• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Identity and Access Management – Bridging the Efficiency and Security Gap in Healthcare

by James Litton, CEO of Identity Automation 12/17/2019 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Identity and Access Management – Bridging the Efficiency and Security Gap in Healthcare
James Litton, CEO of Identity Automation

The healthcare sector is charged with preserving some of the most sensitive information of any industry. Hospitals and clinics are required to securely store data, such as social security numbers, patient medical records, insurance policy details, and credit card numbers. Although healthcare administrators are confronted with copious amounts of sensitive information, it would be incorrect to assume that the industry is a beacon of cybersecurity best practices. In fact, 13.2 million patient records were exposed in 2018 alone – a 157% increase from 2017. 

Boosting healthcare cybersecurity standards

The reality is that most healthcare facilities lag behind when it comes to cybersecurity protocols. Unfortunately, employees are the root cause of the majority of healthcare data breaches, whether intentionally and unintentionally. Examples of human error include employees mistakenly sending sensitive information to the wrong recipient or improperly disposing of data.

To further complicate this matter, the healthcare industry is heavily regulated by regulations, such as HIPAA and HITECH, that mandate how organizations must store patient data. Failure to comply with these industry regulations can result in hefty fines and increased risk of cyberattack. At the same time, clinicians are under mounting pressure to quickly treat growing numbers of patients, all the while providing exceptional care and service. To deliver on these requirements, clinicians must be able to move from room to room, quickly and securely logging in and out of shared workstations and other types of devices.

To bridge this gap between security and efficiency, healthcare organizations should look to comprehensive Identity and Access Management (IAM that goes well-beyond Single Sign-On (SSO) alone). Modern IAM solutions are designed with security top of mind, while still ensuring flexibility when it comes to how and when clinicians access patient records. 

The need for lifecycle management, access management, and MFA in healthcare

The healthcare industry is in a period of rapid transition from paper-based patient records to digital patient records. This has made healthcare organizations increasingly vulnerable to a litany of cyberattacks, such as ransomware. While proximity badge access and SSO are important, they are primarily focused on efficiency. Today’s threats require more complete IAM capabilities, such as advanced lifecycle management and granular access controls.

Healthcare organizations face specific challenges with their highly variable workforce, which includes not only doctors and nurses, but also students, patients, and many other types of users who access their systems and data. Furthermore, telemedicine, patient access to information, and the resulting need for Patient Access Management — all require thorough control over an increasing number of identities and an ever-growing number of complex access entitlements. Dealing with that complexity in managing identities and access requires a well-thought-out IAM solution that supports these specific requirements.

In order to protect access to sensitive data and assets, IAM must become the cornerstone of IT infrastructure and security strategy in healthcare organizations. Restricting and controlling access requires focused protection, down to the granular level of patient records. It’s about enforcing the principle of least privilege by granting the exact level of access required, at the right time—and nothing more—while still accommodating healthcare-specific use cases, such as controlled emergency access.

Automated provisioning and de-provisioning of accounts, management of access entitlements, audit and governance, and granular access controls are all essential IAM capabilities for modern healthcare IT. IAM solutions can also add additional layers of protection to sensitive data and systems with Multi-Factor Authentication (MFA).

In fact, electronic prescription of controlled substances (EPCS) regulatory requirements require secure, two-factor authentication (2FA) for the prescribing of controlled substances. By using flexible authentication methods, such as fingerprint biometrics and one time passwords (OTPS), clinician identities can be quickly verified, while enhancing patient safety. 

Equally important, IAM solutions are built to balance business requirements with the level of security and access control needed to comply with regulations, such as HIPAA and HITECH. Common elements among many of these regulations are the need for strong authentication, sophisticated access control to data and applications, and an established audit trail of user activities. Without IAM, meeting these requirements can be a change with failure to comply potentially leading to heavy fines and irreparable damage to patient trust.

Identity and access management as cybersecurity gatekeeper

The healthcare industry is complex. Patients expect prompt yet thorough care while trusting that their records are safe and secure. At the same time, healthcare organizations are under mounting pressure to ensure compliance to strict federal, state and municipal government regulations while facing a multitude of a cybersecurity threat. 

IAM in many healthcare organizations is still a technical, administrator-driven set of capabilities, delivered by a multitude of disparate toolsets. This tact must shift to an integrated approach that optimizes user experience while meeting security and compliance needs with advanced IAM capabilities that deliver efficient and convenient user experience while lowering administrative burden and driving organizational effectiveness.

James Litton, CEO of Identity Automation

With more than 29 years of experience in enterprise technology software and systems, James has led teams as an executive living and working in North America, Africa, Europe, and throughout the Asia-Pacific region. Immediately prior to joining IA, he was the Head of IT for Cray, a global supercomputing company. James joined Identity Automation as its Chief Executive Officer in 2007 and led the company to success as a consulting services firm and has since guided the company through its rapid and successful transformation into the highly profitable, high-growth software products company it is today.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity, EPCS, Healthcare Data, Healthcare Data Breaches, healthcare it, HIPAA, hitech, medical records, Patient Access, patient safety, risk, telemedicine

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |