• Follow us


Identity governance and administration for the healthcare gig economy

As the malpractice insurance costs increase, the healthcare industry finds itself facing a significant dilemma. The current healthcare talent gap increases patient costs, decreases the quality of care, and places a financial burden on healthcare organisations. To close this gap, more healthcare professionals and organisations embrace the “gig economy.” However, maintaining patient electronic health information (PHI) privacy and security in this gig economy leads to increased costs from HIPAA violations that undermine the reason for hiring temporary staff. To overcome this burden, the healthcare industry needs modern Identity Governance and Administration (IGA) solutions to support these new business operations.

What is the gig economy in healthcare?

The talent gap is expanding

According to research conducted in 2018, the healthcare industry not only struggles with a current talent gap, but the gap will continue to grow in the future. For higher-skill practitioners, role openings exceed available workers by 40 per cent. To further complicate the situation, the research indicated that the field needs:

*52,000 more physical therapists

*43,000 more nurse practitioners

*24,000 occupational therapists

*23,000 physician assistants

These numbers are only the beginning. The healthcare industry’s talent gap is expected to expand over the next five to ten years.

Patients want more communication and more control over their health

Meanwhile, patients continue to adopt a consumer approach to healthcare that incorporates new technologies. According to one study, 19 per cent of patients said the “most important” factor in choosing a physician was the use of technology. An additional 21 per cent placed technology as the second most important factor in choosing their physician. Thus, 40 per cent of patients consider a healthcare provider’s use of email communication, online scheduling, and mobile device use in the office a primary factor for making their consumer healthcare decisions.

Patients now expect their healthcare providers to communicate with them electronically. Unfortunately, healthcare’s talent deficit often leads to patients waiting for responses which translates into poor patient satisfaction and poor outcomes as patients move to different providers.

temporary staffing or “gig economy” enables healthcare organisations

To accommodate the skills gap and patient communications requirements, the healthcare industry has begun to embrace the gig economy. Healthcare professionals seeking flexible schedules or looking to make extra money become “traveling” practitioners. Healthcare organisations seek to minimise their inability to meet patient needs by hiring temporary practitioners to fill in gaps.

As the gig economy continues to expand, healthcare organisations face EHI privacy and security concerns that can leave them facing HIPAA violation penalties.

How does the gig economy impact HIPAA privacy compliance?

Under the HIPAA Privacy rule, healthcare organisations need to:

*Make reasonable efforts to use, disclose, and request the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request.

*Develop and implement policies and procedures to limit internal workforce member access to PHI based on roles and groups

*Determine reasonableness of covered entity requests to ensure they align with the HIPAA Privacy Rule

When working with freelance health professionals, the HIPAA Privacy Rule becomes overburdensome. Healthcare professionals require access to the organisation’s systems and applications to provide appropriate patient care. However, contractors create risks by adding additional devices and identities to the ecosystem.

Six major privacy risks the healthcare gig economy causes


Although organisation policies require contracted practitioners to undergo detailed background checks, people get curious. Employees – contracted or full-time – create a snooping risk when they have too much access to EHI. Contractors lack the formal connections to the healthcare organisations and create a greater risk since the organisation may not be aware of their connections to other patients. A snooping contractor not only places the EHI at risk while working with the organisation but can take it with them to other short-term employers.

 Maintaining appropriate access controls

Practitioners need access to information that enables them to provide care, but they do not always need access to the full patient profile. For example, a physical therapist needs patient health information to help create a rehabilitation program, but she does not need patient medication, financial or health insurance information. However, as part of the rehabilitation plan, she may need to review medications for side-effects. After requesting additional access, the healthcare organisation needs to ensure that she only accesses what she needs at the time she needs it. Thus, maintaining appropriate access controls can become overwhelming when attempting to limit information sharing to the minimum amount necessary.

Ensuring appropriate termination of access

Clinical workers join and leave organisations on a regular basis. Healthcare organisations need to ensure that they create the appropriate timebound access and enforce their rules.

Rejoining the organisation

Often, healthcare organisations build relationships with their contracted workers. A hospital may need extra support from a physical therapist for a short, three month period that elapses. Later in the year they may need another short term contract with the same person. However, access the physical therapist previously had for a legitimate reason has expired. Simply resetting the old identity may lead to a privacy violation.

User access from personal devices

Organisations not only need to maintain Electronic Health Information (EHI) privacy on their own devices, but that privacy requirement extends to user-owned devices. Within the gig economy, personal devices are the way that users access important assets such as email and cloud-based applications. However, user devices are inherently risky ways of accessing data which place user authentication credentials at risk. 

Multiple sites, one data source

Large healthcare organisations incorporate multiple locations. However, contractors only need access to information associated with the office in which they work. Ensuring least privilege necessary means limiting their access to only the information they need to provide healthcare, not all patient information for the organisation.

Legacy solutions cannot meet the dynamic identity demands of the gig economy

The gig economy thrives on a dynamic, transient workforce. Thus, the current set of available solutions cannot meet the increased need for IGA programs that align with the changing workforce in conjunction with HIPAA privacy requirements.

Single-Sign-On creates access and authentication controls at the organisation’s highest level, its entrance. SSO does not help protect user access once the individual is inside the organisation’s systems. While it acts as a preventive solution, it cannot secure all systems and data.

Legacy solutions enable high level, or coarse-grained, access controls. They often only provide access protection at the application level. For example, the traveling practitioner cannot obtain payroll information but can access the entire patient database. As such, the practitioner may maliciously or accidentally obtain information about a patient in a different location or gain access to too much information about a patient.

The modern healthcare workforce needs modern IGA solutions

As the modern healthcare workforce evolves, so much its IGA solutions. The workforce no longer consists of static employees committed to a healthcare organisation. The modern workforce – whether driven by cost or skills – is a dynamic workforce. As such, healthcare organisations need modern, dynamic, intelligent solutions that can adapt to the shifting healthcare landscape.

Intelligent risk analysis

Intelligent risk analysis means developing a full portrait of the user’s risk profile by incorporating access analytics, usage analytics, individual user activity, and inherent user risk. By aligning data and user access across the enterprise, healthcare organisations can create detailed user roles and groups that allow them to manage user identity, data classification, device, and location.

By analysing user activity with filters such as type, role, permissions, data accessed, and functionality performed, IT departments gain visibility into interactions with patient data, i.e., who’s accessing which systems at what time, and why.

Intelligent compliance

HIPAA requires that healthcare organisations define and implement controls to maintain continuous compliance for organisations. To move from compliance to intelligent compliance, companies need solutions that provide a depth and breadth of integration that map across industry domains and applications while aligning with compliance requirements, including but not limited to SOX, PCI, NIST, and HIPAA/HITRUST.

Intelligent privacy

Privacy focuses on data access protections. Intelligent privacy means organisations classify data and continuously monitor for anomalous activities such as use and requests. Accidental unauthorised data access arising from a failure to properly govern identities still violates the HIPAA Privacy requirements.

Intelligent Identity. Smarter security and privacy.

As the talent gap in healthcare continues to expand, the industry needs to focus on maintaining patient privacy while providing needed care. Finding a dynamic, modern solution means embracing new technologies for managing EHR and people.

Diana Volere, Chief Evangelist, SaviyntImage Credit: Dom J / Pexels

Read More

Leave A Comment

More News

Latest ITProPortal news

Foxconn president resigns to run for office 2019-06-21 08:00:29He wants to focus on his presidential campaign.

Google confirms it's leaving the tablet business 2019-06-21 07:58:09It's throwing everything it has into the laptop business.

US city votes to pay ransomware demand 2019-06-21 07:30:31Riviera Beach can't catch a break.

iPaaS: The true digital transformation enabler 2019-06-21 07:00:33At the heart of any digital transformation project is the same principle – getting access to data and managing that data effectively.

5G can help start ups compete better 2019-06-21 06:30:585G could give birth to a whole new wave of start-up businesses, who would leverage the technology to compete better against well-established players i

Leaked passwords are only the tip of the 2019-06-21 06:30:45The true cause of the problem isn’t what one company does or doesn’t do with their security, but the underlying premise that personally id

The rise of voice commerce 2019-06-21 06:00:46This is a burgeoning trend that could be a huge market in the very near future.

IT issues creating workplace "black hole" 2019-06-21 06:00:33Employees are losing hours fixing stuff around the office.

GDPR compliance: is your business at risk of 2019-06-21 05:30:57Since the introduction of GDPR last year, small businesses have faced increased pressure to develop and alter their existing policies in line with the

How continuous deployment can help you keep pace 2019-06-21 05:00:10With every company now a software company, here's how continuous deployment makes you stand out from the crowd.

Keeping up with digital transformation: Is your ERP 2019-06-21 04:30:46Digital transformation need not be a scary term, but the foundation of your ERP strategy.

Why the jewellery sector is in major need 2019-06-21 04:00:07How blockchain and modern technology has helped to change the way the sector is functioning.

