The top five takeaways from the 2018 Gartner Identity and Access Management Summit
1. IAM is a continuous process and not a one-time configure-and-forget project.
There are three main components of an identity and access management (IAM) strategy: identity governance and administration, access management (including privileged access management), and adaptive multifactor authentication. Many healthcare organizations are still managing provisioning and compliance tasks manually or with homegrown solutions, potentially because of the seemingly daunting task of defining roles and determining access privileges for clinical and non-clinical system users. There have been number of stories about a major consulting services firm taking 2-4 years to implement an IAM solution. Imprivata’s advice: start small. We can help you select key applications common to many users and quickly implement to demonstrate the value of an IAM solution, and then expand it further.
2. IAM investments are trending towards cloud.
According to a recent Gartner survey, investment has been increasing as much as 20% in these top three areas: Business intelligence/analytics, cloud services/solutions, and information security solutions. Infrastructure investments (e.g., data-centers) saw a decrease of 30%. However, the healthcare industry continues to lag behind its peer industries, given the major electronic health record (EHR) and clinical vendors are still focused on thick client technologies.
3. Gartner offers multiple tools to help healthcare organizations select the best vendor partner.
Many IT leaders rely on Gartner’s Magic Quadrant to shortlist vendors for an evaluation. However, Gartner suggested that this approach can be short-sighted, as placement in the Magic Quadrant is based on business and market level criteria. Instead, Gartner encouraged the use of their Critical Capabilities reports, which are based on product deep-dives. Another tool that organizations can use for researching IAM vendors is Gartner Peer Insights, where customers share reviews of various solutions in use in their organizations.
4. Chief Information Security Officers (CISOs) are becoming decision-makers for identity and access management solutions.
With the continued increase in data breaches since 2015, there is huge emphasis on governance, risk management, and compliance (GRC). Implementing an IAM solution is not just about increasing the productivity of the clinicians and IT staff in a healthcare organization — it is also about ensuring preparedness for an audit, understanding who has access to which systems and information, and what is being done with that access. A healthcare CISO needs visibility into all manners of access to safeguard patients’ protected health information (PHI) and their organization’s reputation.
5. Healthcare IAM vendors must understand the intricacies of EHRs and healthcare workflows.
The Gartner IAM Summit attracted attendees from a variety of verticals, and certainly many vendors claim to be able to service multiple industries. However, the unique needs of healthcare, including the need to understand account authorization for EHRs and clinical workflows, mean that a healthcare organization would be wise to look at vendors with deep healthcare experience. The mandate for electronic prescriptions for controlled substances (EPCS) and similar clinical workflows requiring multifactor authentication requires an authentication management solution vendor to understand the fine details of the legislation. A strategic question that healthcare organizations should consider is whether to buy an integrated solution or individual point solutions for their IAM needs. The benefit of an integrated solution is that a single vendor owns the testing of integration, whereas individual point solutions can mean that your organization becomes the test-bed for integration as new versions of each product is released. Moreover, it can be helpful if a single vendor can provide an enterprise access and authentication management solution with extensive clinical workflow support.
An Integrated IAM solution for healthcare
Together, Imprivata Identity Governance, Imprivata OneSign®, and Imprivata Confirm IDTM comprise the only integrated identity and access management platform purpose-built for healthcare. The integrated solution enables fast, secure, No Click Access® to clinical systems and applications. The robust combination of automated identity management with enterprise single sign-on and authentication management drives lower IT costs, increased data security, and more efficient clinical workflows. An integrated IAM platform reduces the burden on IT and allows clinicians to focus on providing quality patient care, exactly as it should be.