How identity management helps protect what ails patients

These real-life scenarios show how IAM is transforming healthcare.

identity management
Credit: Thinkstock
Empowering the patient

There is serious personal risk associated with a healthcare data breach, especially with multiple connected devices and health record systems generating and storing a patient’s sensitive health data. Every person interacting with an online system needs a digital identity, and it should be authenticated in real time, so that unusual behavior can be detected at any time, whether at login or midway through a session.

Patients should also be empowered to authorize and monitor access to health data, for example by caregivers and family members. Eve Maler, vice president of innovation and emerging technology at ForgeRock, points out how Identity and Access Management is used to secure patient data.

identity management
Credit: Thinkstock
Access to more patient data

The rise of digital technology in the healthcare sector is fundamentally changing the way practitioners deliver care and treatment. Today, instead of treating you when a disease manifests itself, healthcare providers are using technology to offer predictive and preventative options. This focus on healthy living means that providers are starting to integrate data from disparate sources, sometimes including “patient-generated health data” from smart devices.

This move away from episodic and fragmented care to a continuum of healthcare requires access to more patient data, such as a data stream of a patient’s heart rate or the daily blood glucose level of a diabetic. With this new model, however, the opportunities for data leaks or breaches increase and the importance of properly authenticating and authorizing the requesters of data access rises.

identity management
Credit: Thinkstock
Patient information transferred to hospital from homes

On the healthcare provider side, we will see cloud-based platforms for collecting, managing and analyzing clinical and consumer data from a wide range of sources, including devices. Having digital identity and access management capabilities built into these platforms to provide security, privacy, and personalization is essential because the services they provide will connect highly sensitive data to many recipients.

On the patient side, individuals will interact with these platforms online through a wide variety of applications, mobile devices, health wearables and even clinical devices in hospital settings. A heart patient could connect a blood pressure device or heart rate monitor to stream or upload readings. A diabetic would connect their blood glucose monitor and insulin pumps. Over time, these platforms will be able to create personal experiences by utilizing your genomics, your DNA, your profile, your wishes, your goals and your illnesses. But without a notion of persistent digital identity across each device and app circumstance, personalization is impossible.

identity management
Credit: Thinkstock
Keeping personal information secure

For hospitals, health information exchanges, and other health data services platforms, the patient privacy challenge isn’t just about securing data collected during on-site visits. It’s about securing data streaming into your health platform. Ultimately, a large percentage of the devices and applications that are sourcing and streaming personal health data will not be controlled by the provider. And conversely, clinicians will need to share some patient data with caregivers in the home or others outside the clinical setting.

How to securely grant access to clinical healthcare data on post-operative patients to home health workers, or family members who might be responsible for in-home care? And how to revoke access once it’s no longer necessary?

identity management
Credit: Thinkstock
Smart things need identities too

Connected devices are everywhere, including in the hospital, next to the hospital bed, in the operating room and worn on the patient. Some of these devices collect and stream data about the patient, others are programmed to perform a procedure, like dispensing a patient’s medicine. Whether these devices are connected to the hospital network or the patient’s home network, they all need secure digital identities so access is restricted to only those authorized, and personal data is protected.

An identity record for a smart, connected thing will have different attributes compared to the profile for a person, of course. They’ll include model and manufacturer information, for example.

identity management
Credit: Thinkstock
Health IAM scenario: In-hospital identity

In a surgical setting, say for a patient needing a heart procedure, platforms managing health data would be populated with all required medical details, such as X-rays, scans, and drug treatment data prior to the procedure, and available to the relevant operating staff as needed during surgery. Staff working other shifts and staff not involved in treatment, payment, or operations would not be granted access.

Past any required retention period, access to that data would be revoked for personnel no longer involved with the care of the patient.

identity management
Credit: Thinkstock
Health IAM scenario: In-home care after surgery

Years ago it was common after any heart procedure to keep a patient in the hospital for observation and monitoring for complications. With cloud health platforms, patients can be sent home much earlier because monitoring for complications can be done remotely.

Connecting devices such as oximeters and blood pressure monitors to the platform in the cloud through secure digital identity means doctors can check vital signs daily – or several times a day – as data is streamed back to the platform, and adjust care as needed. For instance, if blood pressure didn’t return to normal, medication could be reset. Or, if a patient is on a ventilator, the clinician would know if oxygen levels needed to be adjusted.

identity management
Credit: Thinkstock
Health IAM scenario: Patient-controlled data sharing post-surgery

In the case of a heart patient, much of the engagement with the health platform and care team would occur through an application – laptop, tablet, or even smartphone – that would enable self-management. Monitoring devices, like a blood pressure monitor and oximeter, would connect directly to a mobile device or directly to the Internet to collect and stream or upload data for monitoring by care team members in various locations.

Access to this data would be controlled by the patient, who would initially have granted access to the care team much as one might share access to a Google Doc file. The User-Managed Access (UMA) standard makes possible this vision of selective sharing, access approval, and consent. The app would also help with medication management, sending reminders for daily intake, prescription renewal and so forth.

identity management
Credit: Thinkstock
Health IAM scenario: Incorporating data from consumer health devices

The rise of wearables and in-home devices means that more and more health data will literally be in the hands of the individual. It will be on your wristwatch, on your phone, or on your GPS device. Secure digital identity is the technology that ensures you will be in control when you share that data with your caregiver – or others in your life – and for how long.

Of course, sharing could be as simple as handing over your phone to your doctor so she can see your blood pressure trends over the past few months. But glancing at a screen doesn’t make that data truly actionable; uploading it to a cloud platform opens up a world of possibility that enable monitoring, diagnosis, healthy living coaching through health portal apps, and even data donation to clinical health research.

identity management
Credit: Thinkstock
Health IAM scenario: Sharing whole and partial electronic health records

Individuals’ increasing control over their health data is a positive development, but it needs to advance further. If you’ve changed providers, you may have noticed it can be difficult getting your records transferred. If you’re travelling to another country and find yourself in an urgent care situation, you might want to direct your relevant records to be shared on the spot to save precious minutes.

RELATED: 8 tips for keeping your data safe with Identity and Access Management