HIMSS23 retrospective: Future-proofing healthcare with digital identity

Technology should enhance workflows and maximize ever-diminishing resources to improve patient care and reduce manual IT processes. At HIMSS 2023, Imprivata held a focus group with healthcare leaders to discuss how they’re achieving these goals while improving security using digital identity.

From remote work to mobile devices, to the many different users accessing systems and applications, today’s IT complexity is accelerating along with cybersecurity needs. This is true in all industries, but particularly in healthcare, where the average cost of a data breach in 2022 was $10.1 million.

At HIMSS 2023, Imprivata spoke with healthcare leaders to address how digital identity improves their cybersecurity posture, while also improving clinical workflows and maximizing diminishing IT resources. Read on for our key takeaways.

The unique challenges of healthcare cybersecurity

Cyber-attacks exploit weaknesses in identity. For example, stolen or compromised credentials were involved in 61% of cyberattacks and data breaches in 2022. The security fortress around your organization is useless when hackers can use a stolen password to stroll, undetected, through the front door.

But clinicians need to be responsive in the moment. They will always find a workaround, such as logging in with a colleague’s credentials, when locked out of a system or device. Caring for patients remains their top priority. Clinicians understand security risk, but they’ll still choose risky shortcuts to facilitate patient care. If forced to remember multiple complex passwords, they’ll still write the passwords down on sticky notes near the workstation. Or they’ll repeat the same passwords across the many applications they need to access.

These shortcuts and workarounds introduce risk for the organization. But policies that require multiple, complex passwords inevitably slow down workflows, which leads to more workarounds. This is natural, considering:

• 47% of healthcare organizations require passwords with 16 or more characters
• Clinicians log into workstations and applications over 70 times per day
• Per facility, per week, clinicians spend over 163 hours logging into applications

The link between workarounds and clinician burnout

Healthcare’s struggle with complex password policies introduces security risks, but it also contributes to clinician burnout. Struggling with technology creates a cognitive disruption that interferes with providing the most efficient patient care. And when clinicians can’t access systems and applications in the moment, they don’t have the luxury of pausing their day until they can sort out a login issue.

They use workarounds to complete the task at hand, then keep moving, because there are many more patients to care for. Then they end up staying late to complete patient charting they were unable to take care of in the moment. Their workloads increase, and work leaks further into their personal time, taking a toll on overall quality of life.

The battle between security and usability

Protecting patient data, preventing ransomware attacks, and staying HIPAA compliant, all require strong measures to control and monitor all users and access points. But clinicians need to do their jobs unimpeded. At the HIMSS 2023 focus group discussion, Future-Proofing Healthcare with Digital Identity, healthcare providers expressed how users are pushing back on complex password policies and evolving standards that hinder efficiency, productivity, and usability.

“Nurses are very fearless people,” one participant expressed. “If your technology is too tight, they are going to find workarounds and you won’t see a return on your investment.”

This is one of many reasons Imprivata works with on-staff clinicians to develop its solutions. The only way to end the battle between security and usability is to make IT and Clinical a partnership. As another participant expressed, “You have to involve clinicians in IT discussions. You need those nurses because they know where everything is, they know how to get where they need to go, and how that clinical workflow should work.”

Leveraging digital identity to end the battle

Digital identity lives at the core of modern security. Whether resources are located on site or in the cloud, you need to enable fast user access, control that access for security, and monitor access for compliance. Digital identity is the way you get there.

But putting together a robust digital identity strategy requires thoughtful planning and prioritization. It also requires healthcare organizations to address key governance and administration, identity management, authorization, and access and authentication functions.

Get started by:

• Reviewing the capabilities needed for a unified and comprehensive program
• Assessing the maturity of your strategy based on current-state tools and processes
• Prioritizing investments to achieve a mature digital identity program based on where your organization currently stands