Identity and Access Management – how does it benefit healthcare providers?
Two critical challenges to the implementation of Health Information Technology (HIT) — including electronic health records — are protecting the privacy of personal information and providing simple, efficient ways for providers to use HIT in the fast-paced workflows of healthcare. The public is concerned about privacy of data — reports of hospitals and other organisations accidentally releasing personal information of customers, employees, and members are common. At HIMSS 2011, Dr Farzad Mostashari, the US National Coordinator for Health IT, described addressing the privacy problem as critical to his multi-billion dollar mission of expanding the use of HIT.
Simultaneously, as more and more health systems from Australia to Europe implement HIT, projects stall and even fail because physicians, nurses, and other providers demonstrate that certain technologies slow them down or become too distracting for safe and efficient use while treating patients. Many health systems turn to identity and access management technologies to better address both the privacy concerns of the public and the workflow needs of providers.
The HIV/AIDS epidemic, the passage of health information privacy laws in many countries, and the rapid growth of the electronic exchange of personal information irreversibly elevated the importance of Identity and Access Management (IAM) in healthcare for regulators, privacy advocates, and the lay public. IAM requires:
- Security — prevent unauthorised people from accessing patient data.
- Privacy — prevent the use or release of patient data inappropriately.
- Efficiency — enable authorised people to appropriately access and use patient data quickly and easily.
Security and Privacy are healthcare IAM requirements by law, but Efficiency is a healthcare IAM requirement for busy physicians, nurses, and other providers who care for patients in the fast-paced and high-stress world of healthcare.
The trained healthcare professional must be able to focus on patient care without the burden of encumbering technologies that introduce confusing or slow workflows, including IAM solutions. The deployment architecture of HIT in most contemporary health systems, involving multiple applications, shared thick and thin client workstations, and task-focused, short user-sessions, prevents many non-healthcare IAM solutions from meeting these criteria.
The IAM lifecycle is a continuous loop of: identify, provision, authenticate, control, and audit. Identify means to make sure that the individual who presents to a health system is who they say they are. Typically, health systems address identification at the point of hire or credentialing, such as when a nurse applies for a position. Health system ID cards are typically provided to staff for future visual identification; a username is provided for identification in HIT. Once identified, a person is awarded privileges, possibly a role, which typically permits certain functions and restricts others. The newly hired nurse may be assigned the tasks of distributing medications to patients but not to perform surgery; additionally, he may be provisioned and account to access the health system’s email and patient laboratory test results in information systems, but not order medications. When the nurse arrives for work, he identifies himself with his ID card which contains a photo of him; when he uses hospital information systems, he types his username and a password, or perhaps scans a fingerprint; the photo ID, the password, and the fingerprint reader enable him to authenticate, to prove that he is who he says he is.
Once the nurse has been identified, provisioned, and authenticated, his actions within the health system must still be controlled. Applications can offer varying roles of different privileges and capabilities — the nurse may have access to restricted medications in a dispensary but not the ability to order intravenous fluid. Once an individual is properly identified and authenticated, the actions taken within information systems must also be able to be audited. Audits in healthcare frequently require answers to five basic questions:
- Who had access to patient information?
- What information did the person access?
- Where was the person when accessing the information?
- When did the person access the information?
- Why did the person access the information?
A health system might perform an audit of information access to affirm or refute a violation of an IAM policy or process, to create utilisation reports after staff training, or simply to reinforce to staff that use of HIT and access of patient information can be audited. Audits identify violators of policies as well as weaknesses in processes and technologies. An IAM system is only as strong and complete as the processes in place to support the system and the staff who implement the policies. Of critical importance is creating IAM policies and processes that support the care of patients by providers; a flexible IAM approach which enables, or enhances, quality healthcare delivery while safeguarding patient information is more important that a foolproof IAM approach that overburdens providers.
There are several characteristics of healthcare that differentiate it from other sectors:
A key differentiator in healthcare, unlike other industries, is that the customer really does come first. On a regular basis in all health systems, policies and procedures are broken to address a critical need for patient care — IAM is no exception. If a physician needs emergent access to patient information that would not be available under routine processes (i.e. access to psychiatric notes or medications during treatment in the Emergency Department), there must be a way for the physician to access this information. Effective IAM solutions will, in balance, create an event log for later review.
Health systems often depend on employed staff, affiliated staff, students, and even volunteers for many tasks. Usually, many different offices maintain different databases to track these varied individuals, which impedes the monitoring of all persons who deliver care and access patient information. Additionally, some staff may be transient (i.e. students and trainees) and others might start on minimal notice (i.e. new hires and temporary nurses). An IAM system must be flexible enough to support the staffing requirements of health systems, easy enough to be used by transient staff, and robust enough to be effective.
