How Identity and Access Management is Transforming Healthcare: A Conversation with Joel Burleson-Davis of Imprivata

Today's healthcare sector is under constant pressure to safeguard patient information, so the importance of robust identity and access management (IAM) cannot be overstated. I recently had the opportunity to sit down with Joel Burleson-Davis , Senior Vice President of Engineering at Imprivata , to explore the evolving landscape of IAM, the challenges facing healthcare organizations, and the innovative solutions Imprivata is bringing.

The Healthcare Sector: A Prime Target for Cyber Threats

Healthcare institutions are at the forefront of cybersecurity threats, primarily because the sensitive data they handle is highly valuable. "Health information is extremely valuable—often more valuable than credit card data on the dark web," Joel explained. The stakes are incredibly high with ransomware attacks and other malicious activities targeting hospitals and healthcare providers. "You're talking about life and death situations," Joel emphasized, highlighting how the urgency of healthcare operations makes institutions prime targets for cybercriminals.

The complexities don't stop at data protection. Healthcare environments are notoriously difficult to secure due to their reliance on a mix of legacy systems and cutting-edge technology. "There's a wide diversity and fracturing of the technology stack," Joel said, noting that some hospitals have been using outdated systems for decades while also trying to integrate modern technology. This diversity creates a vast attack surface, making healthcare organizations even more vulnerable to threats.

Balancing Security and Usability in Healthcare IT

While security is paramount, it must be implemented in a way that doesn't interfere with the daily responsibilities of healthcare professionals. Nurses, doctors, and radiologists are not IT professionals, yet they are often the end users of complex systems requiring high-security levels. "You can't just drop as much security into this operation as possible," Joel said, "because you're talking about nurses, not software developers." Healthcare professionals are already under immense pressure, and adding unnecessary security burdens can lead to frustration and even potential workarounds.

One key goal for Imprivata is to ensure security without compromising usability. "We focus on effortlessly ensuring appropriate access," Joel explained. The idea is simple: authorized individuals should have seamless access to the information they need, while unauthorized access should be blocked. This philosophy aims to reduce friction for healthcare workers, allowing them to focus on patient care rather than battling complicated security protocols.

Streamlining Access: Single Sign-On and Beyond

One of the most significant pain points in healthcare IT is the sheer number of logins required to access various systems. "A nurse might have to put in four to five different 16-character passwords," Joel pointed out, which is time-consuming and leads to poor security practices, such as writing down passwords on sticky notes. Imprivata's solution is single sign-on (SSO) technology, which allows healthcare workers to log in once and access multiple systems. "We've taken all of that and filled those passwords for them," Joel said. By simplifying the login process, Imprivata ensures clinicians can spend more time on patient care and less on administrative tasks.

Additionally, Imprivata offers solutions for vendor access, ensuring that third-party vendors can access critical systems securely without needing multiple logins. "We've created a platform where vendors have one-click access into healthcare systems," Joel explained. This enhances security and reduces friction for external stakeholders, allowing them to perform their duties efficiently.

The Role of AI and Machine Learning in Healthcare Security

Artificial intelligence (AI) and machine learning (ML) have become buzzwords in the tech industry, but their practical applications in healthcare security are still evolving. Joel sees enormous potential for these technologies in IAM. "We've leveraged purpose-built models, neural networks, and machine learning for the analysis of who's accessing patient records," Joel said. This helps to identify policy violations and detect unusual access patterns, ensuring that sensitive information is protected.

However, there are challenges to using AI and ML in healthcare, particularly around privacy concerns. "There are privacy and security standards around using health information to feed large language models," Joel cautioned. Imprivata is mindful of these concerns and is exploring ways to use AI responsibly, including private models that do not rely on public data sources.

Navigating the New World of Remote Healthcare

The COVID-19 pandemic has accelerated the adoption of telehealth, remote patient monitoring, and other digital health technologies. While these advancements have improved access to care, they have also created new security challenges. "There was a massive explosion of the attack surface," Joel noted, referring to the sudden shift to remote work in the healthcare sector.

Imprivata's approach to these challenges centers around the principles of least privilege and zero-standing privilege. "If you're inside my building walls, you're safe; if you're outside, you're not," Joel said, describing the outdated mentality many organizations still hold. Instead, Imprivata advocates for a more modern approach, where security policies are based on the riskiness of the identity and the asset being accessed, regardless of location.

Staying Compliant Amid Evolving Regulations

Compliance is another critical aspect of healthcare security, especially with the constantly evolving landscape of regulations like HIPAA. "Our privacy counsel says something changes every day," Joel said, emphasizing the need for healthcare organizations to stay up-to-date with the latest rules.

Imprivata helps organizations maintain compliance by adhering to solid security and governance principles. "If you approach your program build right," Joel explained, "you will find that you stay compliant and have the resources to continue being compliant as things evolve." This proactive approach ensures that healthcare providers can focus on patient care while remaining confident that their systems meet the latest security and privacy standards.

Overcoming Legacy Technology Challenges in Healthcare

One of the most persistent challenges in healthcare IT is dealing with legacy technology. Many hospitals still use outdated systems that don't support modern security standards. "You have to accept the fact that legacy systems aren't going away," Joel said. Imprivata's solutions are designed to work with cutting-edge and legacy systems, ensuring that healthcare organizations can improve their security posture without overhauling their entire infrastructure.

For example, Imprivata's solutions can auto-fill passwords for older systems or leverage RFID technology for environments where keyboards aren't practical. By supporting modern and legacy technologies, Imprivata ensures that healthcare organizations can implement effective security measures without disrupting their operations.

Practical Steps for Healthcare Leaders

For healthcare leaders looking to revamp their IAM strategy, Joel offered practical advice: start with the most critical areas. "Identify your critical users and assets and solve for those first," Joel advised. By focusing on high-priority areas like passwords and third-party access, healthcare organizations can make significant progress quickly. "Once you've figured out your priority, just take one step after the other," Joel said, emphasizing that IAM is a continuous process that evolves.