For our third April 2021 HTN Now session on day one, we were joined by a trio of presenters to talk about the power of digital identity, its importance of in the modern healthcare environment and the need for a more ‘complete approach’ when managing it.
In the blue corner, representing digital identity specialists Imprivata, were Chief Technology Officer Wes Wright and Senior Product Manager, Andy Wilcox. While in the red corner Andy Kinnear, Partnership Director at Ethical Healthcare, completed the team, to provide a healthcare management perspective after spending 30 years working in the NHS.
With two Andys onboard, ‘Andy K’ went first, setting up the session by looking at digital investment through the lens of his former post as an NHS Chief Information Officer.
“There’s lots of meetings and glamour and conversations that go on all around the world that I sat in,” he said. “But – when push comes to shove – lots of it boils down to investment decisions around managing risks to the organisation. Investment decisions aren’t just all financial – the emotional investment, the time investment…”
Explaining some his past experiences of discussing digital costs with executives, Andy K continued: “What I’m saying here is, you can only spend money in four different ways in the digital space.
“You can spend it in box one – running the operation, keeping the services that you’ve already got live and keeping everything running. Or you can spend it in box two – unavoidable investment, the kind of things you need to do because something has come to end of life.
“The third box is development, but tends to be enhancements to things that you’ve already got – so software that you’ve already deployed…the fourth box – which is the box most execs tend to get excited about – is new stuff, all the shiny new things that are innovative and potentially transformational in the way that we deliver healthcare.”
“Most folks get quite excited about box four”, Andy K continued, “and less excited about three, two and one. But actually, as a CIO and folks working in the digital space, you realise that you only get to do box four when you’ve got one, two and three running smoothly and investing in it.”
Bringing the discussion neatly back around to digital identity, to lead into our next guests, he concluded: “When you get into conversations around security and identity, you can find yourself with folks glazing over a little bit or finding it a little bit tricky…[but] actually you can’t be interested in the cool stuff without recognising the value that the other fundamental infrastructure brings.
“By investing time, money and emotion in this space, you drive down the risk and you drive up the opportunity. Digital identity, when you peel it all away, like so many decisions that CIOs make, is really an investment decision. The question you ought to be really asking yourself is, can you afford not to invest in that?”
Wes – who joined us a world away at 8am ‘mountain time’ from New Mexico – delved into the technical side of digital identity, providing not just an Imprivata perspective, but a background in the US healthcare system, too. Picking up on Andy K’s ‘boxes’ theory, he added: “Digital identity spans from box one, all the way to box four…I absolutely agree with you. The CEOs, the clinicians, the physicians – they all love that box four and hate investing in box[es] one, two and three.
“But it’s our jobs – as health IT practitioners – to convince them that it’s the investments in boxes one, two and three, that get us to box four.”
“Digital identity is just getting more complex”, Wes explained, “times they are a changing, the number of users out there has exploded. For every user, there’s three or four roles associated with that user. They’re not just working in hospitals anymore. With COVID, we had to send people to different places to work. Because of that we’re no longer using that same old work station. We’re using all kinds of different devices.”
“The thing that holds it all together is that red dot in the middle – it’s that digital identity that holds everything together,” Wes summed up.
From Imprivata’s perspective, he added, “We don’t think of it just as digital identity, we think of it as the new control plane…it’s not just what lets things in and out – yeah, it does that – but it also controls what applications you get, what access to data, what access to share-point sites. It controls everything within your domain.”
Explaining that he’d been tasked with developing a digital identity framework for Imprivata’s healthcare clients to use, Wes added: “There’s a lot of pieces and parts you can buy and try to stitch together yourself, but we wanted to develop this framework that you can use to do your strategy.
“There’s not really a unified system out there. Personally, either in healthcare or outside of healthcare, I think Imprivata probably is as close as you’re going to get for a unified system for identity and access management.”
After discussing his process while researching digital identity frameworks, Wes explained the ‘bones’ of one the frameworks he used to create his own, combining that with information from other frameworks to create a digital identity strategy. “Only after we’d determined these 32 boxes – or what you needed for digital identity strategy – that’s when we said, ‘ok let’s see what happens from a capabilities perspective if we put Imprivata’s products on top’.”
Covering Imprivata’s recent acquisition of FairWarning – a privacy analytics company – Wes said: “I could see what was happening with that digital identity everywhere, except inside of the application…once you logged into your EPR, I didn’t know what was happening. That’s why we acquired FairWarning – they way it determines privacy analytics is it follows that digital identity once it’s logged into an application.
“Now I can see what’s happening with the digital identity from a 360-degree view outside of the application. And inside of the application, we can see the activity of the digital identity from birth to death.”
Wes then handed over to Andy W, who took the audience through Imprivata’s digital identity framework for healthcare. He first wanted to echo the earlier discussion and emphasise that “identity is a real core element to delivering some of those more exciting, innovative pieces that we do and want to do in healthcare”.
“That’s where the [Imprivata] framework really stood out to me – when talking to some of the NHS customers,” Andy W highlighted, “it gives them steer as to where their strengths lie – where they are doing things well, where they know there are weaknesses. This is a tool to internally communicate…and unify that strategy.
“Having systems and solutions in place that can manage, provide data and feedback, are really fundamental…being able to look at the digital identity…and say, ‘I know what I’m doing here, I know that I need to address this particular area’ is really powerful for an organisation.”
On cyber security, he said: “We’ve got to have stronger usernames and passwords, we’ve got to have more complex passwords with more characters…it gets very overwhelming for clinicians to actually implement that themselves in terms of using the systems. You want to be compliant with cyber essentials…but how do you actually get the clinician to do that without having to write it down or cello-tape it to the bottom of a keyboard?…That’s where having the framework here can help you to understand what you can do to provide that efficiently and effectively, but in a way that is compliant.”
To summarise, Andy W, added: “We’re constantly trying to drive higher-quality care and technology is a fundamental part of that. But IT has got to be efficient and we’ve got to have that compliance. Having that unifying strategy around identity can help utilise those barriers…it’s about identifying those gaps in identity strategy.”
Returning to Andy K again during the Q&A session, we finished with an apt quote that, “Management without measurement is just guessing, and that applies to every single aspect of what you do…why shouldn’t it apply in the identity space just the same?”
Watch the full discussion on digital identity, below: