Imprivata CEO looks at IAM in the past and healthcare in the future
Malware hits the Mac but is it worth worrying about?
This week I met with Imprivata CEO Omar Hussain, head of a company that has nailed its colours well and truly to the mast of healthcare security.
Hussain said the company is focused on healthcare and rather than doing standard "fortress protection" technology such as intrusion prevention and anti-virus, it prioritised security around accessing information to offer a standardised solution to accelerate and enable productivity.
He said: “Prior to three years ago, we made a conscious decision to move away from password management and identity and access management (IAM) to focus on healthcare. We make technology that makes it easier to access information that makes it easy for everyone to use to save time and money and enabling healthcare security.
“We are now playing a big role in healthcare and patient privacy as everybody is afraid that they don't want medical details to become public knowledge as it cannot be taken back once it is out.”
Hussain said existing solutions have made it harder for clinical staff, as they have not been specifically designed for healthcare environments, while it has decided to deliver "a better product that makes access easier".
“If it can save five clicks it can add up to a ton of money and time saved,” he said. “The customer tells me that after the electronic medical record (EMR), this is the most critical solution.”
Last year the company announced a deployment of its single sign-on technology across 97 hospitals and 1,300 GP practices by NHS Scotland. This week it announced that 91 English trusts and three in Northern Ireland are using its OneSign product.
Hussain said: “NHS organisations face two inherently conflicting goals: improve efficiency and tighten security practices around patient health information. Imprivata has worked closely with care providers to ensure that data security is unobtrusively into day-to-day tasks, promoting efficiency rather than hindering it.”
Among the new products and features introduced is CorText, a secure texting service for clinicians, which enables them to instantly and securely collaborate with each other by sending images of clinical exam findings, EKGs and radiological studies.
Hussain said: “Texting is not used in healthcare as information is exposed and there is no backup or archive. We have added location services, status updates and notifications – so if you send data you know that the recipient has got it and looked at it.”
The company also announced a developer programme that will enable third-party vendors to embed its No Click Access capabilities, single sign-on and authentication management technology into their software and hardware devices.
I asked Hussain if he was responding to customer requests with the launches, or going by trends. He said: “I don't think that customers know what they need, but they know what their problems are. We get a board of customers together twice a year and talk about what they are dealing with.
“The CEO will say to me we don't have a texting problem as the nurses are not carrying phones, but the CIO will say that their number-one problem is that they cannot control devices. Look at trends, people want mobility and want to use technology as the IT side is boring but productivity is improved for machinery.
“Look at the evolution of healthcare, it is an industry that embraces technology, but one of the biggest hindrances is security restrictions on patient privacy.”
He said that rather than embracing consumerisation of IT, healthcare was fighting it as there was too much risk with sensitive medical information being stored on a personal device.
He said: “People ask if security and patient privacy are a big concern. I say if you are taking medicine for something sensitive like an sexually transmitted disease or alcohol abuse, then if the answer is no, it is not a big problem. If the answer is yes, then it is a huge issue.
“This is why it will become more and more important as patient privacy will become a critical component. Even if it is in a file in a clerk's office, once it is available anyone can get it.”
Looking at the IAM sector, I asked Hussain how he saw it now that it was well into the healthcare-specific area. He said IAM is a "huge gamut" of technologies and vendors who do different things, or "stack vendors", and the challenge for end-users was to decide whether to buy the stack or best of breed.
“This is not a business we are in, with pure single sign-on we will win a deal and that is why we got out of IAM,” he said.
Hussain concluded by saying that Imprivata do not attend the Infosecurity Europe show any more. Is this because the company is now so focused on healthcare that information security is not a concern? Of course not, its decision to allow other vendors to use its technology proves that it still has one foot in security.
However, the company's decision to focus on healthcare will likely lead it to develop solutions for customer needs on strict data protection: something that becomes ever more challenging as regulation changes.