Wes Wright, CTO at Imprivata If you work in healthcare, chances are that the COVID-19 pandemic forced you to quickly scale up or move staff around to manage the onslaught of patients. The demand for clinicians and support staff grew alongside the spread of the virus, making organizations add clinicians or reassign employees with new or modified roles: Ambulatory nurses went down in the Emergency Department or Isolation Ward, revenue cycle folks started doing transport, and so on. In some cases, former staff or retired workers were called back to help with the surge. In the midst of these time-compressed changes, organizations remained rightly focused on their number one priority: patient care delivery. In the background, IT professionals were struggling to manage the slew of new digital identities while ensuring fast-access to new applications, workflows, and devices to accommodate remote work. Giving clinicians this access meant having to quickly provision and deprovision access during the staff ramp-up. Inevitably, access became a problem – whether to the systems or applications needed to do their jobs. In worst-case scenarios, organizations had to balance security and compliance with the delivery of healthcare services to patients. Security protocols were also compromised – a trade-off that should never have to happen.
Pandemic Spotlights Needs for IGA In response to the identity management challenges presented by the COVID-19 pandemic, healthcare IT organizations that had and Identity Governance Administration (IGA) systems came to the rescue. Those that didn’t, well….. IGA systems provide a fast, reliable way to manage digital identities through provisioning, governance, risk and compliance, and de-provisioning for healthcare workers who need access to workstations and applications. This is even more so the case in a crisis environment. A recent study conducted by Forrester Consulting found that an automated system helps organizations manage, streamline, and secure transactions across hypercomplex ecosystems of healthcare users, locations, devices, and locations. What’s more, according to Forrester, automation also saves time and money and results in a higher quality patient experience.
Fact is, even in the normal times, healthcare organizations rarely excel at tracking personnel moves, especially the adds and changes due to the time and system constraints often involved. That leads to what I call a “stacked shares” situation. These typically involve a person with decades of experience in your organization who has worked in multiple administrative or clinical areas within the organization and has access to about 80 percent of your network shares because she/he was never deprovisioned from ANY shares. In these instances, the network shares just kept getting “stacked,” one on top of the other. That’s probably exactly what happens during the COVID-19 pandemic as people move around to adapt to the ongoing crisis.
Another unexpected challenge created by the pandemic relates to furloughs. What is your healthcare organization doing with them? Are you disabling and then re-enabling accounts? Re-provisioning when/if they come back? What if they’ve come back but in a new role? Again, the “stacked shares” situation arises. You will likely regret it if your organization doesn’t have an automated IGA system to help you keep track of these movements through an integrated GRC system.
Moving to a Remote WorkforceCOVID-19 forced many healthcare organizations to rapidly accommodate a remote workforce. Only a few departments worked remotely before the pandemic, so routers, network, architecting, and bandwidth all had to be upgraded. Most health systems also required additional licensing to successfully ramp up services. Above all, the priority was to prevent any serious disruptions for clinicians.
Here again, health systems faced the challenge of balancing usability with security concerns. Tools like Zoom and Microsoft Teams proved useful, but they created additional risks including diminished safety of our healthcare workers, cybersecurity intrusions, and hacks – like theft of PHI, ransomware, and more. IT staff had to ensure the security of both the devices and the platforms being used, which is also easily managed by solid IGA systems.
In these cases, IGA systems analyze login data in real-time via Login Activity reports. They weave digital identity and access management, single-sign-on capabilities, and governance into workflows to strengthen security without compromising care delivery. This includes remote identity proofing to enable electronic prescribing of controlled substances (EPCS), as well as ensure compliance with DEA regulations while avoiding in-person interactions. We will no doubt be living in a world of both in-person and remote healthcare for some time given the COVID-19 crisis. One lesson we already learned from the big experiment we just completed is that healthcare organizations benefit from having an IGA system in place to help balance their healthcare delivery, efficiency, and safety, as well as security and compliance. Implementing an IGA strategy no doubt makes it easy for clinicians to securely and seamlessly transition between workstations and applications and have their identity follow them.
About Wes Wright
Wes Wright is the Chief Technology Officer at Imprivata and has more than 20 years of experience with healthcare providers, IT leadership, and security. Prior to joining Imprivata, Wes was the CTO at Sutter Health, where he was responsible for technical services strategies and operational activities for the 26-hospital system. Wes has been the CIO at Seattle Children’s Hospital and has served as the Chief of Staff for a three-star general in the US Air Force.