• Partner with Us
  • Careers
  • Blog
  • Schedule a Consultation
  • Contact Us
Identity & Access Management Identity & Access Management Identity & Access Management Identity & Access Management
Menu
  • IAM Mesh
  • Solutions
    • USE CASE BASED
      • Access Certification
      • Role Management
      • Provisioning Access Request
      • Password Management
      • Multifactor Authentication
    • IAM Solutions
      • CIAM for GDPR Compliance
      • Single Sign On
      • Identity Provisioning
    • Integration
      • EPIC EMP Provisioning
      • EPIC SER Provider Management
      • Cerner EMP Provisioning
      • Azure AD Admin Management Connector
      • Factory Model App on boarding
    • AVANCER’S IDENTITY BRIDGE
      • What is Identity Bridge?
      • Request For Demo
      • Partner with Identity Bridge
  • Consulting Services
    • IAM SERVICES
      • IAM Advisory Services
      • Assessment Services
      • Architecture & Design Services
      • Implementation Services
      • Modernization
      • IAM Managed Services
    • PENETRATION TESTING SERVICES
      • Penetration Testing
    • SALESFORCE SERVICES
      • Salesforce Shield
  • Industries
    • Financial Services
    • Manufacturing & Retail
    • Telecommunication
    • Healthcare & Life Science
  • IAM Resources
    • E-book
    • White Paper
    • Data Sheet
    • Expert IT Security Blog
    • Case Studies
  • About Us
    • Milestones and Awards
    • Technology Partners
    • Clients
    • Press Release
    • Careers

Classic IAM Implementation Mistakes in Healthcare

… and how to fix them.
If you belong to healthcare IT Security, I urge you to do this. Open a search engine and type recent breach in healthcare information security.
Go ahead and move to news tab of your search engine. Alarmed! Right?
Interestingly cyber-crime including the ones reported recently in Washington, DC based MedStar Health system and the Hollywood Presbyterian Medical Center in Los Angeles were not unusual.

By taking note of important aspects of IAM, healthcare providers can avoid costly IAM mistakes!

Being in the IT industry, we cannot hope that the attacks will stop and they won’t stop. However, given the pattern adopted by criminals’ point at lack of checks and laziness in blocking or addressing the loopholes in the IT systems. In such a scenario, all healthcare providers can do is to implement the right technology and avoid costly mistakes due to a compromised IT system. The sensitivity of the information in the Healthcare IT security space cannot be undermined, because it can potentially result in sensitive information being stolen such as SSNs, Birthdates or any PII related information. This can dent the reputation, lead to loss of customers, monetary loss in the form of regulatory penalization and cost involved in putting the right technology in place to rectify the system.
I am assuming you must have heard the statement, “Prevention is better than cure”. It rightly fits into this scenario. One such solution that can be implemented to introduce preventive control is implementing IAM. However, there are some mistakes that are made widely while implementation of IAM technology or execution of IAM tasks. Hence, I am writing this article to expose these IAM mistakes to some extent.
For being experts in the field of IAM, and having taken up a lot of healthcare-related projects at Avancer.

Listed below are classic IAM implementation mistakes in Healthcare that our experts have come across:

  1. Setting up a system for the sake of compliance:
  2. Many healthcare organizations look at regulatory compliance as a liability. However, they fail to look at it as an opportunity to create agile IT systems by setting the right networks and placing application integrators that seamlessly interact with the IAM system that also works in ensuring compliance. HIPAA, HITECH, management of Electronic Health Records (EHRs) have been enforced through a range of regulations. They act as high-level guidelines rather than prescriptive recommendations, but many organizations treat them as comprehensive security rulebooks. IAM experts discourage this kind of approach as it leaves healthcare providers compliant with regulations, but not in the spirit of regulation.

  3. Missing out on minimizing information duplicity:
  4. Clinical errors emerging from duplicate or incomplete patient records can compromise patient safety. IAM systems need to integrate and communicate with data silos created not just within a healthcare establishment but also between various stakeholders. Moving into an electronic environment points at the need for an accurate system of patient identification. In addition, integrating APIs into the system becomes important in bringing together silos of information related to patient records, and then further strategizing this information through correct access.

  5. Overreliance on internal expertise:
  6. IAM is a niche technology, and an important cyber security element. It is not possible to find the right set of talent. Without sufficient investments in advanced tools and human capital, a firm’s internal cybersecurity staff and systems will always be deficient in skills and capabilities. As healthcare service providers cannot afford to fumble on IT Security, therefore getting IAM consultants on board can help. Such association helps in knowledge exchange and learning avenues for the in-house IT team, bringing them in contact with IAM mentors. This is a win-win situation for both – the IT employees to gain greater knowledge of the system and the organization to have a better IT security shield.

  7. Missing out on educating and mentoring employees:
  8. While an employee might mistakenly leave a loop open for cybercriminals, employers must take this threat as an opportunity to create a digitally healthy workforce. Just being aware of risks faced by a user (read employee) in IT/Cyberspace can potentially shut down a threat funnel. In addition to establishing security checks such as access governance, user identity verification and activity auditing, training employees of recommended IT practices is becoming more critical to ensuring IT Security.

  9. Under-investment in technology:
  10. CIO’s and IT Security professionals struggle with justifying the cost of making an IAM investment. It is however not the possibility of attack, but the impact of an attack that should drive investment into IAM infrastructure. Even after having an IAM system in place, manual management of various applications acts as a deterrent to the spirit of placing an IAM system. Application Integrators must be utilized to strengthen interaction amongst IAM Systems and various applications.

By taking note of above-mentioned mistakes and making rectifications on the same can help in achieving robust IAM Systems that interact effortlessly with the IT System.

If you have any specialized need for Healthcare IAM, reach out to experts at Avancer.

Drop us a request
04/25/2016 / Industry Insights, Security & Compliance

About the Author

Rajesh Mittal

With over 20 years of experience in Application Security, Identity Management and IT infrastructure related projects, Rajesh has a developed a solid understanding of all aspects of IT security field and has assisted clients, of all sizes, in almost all segments of their Identity and Access Management journey. His core competency and passion lies in integrating heterogeneous products, fostering innovation to develop new Solutions and solving customer problems quickly and effectively. He is VP of Technology and Co-Founder of Avancer Corporation and leads Technical Strategic Planning, New Business Development, Marketing and Business Expansion. Prior to starting Avancer Corporation, Rajesh’s entrepreneurial venture, he has worked with PWC Consulting/Entology/HSBC/ LG Electronics in various capacities developing IT security solutions spanning multiple geographies. Rajesh holds a BE in Electronics Engineering from University of Pune, and MBA in Finance and Leadership from Stern School of Business, New York University.

  • Next Post
  • Previous Post

Categories

  • Avancer’s World
  • Cloud Computing
  • Cloud IAM (IDaaS)
  • From CTO’s Desk
  • Healthcare IAM
  • IAM Automation
  • IAM Best Practices
  • IAM for Industries
  • IAM In News
  • IAM Product News
  • Identity & Access Governance
  • Industry Insights
  • IT Security
  • Security & Compliance

Follow us on

Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin

Avancer's Identity Bridge

  • What is Identity Bridge ?
  • Request for Demo
  • Partner with Identity Bridge

Integration

  • CIAM for GDPR Compliance
  • Privilege Account Management
  • Active Directory Management
  • Single Sign On
  • IAM Upgrade Accelerator
  • Identity Provisioning

Penetration Testing Services

  • Penetration Testing

IAM Services

  • Assessment Services
  • Architecture & Design Services
  • Implementation Services
  • Modernization
  • IAM Managed Services

IAM Resources

  • E-book
  • Data Sheet
  • Expert IT Security Blog
  • Case Studies

About Us

  • Milestones and Awards
  • Technology Partners
  • Clients
  • Press Release

Careers

  • Life At Avancer
  • Benefits Overview
  • Career Development
  • Training & Internship

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin

Contact Us

Tel: (609) 632-1285

Fax: (609) 917-3009

E-mail: info@avancercorp.com

Avancer Corporation
30 N Main Street, Ste 201,
CRANBURY, NJ 08512

Avancer Consulting Services
2nd Floor, B2/80
Janakpuri, New Delhi
India – 110058

© 2023 Avancer Corporation. All Rights Reserved.
  • Privacy Policy
  • /
  • Terms of Use
  • /
  • Sitemap
  • /
I hereby agree that Avancer Corporation may use technically necessary cookies, analysis, and tracking cookies as well as marketing cookies to evaluate the use of the website and optimize the website and that Avancer may partially use my IP address.
Accept All Privacy policy
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT