a good thing!
Sharp HealthCare's Successes Along the Digital Identity Path
As Manager of Web Development for Sharp HealthCare, I am excited for the opportunity to share at IDENTIFY how Sharp leverages the Ping Identity platform to enable the digital component of our Sharp Experience. I hope that you will find the insights and experiences we gained from our journey informative as you look to leverage identity to provide a greater level of customer engagement in your own applications and services.
When we started down the road to identity, we were looking to solve a specific problem: single sign-on. We needed to leverage applications built by third parties to provide the services our patients expected as part of our digital Sharp Experience but each application came with its own login and process to establish identity. While we could work with the vendors to customize their applications to better fit our branding, we would still be requiring patients to complete similar sign-up processes and remember multiple credentials for each new application that we were considering. The sensitivity of health information and the sometimes invasive nature of identity proofing questions compounded this issue as patients would likely need to have their identity verified by each application before their data could be shared. If we could perform identity proofing and provide a single set of credentials that could be used for all applications, it would be a big win for our digital patient experience. We had a growing need for single sign-on and selected PingFederate to provide this functionality.
It was early into working with Ping to define our single sign-on solution that we discovered identity was a much larger concept than SSO. To provide a single sign-on capability for our applications, we needed to establish where we would get the identity of the user. We had several systems that could potentially provide identity but we didn’t have a single source of truth that we could use. We also had the concept of a Sharp Account that people would use to access all of the digital services that Sharp would offer but we still needed to define what an account was.
In hindsight, it seems obvious that the Sharp Account, leveraging the capabilities of the PingFederate platform, would become the identity for our patients, consumers, and users. As we worked through our then current and upcoming SSO needs, we discovered that the Sharp Account was more than a set of credentials tied to a patient record. The Sharp Account was a digital identity that could describe who a user was, what their relationship was to Sharp, and what level of trust we had in their identity. It provided a mechanism to link identities from multiple systems and provided us the capability to unlock data in ways that were previously not available within our infrastructure.
Today, the Sharp Account is a foundational element of our architecture, platform, and our digital experience. As we develop new services and implement new applications, we look to our Sharp Account as our preferred source of identity.
Planning for the future, we are leveraging identity as part of our shift to a service-oriented architecture by incorporating it into the policies that govern access to our APIs and by tying PingFederate directly to our API management platform. To enable the third party use of health data on our patient’s behalf, we are implementing the Sharp Account in conjunction with FHIR interfaces provided by our EMR vendors to allow patients the ability to authorize applications to access their medical records.
As we continue to evolve and enrich our digital Sharp Experience, identity, as provided by the Sharp Account, will without a doubt continue to play a critical role in enabling our ability to provide access to data and services that were previously not available to patients and consumers.
To hear more about how identity enables the Sharp Experience please join me at IDENTIFY San Francisco on October 24, 2018, where I will be presenting with David Babbitt, Senior Product Manager for Ping Identity, in the session “Securing Data and Managing Consent on the Regulatory Road to Customer Engagement.”