Unique workflows are the failure point for many HIT projects. As more HIT projects require providers to enter documentation or orders for a patient, rather than just reviewing results or information about a patient, applications and systems need to link the provider to the work performed. Signing on to multiple applications and searching them all to find information on the same patient slows down a busy provider and can be confusing. Spending 30-60 seconds to sign on to an application when the provider only needs to use an application for 1-2 minutes to check a test result or enter an order, before moving on to another computer at another patient bedside, is not feasible.
The healthcare focus on patients and team care contribute to the shared access to patient information that occurs in many health systems. Providers share access to patient records with colleagues to facilitate care, usually so a colleague can save time and avoid having to sign on to an application. Once providers enter computerised orders or documentation in applications for patients, sharing access creates new problems. Privacy regulations in most countries also prohibit such practices.
A great opportunity for healthcare IAM is to implement technologies that improve access and workflow for providers while simultaneously improving the security and privacy of patient information. IAM technologies have become main stream in many healthcare markets, making it easier for health systems and their providers to ‘do the right thing’, or implement more HIT (improving patient care and organisational efficiency) and further strengthening the protections for patient information security.
"To change something, build a new model that makes the existing model obsolete." [R. Buckminster Fuller]
Single Sign-On, or SSO, offers the ability for a person to access any combination of applications as authorised by a secure credential repository with only one set of credentials. For example, a physician approaches a workstation in an ICU, types in one username and password, and has access to all the necessary applications to care for patients without needing to log in again. Reducing multiple usernames and passwords to one eliminates the need for users to record these items in insecure ways, a major security risk in most organisations. With SSO, health systems can effectively implement strong passwords, since users only need to remember one password for all application access. Equally important in healthcare, robust SSO solutions ‘single sign-off’ all open applications when a user completes a work session, preparing the workstation for the next person to use and protecting patient data.
Strong authentication requires a user to present ‘something you have’, such as a token, during the authentication process. Typically the token is combined with a password or ‘something you know’ for enhanced security. Smart Cards, RFID cards (including many organisation ID badges), number generating tokens, and biometric scanners are examples of strong authentication that can be integrated into the IAM workflow. The challenge is to balance the security added by strong authentication with the workflow impact of the technology — in ideal circumstances, adding strong authentication both increases security and makes it easier for people to use HIT. Combining strong authentication with SSO, providing grace periods whereby access is continued across multiple devices if a strong authentication device is used, are examples of how provider workflow can benefit while security is enhanced.
Context Management offers a solution to the complex navigation and potential safety risks of providers using multiple applications when treating patients. Context Management enables a user to select a patient or other information focal point (e.g. diagnostic code) in one information system and to have all other applications synchronize on the same patient (or code). In this manner, Context Management reduces the work of finding a patient’s information across applications and prevents the error of accidentally selecting different patients in multiple applications when reviewing a single patient’s information. Combining SSO and Context Management offers a visual integration of patient information across multiple applications — presenting multiple applications as one larger system with enhanced security and usability. Again, providers gain workflow benefits and patient data becomes more secure.
Provisioning solutions automate and streamline the creation and management of user identities and their corresponding application accounts. Advanced solutions use messaging systems, workflow engines, and customisable rules to automate and expedite the approval processes and workflows which accompany these tasks. These processes must be able to be audited in an automated and efficient manner. Effective healthcare provisioning solutions must provide flexibility in delegating the decision processes for providing access to applications and patient information, reflecting the varied, decentralised decision making processes for professional privileges and staffing that exists in most health systems.
Implementing IAM in healthcare is similar to implementing change and technology in other environments — the likelihood of success is directly related to how much pain the original problem causes the targeted user as well as to the user’s perception of the value of the new technology and processes being introduced. Technologies that will be used by providers, especially those that change how providers interact with patients or patient information, must be championed by providers for broad adoption. Whether individual providers, Chief Medical or Nursing Officers, of Medical Informatics Officers should lead IAM efforts depends on the health system’s local needs and culture. However, the absence of interdisciplinary leadership across IT and clinical divisions is a common cause of failure in healthcare IAM initiatives.
As health systems begin to exchange data with neighbouring, and sometimes competing, entities, new questions appear about IAM. Is patient data effectively protected if it is shared by two hospitals that have different IAM policies or technology safeguards? Do the same IAM solutions that work in a single health system offer adequate protection if deployed across a region or loosely aligned independent health systems? As we safeguard patient data, including our own, while we simultaneously ask our providers to improve both efficiency and quality of care, we will need to continue to expand the function of our solutions to address these challenges.
The content is based on my chapter in "Introduction to Medical Informatics" and other talks and articles I’ve authored.
Dr Jonathan Leviss
Clinical Solutions for Microsoft Health Solutions Group
Jonathan Leviss, MD, is the Director, Clinical Solutions, for Microsoft Health Solutions Group, and an internist at the Thundermist Health Center in Rhode Island. In his current role at Microsoft, Dr Leviss leads a clinician subject matter expert team to develop and deliver marketing and sales support for technologies and services that are core to the Health Solutions Group.
Posted in Australian eHealth