Webinar Recording

Digital Identities & Healthcare IAM: Balancing Efficiency in Clinical Workflows and the Need for Security & Privacy

Log in and watch the full video!

IAM infrastructure is becoming increasingly critical to the business success of healthcare providers. This is driven in the first instance by digitization and connectivity of everything and the inevitable efforts of cyber-criminals to compromise the newly connected assets. At the same time, and especially in sectors like healthcare, whose business is based on the collection and use of lots of valuable consumer data, the public and governments are demanding more accountability for safeguarding and appropriate use of personal information.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Welcome to our coping call webinar, digital identities and healthcare IM balancing efficiency in clinical workflows and the need for security and privacy. Why strong IM is essential for the business efficiency of healthcare providers. This webinar is supported by Imprivata speakers. Today are Dr. Sean Kelly, who is chief medical officer at Imprivata, me Martin around principal Analyst at, before we start some quick information, housekeeping. Currently, we are running at Cola series of which events. So the first are first ones are about to be kicked off. And then the first one will be next week, Tuesday on identity fabrics in the future of identity management, followed by events on cybersecurity, enterprise risk cloud first and many more topics have a look at our website for the virtual events. They are online only. They are free. Don't miss the register for these events. For housekeeping. We are controlling audio, so you don't need to mute or unmute yourself.
We are recording the webinar and we will make the podcast available by tomorrow. And we also will provide slide X post speakers for download so that you don't need to take exhaustive notes during the webinar. And we will have a Q and a session at the end of the webinar. However, you can enter questions at any time, go to webinar control panel, the right side of your screen. There's an area questions, and there you can enter your questions. The more questions we have, the more lively the Q and a will be. So don't hesitate to ask your questions. The agenda for today is split two, three parts as usual for our webinars. In the first part, I'll speak about the business challenges of healthcare providers and which of the IM capabilities are essential to overcome some of these business strategies. And the second part, then Dr.
Sean Kelly of provider will talk. We provide a deep dive into how to improve various types of clinical workflows, and he will provide recommendations on w healthcare providers should put their emphasis on. And then last, at least we will have Q and a session as I've already said. So let's directly jump into the details of this webinar. And I'd like to start with some figures on healthcare identity and access management and security, which indicate that we have identity and access management challenges here. So the first 1 96 is about the adoption of electronic healthcare records in the us, in this case, it's amongst the non-federal acute care hospitals back in 2015. So what we have is we have a very high adoption rate of electronic health records, which means stuff is electronic. Stuff is potentially under attack because cyber attackers and Natas in the second are after this.
So we have cybersecurity. We have identity challenges around the electronic health records. These numbers clearly differ from country to country. As healthcare looks very differently from country to country, but at the end, in most countries, we already have a very significant adoption rate of a EHR. And this $60. This is the price, which is currently on average, paid in the dark web for a complete medical record, which is far more than for instance, for a us social security number with the associated data. And which is way more than usually is paid for credit card data. So without words, medical records are valuable for cybercriminals. And if something is valuable for cyber criminals, it means there's a business model behind. And then there will be attacks and attacks always are about accessing the data. And so we end up with identity and access and a typical attack.
We always goes through fishing, getting access to an identity, gaining access. So we have the situation here. We have another number, which is in that case. Again, a us number, a lot of temporary contracts are used, but doesn't hold true for other reaches as well. So Germany, where I come from, we have a lot of university hospitals and university hospitals, the normal situations that there are a lot of students coming in going out. So there's a lot of turnover here, and that means we need to be able to manage all these short term workers in some way, which means we need to have good, well working identity management process up and running here because all of them need to access sensitive data. Usually an average physician on average of physician or a nurse needs to access 14 1 4 difference software applications in a single shift. That means a lot of that's even more, a lot of authentications in a Singler even the fact, the simple fact that in healthcare, it's very much about speed and efficiency.
There's a clear need to make this easy, to reduce the time lost for loss application to simplify it. But on the other hand, to have a good and strong enough authentication, and this is exactly one of these areas where it's about balance last and least that's again, a us number alone. In the third quarter of 2019, there were more than 400 mergers in acquisitions in healthcare. And every merger, every acquisition comes with, you need to combine the, the identities management systems. You need to give the access for the users coming in, etcetera. So there's a lot of identity and access management always suitable to every type of merchant acquisition. And as I said, even while most of these numbers are from the us, most of these numbers also translate well to other countries, to other regions. And so we have this scenario of secure, but fast, authentic education.
We need outworking processes. We have to security requirements. So we can't just say, okay, we don't care about whatever someone still having an account, even while the person has already left. This is not, not acceptable in a, in a, in a highly regulated and highly sensitive environment, such as healthcare. We need to have well working deep, we will need to have well working, move process and all that stuff because the side of identity and security challenges, there's a lot of privacy challenges behind it as well. So all we are talking about at the end is doing some things right? And we have to compliance these compliance requirements as sort of the, the entry point. We have audits, we have security and all of them lead to at the end, increasing preference. Apparently that's, I think very important to understand these are different things. So compliance is we are in compliance with certain laws and regulations such as HIPAA, such as ISO 27,000, which is always a good guide for everything around cybersecurity and identity, how you do it, right?
Because it's the, the best practice or at least a very good starting point for our best practice. We have the privacy regulations we have, for instance, GDPR specifically covers also medical records. We have the audit area. So the, an audit audit trust means we, we get, we pass the audit. So we get the track and track. Morgan says, okay, you, you pass the audit that not might mean that we are good in security, but it doesn't necessarily prove that we are good in security at the end. It's the actions. So how do we really, what do we really do? And this can be far more than we need for trespassing audit. And it means we, we need to bring these things together. So compliance, yes, we need to have it. We need to pass the audits. And, but we need to take the appropriate actions, even if they are way beyond what we just need for a checkbox compliance to really be secure.
So we should think beyond it also to be ahead of the audits all the time. And so, again, depending on the regions, I know, and probably many of you know, that there frequently are, are major gaps in the level of security. And on the other hand, we also have a, have a lot of innovation in hospitals. So, so the way surgeries are done, et cetera, they are changing and there's a lot of it involved. And that means at the end of the day, there's also a way for attackers to access it. So we need to get better and think about what do we need to do to really not only be compliant, not only pass the audit, but to be really secure in healthcare and identity management and cybersecurity play a very important role here. So what are specific identity management requirements here in healthcare?
And one of the challenges is that while a lot of the stuff we do in identity management is the same for healthcare as it is for other industries. There are certain things which are different, where we need more in healthcare than we need in many other industries. One of these things is medical equipment. So there's a lot of legacy medical equipment and a lot of very specific applications which need to be integrated into the digital environment. So we have different types of systems, different types of applications, and some of them are definitely legacy and we need to deal with them. And by the way, it's a little bit the same. Like when you look at the, at manufacturing companies, when you look at a factory floor where you also have some of some situation around more legacy and, and more highly specialized solutions, we have this regulatory pressure and there's some sort of regulatory pressure in, in every country, in every region.
And in, in many countries, government is there are amongst the largest payer for healthcare services in others. It might be the insurances in insurance companies. So the healthcare insurance companies, which, which take that role, but at the end government on one hand always is a major large payer and government at the end of the day sets the regulations. So they are important. So we have specific requirements here. We must meet these. We have specific cyber threats. I already talked about this premium value of medical records. And so there are both external internal threats, which are slightly different and specific, and healthcare is at risk. It is a very logical, very common, very typical attack target. And I would say probably every hospital can be pretty much assured that some attackers are at that point of time. I'm speaking somewhere in their networks. So everyone is under attack.
You also have a situation that patients are sort of more digitally, digitally empowered, and they are also more cost sensitive specifically when they directly suitable, when it doesn't end up trust the health insurance, but also the digital empowerment and the sensitivity regarding privacy and, and cyber security is, is growing. So we must meet these, these expectations at the end, everything needs to be efficient and balancing security and efficiency is always, is always a major trail here. So we have a, a number of, of requirements and some of them are more on the what, what frequently is called run this so, so fulfilling doing what you need to do. And some others are more change the business side. So moving forward helping to, to keep a strong position in the market, specifically, the more privately health health care organizations, they are, the more competitive competitiveness you've experienced.
So we have the need to fulfill compliance regulations. We must be secure, but it's also responding to organizational and financial charges. So there's, there's this situation of that mutual. Every healthcare organization is always under financial pressure. There's this a activity also in not only in the us or in other, so in Germany, we have a couple of very large healthcare businesses right now owning a lot of hospitals and there's the need for digital transformation. So a lot of things are transforming. As I've said, I talked already about the way surgeries at other stuff. So we have this change. We have to change regarding the patients, the expectation of the patients, how processes work, et cetera. So we need to, to, to answer, to deliver to all of these and users expect. So in that case, Morely, external users than the patient, but also the patient to that extent, but specifically not with the, the uses in the hospital, be the in, in the, in the organizational departments, be in the health care areas, they have their, their expectations.
They, they need to have a very simple discovery and access to all the applications, the apps they need. This must be very easy to identify because you don't have the time to search for them. And you don't have the time for complex authentications or for repeated authentications. It must be frictionless and yet secure. And there needs to be a consistent user experience as much as it can be. So how can this be done consistently? Because at the end time counts here in this space, probably more than in most other industries at the end of the day, because we are talking about saving lives. So when we look at the, the cooking coal identity management reference architecture, which consists of a, a variety of areas, a variety of building blocks, which are, is a sort of core parts of identity management, or might be considered identity management or something different, or are out of different areas of it.
There are a couple of areas I marked with some star icon, which are of specific relevance, not that the others aren't relevant, but some of these are of specific relevance. So the entire area of identity provisioning, access governance, having efficient Corona move lever processes, having a strong governance on who has access to what the entitlements is important. We have clearly a need for being very smart in the way we do authentication. So it's adaptive and strong authentication piece is important, but one of the technologies which sometimes is considered being a little bit more, let's say more, more mature. And that is enterprising will sign on, is a very important thing for healthcare specifically when it comes to aspects such as fast user switching, etcetera. So we need the right technologies to enable that access, but also web access Federation increasing the modern applications for SA space services, cetera.
And we really also need a strong privilege management or privileged access management offering so that we are able to, to manage access. So these are some of the areas which are of specific relevance and when it comes to education. So requirements we see here is for instance, fraud, mini minimization. So we need to keep everything well protected, avoid fraud, avoid authentication based fraud, to just speak, why efficient, why are other things we need to regulate to meet the regulatory compliance requirements such as strong authentication, but also find the balance. So friction only when friction is needed, we need to meet corporate security policies from a compliance perspective, make it easy to use. So tap and go is a very common approach in healthcare, because this is a balance between ease of use and security. And we need to work with the variety of tech in the field.
So identity management for healthcare factually needs to deliver a secure access for everyone to every service. And we had Ko Colby a while ago, we constructed the picture. We called the identity fabric, which is a standard paradigm for future identity management. And so basically it is that you give everyone, so the employee, the partner in the case of the healthcare, the partner might be for instance, a student from the university or someone in the research field where you probably have a lot of corporation corporations or your consumer is the patient, your customer, your consumer is the patient, give them access to what they need, but give them controlled access to what they need. So they might even come from different sources. So you need to go beyond managing every identity yourself. This will become increasingly relevant to be more flexible and to connect to all these applications by delivering a set of services for access for life cycle management and governance.
So the IGA part, but also for content and privacy and other capabilities from a more technical perspective. And I only touched this picture shortly. You will have the ability to download the Slidex so you can dive forward the detail. And there are various videos, research notes, and other information out around anti fabric at the called website for, for deeper dive. And we have to switch a conference by the way next week on that. But basically it is you need to understand which are the main capabilities such as single sign, such as MFA and strong authentication and good life cycle management, access governance, patient identity, and access privileged access management, efficient workflows, where you need to deliver the right set of services in a modern architecture, and specifically for healthcare, being able to support all the legacy stuff as well, work well with legacy applications, but also open the door on the top towards digital services, towards even having new digital services, accessing defined identity services. So there's the need for changing things and there's apparent need for having a strong identity in access management in healthcare. With that intro. I like to hand over to Dr. Sean Kelly, who right now will talk, provide a deep dive, look at workflows. Look at give you your recommendations from his Acron as a doctor.
Great, thank you so much, Martin. And you know, as Martin said, I'm a practicing physician in emergency medicine in the United States in Boston. I'm the chief medical officer at Imprivata, and I've been there over eight years now. And today we're gonna do a deep dive on some of the topics that Martin started to cover on digital identities and identity and access management, but specifically within healthcare, we're gonna talk about why healthcare can be so different and how to balance efficiency with security and privacy to let doctors and nurses and other hospital employees get their jobs done. We're gonna talk a little bit about why hospitals and doctors, offices are not financial institutions or credit card companies. Of course, a lot of the challenges are similar, but they're a lot that are unique to healthcare. I am from Imprivata and we are a digital identity V digital identity company for healthcare.
We are 95 plus percent in the healthcare vertical with many of the major hospital systems in, in the United States and Europe as customers have a high success rate and a predominance within the market and a number of technical solution sets that cover identity and access management. And I loved one of the slides that Martin just showed talking about an identity fabric. And I actually like to wor add the word trust to that. And what we consider ourselves is really to be the identity trust fabric for healthcare. And we do have a global presence. We have over 500 employees and many ecosystem partners. We're gonna cover a deep dive on many of these topics today, but I wanted to first start with talking just about healthcare and the fact that in our company, we've built a deep bench with very strong clinical expertise in medicine and healthcare.
And, and this is my day job on the right. This is a trauma resuscitation in the emergency department. And I think, you know, in many ways it really takes people within medicine to understand the particular challenges for workflows in medicine and those companies that are in that healthcare vertical, I think have an incredible advantage as far as competitive advantage and credibility, because they really know the pain and the issues that are at hand for the end users and the enterprise administration at the hospital and the provider system and healthcare delivery organization level. The whole secret to addressing these issues is to, to look at the traditional balance or a tug of war that existed between security and privacy on the one hand and productivity or convenience or efficiency on the other, and of course, security officers. And, and it, people often look for the, the security side of this and compliance side, of course, and a lot of the end users care more about whether it's convenient and easy to use and actually allows them to perform patient care.
