1 Introduction
The healthcare industry is facing change and pressure in the age of Digital Transformation and ever-increasing cyberattacks. While some challenges that healthcare organizations face are the same as in other industries, many are specific to healthcare, such as Electronic Prescribing for Controlled Substances (EPCS) or the US’s Health Insurance Portability and Accountability Act (HIPAA) regulations.
In order to protect access to sensitive data and assets Identity and Access Management (IAM) must become a cornerstone of IT infrastructure in healthcare organizations. Restricting and controlling access allows for focused protection down to the granular level of patient records. This requires a comprehensive IAM solution that goes well-beyond pure Single Sign-on (SSO) to support all types of users and devices and enable seamless, yet secure, access to all types of applications and data.
In KuppingerCole’s view, IAM was originally a tool whose primary purpose was to prevent unauthorized access to secure resources. With a traditional focus on access administration, the IAM core technology evolved to include Identity Provisioning, as well as essential capabilities to authenticate, authorize, and audit.
The next generation of IAM solutions not only tried to prevent unauthorized access to resources, but also added the ability to detect it. As such, Access Governance with a focus on administration with business participation became a core IAM technology. The ability to detect unauthorized access was, in part, due to integrations with Security Information and Event Management (SIEM) products that were making their way into the market.
In this latest iteration, IAM built upon this ability to prevent and detect by adding the ability to respond to security threats. Many IAM technologies now include Access Analytics and Intelligence. Access Analytics makes it possible to perform analysis of historical data and uncover trends and patterns that can be used to improve decision-making processes. On the other hand, Intelligence gives the ability to make access decisions that can be acted upon based on these patterns and trends. Together, Access Analytics and Intelligence provide the ability to not only detect, but also to respond to unauthorized access attempts.
These new capabilities help to not only fulfill business requirements, but also those associated with governance, compliance, and administration. Integrations with Adaptive Authentication & Authorization, Real-Time Security Intelligence, Software Defined Environments, and Privilege Management also need to be supported by today’s IAM solutions.
In regards to the healthcare industry, identity management solutions must also integrate with major healthcare applications and support the industry’s specific SSO challenges. For example, doctors and nurses who use shared terminals require quick access when switching accounts.
There’s no doubt IAM is essential for healthcare organizations – and when executed properly, IAM successfully mitigates security and compliance risks, supports efficiency in daily work, and enables Digital Transformation across the organization.
Identity Automation is a provider of both on-premises and cloud-based IAM solutions (Identity as a Service, IDaaS), with a specific focus on the healthcare industry. Identity Automation delivers a comprehensive IAM solution for healthcare that spans all core IAM capabilities, including Identity Lifecycle Management, Access Governance, Multi-Factor Authentication, and Single Sign-On. Identity Automation also delivers integration into major healthcare industry solutions, such as Epic, Cerner, and Meditech.