Digital identities and CIAM – a dynamic duo in healthcare

Leonard Cheong AdNovum Singapore

A person’s identity is unique and distinguishes them inescapably from another person. In the real world, identity is defined by various attributes including physical ones, such as facial features, height or fingerprint or personal data attributes, such names and birth dates. An individual typically proves their identity with a document such as an identity card.

Digital identities are trusted, secure digital credentials to replace physical identity cards in the digital world. Having a trusted digital identity for every citizen can enable the transformation of many industries and services, and the creation of new business models through reimagining the customer experience.

For example, telehealth is gaining ground in Asia Pacific. Asia Pacific and Europe hold the largest mobile health market shares across the globe. A Pew Research Center study also found that 62 percent of smartphone users now use their device for mobile health services from making hospital appointments to tracking their health goals. With COVID-19 safe distancing regulations in place, telehealth has received a further boost. Basic consultations with general practitioners can now be done via teleconferencing, complete with prescription delivery to your doorstep.

For the public health sector, having a strong, trusted digital credential for each citizen can enable digital healthcare services to become a reality. For instance, Singapore’s MyInfo has revolutionized how users access online services by allowing them to store and manage their personal data and use it for more than 160 government services and third-party services.

This personal data acts as the user’s digital identity, which he or she can consent to share with each service. Users of MyInfo save precious time as they no longer have to fill up lengthy forms with repetitive information when applying for housing, taking out loans and filing tax, amongst other services. In the healthcare sector, this means that prescription requests, specialist appointments and insurance claims can now be filed wherever, whenever, as long as the user is connected to the internet and consents to using the service.

However, data breaches in the healthcare sector are also on the rise, putting these digital identities at risk.  

Critical need to protect valuable healthcare data  

There are several entry points for security breaches in healthcare. As more people access health records and services via their personal devices, healthcare providers have a tough job in ensuring that each customer’s device is secure, putting even the most advanced multi-factor authentication login method at risk.

A Frost & Sullivan study found that a cyberattacks can cost a large healthcare organization in Asia Pacific an average of US$23.3 million. The study further revealed the highest economic impact of cybercrime was loss of customers and three out of five (60%) cybersecurity attacks against healthcare organizations have resulted in job losses across different functions.

Individuals are the most vulnerable when it comes to such attacks. Highly desired on the dark web, medical records can be sold for as much as $1,000 each and used in a variety of crimes. Medical identity theft can also happen, allowing medical claims to be faked, insurance to be stolen, and even, extortion on health information.

There is also a greater need to protect online sessions from beginning to end. Typically,users are required to register or log-in only at the beginning of a session. However, with cyberattacks becoming more sophisticated and session hijacking becoming more common, authenticating a user just once is no longer sufficient. At the same time, usability should not be impaired by frequently recurring security queries, as a seamless online experience is extremely important for customer retention.

This is where Customer Identity and Access Management (CIAM) comes in. Together with digital identities, CIAM creates a two-pronged system that balances security and usability, enabling new services and simultaneously protecting customers and ensuring their privacy. 

Supporting the administration of digital identities in healthcare with CIAM

CIAM enables simple management of different identities and roles while delivering on security, privacy and usability. Additionally, it allows for fast and flexible user authentication thus ensuring smooth, seamless experience for users.

Using integrated machine learning techniques, the CIAM creates a comprehensive, behavior-based user profile after only a few sessions. Algorithms can thus recognize and stop unauthorized access, fraudulent transactions and the loss or abuse of customer data in real time using adaptive and continuous authentication. This type of system will therefore not only help in the administration but in the creation of a unified identity for each customer.

In addition, users can be assigned certain rights for self-help functions such as restoring passwords, reducing the load on help desks and freeing staff up for more strategic tasks.

On the healthcare organisations’ side, CIAM can be used to manage employee identities too. For example, at a hospital or clinic, CIAM can ensure that access to medication and patient records are only given to authorized personnel. Staff that have changed departments or left the organisation can be swiftly and easily removed to prevent unauthorized access.

At present, most healthcare service user profiles often only work for one application. Users currently need to manage numerous online identities themselves, resulting in services frequently receiving requests for account and password resets or even supporting multiple user accounts for the same user. However, as the number of services that require an online identity is constantly increasing and users are placing more importance on usability, this is no longer appropriate. With the proper implementation of CIAM and a centralized digital identity, all parties can benefit – healthcare organizations can better fortify their systems, build trust and ensure compliance with privacy legislation, while customers don’t have to spend an extra second thinking about security.