Disparate processes around identity governance is an Achilles heel for healthcare providers. Governing digital identities and their entitlements to systems and applications require a consistent and unified approach. This allows organizations to reduce delayed access for users, avoid improper or inconsistent provisioning, and reduce workload for IT administrators and data stewards. Ultimately, a unified identity governance approach translates to stronger security, better operational workflow for users and greater cost efficiencies.
Unfortunately, a new HIMSS/SailPoint study indicates that roughly 2/3rds of provider organizations responding to the survey have incorporated less than half of their applications into an identity governance program. This suggests that many healthcare organizations are operating with large gaps in their security and compliance efforts. Given that provider organizations are continuously on-boarding and operating numerous applications, it is imperative that these critical gaps are addressed to protect sensitive information stored in systems, applications, and file storage folders.”
Recently at SailPoint’s Navigate 2018 conference in Austin, TX, SailPoint Healthcare Identity Specialist, Amber Miles, addressed this issue. Based on her experience, she sees the importance for healthcare providers to integrate their identity platform with systems and applications (particularly clinical) to unify their governance approach. Some of the key benefits she highlighted include:
- Aligning policy and centralizing access controls across the organization
- Automatically granting and revoking access based on training criteria
- Eliminating state entitlements through automatic certification programs
- Giving managers visibility into what access their direct reports have
- Unifying identities with multiple personas and helping mitigate the risk of Segregation of Duty violations and inconsistent provisioning.
- Detecting, documenting and alerting appropriate security teams regarding any attempts to circumvent governance processes
- Providing broad visibility and control of who has access what, when and where
- Driving compliance through a uniform, consistent process for documentation
For these reasons, it is important to incorporate as many systems and applications into a unified approach. While SailPoint provides out-of-the-box connectivity to numerous applications (including API-based integration with the most common EHRs such as Epic and Cerner), healthcare organizations must determine whether they can they tolerate certain security gaps created by disparate governance processes or go all in on identity. To learn how SailPoint solutions address these issues, contact SailPoint for a product demonstration.