Digital identity framework

Healthcare delivery organizations (HDOs) have evolved into highly complex environments with many users and roles, locations, devices, and applications. These complexities demand a cohesive approach to managing the digital identity – which lives at the core of the modern identity and access management (IAM) strategy.

Introducing the digital identity framework

The Imprivata digital identity framework for healthcare presents a unified, security- and efficiency-focused strategy to managing identities across the HDO’s complex ecosystem. The framework addresses key governance and administration, identity management, authorization, and access and authentication functions for the healthcare IT leader to leverage in planning a robust and usable IAM scheme.

EPCS workflow graphic

The Imprivata digital identity framework: A guide for IT leaders in healthcare

This guide provides CISOs, CIOs, and other IT leaders a toolkit to drive their IAM strategy, along with insights about how healthcare considerations must necessarily govern solution choices.

Learn more

The Imprivata digital identity framework for healthcare -- a deep dive with Wes

Wes Wright, CTO at Imprivata, offers insight into the Imprivata digital identity framework for healthcare as a holistic approach to identity and access management tailored to healthcare.

A deeper dive

The Imprivata framework is structured according to the key categories required for a robust digital identity strategy that meets healthcare’s unique demands. These categories are: governance and administration, identity management, authorization, and access and authentication. As described below, the categories are ordered in the framework to support the planning process, beginning with the end in mind.

Governance and administration

Starting with governance and administration, identify the standards with which your organization will need to comply, including the reports you’ll need to do so.

What’s important for healthcare?

An effective solution will provide dashboards from which you can track which clinical staff are accessing which applications, generate entitlement and access reports, and, as an example, generate audit summaries of EPCS activities as part of a DEA-adherent process.

Image of a businessman and a doctor talking with each other

Products that support governance and administration

Imprivata Identity Governance | Imprivata Mobile | Imprivata OneSign
Imprivata Confirm ID | Imprivata PatientSecure

Identity management

Next is identity management, where IT and HR specify your sources of truth for users and plan for the provisioning and de-provisioning of human and non-human entities, including mobile and medical devices in hybrid environments.

What’s important for healthcare?

An effective IAM must integrate directly with the HDO’s diverse identities, from IT administrators to practicing clinicians, as well as the numerous applications and workflows found in today’s clinical environments. An identity management system designed for healthcare, with proven compatibility with leading EHR vendor software, for example, will expedite return on investment and deliver efficient results.

Image of a doctor and a man looking at a smart tablet together

Products that support identity management

Imprivata Identity Governance | Imprivata Mobile

Authorization

The authorization stage is where policies and access rules are built into the IAM system, to govern which data and applications are to be accessed by which users according to their roles, rights, and responsibilities.

What’s important for healthcare?

In the hospital environment, care providers may take on different roles that change from shift to shift as staff rotates. A practitioner could serve as an emergency department physician one day and an administrative physician, performing oversight duties, the next. This environment of “one beating heart (or identity), multiple roles” demands appropriate access and permissions as needed and without delay.

Image of a surgeon using a touchscreen on a medical device

Products that support authorization

Imprivata Identity Governance | Imprivata OneSign | Imprivata Confirm ID | Imprivata PatientSecure

Authentication and access

The final step is authentication and access, which is the execution phase. Here, users are authenticated and granted access to cloud, on-premises, and mobile applications used on a variety of endpoints.

What’s important for healthcare?

Access control and authentication functions need to sync with clinical staff operations, such as quickly accessing an individual’s instance of a workflow from a shared nurses’ station, or retrieving data from a mobile device dedicated for use during that shift. The hospital environment contains a variety of providers, e.g., clinical, administrative, and temporary, as well as a multitude of endpoints. Medical devices also require access control to prevent tampering.

Image of a lab employee using a touch screen desktop device

Products that support authentication and access

Imprivata Identity Governance | Imprivata Mobile | Imprivata OneSign | Imprivata Confirm ID