Many patients have been through the registration process multiple times, as a guest, shopping for a specialist, or as a registered patient booking an appointment or getting information on their own EHR. Getting a single view of an identity while securing each identity is important to a quality patient experience.
Many healthcare organizations are managing multiple siloed identities for the same providers and patients, with identity support provided only on an application-by-application basis. As a result, multiple log-ins are often required to get common tasks done.
For example, a patient who wants to look up test results and then respond to a message from her clinician may have to access two different systems, with two different sets of login credentials.
“In the absence of a comprehensive identity and access management approach, we also see weaker authentication methods in use because it’s difficult to integrate state-of-the-art, strong and adaptive authentication methods into each system,” said Eve Maler, vice president of innovation and emerging technology at ForgeRock, a vendor of access management and identity management technology.
“A healthcare system might not flag suspicious activity based on a user’s behavior – such as asking for multiple re-orders of a prescription medication or changing the address for delivery of that medication while logged into an unfamiliar device,” she said.
With fraud rampant, a provider could miss these critical signs that an account takeover is in process, Maler explained.
Healthcare challenges rooted in identity and access management are on the rise. Consumers’ personally identifiable information remains the Holy Grail for cybercriminals, and given that enterprises across a wide range of industries – including healthcare, government and financial services – store and manage billions of consumer data records, these organizations are constantly under siege from cyberattacks.
The ForgeRock U.S. Consumer Data Breach Report found cybercriminals exposed 2.8 billion consumer data records in 2018, costing more than $654 billion to U.S. organizations. Almost half (48%) of all consumer data breaches happened in the healthcare sector, four times as many than in any other sector.
“The push for interoperability in health data exchange requires a method of identifying and securely authenticating patients across not just single-provider application landscapes, but also far-flung third-party data ecosystems,” Maler stated. “The data breach report revealed healthcare-related personal data breaches in Q1 2019 saw an increase of 400% over Q1 2018, impacting the challenge of patient matching in such environments.”
And new government rules and market realities are forcing real solutions for consumer-directed consent and delegated access to health data, she added.
The healthcare industry traditionally lags in modernizing IT due to its strict regulatory environment, she said.
