Measuring Digital Identity and IAM Maturity to Advance Digital Initiatives in Healthcare

Introduction

Imprivata recently hosted a thought leadership roundtable with digital health leaders working in the NHS in England. Under consideration was digital identity as it relates to healthcare, challenges in identity and access management (IAM) maturity, and national policy developments around a national framework, including securing funding for the implementation of IAM.

CHIME President and CEO Russell Branzell moderated the roundtable. Contributing to the discussion were Imprivata representatives Gus Malezis, CEO, and Mark McArdle, Chief Products Officer.

Thought leadership roundtable participants:

• Andrew Raynes, Director of Digital and CIO, Royal Papworth Hospital NHS Foundation Trust
• Laura Mumby, Head of EPR, The Rotherham NHS Foundation Trust
• Stephen Koch, Executive Director of Platforms, NHS Digital
• James Rawlinson, Director of Health Informatics, South Yorkshire and Bassetlaw Integrated Care System

Summary

In today’s evolving healthcare environment, advanced technology has the potential to drive efficiency, deliver higher quality care, and open opportunities for new ways of working. But increasing digital engagement and data sharing brings new challenges, especially in the security measures required to protect sensitive data while providing efficient access. Now, more than ever, healthcare providers require a robust strategy for Identity and Access Management (IAM).

This roundtable discussion focused on exploring the ways in which digital identity technologies can shape an organization’s overall digital strategy, particularly with regard to winning staff adoption and understanding of digital health solutions.

Understanding Digital Identity in Healthcare

Roundtable participants discussed what digital identity means in their organizations as well as the most common challenges that the lack of a unified approach to IAM causes to healthcare professionals. A consensus emerged that defined digital identity as people having the access they need to healthcare systems in an efficient, compliant, and secure way. This works best when one person has a single digital identity that works across systems, organizations, applications, and locations.

“Digital identity is about ensuring that the right staff have access to the right systems at the right time,” says Andrew Raynes, Director of Digital and CIO, Royal Papworth Hospital. “The speed of access to the right systems is a critical time efficiency for staff. We need to make sure that it’s authentic— that they get access to the right systems and the right privileges.”

Laura Mumby, Head of EPR, The Rotherham, explained the overall concept of digital identity and the primary problems associated with a lack of a clear identity for each healthcare worker: “So we call it digital identity but really, it’s usernames and passwords to multiple different systems. There’s no single way of somebody knowing what my identity is that allows me to then access all these digital systems with that one mechanism, which is the first step to how our end users access our systems. So, we start off with a bad experience by having all these multiple ways to access the data, the systems. And it’s just not slick. It’s very, very outdated.”

Leaders discussed how vital it is to patient care that healthcare staff can access systems quickly and efficiently from anywhere. Whether a clinician is at their primary hospital, at a clinic, or at home, they need to access the systems that support their work swiftly and easily, while also doing so securely, to provide quality patient care.

Identifying Key Challenges to IAM Implementation

While roundtable participants agreed on the need for a comprehensive framework and strategy to digital identity and access management, they also brought up the hurdles that have so far hindered a successful implementation of IAM. Participants also agreed that digital maturity is low as it relates to implementation of IAM at their organizations, and there is debate on whether a full rollout would be best at the national, regional, or local level. Some of the primary challenges mentioned to developing and implementing a unified approach to IAM across the NHS in England are:

• Multiple healthcare systems (legacy, cloud, outdated applications)
• Lack of communication/connectivity between systems
• Systems created by multiple vendor organizations
• Frustration for staff due to multiple access usernames and passwords
• Logging into systems from various locations
• Device sharing
• Availability of funding for IAM solutions
• Lack of understanding of benefits of IAM at Trust level

Stephen Koch, Executive Director of Platforms, NHS Digital, noted, “There is not really a single digital identity. We have lots of digital identities for each staff member, which I think leads to burden and frustration, and ultimately it also increases our cyber risk.”

The development of a single digital identity for individuals supports improved workflow, better job satisfaction and more efficient patient care. Every Trust has multiple information systems in operation and the ability to use a single sign-on to access these systems is a fast route to productive and safe care.

The role of NHS in the Development of a Framework and Implementation

NHS Digital and NHS England and Improvement have both introduced improvement initiatives in this area in recent years. Individual Trusts and now ICSs must prioritize and fund these improvement projects for them to start to make a difference. There was recognition that as NHS managers respond to immediate financial pressures and increased patient waiting times, IAM may not be prioritized unless CIOs make it part of core business.

There are a lot of healthcare technology and initiatives to focus on at any given time, and nationally, digital identity is not getting the attention it deserves. How do you sell identity management as a product and continued focus for the NHS?

Time Savings for Healthcare Workers

A large benefit that could be quantified is the time savings for healthcare staff. Single identity could give back significant time to doctors and nurses who currently must log in to multiple systems and remember various usernames and passwords. With a single digital identity, they could rapidly and securely log in to all their systems, getting access to workflows they need, freeing up time to care for patients.

Andrew Raynes, Director of Digital and CIO, Royal Papworth NHS FT suggested, “What people would pay attention to is this: take an organization, then work out how many doctors and nurses are in it. What would the time savings be for clinicians that such a product is going to deliver? I think that’s where the conversation is going. Investing in technologies that improve working more efficiently will also improve working conditions for staff which supports our recruitment and retention efforts”.

Cybersecurity Risk Reduction

Having a single digital identity across organizations, locations, systems, and applications would greatly reduce cyber risk. Access would be trackable and easier to grant and deny, and permissions could be easily updated and changed.

Rapid Access Improves Health and Care

Access to systems that healthcare workers need is pivotal to providing patient care. Ultimately, successful development of a single digital identity and implementation of IAM would result in better patient care and could even save lives.

Lifecycle Management

Round table attendees recognized the challenges scaling an IAM strategy across the NHS in England, and discussed using the existing Electronic Staff Record as the basis for developing a lifecycle management system for digital identity. “If you’re going to plug into something, prove that you can plug into that. I imagine it would be easier [to convince the NHS as well as to implement a single digital identity product,” responds James Rawlinson, Director of Health Informatics, South Yorkshire and Bassetlaw ICS.

Imprivata representative Mark McArdle, Chief Products Officer, pointed out that without digital identity, you can’t really secure an organization’s infrastructure. You must be able to identify users and grant or deny access permissions based on accurate identification.

James Rawlinson shared his belief that cybersecurity could be the approach to convincing the NHS to prioritize digital identity and increase IAM maturity in this area: “We talk about cyber, and I agree with what colleagues have said about fitting identity into that sort of context is really, really important.”

Conclusion

All participants agree that measuring digital identity and IAM maturity are primary concerns in healthcare that need to be addressed to better improve the workflow of healthcare staff and patient care. Any strategy should take into consideration efficiency, compliance, and security issues.

Imprivata representative Mark McArdle, Chief Products Officer, proposed one approach could be having CIOs come together to develop an overarching strategy to digital identity management and then bringing on vendors they trust to develop a product that could work on a larger scale across organizations.

A greater national approach may be needed in implementing a framework and developing a strategy because of the primary challenges noted: multiple systems including legacy systems, lack of communication and connectivity between systems and organizations, integration issues, financial challenges, and security issues related to multiple logon locations and shared devices.

DOWNLOAD PDF

This thought leadership article is brought to you by Imprivata.