This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Since 2004, IDMWORKS has been delivering world class identity and access management solutions that build resilience, ensure compliance, and protect what matters most with vendor neutral expertise and a proven methodology. IDMWORKS has helped thousands of organizations streamline IAM while maintaining the highest security standards.

Learn more at this week. health.com/IDMWORKS.

I am Bill Russell, creator of this Week Health, where our mission is to transform healthcare, one connection at a time. Welcome to today's solutions showcase where we spotlight innovations, making real impact in health systems. Let's take a look at what's working today.

Bill Willis: Thank you, Bill. Good to see you.

Bill Russell: We're gonna talk a little bit of identity and access management.

We'll start with you, Kristen. You know, what is, if you walk into a new organization, typically in healthcare, and maybe this is a better question for Bill. Bill what's either one of you, what is the problem set look like when you walk in?

Kristin Hoppe: I would say the biggest problem story in healthcare, particularly renovating access management is identity and persona. It's a uniquely situated problem in healthcare that we have individuals that perform a lot of positions or different personas within an organization.

And in your traditional kind of IAM space in particular, IGAs, it's not well managed. It's not something that the standard systems handle Well,

Bill Russell: When you describe that, are you talking like you know, we have traveling, nurses, volunteers? We have people moving through the organization and they just Yeah.

Kristin Hoppe: Or they're performing the roles at the same time. a great example is a nurse that has also gone and gotten him or hers mp and now they want to be a nurse practitioner during the day and pick up ed swing shifts on the weekend.

Same facility, same person. Two different licensure required by law to be documenting under specific licensure. Those are all tied to systems that are now tied into your IGA. They're managed. You need somebody that has to be able to know that's the same person, but they're performing two different.

Functions and then be able to provision them correctly without either giving duplicate logins or now you have duplicate identities. Or traditionally the other that you see a lot of is a lot of healthcare. You get people that change personas, so that's not performing at the same time, but you'll get physicians that were employed that move to contract or you get people that were here as students that are in con that it's kind of a contract contingent type worker position.

Bill Russell: Bill. What do we see in health systems when we walk in these days?

Bill Willis: Yeah,

no, but

the

good news is, Bill, is that if you take a step back and instead of using the fragility of a product and how it's structured, and turn that kind of 180 degrees and say, Bill Russell works at Baylor Scott and White.

During the day, I need him to do this function over here on the weekends. He's a volunteer because he believes strongly in, in that component of his life, and be able to say and put in the right kind of policies on when you get access and where you get access. It's not how you get access. And right now the traditional approaches have always failed multi-person environments, specifically healthcare.

That's I'm giving you access and I'm taking it away. Privileged access management. Do you have elevated or special privileges? And if you do, then we need to manage you separately. And then access management. What do you need access to? When do you need it? And what should I be giving you when you're knocking on the door to provide it?

So those classic three environments, the three legs to the stool from an application and a consumer, an end user typically is like, you're Kristen. You do this. That's it. You know, Kristen is Kristen. She does the back office. She doesn't have, you know, those things, but she is the minority in a hospital system, as we all know, right?

Bill Russell: It's interesting 'cause I think people are gonna think we're talking about a technology solution, but we're not necessarily talking about technology solution. Kristen, I'd love for you to walk us through from a sort of, how do you baseline it when you come in and what do you find, and then how do you make progress against that?

Problem set.

Kristin Hoppe: Yeah, so I mean, particularly here at Baylor Scott and White, what we did is we came in and actually did a full baseline assessment of identity access management with the business and let the business have a really strong voice to say what their core problems were. What came out of that was.

Continually. Well, onboarding is really frustrating because we're constantly dealing with merging accounts. We're dealing with duplicate identities. We don't know who's who. We don't have a way to manage it. And that conceptualized for me this concept of we're in healthcare, it's really easy because if you have a patient record, right, it's first to death, right?

And being able to, at that point, we're going to unify the data in our sources of truth. All of our disparate systems, being able to unify that data with a single kind of, immutable number. We're, We're using a number, but an Im immutable. ID that is now permanently assigned to Bill Russell Forever Endeavor.

And we're going to archive that and we're going to leave that in an archive that's containerized and able to be accessed and queried and then restore that to Bill Russell, should you come back or leave or change personas and you shift to a different source of truth that doesn't have any conceptual interspace with the HR system, right?

Bill Russell: Interesting. You're not using the HR system. You've decided to set up an immutable system that's based on an id, and those IDs will never be reused.

Kristin Hoppe: Correct. And that data will be fed back to the sources of truth. So that data is actually going to get fed back to the HR systems, to the VMS system, to our credentialing system.

All of those systems will then receive it and it will be immutable to them. They're not allowed to pass that person, that identity. The trigger is they won't allow us be allowed to pass that identity downstream without that data.

Bill Russell: What was the business looking for?

Kristin Hoppe: 100, So if you were a brand new person that had never had. Worked or been a contingent workforce member in the Baylor Scott White ecosystem.

