The security imperative for automation in health care
By Andrew Slavkovic, Solutions Engineering Manager, ANZ, CyberArk
Thursday, 07 November, 2019
The healthcare industry in Australia is facing a challenging time. With an increasingly ageing population, the stress that is being placed on healthcare systems is unprecedented.
In 2017, when the results of the latest census in Australia were published, it emerged that one in seven of the Australian population — which amounts to 3.8 million people — are aged 65 years or over. That proportion is set to steadily increase over the coming decades, largely due to increased life expectancy on the back of advances in health care.
With health care being heavy in high-volume, basic, rules-based manual process activity, it is an industry that is ripe for the intervention of robotic process automation (RPA). Automating labour-intensive activities such as patient data management, appointment scheduling, inventory control and audit reporting will help deliver huge benefits to the industry in terms of increased efficiency, improved accuracy and significant cost savings.
As part of their ongoing digital transformation journeys, healthcare providers are turning to RPA to enhance efficiency and productivity.
This is part of a wider movement with RPA gaining traction worldwide. More than 78% of respondents to CyberArk’s 2019 Global Threat Landscape survey said they are already investing in RPA technology, or plan to invest over the coming year. Companies in every industry are starting to leverage RPA to robotise and automate repetitive tasks, allowing the human workforce to focus on higher-value work, accelerate business value and increase process scalability.
According to Deloitte’s 2018 global RPA survey, RPA adoption is expected to increase to 72% in the next two years and, if adoption continues at its current level, RPA will achieve near-universal adoption within the next five years.
It is imperative that the healthcare industry explores the implementation of RPA to manage its processes and ease the administrative burden. But just as vital is the need to address the security considerations around RPA adoption and its ongoing management.
Building the business case for RPA Privileged Access Security
As healthcare organisations consider RPA, chief information security officers (CISOs) and security leaders have a timely opportunity to drive conversations within their healthcare business about the value of applying strong cybersecurity to this transformative technology, as well as outlining the related business outcomes.
To realise the full potential of RPA, security must be built in from the start. Monitoring and protecting the privileged pathway is the first and most critical step in securing RPA workflows. This prevents unauthorised users from gaining access to data processed by RPA software robots and stops malicious insiders and external attackers from progressing their attack — which, of course, is essential when you are responsible for managing and protecting sensitive and confidential personal health records.
Simplified compliance, budgeting and scheduling
RPA minimises human access to sensitive data, which can mitigate patient confidentiality, risk and compliance issues. However, RPA requires a host of new non-human ‘robots’ that need privileged access to connect to sensitive systems and information, opening the door to new compliance challenges.
A strong, centralised privileged access security solution dramatically simplifies audit reporting by automating the enforcement of privileged access policies and providing complete visibility into who, when, why and what took place during privileged sessions — an invaluable tool for maintaining patient confidentiality.
Transforming operational efficiency and processes in health care
RPA helps automate much of the manual, labour-intensive processes involved in the daily business of managing a healthcare provider, such as entering data (eg, patient record updates, invoices and POs from one application into another).
Implementing privileged access security for RPA not only drives down risk, it also extends automation to the management and rotation of software robot privileged credentials. This helps healthcare IT operations teams streamline processes and improve operational efficiency.
Effectively conveying the value of privileged access security in enhancing the healthcare organisation will help in gaining critical executive support and obtaining necessary budget and resources. From there, executive leadership can help rally staff to make it an organisational priority, impart a sense of urgency and ownership, and prevent it from being derailed.
Numerous benefits to staff of implementing RPA include: automatically generating patient reports from data residing in multiple disparate repositories; streamlining the management of supply processes; supporting the implementation of health strategies; better coordination of patient care; easing the burden of regulatory compliance; and more effective budget management.
Achieving organisational buy-in for RPA should not prove to be a difficult task. And in the process, we must not forget to secure the powerful privileged credentials used by software robots and RPA administrators.
UNSW Sydney medical scientist Associate Professor Darren Saunders explains how scientists cut...
Healthcare organisations will have to consider the interoperability between emerging technologies...
As the urgency of maintaining population health becomes a pressing reality, governments and...