Healthcare Must Ramp Up Quickly For Digital Transformation

At The Same Time, Many Myths Must be Debunked
By Gus Malezis

Healthcare is in the midst of a digital transformation, creating information security, compliance, and workflow challenges. The engagement of an increasingly decentralized workforce along with anytime anyplace healthcare and the proliferation of cloud-based applications, databases, and mobile devices have now (or soon will have) eroded the once well-defined network perimeter.

The healthcare industry remains one of the most highly targeted for cyber-attacks – a recent report from Beazley Breach Insights showed that, 41% of all breaches in 2018 occurred in the healthcare sector. This means that, going forward, healthcare organizations must pay particular attention to cybersecurity and do so without restricting or compromising access to the systems and services providers and patients are now using and may do in the future. A successful cybersecurity plan requires these organizations to focus on establishing and managing trusted digital identities for all users, applications, and devices throughout the entire extended digital healthcare enterprise – from the hospital, to the cloud, and beyond.

In our new digital world, we see a series of “planes” that are expanding rapidly: 

  • Today’s healthcare systems, and those of the future, have a much more extensive and expansive population of providers – both formal employees as well as visiting staff, interns and locum tenens – all of whom require access to IT systems and data if they are to be productive and efficient. 
  • Providers are now operating from multiple locations, more than ever.  
  • Patients are requiring more digital services – with access to their chart, their physician, scheduling and a plethora of other services, all from the convenience of their smartphone, or browser – from any location and at any time. 
  • The number of devices and applications – both on-premises and in cloud – is exploding. 
    Nursing station systems are now augmented by mobile systems, smartphones and tablets. 

In this new environment, digital identity is critical and an opportunity to leapfrog. Yet common myths persist. To help healthcare organizations build out an architecture of trust, let’s break down some common misperceptions about digital identity and better understand what digital identity is – and what it isn’t. 

Myth #1: You have a trusted digital ID  

Fact: No, you do not have a trusted Digital ID, possibly with one exception.  
Digital identities may seem like a simple concept, yet ask most people what their digital identity is, and they’ll likely ponder the question, and perhaps offer their email, a device, or an IP address – and that’s just one piece of a much larger puzzle. Yet none of these are verified or trustworthy identities.

The one exception would perhaps be your bank client number. Before a bank will offer you an account or a credit card they will collect a set of data on your person, which will then be used to verify your identity. Only when the bank is satisfied of your identity will they provide you with a client number – your trusted Digital Identity – usable for that institution, and that only. So, if you have a bank account – and most of us do – you do have a trusted digital ID, yet it is strictly used for that bank and not beyond.

Myth #2: Multi-factor Authentication is complicated, Will Take More Time  

Fact: The next generation of 2FA and MFA are virtually invisible. 
The idea of using multi-factor authentication (MFA) isn’t new. Banking has successfully incorporated identity-proofing by using multiple layers of quality verification. If you swipe your bank card at the ATM and then enter a pin or log into a website, for example, that sends a numeric code to your phone to access an account, and that is MFA in action. Ok., it’s an additional step or two or more – but it elevates security and trust and that’s a great outcome. Yes, it takes some extra clicks and that we should look to compress, optimize and eliminate if possible. Yet Security and convenience can co-exist. 

With two-factor authentication, healthcare organizations can combat phishing attacks and safeguard patients and their electronic health records (EHR). Most cyberattacks are preventable by using a good two-factor authentication. By “good” we are probably moving away from SMS as the token presentation, knowing that this has become a relative insecure way of carrying the token, and looking at other methods such as secure token apps or fobs. Still, why are only 45% of organizations using it? Some hospitals fear inconvenience to their clinical workflows, but this concern is misplaced – multifactor authentication solutions can still be secure and convenient without compromising provider productivity. New approaches to MFA, purpose-built for healthcare, now leverage Bluetooth, biometrics, smartphone technology and other innovative technologies to eliminate any extra steps that may frustrate clinicians. These solutions are seamless and invisible and eliminate any potential to create inefficiency, disrupt workflow, or contribute to physician burnout.  

Myth #3: The U.S. is Unlikely to Adopt A National Digital ID Very Soon  

Fact: In the U.S. we are rapidly progressing towards a national trusted Digital ID.  

Fact: Other countries around the world already have trusted Digital ID systems. 

Government officials are now developing a solution for digital patient and physician identification. This past year, the U.S. House of Representatives voted to repeal a 21-year ban on funding for a national patient identifier – a number or code that would be assigned to every person, similar to Social Security numbers.  

A unique patient identifier would link health and identity to avoid mix-ups between, for example, patients and physicians with the same name. Again, this doesn’t solve healthcare’s cybersecurity challenges on its own. And implementation certainly won’t happen overnight. Policymakers must first consider the best tools to use, such as biometric technologies. Many potential solutions also face resistance and skepticism from privacy advocates. Getting a program in place could take years.  

Meantime, healthcare organizations can’t afford to wait. As the industry continues its shift to digital and increasingly becomes more connected, the challenges only grow. Protection must advance apace with technology.

 

Gus Malezis is Chief Executive Officer of Imprivata. A version of this article originally appeared at The Health Care Blog.