Your onboarding is seamless. It would go a hundred percent smoothly. you got your login, you were able to log in, you were able to get your access, move on through your day very quickly. We'd have you stood up if you were anyone else. That had a previous persona or a previous instance with this company, and this is something across healthcare.

This is not unique to me. That was not the case. It could take days, it could take a week. It could take on the outside of two weeks to get your account fully functioning aligned to where it was supposed to be. Your email is restored. All of those pieces of. Access that you needed to function. We were eating into that onboarding experience and that time to value for that individual.

And we, that's how we got that data and that number, and this is going to eliminate quite a bit of that as the start of kind of this roadmap of where we're going to go. It eliminates a lot of that onboarding time that our managers are having to spend to be able to push their people through the process and make sure they have their access and can log into their accounts and move on about their day.

I mean, there was a huge cost associated with that.

Bill Russell: Yeah. So if you had five different. I don't know if it's five different departments or just five different people. I mean, you're essentially trying to coordinate that there were

Kristin Hoppe: five different departments, five different teams. It had to be coordinated.

Those teams sat literally on a chat inside of, you know, they use their teams chats and they would sit there and they would man those to address these in real time as they came across is one team would get a ticket and say, Hey, I've got this identity that needs to be merged. And then each team would have to go in and make all of their updates to their systems.

In sequence to not generate more issues.

Bill Russell: You described early on the process where somebody is, you know, wanting to function as a nurse practitioner during the day and take ed shifts and those kinds of things that would sort of indicate that the system that has been designed is able to, see that, address that almost in real time? Is that is that accurate?

One of the things that we found at Baylor Scott and White is that it's not the tooling, it's the data and the flow mechanics to automate the process. And by just being able to have a single place where all of the onboarding comes through with flow mechanics and the data is ensured to be on point and in a high quality and high fidelity.

By having that single identifier that says, oh, it's Bill Russell. We know that he used to be over here. He's coming over here now because he is changed what he's doing. Fantastic. We know we don't have to give him another email address 'cause he already has one. We'll just reactivate it. We already know that he has the birthright access that he needs to do.

Salary and benefits instead of the downstream effects and putting the pressure on the total cost of ownership to engage in the identity ecosystem for the CIO

Bill Russell: Bill, do you still find that most organizations are looking for the magic tool that's gonna make all that happen?

Bill Willis: The ones that we talk to recognize it's not the tool.

It's not the tool. The tool. The tool is actually the data is the missing tool. So when we talked the other day about, here's the six. Use cases that generate this overarching significant TCO that can be eliminated for all practical purpose by just leaning into the quality of the data downstream.

That is the tool.

Kristin Hoppe: Yeah, so I mean, when we brought, when I came into the position I'm here and kind of did, my first order of business was to baseline everything and let the business kinda articulate what their needs were. I kinda understood what that was gonna be and that there was. Not only some tech debt to be cleaned up inside of identity access management, which I think is everybody's problem.

But that we had a data issue and then we had kind of an ownership issue to understand that if our systems and our data wasn't flowing correctly, then. We were always gonna be in this place. We were always gonna have this issue. This would never be, there was, it was an unsolvable problem at that point.

So for the workforce experience, which is key it came at the right time for Baylor Scott and White as an organization, as we kind of moved into the idea of a customer journey. So not only for our patients, but for our workforce. That is a core tenet of how Baylor operates, if Baylor Scott and White operates, that they want their customer journey to be the best in the industry, whether you're an employee.

And that's, I think, kind of a tale as old as time there

Bill Russell: I'd love to talk about ROI, but before we get there I, you know, what surprised you most as you sort of walked through this process? What was the surprise as you, it got to the other side of this. I mean, is it that once it's cleaned up, it sort of operates? Well, I mean, I'm just curious what you were sort of surprised at the outcome of the process.

Kristin Hoppe: I think I surprised, I think it surprised me that we were able to be successful. So a lot, for a long time, this was kind of like

Bill Russell: the unsolvable problem,

Kristin Hoppe: this thing that we dreamed up and we're like, yeah, it'll work.

And it's been challenging. I mean, While it is a data and a process problem, there's still a technology component and there's still a component of getting all of these systems to speak together, all of these systems to integrate which is a lot of different teams.

So there's a very big project management portion of this project. That's probably been the biggest challenge over anything is getting all of disparate groups and parties to come to the sandbox, play in that sandbox together, and then all start speaking the same language.

Bill Russell: I'd love to talk about ROI Bill you referred to the Yeah.

The di dinner we were at together. And everybody seems to be looking for money in the cushions at this point, and this is one of those places that has money not only in the cushions, but sitting on the top of the cushions and everywhere else at this point. Yeah,

You just need to think about it in a much different way. Everybody thinks about, well, I've gotta onboard to Epic, and what are the technology steps in order to do that? That's not what Kristen advocated and what we lean on in the journey. The question is. Do we have the data from HR or from licensure or from accreditation, and if we have those end number of pieces of data, we can actually automatically onboard it onto Epic or any EMR that you've got.