TechRadar: Internet news

Heads up, Mac gamers: big-time PC game port 2019-06-18 13:49:56Aspyr is ending sales of 32-bit titles as Apple discontinues 32-bit app support in the upcoming macOS Catatlina.

Cyberpunk 2077: release date, trailer and news 2019-06-18 13:26:57If you thought CD Projekt Red’s upcoming FPS RPG looked incredible before E3 2019, just wait until you see Keanu Reeves.

Animal Crossing on Nintendo Switch: release date, news 2019-06-18 13:06:19Animal Crossing: New Horizons isn't coming this year, but it's shaping up to be a totally unique experience.

These Huawei P30 Pro deals are now incredibly 2019-06-18 12:58:24One of the world's best phones at a great price - get a Huawei P30 Pro deal now and save some money, if you dare.

Australia vs Jamaica live stream: how to watch 2019-06-18 12:41:47Can the Matildas book their place in the Women's World Cup round of 16 with a win against the Reggae Girlz? Don't miss a kick with our Australia vs

Facebook WordPress plug-ins found to have zero-day flaw 2019-06-18 12:27:36Security researchers from Plugin Vulnerabilities have openly disclosed two zero-day flaws in Facebook's WordPress plugins, putting thousands of users

Expensive spectrum puts European 5G at risk 2019-06-18 11:58:13Recent spectrum auctions raise fears over rising costs

Best tablet 2019: the top tablets you can 2019-06-18 11:54:24The best tablets come from Apple, Google, and Microsoft, but not all are created equal. Here's what we like so far in 2019.

Amazon Prime Day deals 2019: everything you need 2019-06-18 11:52:04Amazon Prime Day is fast approaching, so we've put together a guide on how to find the best deals and everything else you need to know for the July s

EE now lets you watch BBC iPlayer and 2019-06-18 11:36:35EE users can now get some of the biggest data gobbling video players without data allowance with their mobile phone deal.

The 10 best cheap fitness trackers: the top 2019-06-18 11:21:31Wearable fitness trackers are smarter and cheaper then ever before, you don't have to spend as much to get fit.

The best free stock video sites 2019 2019-06-18 11:19:20Find high quality free stock video clips to use in all your projects – whether they're personal or commercial.

TechCrunch » Enterprise

Get your early-bird tickets to TC Sessions: Enterprise 2019-06-20 16:00:41In a world where the enterprise market hovers around $500 billion in annual sales, is it any wonder that hundreds of enterprise startups launch into t

Transitioning from engineering to product with Adobe’s Anjul 2019-06-20 13:05:14Many roles inside of startups and tech companies are clear: marketers market, salespeople sell, engineers engineer. Then there are the roles like &ldq

Daily Crunch: Slack makes its Wall Street debut 2019-06-20 12:42:22The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox ever

Machine learning for everyone startup Intersect Labs launches 2019-06-20 12:30:02Machine learning is the holy grail of data analysis, but unfortunately, that holy grail oftentimes requires a PhD in Computer Science just to get star

Slack opens at $38.50, a pop of 48% 2019-06-20 12:12:38Slack, the workplace messaging platform that has helped define a key category of enterprise IT, made its debut as a public company today with a pop. T

The boring genius of how Atrium kills legal 2019-06-20 12:12:32Law firms have little incentive to build or buy software that will save their lawyers time because they often bill clients by the hour. Tasks like tra

GirlGaze Network looks to connect brands with female 2019-06-20 08:32:10It started with a hashtag. Amanda de Cadenet, photographer, author and TV host, was spending time with her sister, a director and photographer in her

SaaS data protection provider Druva nabs $130M, now 2019-06-20 07:07:34As businesses continue to move more of their computing and data to the cloud, one of the startups that has made a name for itself as a provider of clo

Text IQ, a machine learning platform for parsing 2019-06-19 10:37:30Text IQ, a machine learning system that parses and understands sensitive corporate data, has raised $12.6 million in Series A funding led by FirstMark

Postman raises $50 million to grow its API 2019-06-19 07:00:18Postman, a five-year-old startup that is attempting to simplify development, tests and management of APIs through its platform, has raised $50 million

Blue Prism acquires UK’s Thoughtonomy for up to 2019-06-19 02:56:19Robotic process automation — which lets organizations shift repetitive back-office tasks to machines to complete — has been a hot area of

Atlassian’s co-CEO Scott Farquhar will join us at 2019-06-18 16:39:36Few companies have changed the way developers work as profoundly as Atlassian. Its tools like Jira and Confluence are ubiquitous, and over the course

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.