eBook
Three Reasons to Move Identity Security to the Cloud
In healthcare, IT adoption has been on a slow but steady trajectory. Much of the effort to go digital over the past 10 years has targeted specific business processes such as practice management, business intelligence, and patient access to health information. Adoption of electronic health records and investments in mobility solutions have been key elements of those modernization initiatives.
So has the move to cloud technologies: healthcare organizations have embraced cloud to improve data sharing, reduce preventable errors, and lower overall infrastructure costs. All this has made management of digital identities more complex, yet systems used to verify identities didn’t necessarily evolve with the new healthcare technologies being deployed.
Changes have been happening on the clinical side too. Stand-alone health systems began to see value in managing the continuum of care in order to reduce readmissions and address health challenges at their source. Soon they were establishing business relationships with organizations like primary care clinics and long-term care facilities that were essential to their overall delivery services. To boost collaboration, health systems had to transform their digital technologies in ways that were easily adaptable but secure.
Then the external shock of global pandemic hit. All of a sudden, hospitals had to pivot their operations to remote work while ramping up for acute care in the clinical setting. Years of tinkering at the edges of the care delivery model suddenly shifted into overdrive, accelerating trends in mobile work that paved the way for future resilience.
In the discussion that follows, we’ll take a closer look at three emerging scenarios and what they mean for identity management in healthcare. Along the way, we’ll show how a cloud-based identity management platform, delivered through a software as a service (SaaS) model, can further the goals of healthcare organizations as they navigate a course to the future. Browse the sections in the order they appear or skip directly to the one that’s of greatest interest.
Use Case 1:
Transforming the Organization
It’s no secret that health systems are under significant operational pressures. Across every activity, the quest for greater efficiency and effectiveness is ongoing. For example:
The takeaway: SaaS-based identity management facilitates organizational transformation by enabling system access without the need for in-house expertise or additional capital spend. Going forward, it also helps healthcare organizations maintain a delivery model that’s consistent with adjacent cloud-based solutions, such as single sign-on, privileged access management, and IT service desk ticketing.
Supercharging SaaS-Based Identity Security
SailPoint IdentityNow delivers identity management and governance from the cloud. This SaaS identity platform uses policies, access controls, and advanced technologies to make sure healthcare personnel see and touch only what data and applications they need to do their job. With integrated AI and machine learning capabilities to identify identity management tasks, organizations can reduce the likelihood of a data breach from 30% to 5%.3 These predictive identity capabilities include:
Use Case 2:
Enabling the Healthcare Business Model
A long-term trend among healthcare providers is to build partner networks—for example, physician practices and post-acute care facilities—to improve the care continuum, drive patient transparency, and improve population health. The expanded footprint and closer collaboration of a healthcare ecosystem can also improve care collaboration, reduce overarching operational spend, and help participants achieve the triple aim.
One outgrowth of this trend is that many large health systems are stepping up to provide clinical infrastructure on behalf of the overall ecosystem. To enable more robust clinical and provider decision support and ROI for IT investments, healthcare organizations have begun to adopt the best practices of interoperability, but this adoption has the potential of creating security challenges and gaps, specifically relating to who has access to what and how they are using that access.
Make no mistake, the digital transformation trend is here to stay. However, the manner by which healthcare organizations contain and manage the solutions they use to reach better patient outcomes will have larger business implications for the security of electronic protected health information (ePHI).
The takeaway: A strong, secure cloud strategy accelerates the business model strategy by helping health systems expand the breadth and depth of their clinical services. Sharing a subscription-based identity management platform also helps smaller ecosystem partners by enabling their own IT environments so they can compete in the market.
Use Case 3:
Supporting Complex User Populations
Now more than ever, healthcare organizations depend on contingent workers, including contract nurses, affiliated physicians, and volunteers, to address the needs of their patient populations. More than one in three of the over 6 million contingent workers in the U.S. are in health and education services.4 Add researchers, business partners, and suppliers to the mix, and it becomes clear that making sure individuals have access to hospital resources that are appropriate to their work is no small endeavor.
During the pandemic, many contingent healthcare workers have had to use their personal devices to efficiently provide patient care. With a large influx of new employees in such a short amount of time, many hospitals were simply not equipped to provision identities for their existing, newly remote staff—much less the volume of new contingent employees. Moreover, the growing number of personal devices used has inadvertently created a security Achilles heel for organizations that need to protect ePHI.
What’s more, these user populations are in a constant state of flux. Users can be temporary or full-time, office-bound or on the move. They may be dedicated to a single department or split their time among multiple ones. All this complicates a hospital’s efforts to enable system access at the right times and for the right reasons.
The global pandemic has shown healthcare organizations the importance of breaking the tradeoff between proximity and productivity. By calling for rapid provisioning to support surge capacity for acute care while deprovisioning in response to a temporary drop in elective and semi-elective procedures, the pandemic has also shown that any disruption to ordinary patient loads can bring the challenges of supporting complex user populations into sharp relief. As remote access becomes a fixture of the healthcare identity landscape, organizations will need to document how they have handled identity access activities, including who requested access, what was being requested, if access was approved and when.
The takeaway: Identity services that are delivered through the cloud allow users to quickly acquire their system credentials and work wherever they may happen to be. At the same time, an identity management SaaS solution protects sensitive data by following the latest protocols and certifications for cloud security without slowing down the business of care delivery.
Forging Ahead to the Cloud
Identity management as a subscription-based service may seem futuristic, but the solution itself resulted from years of supporting use cases on premises with healthcare providers. Provisioning and other core governance pieces came first. Subsequent versions saw the addition of more advanced features like access request and automated access reviews and certifications. By then, forward-thinking healthcare organizations were already looking at how they could improve efficiency, evolve the business, and shore up their resilience as an organization. Their input is reflected in key innovations like:
The result is an intelligent SaaS solution that applies the lessons learned from extensive field experience to help healthcare organizations continue governing wisely and well.
To learn more about identity security and the solutions SailPoint can deliver, please visit Identity for Healthcare.