The delivery of healthcare services has gone through an unprecedented transformation during the COVID-19 pandemic. COVID-19 has accelerated the move to a digital-forward model and elevated trends that were previously slow to be adopted. In addition, the final rule of the 21st Century Cures Act, effective June 30, 2020, implements provisions to “advance interoperability and support the access, exchange, and use of electronic health information”.
Technology leaders in the healthcare industry will drive positive business outcomes by continuing to innovate in ways that meet the demands of consumers while also meeting security compliance requirements. Healthcare companies have an opportunity to leverage the current momentum to capture more market share by providing cutting-edge, secure experiences for patients, providers, payers, and insurance companies.
Consumer habits have permanently changed across industries over the past 18 months. Healthcare companies providing the best digital experiences will be the ones to attract consumers. In healthcare, consumers include the patients themselves, but could also be caregivers, parents, or patient representatives. Consumers are also the medical staff providing care. A digital experience that makes it easy to share data, retrieve lab results, check coverage, pay bills, etc. will make a big difference to all of these kinds of consumers. It’s likely that in healthcare, consumers will follow the best user experience, as they have in other industries.
A survey of healthcare consumers found that 51% said convenience and access to care are the most important factors in their decision-making. Convenience ranked above insurance coverage (46%), doctor/nurse conduct (44%), brand reputation (40%), and quality of care (35%). Healthcare companies that continue to require patients and providers to use antiquated and disconnected methods to share information with hospitals, specialists, and insurance companies will become less compelling, leading consumers to choose something else. The same applies to providers that stop offering telehealth options for patients. Although the personal experience of an in-person visit cannot be replicated via Zoom, most consumers and providers enjoy having the option when needed.
The intersection of factors such as COVID-19 driving the rise in telehealth services, consumer demand for improved digital access to healthcare data, and recent regulatory mandates creates a shifting technology landscape in healthcare.
Enabling Patient Control over Data: Interoperability with SMART on FHIR
SMART on FHIR is an API that facilitates the exchange of healthcare data. It is part of the 21st Century Cures Act certification requirements. SMART on FHIR is built on open standards including HL7’s FHIR, OAuth2, and OpenID Connect. Developers have the ability to write apps that will run anywhere in the healthcare system. The SMART on FHIR Patient Access API and Provider Directory API came into force on July 1, 2021. The Payer-to-Payer Data Exchange is applicable from January 1, 2022.
SMART on FHIR creates the potential for interoperability and will enable patients, providers, payers, and any other healthcare-related organizations to securely share information, giving patients control over their healthcare data. Patients will no longer have to request records and wait to have them mailed or picked up. Patient control over how and when information is shared will lead to a smoother experience for all parties.
Unlocking Interoperability: Identity as the Key to the Digital Front Door
Identity is the key to the digital front door for any healthcare transaction, and also provides the backbone to securely interconnecting systems. Many users have multiple identities that they use to log in to various applications. Frequently, patients will have to reenter credentials to access every application or portal. This approach is frustrating for patients and increases the risk of phishing attacks and other security breaches. The ability to link disparate identities through a common platform can reduce user friction and increase security.
Centralizing patient identity and providing a seamless SSO experience between all of those identities helps consumers reduce the number of login credentials they need to access their data. Each login attempt can be evaluated for malicious or risky behavior and properly blocked or logged. This protects the user, resources, and the applications or platforms they use. Using this approach creates a patient-focused ecosystem leading to better service and outcomes.
Many healthcare companies have developed in-house custom solutions for managing identity and access to their applications. This traditional stovepiped approach worked when there were limited numbers of users and much of the data remained in-house. Custom solutions don’t easily scale or integrate with other systems. They also require a significant amount of maintenance and IT costs. This can lead to end-user friction in the form of multiple passwords to manage, an inconsistent experience, and a lack of adoption.
With these in-house solutions, organizations are also responsible for supporting end-users with account management activities, such as password reset and account recovery and handling costly help desk tickets. Poor identity management creates a poor user experience. Automating user account functions, such as signup, password reset, and self-enrollment in MFA greatly reduces friction and inefficiency.
Securing patient data should be the top consideration for any solution, yet based on a recent survey of 100 healthcare executives, speed was prioritized over security with the move to telehealth during COVID-19. Even more worryingly, 95% of these leaders admitted that confidential patient records are only secured with a password. Providing built-in security features, such as multi-factor authentication, bot detection, breached password detection, suspicious IP throttling, and brute force detection can significantly increase the security posture of protecting critical data. Cyber attacks are increasingly common, and the cost of a breach can be devastating. In addition, new security threats are constantly exposed.
Secure identity and focus on core competencies
Most healthcare organizations are and should be, focused on their core business pursuits, such as patient care or processing insurance claims. Information security and identity management is not their core business, yet is a critical factor in compliant, secure business operations. Focusing on core competencies while ensuring secure identity management doesn’t mean giving up control of identity management but instead places the responsibility for the technical aspects of identity building and protection in the hands of experts who work with identity every day.
Identity and security are complex and require a particular skill set to ensure that data is properly handled and protected. As the industry moves to meet the compliance requirements for interoperability, this leaves the systems dependent on each other to properly secure and protect user data, including usernames and passwords. Choosing an identity provider that focuses on security as their core business can greatly reduce the burden and risk for healthcare companies.
Auth0 has helped many healthcare customers provide their users with a highly customized, secure, seamless user experience while driving down costs and reducing risk. To learn more, reach out to the team at Auth0.