Digitisation as an advantage in the competition for flat-rate payment

The digital transformation brings new perspectives and possibilities for hospitals to better position themselves as contenders in the competition for flat-rate payments. Only by actively addressing security risks and seeking opportunities is it possible to enjoy sustainable benefits from digitisation. The aim is to turn patients, referring physicians and attending doctors into satisfied customers in order to secure long-term success.

Customer experience as a success factor

The introduction of flat-rate payments in 2012 aimed to make costs for medical services comparable and transparent across Switzerland. However, hospitals are still only seen as providers of healthcare services and not as companies carrying out economic activities that generate shareholder value. Every hospital aims to achieve stable costs and good treatment quality in order to remain competitive. It is therefore important to increase the number of patients and thus also flat-rate payments, whilst simultaneously reducing costs so as to allow an investment in growth and cost efficiency.

Terms are also changing in the economic perspective. Referring physicians, attending doctors and patients are now new customers and they expect to be treated accordingly. Nowadays, success depends not only on medical expertise, but also increasingly on the ability to create a fully positive user experience. Positively distinguishing yourself exclusively in topics such as hotel business or infrastructure is no longer enough. The digital evolution is all encompassing: Referring physicians require workflow support, attending doctors want direct collaboration with teams and patients call for transparency and access to their medical data and become data suppliers. Patients use the data access and gathering to promote health (the “quantified self” phenomenon) and expect that contributed data will flow into their medical history.

Making the most out of the opportunities provided by digitalisation

Digitally opening up not only enables the seamless integration in complex cross-organisational treatment pathways, but also the expansion of your own offerings with services from third parties. Customers can thus benefit more quickly from new offerings and the possibility of digital interaction creates added value to stand out from the competition.

However, digitisation also involves dealing with the type of data processing that is associated with medical or technical risks. It is therefore crucial to lay the foundations for managing these security risks.

The following questions must be included in the risk assessment:
 

  1. Which offerings should be simplified or improved through digitisation? Once the main focus has been determined, beneficial scenarios can be created. Without a clear understanding of the benefit, the offering will not be perceived as an added value and will thus be ignored.
     
  2. Which parties will make use of this service? The user experience can only be designed once it becomes clear who will be using the service. User acceptance is ultimately the decisive factor.
     
  3. Which security risks must be taken into account? A sound risk analysis can be used to develop solutions which guarantee the appropriate protection and avoid costly maximum claims.

The last point in particular requires special attention. With the introduction of the electronic patient dossier (EPD) from 2020, a law will be implemented that enforces very high data security and protection requirements and will therefore have a major impact on digitisation projects with open interfaces

The balancing act between user experience and IT security

In order to push development forward, hospitals must offer their customers a good user experience. They must get to know their customers and be aware of their preferred contact method. The required identification media can thus be made available, facilitating simple and convenient communication.

The following aspects should be taken into consideration here:
 

  • User experience: The modern customer expects autonomous and direct management of personal data. User self-services enable quick and convenient processing at any time. A central approach combines all offered applications and avoids multiple entries. In addition, you can save on helpdesk staff costs.
     
  • IT security: Security and trust are vital when dealing with sensitive medical data. However, the security measures should not be noticeable as unnecessary safety barriers can quickly lead to a poor user experience. It is recommendable to implemented risk-based approaches which are adapted to the individual security needs of each application. Only the strictly necessary security requirements should be met for access, and these should only be implemented once (single sign-on). 
     
  • Individual responsibility: The customer can decide if they would like to use a new or existing identification medium (BYOI - bring your own identity) for the application access. Access data is thus easier to remember and an additional authentication step can be implemented at any time as required. 


The path to digitisation

In order to successfully implement digital services, a secure and efficient access process is absolutely crucial. Customer identity and access management systems (CIAM), like those from Airlock, centralise the management of identities and access authorisations on applications and APIs. Customers can thus benefit from an outstanding user experience and single sign-on across all hospital applications.

But how should a CIAM system securely transfer the identity and attributes of the customer to the connected application (identity propagation)?
 

  • IAM integration: The hospital implements two separate identity and access management systems. An enterprise IAM (EIAM) to manage internal employees and a customer IAM (CIAM) for external users. If both systems are optimally connected, customers from the CIAM are linked with existing or new roles from the EIAM. The existing access control of the EIAM can thus be extended for external users.
     
  • Identity propagation: Regardless of whether or not the hospital operates an EIAM system, the identities of external users are directly forwarded to the applications. The CIAM system must hereby process the identities in such a way that the respective application can interact with the identity information. A flexible CIAM system can be integrated with other applications through a simple and quick configuration. Time-consuming and expensive adjustments of the applications are therefore not necessary.

It would be possible to extend an internal enterprise identity and access management so that external customers can also be managed. However, an EIAM is less suitable for this process and the extension will hardly benefit from the existing solution. The differences between internal employees and external persons are too big. The identities are controlled using different processes and in different departments, the volumes are completely different, the offered user self-services are barely comparable and the management of authentication media can be completely different. 

Paving the way for the future

With the introduction of a customer identity and access management, all customers can be managed centrally. This enables them flexible access to different digital services supplied by the hospital through a single access control (single sign-on). Future projects can start here and need not worry about the registration and management, but are instead able to focus on the implementation of business functions and thus the core strengths. New and convenient functions for customers can be advanced, which should lead to an increase in referrals and thus to more inpatient and outpatient cases.

Thanks to CIAM, simple and convenient access is possible for all functions offered by the hospital via digital channels both now and in the future. Alongside medical expertise, this is a basic requirement for a good user experience and thus for satisfied customers. They will return and recommend the services. This is particularly important for referring physicians and attending doctors as their word holds a lot of sway over patients when choosing a hospital or treatment. Conversely, feedback from patients following a stay will have a big impact on the behaviour of referring physicians and attending doctors as they too have a reputation they wish to protect. 

The customer identity and access management from Airlock is an enabler technology for digitisation. It helps improve the user experience as well as freeing up internal resources, allowing them to focus on the core strengths of the hospital. In that respect, CIAM is an enabler in the competition for flat-rate payments.

Secure competitive advantages with Airlock. Find out more about Airlock's IT security solutions in the healthcare sector:

Airlock healthcare IT-security

Airlock cIAM

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

FIDO2: What is it and how can authentication benefit from it?
2FA

FIDO2: What is it and how can authentication benefit from it?

Security in concrete terms - 2FA in the banking world
2FA

Security in concrete terms - 2FA in the banking world

Never ending story - Digitisation for insurance companies
Insurance

Never ending story - Digitisation for insurance companies

Information for you

-Our whitepapers-

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge