Digital identity 101: Transforming Healthcare with Digital Identity

eHealthNews.nz: Information Governance

Digital identity 101: Transforming Healthcare with Digital Identity

Tuesday, 8 November 2022

Share |

FEATURE - Industry Innovation Article - Imprivata, Wes Wright, Chief Technology Officer

Wes Wright, Chief Technology Officer, Imprivata explains digital identity concepts to help IT and security professionals initiate or mature a digital identity strategy for healthcare organisations, to drive security, audit and efficiency improvements.

New challenges from the digital transformation of healthcare

“Meaningful digital transformation requires a robust interpretation, implementation and management of ‘digital identity’.” – Gartner

The ongoing digital transformation of healthcare is dramatically reshaping how services are delivered. Simplifying and enhancing the experience for patients and healthcare professionals is now possible, but this must be supported behind the scenes by an increasingly sophisticated IT environment safeguarded by a digital identity strategy. The increased use of cloud services, mobile devices and the Internet of Medical Things (IoMT) by hybrid workforces offers amazing opportunities, but also poses a range of new workflow, security, and compliance challenges.

Maintaining trust and security are key at a time of growing cyber threats. Ransomware, phishing attacks, and data breaches can disrupt healthcare IT systems, detract from patient care, tarnish reputations, and prove financially disastrous. The cost of healthcare data breaches is the highest in any industry.

Traditional security models are no longer fit for purpose
Perimeter-based security models have been used for many years to defend enterprise network boundaries and protect conventional on-premise IT infrastructure from external attacks. Such models are not suited for the digital era where new security risks arise from cloud services, digital workflows, mobile devices, and an increasingly decentralised workforce. Digital identity has now become the vital factor in keeping healthcare organisations secure.

Identity-centric Zero Trust security models are needed to protect new healthcare IT environments and today’s hybrid workforces. In this new ‘perimeter-less’ security environment, the right users are granted the right level of access to the right resources at the right time based on their unique digital identities.

Zero Trust - Security fit for today’s diverse healthcare infrastructure
Conventional security models were conceived to defend traditional enterprise network borders and safeguard on-premises IT infrastructure. Today healthcare applications are hosted in public and private clouds, not just in-house data centres. Healthcare professionals increasingly access cloud-based applications and software-as-a-service (SaaS) solutions both on-premises and from beyond hospital walls, often bypassing enterprise networks altogether.

Remote users and cloud infrastructure are prime targets for cyber criminals. Simply verifying a user’s credentials as they enter a fixed system perimeter and then granting wide access to applications and data, leaves organisations open to bad actors who, once through the door, can jump from system to system exploiting weak internal walls. A Zero Trust model enhances security by assuming every user and every device remains a potential threat which must be continuously authenticated and authorised regardless of network or location.

Unlike traditional perimeter-based security architecture, a Zero Trust model:
• Protects against both internal and external threats
• Secures hospital-owned and employee-owned devices
• Protects on-site, remote, mobile, and third-party users
• Safeguards on-premises and cloud-based infrastructure and data

You can assess how your current cybersecurity protocols align with Zero Trust principles by reviewing this checklist: https://intl.imprivata.com/resources/datasheets/zero-trust-checklist.

Digital identity is the foundation of modern healthcare systems
Digital identity is the cornerstone of a Zero Trust security model. Every human user and piece of technology needing systems access, including mobile and medical devices, is assigned a distinct digital identity. This comprises a unique set of identifiers and entitlements. With a Zero Trust approach, digital identities are continuously authenticated and authorised granting the right access, to the right resources, at the right time.

A Zero Trust approach utilising digital identities defends against cyberattacks and data breaches and streamlines workflows by confirming a user’s identity digitally rather than requiring them to manually log in and out of systems with different user IDs and passwords. Digital identity is the new control plane that enhances security and enables efficient processes and workflows across today’s digital healthcare organisations.

One NZ District Health Board, using Imprivata technology, reduced 90 second login times requiring different user IDs and passwords to access each system, down to 5 seconds to switch safely between applications by simply tapping a Digital ID card. This user benefit meant clinicians rapidly embraced the new technology as the advantages for them and their patients were obvious. Over a sample period of three months 3,200 hours of clinician’s valuable time was saved through more efficient access to systems.

Digital identity: The passport for user access
A digital identity is the electronic equivalent of a passport and an entry visa. It positively confirms a user’s identity, precisely defines their distinct rights, and records their activities. Just like a passport, a digital identity is portable and universal. A user leverages a single digital identity to access any healthcare IT application or system, from any location, using any device.

User roles and access rights are fluid in today’s dynamic healthcare environments. A healthcare professional might work as a nurse on a ward for one shift, then assume a supervisory role with a different set of rights on another shift. A resident might rotate hospitals or disciplines from month to month and require access to different systems and applications. The user’s access privileges are governed by their digital identity and can be modified or revoked at any time by the organisation’s security administrators to accommodate a user’s changing role within the organisation.

Digital identities also make it simpler to onboard, reprovision and deprovision employees, and to control access for agency and temporary staff. This further tightens security as redundant, temporary and generic user IDs, which make organisations more vulnerable to breaches, can be rapidly removed.

Crafting your digital identity strategy
Formulating a digital identity strategy – which includes defining functional requirements; identifying Identity Access Management solutions; and devising an implementation plan – is best broken down into smaller phases to make it more manageable, and can be achieved by means of the Imprivata Digital Identity framework which covers:
• Governance and administration
• Identity management
• Authorisation
• Authentication and access

Implementing a Zero Trust architecture is a process, not an event, with digital identity at its core. It is important to develop a phased, risk-aligned plan that addresses the most-pressing security needs as soon as possible. Additional capabilities can then be introduced incrementally to further strengthen security. At Imprivata we have the skills, experience and solutions needed to help healthcare organisations ensure a smooth transition.

For more information about the Imprivata Digital Identity Framework visit: https://intl.imprivata.com/digital-identity-framework.

To assess the maturity of your digital identity strategy, contact our local expert, Pete Savvides psavvides@imprivata.com, Regional Sales Manager, Imprivata.