And traditionally, this was thought of as a zero sum game where you really had to give up one in order to get the other, what we've always done is say it's actually possible to get more of both. And if you have properly configured technology, you can actually make the easy thing to do the right thing to do with the secure auditable chain of trust throughout. And so every workflow that we're gonna talk about today is gonna come back to this theme of, you know, how is it actually more compliant, but also more usable for the workers involved? So let's talk to set the scene, first of all, and just explain, you know, why is healthcare so uniquely challenging? And, you know, I, I purposely chose for this photo, not a stock photo that is very clean and neat. This is an actual nurses station, and this is what our healthcare workflow really looks like.
It can be comfortably messy, it's complicated because there are many different users. And even those users may have different roles from time to time. Within a day, I, myself held many administrative positions, but the duties that I performed and the access that I need, the prevention, the, the provisioning I need and credentialing I needed, and the access and security levels for me to access both medical records and other apps. Well, it varied when I was doing my administrative duties compared to when I was doing my clinical care duties. And that could happen from day to day, literally the same person on different hours of a different day and completely different security concerns and allowances. It's a complex workforce. And not only that, but there's increasing mobility of that workforce with affiliates and rotators, locum tens, and, you know, rotating staff from place to place, you know, beyond, beyond the users themselves, you have to think about the actual endpoints and how in, just as in this case here, sometimes unlike a, a bank teller who might come in or an office worker and has their one machine that they work on all day long, many of the workers in healthcare, in fact, some of the key workers actually jump from workstation to workstation constantly throughout the day.
If you think of a typical consultant or a surgeon, they might go into the, or for a while, they might come out and then go to a nurse's station then into a patient room and then on a laptop and then on a device and then up to another floor, and then they might go to recovery and they might go to a variety of different shared clinical machines. And this is particularly challenging. We're gonna talk a little bit more about that in some detail. And just like in other industries, there's always concern about compliance and privacy, but unlike those other industries, and for example, a bank that could get you your money back, if you're a consumer who had fraud perpetrated in healthcare, as Martin said, once the once the horse is out of the barn, it's too late to close that door. Once medical information gets out, that can be irreparable damage to a patient.
So we have to be extra careful around being compliant and doing the right thing for patients. Workflows are only getting more complex as we move along. And medicine itself is complex. And the delivery of care, even within regions, nevermind from country to country can be amazingly complex. Now, on top of all this, you've got an enterprise, which is usually trying to manage a lot of these solutions, including the digital identity. And some, some of that includes letting people bring their own consumer devices. And Martin talked about medical equipment and mobile devices. You know, this is another layer of complexity that makes healthcare so unique. So, you know, gone are the days long ago where most of my work as an emergency physician digitally happened in the hospital, you know, we used to be able to put up a firewall around the quotes four walls of the hospital.
And, you know, in those days, maybe even it was paper charting and some systems became electronic then more and more. And, you know, we used to work on these fat clients, just in the hospital. And then we would leave for the day and rarely access the hospital or other clinical operational digital networks from outside. That's much different now, right? Not only are there an increasing complexity and, and breadths in depth of users accessing the system, but from a digital standpoint, it's really a borderless environment. There's a continuum of care that's taking place all across these locations. It's no longer just in the single hospital. You know, our own network has multiple different hospitals, including the trauma center and the tertiary care academic facility, a number of community hospitals, urgent cares, doctor's offices, even some extended nursing care facilities and other type of facilities. So, you know, users are accessing systems digitally from everywhere, whether it's from home on the road while traveling from offices, clinics, urgent cares like we talked about.
And then of course, virtual health and remote care is growing like crazy lately. So, you know, this is, this added level of complexity is really driving the need to understand who's accessing the systems and what permissions do they have, and you have to keep it secure, but also make it convenient for them and give them the ability to actually do their job. I mean, if I can't order the medicine that's needed for the patient, while I'm on my phone, working at home, then you know, as an enterprise system, then we haven't done our job for that end user, you know, in order to access the systems from so many different places for so many different people, obviously there are a number of different technology platforms that are, that are utilized for that. And we've obviously seen an explosion for example, of smartphones and tablets, as well as virtual desktop infrastructure.
You know, and it seems like most of the world now is pushing more and more to virtual work, and that is no different in medicine. In fact, it may be even more prominent. Martin also mentioned medical devices in the internet of things, you know, even such things as digital thermometers, people forget a lot of these things are smart devices now, and as such they're cybersecurity risk, but also potentially a benefit if they can get linked into the mesh and actually help provide valuable clinical data, it's not easy. But again, we go back to that same formula and say, well, look, how do we get these workflows to be as secure as possible, but also as convenient as possible. And the whole point really is to allow the users to access the things they need. Well, the things they need have certainly grown through the years, and it's not just electronic records or digital imaging systems like PAC systems, you know, many, many of our, our hospital systems have thousands of different apps.
And, you know, on average it can be about 200 that a clinician needs to, to access through a week. So this is a complex environment, many times there's both, it's a hybrid environment with both on-prem solutions and then also moving to the cloud. So we're gonna, we're gonna talk about some of those issues coming up as well. You can see at the core of everything and the core of that slide, previous digital identity is really what holds it all together. If you can no longer just put up a fence, you know, you can't put up a firewall and say anything outside of it is risky. Anything inside of it is okay, digital identity becomes the new perimeter. And, and we would go even beyond that and say, well, it's not really a, a perimeter. It's really a control plane. And we talked about that hybrid environment, the continuing the continuous care that happens, and, and that, you know, is a complex equation.
And the only way to really protect oneself and actually still solve this equation of applying more security, but also more convenience and usability and efficiency is to really know the identity of all of the players involved and the devices involved. And again, we get back to that concept that Martin had brought up, which was that, you know, that identity fabric. And again, I would, I would insert the word trust and identity trust fabric. And one other point we'd like to bring up is that more and more, we're seeing our most strategic partners and hospitals delivery organizations say that they don't wanna piecemeal these solutions. They don't wanna do it yourself, where they get one, one piece of access management here. And another piece here, that's identity governance, and then electronic prescribing and controlled substances. And, and electronic prescribing comes from another place. And, you know, building that all together and trying, building it all in, in pieces and then trying to stitch it together, just increases more points of failure and risk and cost.
And so what we're showing here is just how high that risk goes and how high that cost can go. And what we do is we know, we know the, the most difficult problems in healthcare, and we have solutions that are not only purpose built for healthcare, but synergistic and stitch together. They are the most common problems around identity and access management for healthcare. And we know that because customers have been pounding on our doors and asking for these solutions. And so we're gonna do a quick little deep dive on some of these major use cases, just so you understand the reality of what it really means to the physicians and nurses and other workers on the front line. But the bottom line is you, if places try to do this themselves, there's risk, there's cost there's failure. If you try to, if you actually let a good vendor, like we are in a strategic partner, do it all together and work with the hospital systems to, to integrate that into their, their mission critical workflow, then you get synergy and you get decreased cost and failure.
And then when there's partnership on the vendor side, like we partner, for example, with Microsoft, then suddenly you have this incredible collaboration that allows both on premises and also cloud solutions. And it marries that up into the hybrid world and achieves an incredible synergy between all those solutions. You're really future proofing yourself when you go through a process like this. So let's talk about some, some specific workflows first and foremost, I'd like to just talk about getting providers up and running and provisioned properly before they ever access the system and automating that and having it really be purpose built for healthcare is a key. There are a number of vendors that do identity governance that do provisioning and deprovisioning. Most of them truthfully are horizontal. They farm out their services to major third parties. Sometimes it takes years to implement in a very shallow level.
And let me tell you, it's very complicated to integrate deeply into electronic health records and other healthcare apps, including telehealth, and what we do so well is we understand exactly the depth that needs that that needs to happen. And the difference, for example, between an intern and an internist, right? We know the difference between what I need as an attending emergency physician and what I should do when I'm on my administrative role within the EHR. And there's a deep level of integration because there are close partners, but also with HR systems and messaging systems like office 365 and others. So, anyhow, I think the key here is it's a purpose built playbook for healthcare and the identity governance is exactly the type of solution that guarantees success and ease of use rapid on onboarding for clinicians, that they, when they, when they hit the floors and they rotate to a different hospital, they're ready to work as soon as they get there. And also they're, deprovisioned when they leave. And so from a security and auditing standpoint, that's all automated and, and, and security officers love it because it keeps the hospital safe.
So one of our core foundational technologies is just allowing access for doctors and nurses, and this, this ability to just tap in or tap out with a proxy card or use a fingerprint or any number of other ways to access the systems and actually keeping the systems up and running hot in the background, but still secured whenever possible, really allows this to, to achieve both efficiency, but also more security. Think of it like a locked front door on every single access point throughout the hospital and all the other working atmospheres. And yet it's super easy to get in because as soon as I tap my badge, everything's up and running hot in the background and being able to access systems, for example, to order a cat scan on a, on a stroke patient instantly within several seconds, that can be life saving. And that's not an exaggeration just speaking as an emergency physician. This happens, it end points all throughout the hospital, but also virtually through virtual desktop infrastructure. And it allows for fast user switching so that when this gentleman jumps off and another woman comes up and the next person has the same benefit.
