Is Identity Management a Security Thing?

Nov. 10, 2009

Most all security guys will tell you that Identity Management (IDM) is a security thing, but if you think about it security is focused on keeping people out of your systems and IDM is a framework for letting people in. I think that IDM fits  better in the privacy area.

Most all security guys will tell you that Identity Management (IDM) is a security thing, but if you think about it security is focused on keeping people out of your systems and IDM is a framework for letting people in. I think that IDM fits  better in the privacy area. Privacy is about letting the right people, and only the right people, see your information. In healthcare no one would say that “keeping my data private means that no healthcare professionals should ever be able to see my data’. In a world like that we would be relegated to repeat all tests and procedures over and over again (come to think of it perhaps that IS what we have).

So if security is keeping people out and IDM identifies how to get in to data, then would that not be a privacy thing. If you look at the HIPAA privacy rule it talks about when users can access healthcare data, which is exactly what a well written IDM system does. IDM includes all the processes that control identifying users, and associating them with the services or data they can see or modify. It also has logging for users access (another HIPAA requirement).

So, who cares? IDM is privacy not security. What difference does this make? A LOT. If you look at the focus of IDM today most all of the technologies are primarily concerned with the use case of “the break-in”. (i.e. what happens if the identity is hacked or stolen). If we re-focus the discussion to privacy of information then we can create systems that better track authorization workflows (i.e. what happens if a user can’t get to the information they need). I think we would all agree that as much as I don’t want my information shared everywhere I really don’t want to be poked with a needle because my doctor can’t access the last blood test I had.

It may not change the products, but I think it may change the focus of discussion thereby enabling the creation of environments needed for SHARING of data not SECURING data from others.

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...