Imprivata Digital Identity Framework for international healthcare markets

By Andy Wilcox, Senior Product Marketing Manager, Imprivata Global Markets

April 26, 2021

As health organisations around the world have adopted new working practices to support the requirement for remote and multi-location healthcare delivery models, so the management of the supporting technology has grown considerably more complex. The use of non-integrated, point solutions in the past has brought security and efficiency issues. As telehealth and remote care become more important components in healthcare provision, a unified platform to manage digital identity is paramount to enable fast, controlled access to patient information to empower clinicians, while protecting sensitive data.

At the heart of this evolution is the requirement for effective management of digital identity so that healthcare systems remain safe, secure and efficient. However, it is worth noting that there is also a need to meet varied data sharing and data protection rules and standards in place around the world, so there is no ‘one size fits all’. In response to this, Imprivata recently launched our Digital Identity Framework for Healthcare, to help healthcare providers assess their current approaches to managing digital identity and develop a strategic roadmap to address critical areas whilst avoiding security and efficiency gaps. The framework provides organisations with a platform for managing identities across this increasingly complex healthcare ecosystem.

Meeting International cyber security and data protection requirements

The Imprivata framework leverages existing identity frameworks from H-ISAC (Health Information Sharing & Analysis Center), Microsoft, and others as a foundation and expands on this work based on our experience working with many healthcare organisations globally. The framework provides CISOs, CIOs, and other IT leaders with strategic guidance to drive Identity and Access Management (IAM) strategies.

A critical part of using the framework is its alignment with country-specific and international requirements, helping guide healthcare organisations as to the areas of identity management that need focus to obtain and maintain compliance.

Standards that Imprivata have mapped to the framework include:

  • UK Cyber Essentials & Essentials Plus
  • UK NHS Data Protection Toolkit
  • Australia Essential 8
  • Saudi Arabia Essential Cybersecurity Controls (ECC)
  • UAE National Cyber Security Standards (NCSS)
  • GDPR

The Imprivata Digital Identity Framework for Healthcare identifies 4 key pillars that together, drive a unified approach to managing digital identity:

  • Governance & Administration
  • Identity Management
  • Authorisation
  • Authentication and Access

The Framework highlights the key elements relevant under each pillar that are needed in a strong identity and access management architecture and helps organisations build a platform to address these elements in a unified manner. We have worked with customers who are at the leading edge of digital transformation in different geographies to ensure that the Framework aligns to key requirements for local markets.

For example, in the UK, the following NHS standards can be addressed with the use of the Framework.

  • Data Security Standard 1 – Personal Confidential Data
  • Data Security Standard 4 – Managing Data Access
  • Data Security Standard 9 – IT Protection

Top down, Bottom Up, ‘Non-human accounts’ and the Internet of Things

The flexibility within the Framework supports organisations from dual perspectives – top-down, managing how processes flow and systems interact, providing organisation-wide visibility, and bottom-up, focusing on the needs of frontline clinicians and the overall end user experience.

The Framework helps clarify processes and improves process auditability. The ability to show exactly what was done, by whom at any point provides confidence to organisations. This is vital with the proliferation of medical devices that generate data (Internet of Things), as more processes become part or fully automated and, ‘non-human accounts’ access systems. Privileged accounts and pressure points can be identified with the ability to switch out system elements and deactivate user access and privileges for movers and leavers.

The response to the COVID-19 pandemic has highlighted the need to be able to react quickly with maximum flexibility to cope with surges in demand, alternative ways of working, remote provisioning and clinicians moving between locations. The importance of Digital Identity and its role in the safe, secure and rapid access to systems to ensure the continuity of delivery has been thrown into sharp focus. Imprivata’s Digital Identity Framework for Healthcare brings structure to help manage this increasing complexity.

The Framework draws on healthcare customer feedback from multiple countries and industry-leading schemes including H-ISAC, Microsoft, Gartner, KuppingerCole, and Forrester. 120 functions were considered and tailored specifically to address and support the unique requirements of healthcare. We believe that organisations will find value in the framework as a tool to assess and evaluate their digital identity maturity, communicate this to key stakeholders both within and external to the organisation and build a roadmap to delivering a strong, unified digital identity strategy.

For more information about the Imprivata Digital Identity Framework visit: Imprivata.co.uk/digital-identity-framework.