Sign In | Join HiNZ
eHealthNews.nz: Workforce

My View - Right-sizing identity for a workforce that doesn't fit the org chart

5 hours ago  

VIEW - Fellow of HiNZ Samuel Wong

Samuel Wong, Fellow of HiNZWhen a New Zealand doctor certifies a death online tonight, whose identity are they signing with? Increasingly, the answer is a personal RealMe account, registered against a Gmail address. That single fact of using personal identity details for a work function exposes almost everything unresolved about identity in our health workforce. 

The identity problem 

Our health sector has an identity problem, and behind it, a problem of trust and choice we have been slow to name. Count everyone supporting health, social and disability services, and over a million people keep it running. Yet in an era of hyperscale cloud, where clinicians reach clinical tools from anywhere, how we verify who someone is has not kept pace.  

Employers are left choosing between rigid corporate boundaries and security risk, while users get no trusted, portable option that fits how they actually work. 

The conventional answer is an enterprise identity: an employer-issued account, on an employer domain, governed by employer policy. It is tidy on a slide, but does not survive contact with the workforce. 

Consider what the system records. Of 14,623 facilities in the Health New Zealand Facility Code Table, 6,278 publish a contact email, and only 3.5 percent use a public-sector or institutional domain.  

More than 41 percent rely on public webmail with Gmail alone accounting for 23.3 percent. Nearly 56 percent are generic role accounts such as reception@, admin@ or info@ rather than a named person.  

Look through the other national directories and the same story applies.  

Community midwives make the point starkly: of 1,866 with a listed email, around 90 percent use public webmail. This is not negligence. For a self-employed, mobile workforce, it is a structural necessity, because no single corporate identity describes their working life. 

This is the dual-use reality we rarely admit. For much of our frontline, the personal email is the professional email.  

RealMe entrenches it: to certify a death or look up the NHI, a practitioner logs in with a personal, verified identity bound to a personal email and phone.  

A lifetime identity carrying immense legal weight sits on a consumer account, because the system offers no professional alternative that the user can trust. 

And the person-centred anchor we claim to lack already exists; we simply do not use it.  

The enterprise paradigm 

Every practitioner's responsible authority communicates with them about their annual practising certificate on a professional email tied to their registration and qualifications, independent of any employer. That address outlives individual contracts and could become the basis for a portable credential. 

The enterprise paradigm assumes one worker, one employer, one mailbox, for a whole career. The real workforce holds several roles at once, moves between providers and locums, retires and returns.  

Bind identity to an employer, and every change spawns a new credential and an orphaned old one. The hidden bill is unending governance and reconciliation. Re-provisioning is worse as when a worker returns, access is often rebuilt inconsistently. 

Federation is the usual fix: let each organisation trust the others' identity providers, but it inherits the same assumption. Federation links employer identities; it does not give the individual one. Midwives on Gmail stay invisible.   

What we need is a single identity in a specific sense: single to the person, not the employer. One portable identity a worker carries across a lifetime, to which jobs attach and detach as circumstances change.  

Government wallets and verifiable credentials will help, but the technology is the easy part. 

Right-sizing identity  

The harder part is responsibility, and it runs both ways.  

The system must stop designing identity around the employer of the day. Other jurisdictions use national federated ID wallets (EU), sponsored visas or national-issued IDs (e.g. Australia), something we are not permitted to do by the Privacy Act 2020 unique identifier IPP 13 rule.    

We need an identity layer that follows the clinician, supports multiple affiliations, treats role changes as routine, and keeps recovery humane when someone leaves, changes name, or returns. 

But the worker carries obligations too. Because a sole trader's personal email is, in practice, their professional access point, the realistic control is to secure that access point, not mandate a mailbox nobody can afford.  

Multi-factor authentication on a personal device is not a loophole; it is the baseline, especially for the casual-roster or bureau health worker who may never receive a managed device.  

Modern, phishing-resistant sign-in and current recovery details are a personal duty. Owning an identity for a lifetime is a privilege that comes with practice. 

None of this is fixed by another procurement over the same flawed assumption, it is fixed by deciding whose identity this is, and giving employers and workers the tools to protect it together.  

Today, identity belongs to whoever set up the Gmail account. We can do better.  

Right-sizing identity is not about giving everyone the same account, it is about giving every person one identity worth keeping, and asking them to keep it well. 

 
If you want to contact eHealthNews.nz regarding this View, please email the editor Rebecca McBeth.

 

Read more VIEWS

Return to eHealthNews.nz home page

« Back to Index

Contact Us

Health Informatics New Zealand

PO Box 300125,
Albany, Auckland 0752


assistant@hinz.org.nz

Quick Links

Social Media

Search