June 11, 2020

Healthcare organizations have clinical data that spans many applications and systems. SailPoint’s AVP of Healthcare Matthew Radcliffe breaks down what this data sprawl looks like and how to protect all of it with identity.

Video Transcript

Hannah Giles: Hello everyone and welcome back to another episode of Identity Talks. Today we have SailPoint’s AVP of Healthcare Matthew Radcliffe back on and today we’re gonna learn a little more about protecting patient data with identity. Matthew thank you for joining us. So, let’s just jump right in and kind of give people an idea of what patient data looks like in these organizations. I don’t think many of us, including myself, realize just how much data lives across many systems and applications in these healthcare organizations.

Matthew Radcliffe: Yeah Hannah it’s a it’s, it’s, it’s a great question and it’s actually a real problem in those healthcare organizations. When we first start our interactions on the topic of identity governance with healthcare organizations we find that most of our customers kind of hyper focus on really governing access to their core clinical system. Whether that’s an Epic, a Cerner or a MEDITECH or others and what we traditionally say is, is look that’s a great place to start but we’re really only solving half of the problem. If, if you look at clinical data and healthcare organizations you have two challenges. The fact is, is physicians and nurses extract clinical data from their core EMRs to create post-acute care plans, send data to my primary care physician, perhaps send some data to my rehab team or even to track the outcomes of clinical care plans. They might put an Excel spreadsheet or in a PowerPoint to track data and outcomes. So all of a sudden now we have this really this, this sprawl of clinical data that’s sitting in, in emails and Word documents and in PowerPoint slides and one of the one of the areas that we want to help the healthcare organization very quickly do is identify where is that sensitive data residing. What type of sensitive clinical data might be in those files? Who has access permissions and visibility to that data and then really put governance controls and policies around that data, so they can better control access to it and, and have strong governance controls of it. You marry that with the influx of IOT in healthcare, you have infusion pla, infusion pumps, MRI machines and other connected devices that are also generating data. You marry these two business problems together and this is a significant area where many healthcare organizations need help with. So when you go into the average hospital not only are we talking about managing and controlling access to their core clinical EMR but also helping them identify where the sensitive data is and put the similar control policies around that data.

Hannah Giles: So what steps can organizations take to really put that into action and put that governance around that patient data?

Matthew Radcliffe: Yeah and Hannah it’s, it’s you know it’s, it’s a it’s a complex problem but it’s one that SailPoint actually helps quite well. The fact is as they start developing their identity governance plan I believe it’s important that they, they think about also including their infrastructure team, their data storage teams, their core clinical security teams. So as they’re building their enterprise governance strategy, not only are we looking at the core applications that are in scope but also the data in scope. And if you think about SailPoint’s solutions set when we, when we marry those capabilities of IdentityIQ or IdentityNow with enterprise governance and we marry that with File Access Manager where we have the ability to identify sensitive data, classify that sensitive data and, and marry the governance policies with our core platform. It really gives them a single pane of glass where they can look at all the users in their environment and understand each users’ permissions from both an application level perspective but also at a data level perspective. So, having that single plane of glass really gives them a great way to manage enterprise access to both applications and data.

Hannah Giles: And there you have it. So that is identity and patient data, we look forward to hearing from Matthew again soon. Until next time this has been Identity Talks.

Find out how SailPoint can help your organization.

*required field