The Naked Truth about Identity and Access Management
By: Clyde Smith, Executive Consultant
In the Hans Christian Andersen tale, “The Emperor’s New Clothes”, a pair of swindlers offer the King, who really likes clothes, some clothes made of “Magic Cloth”. This cloth, in addition to its’ great beauty, offers the King something extra; it cannot be seen by people who are stupid or not fit for their post. In reality, there is no cloth and the King is left naked and swindled, but no one will tell him since they are afraid they will be perceived to be stupid or unfit for their post.
At times, I wonder if some Identity and Access Management (IDAM) implementations are falling into the same trap. While I would never call the vendors in the IDAM space swindlers, I think that some healthcare organizations often purchase and implement IDAM solutions that do not truly meet their needs because they are not willing to ask enough questions, in fear of appearing foolish or unfit. I sense some confusion in the industry about what really constitutes an IDAM solution, and the correct order and method to implement the various components of the best solution for a site. Being someone who likes to seek the bottom line, and do things right once, I feel like there has to be a better way to embark on these projects.
With the large number of stakeholders in an IDAM project, it is difficult to satisfy the majority with the solution that is chosen and implemented. Each set of stakeholders will have a unique perspective of what is important in the various areas. Failing to meet some of their needs can carry high costs. Although it can be difficult to quantify, it is easy to see how much some of the following challenges, if not dealt with, can cost an organization:
-
Senior Management may find that the implementation project runs over budget as a result of dealing with interested parties who were not consulted prior to purchase and implementation.
-
Health records that are accessed without the proper authority can result in the need to defend against lawsuits.
-
Physicians who find that they are afforded easier access at a competitor may choose to take their business elsewhere.
-
The human factor is often overlooked. Human Resources and Internal Technology people who are forced to change policies and procedures without some involvement in the process may not have the necessary buy in to document, follow and enforce the new processes. This may cause failures and delays providing access to new users and allow terminated users to remain active.
-
Clinicians may have difficulty accessing systems and then when finally able to obtain access, discover that they don’t have the correct rights. This may result in delays and/or oversights in charting since they tend to be more focused on the patients than the computers.
I learned early in my consulting career how important it is to make sure that I am clear on the goals of the a project for all of the stakeholders, prior to project kick-off, and to share those goals with the team to insure that all of our efforts are driven toward the same set of goals. Such is the fabric of the VCS Identity and Access Management Strategy and Vendor Selection offerings. Let us help you identify what is important and how your needs can best be met. We don’t mind asking the hard questions or telling the King that he may not be wearing an appropriate outfit!
If you would like more information on this topic and the services that Vitalize Consulting Solutions, Inc. has to offer, we have a white paper we can send you. Please contact us at our Corporate Offices 610-444-1233 or vcs@getvitalized.com. We are also always available on our website www.getvitalized.com.