If knowledge is power and data is king, then what’s in an identity?

Authors: Alison Nicole Haughton and Amber Miles

What’s in a name?  Might be the chorus in a song across a number of different musical genres.  Alternatively, it could be a cheeky trick question at trivia night, e.g., What did Mohammed Ali say to Sonny Liston? But it can also be a menacing question for healthcare organizations that have not codified an identity access governance (IAG) program.   

In the last 20 years, the explosion of unstructured healthcare data has become a catalyst for data breaches, fraud and waste.  It is estimated that healthcare data is projected to grow to 2,314 exabytes by the end of 2020; and roughly 80% of that data is unstructured. It is no wonder that unstructured data is a petri dish for cultivating organizational vulnerability.  Moreover, the prodigious nature of capturing healthcare data is not going away. Yet, many healthcare organizations cannot answer: Who has access to what? Should they have access?; and How are they using access? 

Aim for the ideal, Understand the real

As healthcare organizations begin to understand how to turn the noise of data into a commercially successful stanza, there are a whole host of questions they have had to rethink when it comes to the provisioning and management of identities across their environments.  From 2017 to 2018, there were nearly 300 mergers and acquisitions (M&A) in healthcare; and with those mergers came disparate systems and platforms as well as new identities to manage.  Ideally, an M&A is an opportunity to rethink processes and procedures, but unfortunately, most healthcare organizations didn’t have the luxury of time or the financial resources to update existing identity policies. 

In the spirit of expediency, many organizations simply migrated identities based on policies that don’t necessarily reflect the current and future state of their organizations’ identity governance desires or digital transformation roadmaps.  As organizations reconfigure their data priorities, they have reluctantly realized that their long-term digital transformation projects will require high levels of identity management.  As organizations look to access data within and outside of the four walls of the hospital, 

current manual processes for identity management will not be secure nor sustainable.

As organizations move towards evidence-based medicine, the unheralded potential of data can be transformative for healthcare.  To reduce the per capita cost of healthcare, improve the patient experience of care and the health of populations, healthcare organizations need to have a clear roadmap on how they plan to secure data and manage access.  

Rethink Identity

With the right identity solutions, healthcare organizations can eliminate inconsistent and disparate processes and create a one-stop-shop for the management of their security needs.

When looking for an identity solution these are questions a healthcare organization should consider:

• Can the solution integrate existing clinical and back-office systems into an existing identity solution?
• Does your organization need to leverage identity-driven password management capabilities by connecting your identity governance solution to all applications and systems?
• In the event of an audit, can the system consistently drive compliance by seamlessly documenting who has access to what, when and where? 

There is no doubt that the task of maintaining data compliance will continue to be a daunting, labor-intensive administrative process.  However, with the right identity solution organizations can respond more rapidly to inappropriate access and policy violations before they become a bigger issue.

Healthcare organizations should look for identity solutions that:

• Have an automated access certification procedure that can be repeated frequently, which can reduce risks and strengthen security—thus optimizing resources and improving the compliance process.
• Can provide easy access to compliance data via dashboards.
• Utilize advanced analytics and reporting to respond to policy violations with real-time alerts, which can then lead to the streamlining of identity governance lifecycle events.

As organizations look to the next frontier of identity management, asking the right identity management questions now will lead to a more comprehensive identity access governance program for your organization’s future.