HITInfrastructure

Security News

Health Data Security Needs to Generate IAM Market Growth

The identity and access management market is expected to grow with healthcare as one of the top driving industries, seeking better security for PHI and EHRs.

By Elizabeth O'Dowd

- The increasing number of cloud applications and mobile devices in healthcare organizations calls for tighter health data security as users access data both within an organization and remotely. 

IAM growth in healthcare

According to Grand View Research, the identity and access management (IAM) solution market is expected to reach $24.55 billion by 2022, with the healthcare industry identified as one of primary industries expected to drive IAM growth.

The rise of web-based applications, risk management, and audit management combined with cost containment are key demands organizations seek IAM solutions to fix. The growing popularity of connected medical devices, bring-your-own-device (BYOD), and the Internet of Things (IoT) are also key factors expected to demand IAM solutions to regulate user access and protect the network

“The global IAM market is expected to witness significant growth owing to surging demand across various application segments,” the research group stated. “Cloud-based and hybrid solutions are estimated to extend their footprints in the industry with enhanced security and minimize error rates features. Commoditization of identity functions and the explosion of available applications are expected to compel enterprises to seek more scalable options.”

IAM is a cybersecurity solution that allows the right users to access the right resources at the right time for the right reason. IAM solutions manage user identifying data across an organization’s network including clearance information and passwords. As IT infrastructure technology continues to add more features, IAM solutions ensure that access to high risk data remains protected from employees who do not have the clearance level to see certain data, and people outside of an organization who can put data at risk.  

From a healthcare security standpoint, IAM options and the potential benefits they provide are ideal. IAM can ensure that a facility has a role-based access framework, and that the proper access is provided to the proper individuals.

IAM solutions need to restrict access to electronic health records (EHRs) without compromising patient care. A solution with too many restrictions can deny valid user access causing delays to patient care, while IAM solutions that are too lax can compromise private patient access.

The Office of the National Coordinator for Health Information Technology (ONC) considers identity proofing and authentication as the first line of security defense but claims that it also has the potential to be the weakest link in organizational security. Identity authentication controls user access to protected health information (PHI), and if identity authentication should fail, other infrastructure security measures may not have the ability to fully protect the network.

“All manner of access stems from the application of a user’s credentials,” the Identity and Access Management for Health Information Exchange guide explains. “If identity proofing and authentication are not implemented effectively, there is a negative downstream effect as exchange organizations and providers make numerous decisions based on identity within several security controls including access, encryption, auditing, and non-repudiation (digital signatures and authentication). As electronic health information exchange between different organizations and providers grows, it is essential to focus on these key building blocks of security and how trust with respect to identity controls can be improved.”

The guide also emphasizes HIPAA compliance and its relevance to IAM solutions. While HIPAA does not outline specific framework or standard IAM implementation guidelines, it requires covered entities to:

  • Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI held by the covered entity or business associate.
  • Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

Recently, the Centers for Medicare and Medicaid Services (CMS) selected Okta Identity Cloud in its build up to the official start of the Quality Payment Program as part of MACRA implementation. IAM solution providers are eager to become HIPAA compliant to better serve the healthcare industry.

Dig Deeper: