If you want to understand the future of identity access management in healthcare, talk to Wes Wright. As Chief Technology Officer of Imprivata, his focus is on the development and implementation of advanced digital identity governance and access management solutions for forward-thinking healthcare organizations. Imprivata is an industry leader, and a longtime partner of rf IDEAS, best known for its innovative OneSign software used by hospitals worldwide.
In this interview, Wright explains how Imprivata and rf IDEAS collaborate on new authentication technologies to bring unsurpassed efficiency and security to busy healthcare environments.
rf IDEAS: How important is partnership between Imprivata and rf IDEAS?
Wright: This is a really tight partnership. And really, it has to be a tight partnership because it [the rf IDEAS WAVE ID® reader family] is the front door to our software. We sell our OneSign access management single sign-on software and the access management part is all centered around the rf IDEAS hardware. And if it doesn’t work, then the whole software stack comes falling down around it.
rf IDEAS: What does this combination deliver in a healthcare setting?
Wright: Imprivata makes its hay as a security vendor. By using the rf IDEAS hardware and Imprivata’s software in combination, you actually make things more secure and more efficient, which is something that you don’t come across very often in the security industry. By having the two together – from the access management perspective – studies say clinicians save 45 minutes per shift per day. On top of that, with some of the tight workflow integrations offered by Imprivata, we can also save the clinicians time in reauthentication tasks. And again, the rf IDEAS reader comes into that too.
Let’s say the clinicians are doing an electronic prescription of controlled substances (EPCS). One of the factors of authentication could be that badge tap. Or if they are doing a med wasting where they have to get rid of some particular thing, instead of doing a username and password, they can badge tap onto that rf IDEAS reader. Our software really enables the rf IDEAS hardware piece of it and the hardware piece of it actually increases the efficiency of our software. So, it is a symbiotic relationship.
In fact, at one of my previous positions [CTO of a healthcare facility], they had actually bought OneSign without the badge readers. So, the users were having to do username and password. I rolled out a different project and did a little transformation project that installed the rf IDEAS readers onto that Imprivata OneSign single sign-on software; there was one quote that, ‘This is the best thing that IT has done in the 17 years I have been here.’ And it was just plugging that badge reader in and hooking it to the software.
rf IDEAS: Wait, where does all the time savings come from?
Wright: That 45 minutes of savings a day is the clinician having to type in a username and password. So when they enter an exam room somewhere, instead of sitting and looking at the keyboard and taking the 12 or 14 seconds to enter their user name and password and look at the keyboard rather than making eye contact with the patient, they simply walk in and see the badge reader sitting there, tap their badge, know that it is going to launch their workspace and that everything will be ready for them when they need to look at it. So now you give back that eye-to-eye contact to the physician as they make that initial impression on the patient.
rf IDEAS: Any other benefits to physicians?
Wright: One trend that is really starting to force the issue is physician burnout. Even pre-COVID, there was a lot of talk in the press on physician burnout. Often, that is our entrée into a new system. Frequently, we are brought in through the Chief Medical Information Officer who saw the technology at a previous location or has followed a lot of physician boards and blogs out there. They read about Imprivata and they will be the ones to initially bring it in and say, ‘Hey, I want to save my clinician this much time.’
rf IDEAS: How do fewer passwords make healthcare more secure?
Wright: The rf IDEAS hardware – along with the OneSign software – when properly rolled out, allows you to go virtually passwordless in any environment, depending on how you set the OneSign software. For example, at my previous hospital role, I had it set so that every 13 hours you have to re-enter your password. But, throughout the day, whenever there was a call for a password, users could badge tap and then the OneSign software did all the single sign-on stuff. So, through the use of that badge, I masked all these different passwords that a user normally would forget or would write down on a note somewhere.
By using the combination of the rf IDEAS access management and the single sign-on one sign software, I actually made my environment more secure because I eliminated the need for my clinicians and my non-clinicians alike to remember a whole bunch of different passwords.
“By having the two together – from the access management perspective – studies say that the combination saves a clinician 45 minutes per shift per day.”
rf IDEAS: From your perspective, what does the future hold for identity access management in healthcare?
Wright: As the digital identity company for healthcare, we are looking at all kinds of authentication. Biometric is right up there and contactless is as well. But we are actually using some of the contactless reauthentication, not primary authentication, with the BLE technology that is built into the rf IDEAS reader in two specific ways:
First, there is a hands-free authentication that uses a combination of the OneSign and Confirm ID for UPCS/Confirm ID token, so that when you do tap onto an rf IDEAS reader that has BLE built into it, the reader sends back the OneSign and says, ‘Okay, this is Wes. Wes has a token on his phone. Here is his phone. I am going to search BLE for Wes’s phone, so that while Wes is in the electronic record, if there is ever a secondary authentication that is necessary, well, I am not going to make Wes take the phone out of his pocket and punch in the number. Instead I am just going to suck that token number right off of his phone and input it into the EHR or into the application for him.’ That is the primary use that we have for EPCS and the providers (again, back to the burnout) love it.
Secondly, we just released a technology we call Secure Walkaway, which uses that same BLE that is built into the rf IDEAS reader and says, ‘Okay, there is Wes. There is Wes’s phone; it has a token on it. And as long as Wes is here in front of this PC, I am going to keep the PC unlocked.’ We are using that technology to override some of the mandated timeouts on the PC.
What is really cool and what CISOs like a lot is that if I, for some reason, forget to tap out and walk away, once the BLE receiver sees that my phone is no longer nearby, then it will lock the screen. And if I stay gone, it will lock the workstation. But the cool thing is, if nobody else taps on top of me, nobody else comes and uses that workstation, when I walk back up to that workstation, it will go, ‘Hey Wes, you are back?’ and see my phone is there and it will open it back up for me.
We are dangling our toes into the contactless area, but I think you still have to have contact with badge reader that associates with your phone. There are some real live use cases in which we’re using it right now.
rf IDEAS: And what about biometrics? How will access evolve with more secure credentials?
Wright: Some of the work we are doing with rf IDEAS around FIDO actually embeds a biometric at the beginning of it. I can see the potential for the use of the pure fingerprint reader eventually declining. But they are deployed so widely out in health delivery organizations that they will be around for quite some time. The “knock” on the fingerprint reader has always been, “Look, I am in a healthcare delivery organization. Especially now with COVID, I have my PPE on, and I have gloves. So, I don’t want to take my gloves off and put it on a fingerprint reader.” But it is a good secondary authentication or re-authentication.
For EPCS, providers have to conduct ID proofing. They have to go show their ID to somebody and then that somebody says, ‘Yeah, I saw that this is Wes’s ID and this is Wes, so now this is Wes’s token that he downloaded on it and I will associate his ID to his token.’ Well, what we encourage folks to also do now is to get a fingerprint, so that they can associate it to my ID. Because what happens with phones? People get new phones all the time. And if they don’t have that fingerprint biometric associated with their ID as well, then they have to go back into the ID proofing, show their ID again, get their token associated again. But if they have their fingerprint too, well, they will get a new phone and download a new token and then use the fingerprint authentication to actually verify their ID and associate the token back to the phone. So, it saves them time as well.
To learn more about how a solution from rf IDEAS and Imprivata can impact your team’s efficiency and security, reach out to [email protected] to talk to a member of our team.