I wanna talk about electronic prescribing and controlled substances. The, the DEA in the United States has come up with very stringent guidelines around security and compliance for credentialing identity proofing and rolling, and then allowing for authentication for end users, this, these very stringent security implementations demands compliance, but also they need to be usable. And so what we do is create a whole system from stem to stern that really guarantees compliance throughout, but allows for a number of different ways for clinicians when they're actually signing orders and authenticating them to do that in a really easy way. That's actually better than paper for both patients and for prescribers. But of course, all of it is audible reportable and compliant. This is just an example of all the different methods of authentication that can be used, and there's no need to get into and read all of these.
But I think the major point is here that this is really the strength of a healthcare specific solution is that we know workflows so well that every one of these, every one of these methods that is DEA compliant can be used for that electronic prescribing and controlled substances. And it's actually easier than doing it on paper. And, you know, for example, we use proximity awareness and low energy Bluetooth for one that allows for a second factor authentication pathway, that the clinician doesn't have to do anything as long as their phone is in and registered and has been properly credentialed. It will, the system will reach out, generate that one time pin token and send it back to the software without the clinician having to do anything completely, hands free, just a good example of how we can mix and match all these authentication modalities and make it all happen real time.
Martin mentioned medical devices, and this is a, a big area of growth in our business. That medical device vendors came to us with the same value prop, where you have things like vital sign monitors, or for example, insulin pumps. And you had this terrible choice of either locking them down and making them really secure and have forcing nurses and others to try to put in lengthy passwords or remember passwords or share passwords to do a workaround on these devices, which really weren't meant to be interacted with in that way is very bulky and cumbersome and prevented work from happening. And when you need to start a drug, a medication, you really need to start that medication. But of course you can't have the security vulnerability because the example I just used like an insulin pump. If someone can go in and quadruple that dose really easily, well that literally could kill a patient in several minutes.
So it needs to be secure, but also very usable. That's exactly what we do. And we integrate with these devices very successfully. Again, I purpose built healthcare solution, mobile devices. How many of you have one or several mobile devices on you at this time? Many of you may be listening to this on a mobile device. Of course, these are incredibly important workflows in healthcare, in our opinion, some of these workflows in the past have been held back because again, the integration between the apps and the devices in an enterprise level, particularly if you're trying to share devices and therefore provision and deprovision and wipe them from a security standpoint between users, you know, between nurses that are coming off shift and going on shift between patients that want to use mobile devices for virtual visits or telehealth, of course, those are very challenging issues. We make that all very easy and seamless with single sign on and fast user switching. Again, same value prop is on a desktop, but on a mobile device, unified communications and messaging another great area where this marriage of security and convenience is essential. It needs to be HIPAA compliant in the us GDR compliant and otherwise elsewhere. And so the idea is, again, a healthcare centric solution that offers similar capability are sometimes better than consumer grade technology, but is completely secure, auditable and compliant.
So patient identification is a major problem out there. We are the largest vendor that provides a biometric solution for Palm vein biometrics that is highly adoptable and usable, and also easy to also secure and compliant helps match patients with medical records properly rather than relying on demographics and questions and answers. This has a extremely high accuracy rate, more so than fingerprints and very few false positives. In other words, very very few times when it matches one person to another person incorrectly, incredibly valuable to prevent error or mistake. And you know, of course, as an emergency physician, most of my decisions are predicated on identifying that patient properly. Unfortunately, technology is lagged behind in this area and we see huge growth. Again, it's an identity and access management trust fabric, and this is an incredibly trustworthy technology.
So in conclusion, I just want to go back to that same slide before and say that, you know, digital identity really is the key in an incredibly complex healthcare environment. With all of those workflows, we just talked about it's the digital identity that drives all of that. Once you have a, a solid understanding and trust around the digital identity, you can open up the use cases, but also provide added security overall. You know, of course everyone should have a digital identity strategy. I think you need to understand how much you can trust digital identities and understand what level of trust is needed for each authentication. And some of that can be policy driven at the hospital level or the, the cus the business level. Some of it may be governmental policy and the compliance with all that obviously is complex. As Martin said, it's not something every place should do on their own, but we are here to help. And we think we're uniquely positioned to do so. And we're happy to answer any questions now as we go forward and engage any dialogue. Thank you.
Thank you very much. And so let me quickly take back the moderator role. And as I said, thank you very much for this insightful presentation. You have to clear advantage to understand both identity management and healthcare adapt. So, as I've already said, the third part of this webinar will be our Q and a session. And I'd like to ask you again, the attendees to enter any question you might have so that we can walk through these questions. I already have a couple of questions here. So the first question is what does digital identity mean to you?
Yeah, thanks. Thanks Martin digital identity, of course, you know, it's the critical piece in your it infrastructure? I think it controls everything. It controls who has access to what apps from where using what devices, you know, this is why we and bravado call digital identity, the control plane, cuz you're, you're, that's what you control the workflows with. You know, they, it spans many critically important elements in healthcare. We talked about the different users. Everybody thinks of doctors and nurses, but the reality is there are a lot of other workers from an operational standpoint that really make patient care happen in patient flow, but not just the users, but also as you mentioned, the, the devices, the mobile devices, the medical devices, and it's really through that identity, that digital identity that we can understand who is accessing the systems, what they need access to and how to be compliant with the regulations involved.
Okay. Thank you. Another question I have here is why does digital identity matter in the hospital and overall healthcare, especially today?
Yeah, great question. I, I think of course it matters in any industry. I do feel like healthcare is going through an accelerated digital transformation right now, and yet it's really hard to re-engineer the plane while you fly it. When, you know, it's not an exaggeration to, to say that literally life and death situations are happening on a daily basis and the impact of every technology or digital identity decision really matters. And, you know, and of course regulations are in place to protect the safety and security of both the patients and the institutions. And, and you mentioned earlier, you know, the, the greater, the pace of innovation or change the greater, the danger of cybersecurity breaches and just like, you know, any crisis or any, any change can bring out the best of the best. Unfortunately it can bring out the worst of the worst. So at the same time, we're innovating, we need to protect ourselves.
And so that digital identity strategy, you know, really has to understand the unique workflows and the compliance, the demands that are inherent to hospitals and just trying to plug in a solution that might work for other industries, you know, manufacturing or financial or otherwise, it just doesn't work as well in healthcare. I mean, nowhere else. Do you see that fast user switching, these shared clinical devices, the really high stakes, as you talked about around privacy and protecting patient information. So those things that make it unique, you that's, that's why it matters so much get the identity. Correct.
Okay, great. Then there's a question which I find very interesting these days, especially specifically these days. So, so is bring your own device, the B Y O D approach loud and significant significant in healthcare environments. So if yes, how to do it the right way. So, so my perspective would be probably of, of lesser relevance for, for the, the workers, the employees. However, if you look at the patient side, apparently IDs common thing here, but what's, what is your take on Y O D and healthcare, and maybe with some recommendations on how to do it. Right.
Great question. I view it like a tidal wave of consumer technology is, is walking in the door, whether we like it or not. So healthcare systems need to providers in general, need to understand that if they don't help guide how this technology gets used, it's gonna be used anyhow. And that, and I, I say that both from the clinical side, from the provider side and from the patient side. So, you know, and I'll, and I'll, so I guess I'll put it this way, right? Like if, if a hospital system doesn't provide a secure HIPAA compliant or otherwise regulatory compliant, unified communications and messaging system to doctors and nurses and mobile teams and technicians and radiologists and patient care and environmental services. If, if a hospital doesn't provide that or allow me to use my phone or to use shared devices provide by the hospital, what do you think I'm gonna do Martin, when I need to communicate and show a picture?
What, what everyone does bypass.
Yeah. I'm yeah, I'm gonna pick up, I'm gonna get my phone out of my pocket. And, and I, and I've seen this. So, you know, I've seen, I've seen residents, which are, are physicians in training, take a, take a, a phone out their pocket, take a picture of the pack screen that shows an intercranial hemorrhage and text it to their attending physician neurosurgeon, to see if it's operative or not. For real, these are, these are incredibly important moments in patient care. And if a hospital system provides the right tools that they use, because they want to use it because it's actually better because they actually have, in my directory, I have that attending physicians secure, you know, app phone contact, the message is encrypted. It's, it's protected. I can send patient information. Otherwise I might try to do a workaround and use my own phone in a way that's not approved.
It's not secure. We don't know the identity it's, you know, at risk of fraud and abuse and, and, and, and all sorts of safety issues. So that goes for just about every system in the hospital. It's one of countless examples. You know, if, if we build it, they will use it. But if we don't give them something that's good to use and compliant, they'll in order to care for patients, they're trying to do the right thing. They need to make that decision. They have a great tool in their pocket, then they'll use it. So some of that is bring their own device. And what I see just in general, as many times, most doctors are allowed to bring their own device into hospitals and use them. Sometimes nurses are, but many times hospitals and other provider systems have policies against using personal devices for all the security issues and also perception by patients and making sure they don't want to, they don't want, you know, nurses checking Facebook rather than doing work.
So they often will provide devices to nurses and other key workers in the hospital and, and provisioning those devices and allowing them to be shared from one nurse to another. As I talked about going off and on a shift, that's a great way to, to do this. And, and most, most places are, are a mixed environment where some workers are using their own device. And many times there's mobile management systems on those mobile device management systems. We help with provisioning and deprovisioning patient devices and clinical devices. So there are number of technologies out there, a bit of a long-winded answer, but I guess what I would say is this is here to stay. It's only gonna increase in prevalence. There are two major categories, bring your own device, or, you know, enterprise managed, shared devices either way. There are ways to secure them and actually make the apps on them usable and, and really help workers rather than hindering them.
