I recently wrote an article outlining the reasons for why identity should be a central tenet of a healthcare provider’s cybersecurity program. By understanding who is authorized to have access to applications and data, providers will be in a position to confidently protect highly-sensitive information. Additionally, when identity governance is done properly, managing access will strike a perfect balance between security and the need for better clinical and operational workflows. Ultimately, this enables providers to focus on what they do best—delivering quality patient care.
Identity governance also offers a powerful value proposition to providers in the form of cost reduction. This is especially appealing when you consider that U.S. hospitals earn on average single-digit margins (Chart A). The American Hospital Association further reports that many providers operate in the negative. Through an effective identity governance solution, providers can expect greater efficiencies that can generate substantive savings. Here are five examples of where savings can be realized by automating identity governance.
- Access Request – Manual processing of changes to user access is slow, creates unnecessary costs and burden to the IT help desk, leads to user frustration, and is prone to error. Clinicians and operational staff, who need to interact with critical applications and data as part of their regular workflow, are forced to wait for manual change requests to be routed, approved and provisioned. This can translate to non-productive time and fewer patient engagements, impacting the provider’s mission and financial health. By leveraging a governance-based approach to identity, providers can confidently implement self-service, access-request processes—eliminating extraneous calls to the help-desk and improving user-productivity. In fact, SailPoint has helped providers reduce the time required to process and fulfill access requests by as much as 80 percent.
- Access Certifications – Regular review and certification of “who has access to what” is a critical governance control required by major healthcare regulations such as HIPAA. Currently, many hospitals manually pull spreadsheets of user account data and email them to managers or application owners to conduct periodic access reviews. These spreadsheets are manually maintained and can quickly become outdated and incomplete. By eliminating resource intensive manual processes, providers can save IT administrators and application owners enormous amounts of time, allowing them to be more productive in other areas.
- Automated Provisioning – Hospitals operate hundreds, if not thousands of systems and applications every day. In many cases, the bulk of the responsibility for managing user access to these technologies falls on IT and/or application admins. If each system or application is uniquely managed through its native user and account management functions, the administrative complexity and cost associated with this effort can skyrocket. By moving to a unified approach, you can automate how access is provisioned and de-provisioned throughout a user’s lifecycle (joining, moving, leaving). This will eliminate disparate processes and dramatically mitigate the associated costs of keeping pace with access changes.
- Compliance and Audit Readiness – Preparing for an external compliance audit can be overwhelming, complex and extremely time consuming. When a hospital receives a notification of impending audit, there is minimal time to prepare documents and data. Through the use of identity governance solutions, providers can streamline audit processes across the organization, readily pull reports, and produce analytics to fulfil audit requests. This time savings translates to cost savings for your end users/managers, IT and your auditors.
- Password Management – Gartner estimates that 40 percent of total contact volumes of IT service desks are still related to password change requests. As part of an automated identity governance solution, providers can leverage password management capabilities that provide business users with an easy and intuitive way to change or reset passwords. This leads to lower IT costs and higher user productivity.
These are just a few examples of how identity governance can deliver significant savings while improving an organization’s risk posture. But every organization is unique. Find out how much your organization can save by requesting a free business value assessment. Send your contact information to BVA@sailpoint.com. A SailPoint identity governance expert will contact you shortly after to initiate the assessment.