, the number of people we consider to be “users” or, more importantly, healthcare providers; it’s now anybody who is in association with your healthcare ecosystem.
Plane II – Where are they operating?
The physical locus of healthcare delivery is no longer only a hospital. It can be a clinic, a doctor’s office, or a home-care situation. Today’s healthcare providers are no longer just operating in a single location at the hospital or acute-care environment – they’re everywhere.
Plane III – What devices are they using to access the digital networks?
It used to be that providers would access a system through a computer, usually a Windows system, located at a nursing station – but that’s no longer the case. Now, machines are in a patient’s room, or are portable and in the hands of the providers as they make their patient rounds. These machines may be corporate devices, or they could be personal. Some can be also be virtual machines, Android or iOS Smartphones and tablets, or medical devices. Healthcare is experiencing an explosion of connected digital devices, taking us from 1X to numbers that are 4X or even 10X (especially if you include medical devices) in terms of access points.
Plane IV – What are the apps and services they use to deliver healthcare?
Providers are no longer limited to a constrained complement of apps, to the EHR, imaging, scheduling and communications. Now we are seeing many more apps become available to the providers and that includes HR, payroll and office automation apps. These apps run the spectrum of classical fat-client apps, virtual apps, SaaS and cloud apps, along with mobile apps. Here again the population of offerings continue to explode in volume.
IAM considerations in healthcare
This proliferation of…EVERYTHING…has eroded the once well-defined network perimeter and the systems and services delivered within that environment. In this new ecosystem, organizations must architect and build for this scale and establish trusted identities across a complex network of people, technology, and information.
With a focus on trusted digital identity, organizations can optimize processes and technologies to solve the equally critical aspects of (a) workflow, (b) security, and (c) compliance challenges. They can give users secure access to the applications, devices, and information they need, anywhere and anytime they need it.
Healthcare has unique considerations and challenges that directly impact IAM purchasing, deployment, and management decisions. And they’re not limited to the entities (users, devices, applications) that must be addressed by an effective IAM program. Clinical workflows are also complicated by the industry’s complex ecosystem.
Regulatory concerns pose another unique challenge for the industry. Healthcare is a heavily regulated industry, and the information that’s shared is highly sensitive. This requires compliance with unique and specific regulatory requirements, from HIPAA to DEA requirements for electronic prescribing of controlled substances (EPCS).
Addressing the challenges
So, how do we overcome these challenges to give users secure access to the applications, devices, and information they need, anywhere and anytime they need it? This is where a solid identity and access management (IAM) strategy comes into place.
First, IT teams need to grant the right users the right level of access into the right systems. With the right identity management technology in place, healthcare organizations can automate the process of quickly provisioning, updating, and deactivating user access. This has to be accomplished with automation and fast repeatable and consistent process.
Next, give users the “anytime, anywhere” access they need from any device by eliminating the overreliance on usernames and passwords. Single sign-on (SSO), for example, allows users to access their devices, any devices. This is the case whether it’s the shared nursing station desktop, the VDI/thin/zero end-point, their dedicated windows desktop/laptop, or the shared smartphone or tablet. Moreover, it’s all with the simple, well understood and ubiquitous badge tap, and in that same process, they can automatically and appropriately access their applications, be it on-prem, or cloud apps.
To get the security and compliance part right, especially when elevated levels of trust are required or mandated, the next step is layering on an effective and efficient multifactor authentication system. Pick the combination of authentication methods that’s right for your organization. The combination of two or more factors including a push token, fingerprint biometrics, or hands-free authentication, amongst others, makes security transparent so it doesn’t interrupt clinical workflow. Hands-free authentication with invisible/transparent 2nd factor is a particularly usable innovation, as the technology fades to the background, becoming invisible, enabling the provider to focus on what’s important – the patient – and enhancing productivity.
As an industry, healthcare has traditionally focused on locking down everything within our networks. In the new digital world, it’s time to take the same precautions with the new non-perimeter and the broader set of variables – all of which should support the well trusted clinical workflow and enhance care delivery. Protecting against new cyber security risks requires having the right technology in place, starting with an integrated IAM solution. This is the first step for healthcare organizations to strike the necessary, but often elusive, balance between security and clinical workflow efficiency across the evolving healthcare technology landscape.
Digital identity and IAM now play even a more pivotal role. We need trusted identities. We also need the right infrastructure to support and manage those identities – something we will examine in our next post in this series.
Check back in November for the final installment of this series, and for more information, browse the infographic.
Gus Malezis is President and Chief Executive Officer of Imprivata.