There is a growing movement in healthcare to apply identity-based standards to help mitigate risk, simplify the end-user experience and ease integration between systems.
These topics were themes I picked up at the recent Healthcare Information and Management Systems Society (HIMSS) annual conference in New Orleans, where health IT is the focus and the three-million-square-foot show floor proved so massive that I nearly had to seek medical attention for my aching feet.
In discussions with IT solution providers and healthcare delivery organizations (HDOs), which can range from hospitals to clinics to kidney dialysis centers, some of the main topics, not surprisingly, were security and privacy. Time and again we talked about how technology mega-trends around mobile, social and cloud are increasing the challenges of protecting and sharing electronic Protected Health Information (ePHI).
ePHI is the individually identifiable health information that is governed by the U.S. Healthcare Insurance Portability and Accountability Act (HIPAA).These three trends have lowered the "fortress walls" and increased compliance risk, a concern that has surfaced in health IT.
Current identity and access management architectures are rushing to address these compliance needs, but are not completely there yet. Chatter at HiMSS '13 was around industry standards, such as the Security Assertion Markup Language (SAML) and OAuth, which relates mostly to federated identity and cloud single sign-on.
At the conference, I heard three solid reasons why healthcare organizations are focused on the need for standards.
First, standards contribute to improved identity-based security that mitigates risk of data breaches:
Standards help reduce the number of passwords versus insecure practices that might hide or even replicate passwords. Centralizing access using a single set of secure credentials for all apps, not only reduces help desk costs, but also reduces the risk that passwords will be lost or stolen.
Standards eliminate the ePHI exposure by using token-based secure authentication. This helps HDOs build trusted relationships and share information to improve patient care. Along with the interoperability promises of CommonWell there is great hope for unlocking silos of patient data and fostering visibility across the care continuum.
Second, nearly all of the HDO's current systems are not able to provide end-users with a cost-effective, secured credential that can be presented across hosted or web-based applications running anywhere on any device. Nowhere is this end-user led crusade for a more versatile credential more evident than the BYOD trend, which is clearly on the mind of HDO IT departments.
Third, integration is easier between systems that are based on standardized protocols and technologies, which helps avoid costly and oftentimes, one-off projects.
Standards-based identity offers healthcare additional security needed to safeguard inherently private and sensitive information, share it responsibly to improve patient care, and meet increasing demands of its workforce and business partners. Let me know how your healthcare organization is tackling this topic. Use the comment section below or follow me on Twitter at @bowerslinda