The Disconnect on Identity and EHR Interoperability: Why Screen Scraping Integration May be Inadequate
The next time you hear an identity solutions vendor tout connectivity to electronic health record (EHR) system other clinical applications, check under the hood. How this interoperability is achieved has an impact on security and operational workflow.
The promise of connectivity between these two platforms is that healthcare providers can establish a unified approach to governing digital identities and their entitlements—thus improving IT and operational efficiency and mitigating risk from inconsistent and inappropriate provisioning of access. This is optimally achieved by deploying a dynamic, bi-directional API-based integration. Unfortunately, bridging the two applications is often supported by a technique called ‘screen scraping’—a methodology that may be less than adequate for healthcare provider organizations. Here’s why.
Challenges with Screen Scraping
The process of screen scraping involves the collection of data displayed in one application’s screens for use by another application. This technique is often deployed to compensate for applications that do not offer any supported integration methods, which is particularly common with older legacy systems that healthcare provider organizations may still use. However, screen scraping is not ideal for more modern applications that continually undergo revisions, improvements or even expansion.
For instance, for screen-scraping technology to collect names, emails, entitlements, and other data stored within the clinical application, it must navigate through multiple screens of the target system. This requires complex scripts that can either interact with the clinical application objects or understand the exact coordinates of buttons and fields on the screen. Thus, when a target system gets updated, it could disrupt the screen scraping technology’s ability to capture certain data. Even cosmetic changes that do not impact the underlying clinical data model of the target system, can disrupt the screen-scraping process.
In addition, as new fields are added within the clinical application, the screen scraping process may require extensive and costly updating to capture information from new screens. For that matter, even a simple design facelift from the target system could result in costly fixes.
Benefits to API-Based Integration
There are multiple reasons why API-based integration with clinical applications is ideal for healthcare organizations
* Changes to the EHR application architecture or the data it houses are reflected in the identity platform—thus greatly reducing the potential for missing or conflicting data fields and a less-costly route to resolving challenges that arise from an EHR update. This eliminates a heavy maintenance burden on healthcare organization’s IT teams.
* API-based integrations are more reliable
* An API-based integration is much more scalable. It significantly reduces the amount of time required to gather information. This is the result of not having to load individual screens, pages, etc.
The benefits can increase as more relevant data is exposed by the target application vendor. With the right set of information available via the API, healthcare providers can automate processes that lead to greater efficiency for provisioning teams. It would further reduce errors in granting access to care givers and others who interact with health data.
The SailPoint Connection
SailPoint approaches interoperability with EHRs and other applications by way of partnerships with implementation partners, application vendors and healthcare provider organizations. Where access to target applications are made available by the vendor or provider organization, SailPoint can produce API-based connections. This partnership model has yielded numerous out-of-the-box connectors and integration modules to various applications including the most widely-used clinical systems such as Epic and Cerner. Such interoperability enables provider organizations to:
* Accelerate deployment of identity management processes – Integrate the EHR into compliance and lifecycle processes without need for custom development
* Minimize interruption to hospital operations – Reduce downtime for new hires and transfers by automating changes to access rights in the EHR
* Reduce compliance risks – Mitigate risk of regulatory non-compliance by enforcing of access policies and automating processes to reduce human errors
To learn how SailPoint can help you establish a unified governance approach by integrating and providing true interoperability with various applications, contact SailPoint now.