Now you can take the amount of money that it costs to do that, both in wall time and support time and the person that you're trying to onboard them tapping their foot 'cause they can't get into Epic yet. And add just those three pieces times the number of people you're going to do in a year times what you pay every single one of those people.

'cause those are hard dollars. At times three or four years. And if you look at that simple formula that everybody understands and you put what your total cost of fully burdened cost is for a person in there it's a lot of money. By just leaning in and partnering as Kristen has done with the people that give her the data and the signals and making sure that the data has high fidelity and quality and it's right on time.

So when that person shows up they can have full access in a matter of minutes instead of days.

Kristin Hoppe: Getting everyone to the table and, convincing everybody to be able to understand the solution, articulate the solution, and be able to start building to that. So we're talking, I had obviously my implementation partner on this through this journey is IDM works, but you're still talking.

We had an HR system, an IGA system, some data systems. We're looking at API development. We're looking at an identity verification solution. In hr, you actually branch that out into a couple of different teams. So you're looking at, we had five core external partners and we had 1, 2, 3. Four or five very core internal teams that had to all come together and be able to run with what this vision is and understand the use case.

Even when we were in Dev, like we're sitting in Dev and they still weren't fully conceptualizing it, I knew that I had succeeded, truly succeeded before we ever went live, before we ever had even a valid test case. I knew I'd actually succeeded when I sat on a call back in late April, early May, and I didn't say a single word.

All of my engineers, all of the other people, everyone on the call were off and running to the races and explaining exactly what it was, all of the use cases, all of the test scenarios, and they just, I mean, it was rapid fire and they were all, the synergy was there and I, and that was when I knew it, that no matter what happened.

I mean, obviously that's some, you know, you always getting things to work is its own special beast. But I was getting the. Messaging across and getting everybody to understand the buy-in and actually come together.

Bill Russell: Okay. Getting them to see something that hadn't existed before is always a lot of fun.

I can, the CIO of one hospital assistant can go talk to Baylor Scott and say, Hey, talk to Kristen. It's like, this is what they did. They have a pattern, they have a deployable thing, they know it works, and now you there can now be in a position to do more with less. Instead of wondering, well, how do I even make this happen?

They now have a playbook for that.

Bill Russell: you know, when you had mentioned patients, is it the identity system for patients as well?

Kristin Hoppe: It's not today. However, it is extensible to them, and that may be something we explore in the future.

Bill Russell: I mean, is it necessary for patients. I mean, we do end up with duplicates. It is a problem

Kristin Hoppe: we do. Yeah, essentially there is a really solid use case for that for patients as well. Particularly also giving them something protected around, you know, their MRN and their data. So there is a use case for it.

Bill Russell: My last question is, there's people listening to this right now that are saying you know.

How do we know that this solution's gonna work for us? How do we know that? You know, you know, business as usual. I think sometimes people get used to how bad it is. They just go, well, it sort of works for us. We have a problem every now and then somebody does this, or there's elevated rights over here.

That kinda stuff. But it's not a massive problem for us. I mean, what's your message to those people who are sort of sitting in the old models not really wrestling the problem to the ground. I mean, what is it what's the message to them to say, Hey, this is what it looks like before and this is what it looks like after, and might be better to take on the journey.

Bill Willis: So probably the most interesting thing, especially in the healthcare system, is. From my role is to be that person that comes in puts their arms around and say, you don't have to have the Stockholm syndrome of this anymore. Right? It, just because it exists doesn't mean it can't change.

The other part is that. I've yet to see in a long time with the gray hair is that if you show leadership a success, they will continue to give you what you need to extend that success. And that's what happened with Christian. She had a vision. They said, yes, we agree. Let's see how it go. Let's crawl, let's walk, and let's run.

Bill Russell: fantastic. Kristen, I'll give you the last word

Kristin Hoppe: mine on that is.

For any healthcare system. I mean, we are all now competing. We're all in competing markets, right? It's huge. You're competing for workforce, you're competing for patients. It's a sometimes, maybe not the funnest way to think about it, but that's the reality of it. But one thing that you want to do is you want to set up your organization to create the most frictionless experience for your providers.

And that's not just physicians. That is every person that is in your brick and mortar facilities providing care to a patient. Your job is to make their lives frictionless and seamless so they can then extend their time and effort to. The patients that they're providing care for.

And so I think that's a really core tenant for identity and access management. When you look at that and everybody thinks, oh, we gotta, you know, might be a sunk cost because you're all operational and there's no return value there and it's, nope, your return value is absolutely providing that frictionless experience to your physicians, to your nurses and allowing them to be the caregivers that they are.

And if they have a good experience, they turn right around and pass that on.

Bill Russell: Right. That's a great principle. Kristen, Bill, I appreciate you coming on the show. Always good to see you, my friend. Yeah, absolutely. Thank you for

Kristin Hoppe: having us.

thanks for watching this solution Showcase on Keynote with me, Bill Russell. We believe every healthcare leader needs a community they can lean on and learn from. Discover more solutions and join our community at this week. health.com/subscribe. Share this with someone who could benefit from these insights.

Thanks for listening. That's all for now.