IBM Security Verify

 View Only

Why Protecting Healthcare Data Carries So Much Weight in Identity and Access Management

By Milan Patel posted Tue October 11, 2022 01:23 PM


It’s no surprise: the cost of data breaches is rising across all industries. And for the 12th year in a row, the healthcare industry faced the costliest data breaches of all, surpassing $10.10m on the average, up $1m on average per breach since last year[1].

Given the sensitivity and criticality of protected health information (PHI), healthcare providers and organizations are big targets for hackers. Healthcare data contains some of the most sensitive information related to an individual – social security number, home address, name, email, birthdate, passwords, phone number, and sensitive health and treatment records.

And it’s the combination of these attributes that correlates to brute force impersonations. All the necessary details needed to create and maintain malfeasant accounts can be found in a “healthcare profile.” The criticality of protecting these individuals and their individual accounts is paramount, not only to preemptively protect from breaches but to also build and maintain trust in their providers.

And that’s where the Health Insurance Portability and Accountability Act (HIPAA) and identity and access management (IAM) cross paths. 

Is your IAM solution ready to receive HIPAA Regulated data? IBM Security Verify is.

As we’ve worked to align IBM Security Verify with helping complex organizations modernize how they protect resources and enable secure, frictionless experiences for individuals, the need for providing a scalable platform designed to receive HIPAA regulated data has been top of mind. 

Today, IBM Security Verify (SaaS), has undergone internal assessment implementing policies, procedures, and technical controls for HIPAA regulated environments. IBM identifies this as HIPAA Ready, enabling healthcare providers and organizations to align their readiness posture to the HIPAA controls needed.

And that’s not our only industry focus. On top of the existing certifications such as ISO, SOC, PCI DSS, OIDC OpenBanking, and more, in developing IBM Security Verify, we continue to develop vertically-focused optimizations to ensure our clients, across different industries, can meet the demands of their customers and market specific needs.

Through the IBM HIPAA Program Office process, we assist organizations to be ready to meet the needs for secure and safe interactions, optimized for healthcare. The IBM Security Verify HIPAA readiness dimensions consist of the following category controls:

  • Security management processes and assigned security responsibility
  • Workforce security controls and security awareness training
  • Information access management
  • Security incident procedures, contingency plan, and evaluation
  • Business associate contract/other agreements and facility access controls
  • Workstation use and workstation security
  • Device and media controls
  • Access controls, audit controls, and integrity
  • Person and entity authentication
  • Transmission security
  • Policies and procedures
  • Documentation and minimum ePHI necessary
Additionally, IBM Security Verify (SaaS) offers embedded capabilities to ensure healthcare experiences, application modernization efforts, and data remain secure across all interactions with individuals. 

  • Data security and privacy: IBM Security Verify encrypts data at rest and in motion with the ability to create custom hashed attributes that are only visible to the end user, not even admins. Verify (SaaS) also offers an out-of-the-box data privacy and consent management capability to capture consent but also enable organizations to be transparent with individuals on the use of attributes.
  • Secure authentication and passwordless: IBM Security Verify supports strong authenticators types that enables healthcare organizations to quickly add new and more secure methods to protect applications. Verify (SaaS) also supports passwordless authentication through QRCode and FIDO2–natively within the product. 
  • Application modernization: Healthcare organizations have a rich history and have been providing services for decades. With that heritage, application deployment topologies can consist of legacy and modern authentication protocols (ex: OIDC, OAuth2, and SAML). IBM Security Verify with the IBM Application Gateway can help modernize applications to align to the most current authentication standards while extended additional value with risk-based access controls and access polices authoring to legacy applications as they are refactored.
On top of the differentiated features, IBM Security Verify (SaaS) is a comprehensive IAM solution delivering single-sign-on, multifactor authentication/passwordless, risk-based authentication, and governance from the cloud. Learn more and try out the free trial in your healthcare environment today.