February 21, 2018

Should a resident physician have access to sensitive patient data when they are doing research for one of their classes? Is it appropriate for a hospital-employed clinical assistant to have the same access entitlements when they are doing volunteer work for a health association? The challenge of managing data access for users with multiple roles, otherwise referred to as personas, is especially pronounced within the healthcare provider space. Left unaddressed, providers may find themselves at risk of breach and regulatory non-compliance.

What and Why Personas

Personas help to build an identity by defining the various ways in which an individual engages a healthcare organization. In many cases, an identity may have multiple personas – meaning they may perform more than one function during any given day. 

SailPoint manages access and entitlements for users with multiple personas within the healthcare industry.

To illustrate, a unit clerk in the emergency department may also be a nursing student who is doing a clinical rotation in the intensive care unit. A physician may have an outpatient clinic for part of the day in the morning and perform research work in the afternoon. Also, nurses may float between departments. To complicate matters, many of these functions can be transient. 

Additionally, there may be multiple authoritative sources in addition to the human resources (HR) system, meaning a complete record of a person could involve incoming data points from ancillary systems not controlled by the HR team. Such systems may include the electronic health record (EHR), learning management system (LMS), and the physician credentialing application. For healthcare provider organizations, effectively managing multiple personas can be extremely difficult.

Flexibility to Meet the Unique Requirements of Healthcare Provider Organizations 

Different healthcare organizations have different requirements and data structures. SailPoint provides multiple ways within IdentityIQ to meet these requirements. Here are just a few examples of how SailPoint can approach the multiple persona issue:

Persona Relationship

This approach is ideal when there is a well-defined authoritative source or application (like HR) for an identity (like an employee). SailPoint can also create a primary identity for user types not sourced from HR, such as student accounts and contingent workforce. SailPoint further allows providers to establish secondary identities that are linked to the primary identity. This allows providers to have a more complete view of the user’s entitlements and enables effective management of different personas.

Linked Relationship Persona

Where there are multiple authoritative sources – each being the authority for a different identity persona – the linked relationship persona approach can be very effective. In this case, SailPoint provides a global identifier where all personas are tied to that individual. Additional personas appear as an application account that are transparently linked back to the main identifier. This model not only builds the relationship but also shows all accesses in one uniform way in IdentityIQ.


While this is a simpler approach, it is contingent on the environment. Where individuals do not have multiple employee IDs or different managers, personas can be managed via roles. Provider organizations may want to delineate between personas for approvals, certifications and attestations. 

The Benefits of the SailPoint

In addition to managing access and entitlements for users with multiple personas, SailPoint can help providers address other cybersecurity and compliance challenges. Here are several examples:

  • Provider organizations typically have a mix of legacy and more current systems and applications. Managing access consistently across all of these technologies can be achieved through SailPoint’s unified governance approach.
  • SailPoint enables providers to create, manage and document information access policies and user access rights. This helps providers to confidently meet healthcare regulatory compliance and audit requirements.
  • It is of utmost importance that providers balance security and compliance with clinical and operational workflow. SailPoint solutions automate formerly manual processes for requesting, granting and provisioning access, thus delivering timely information for clinicians as they provide quality patient care.
  • SailPoint can extend identity governance beyond systems and applications. This allows providers to find, classify and control access to data files wherever they reside.

Why Healthcare Providers Trust SailPoint

  • Deep understanding of provider needs: Notable healthcare providers (large health systems, teaching hospitals, pediatric facilities, etc.) currently leverage SailPoint identity solutions to effectively govern access – a key component of their information security program.
  • Connectivity to healthcare-centric systems: SailPoint has developed and continues to refine and develop new integration capabilities with the most widely-used EHRs (ie. Epic, Cerner and others) in the industry.
  • Features relevant to healthcare providers: The ability to manage multiple personas, as well as locating and establishing controls over files that contain HIPAA-related content, are among various solution features that deliver high impact for healthcare providers.  

Learn more about SailPoint through one of our customers, Integris Health. Discover how Integris leveraged SailPoint to better manage user access to sensitive health data.

Learn more about Identity for Healthcare, and discover how Integris leveraged SailPoint to better manage user access to sensitive health data.

Find out how SailPoint can help your organization.

*required field