Okay. Thank you. Another question here is, so you talked a lot about, about authentication and access control, for instance, around medical devices. What is your, what are your thoughts on, on privacy for electronic health records and, and content security and stuff like GDPR C CPA, etcetera compliance.
Yeah, absolutely essential. You know, as you talked about, the stakes are higher in healthcare, the, you know, the, the, the price of, of identity theft material, you know, materials that are stolen on the black market and dark webs actually higher and more useful to, to bad actors out there, you know, it's, it's ethically the right thing to do. It's legally required. And so protecting that data as best we can is absolutely essential. I think most places are moving to a quote, zero trust, stance stance, where, you know, the idea is, you know, we're all getting more used to, two-factor authentication. There's a lot better technology out there. And we provide a lot of this technology to allow things to happen in the background that are, that hopefully are invisible to the users most of the time, but guarantee that it really is me Dr. Sean Kelly, accessing that patient chart that I have a reason to do.
So all of that is logged and auditable and compliant. You know, you can do behavioral analytics on the background. You can, you can understand digital identity. You can, you know, and we work with many partners out there in the, in the partner ecosystem to provide these things together. You know, we're, we people talk about the last mile in healthcare. I like to say we're the first mile, like, like nothing happens until, as a doctor, nothing happens for me until I can safely access the data I need to, and it needs to be the correct patient's data. Well, we, we are that locked front door that allows quick access, but also doesn't allow people in that shouldn't be in. So that, I guess that's the simplest way I can say it is the stakes have never been higher. We need to get people there quickly, but also carefully.
Okay. Sorry. One final question. Where's healthcare headed with digital identity over the next five to 10 years. And whereas, whereas provided,
Well, I can tell you that every time I've ever been asked this question, or anyone's been asked this question, I think we've underestimated the pace of change. So I'm sure I'll be guilty of that again. But I think that, especially over the past few months, we're seeing an incredible uptick in virtual care that I think that's here to stay. If you look at any other industry, the prominence of digital interaction is high. I think in healthcare for a while, it was artificially held back by lack of reimbursement, you know, lack of value prop, some of the technology, some fears of compliance issues. And a lot of those barriers are going away. I think by lowering the cost of non-acute care, urgent care, and also infection control issues. I, I think all of those factors in play mean that virtual health is here to say, I think that another major trend that we're seeing is movement to the cloud and it started with business apps, but now even mission critical healthcare and clinical apps are, are going to the cloud.
I think there are, you know, there's good cooperation between different partners in the ecosystem and by partners. I mean, both on the provider healthcare side, but also on the vendor side to stitch all these together. And again, digital identity is key. I do think that we're gonna see data triangulating. So rather than, than relying on what method of authentication there might be several, and it may often include, you know, something you have or something, you are something, you know, I think passwords will continue to, to go away little by little and biometrics will, will continue to increase in, in prominence, especially as consumer devices have them built right in. And I think triangulating that data, multiple biometrics and behavioral and other, other methodology is gonna make that technology even more usable and even more invisible to the user. You ask about improv. Yeah. Sorry. Yeah. Imprivata
Minutes left. Okay. Go ahead.
Not coincidentally that those are all the areas that we're most interested in and that's right where we have our strong strongest solutions. Again, I, I would harken back to the very beginning of when I started speaking that the whole secret to success is making the right solution also easier and better to use. So users love our stuff because it's easy for them to use. The security is invisible. It's under the hood. You don't worry about it, but for those security officers and it officers that are running the system, they love it because you know, it doesn't let the user do the wrong thing and it points them in the right direction. It gives easy access and all the transactional things. It does it mixes and matches. There's great, good intelligence to the system. So that's where, you know, we are, and that's where we continue to go. We're not pushing technology on anyone. We're getting our technology pulled into the problems that we know so well, because we are such a dominant healthcare company, you know, the digital identity company for healthcare.
Okay. Thank you very much with that. We are at the end of our webinar. Thank you, Sean. Thank you to all the attend for listening to this call webinar, have a look at our upcoming webinars, our upcoming virtual conferences, our research. Thank you for listening.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Evolving Identity and Access Management for the Digital Era

Join Identity & Access Management experts from KuppingerCole Analysts and Broadcom as they discuss how business IT is changing, and the implications for IAM. They will define modern IAM and explain why and how IAM needs to change to support modern app development, regulatory compliance,…

Analyst Chat

Analyst Chat #154: 2022 Wrapped Up - Major Trends in IAM and Cybersecurity

Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Analyst Chat

Analyst Chat #150: Clear and Present Danger - Ransomware Threats to Healthcare Providers

Only a week has passed since John Tolbert, our Cybersecurity Research Director, spoke at CSLS about ransomware and how to combat it. Today, he reports on specific threats posed by ransomware attacks to the healthcare industry, particularly in the US. But in the end, these are just examples…

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00