The following is a guest article by Rishi Bhargava, Co-Founder at Descope
It’s never been more important for healthcare organizations to provide an exceptional patient experience, and adopting better methods for authentication and identity management is a crucial piece of that puzzle. Patients today have more choices than ever: They want providers that make getting care easy and streamlined, and they won’t hesitate to switch institutions if they repeatedly encounter barriers on their healthcare journey.
According to a recent survey from Deloitte, people’s “interactions with the retail and finance sectors are raising their expectations for health systems and doctors.” Healthcare organizations have taken notice of these changing expectations, and that same study found that 72 percent of health system executives listed “improve consumer experience, engagement, and trust” as a priority for 2025.
The gold standard looks something like this: A patient uses their provider’s app to schedule an appointment. They check in at their local clinic’s kiosk using facial recognition or a QR code, and go to a diagnostic lab at a different location for additional testing. They later access their test results from their laptop—all without the need to create separate accounts or remember multiple passwords. Seamless, secure experiences like this are critical for patient retention and satisfaction.
But building a cohesive experience is incredibly complex since healthcare involves so many different touchpoints, both digital and physical. Patients book appointments via an online portal, a mobile app, or by phone; they visit different physical locations associated with their provider, ranging from clinics to hospitals to pharmacies, and they may also receive care remotely, whether over the phone or through video conferencing platforms.
This presents a significant challenge for developers, who are tasked with balancing security, patient trust, and ease of use. Healthcare data is—and always will be—a prime target for cybercriminals, but patients still need to quickly and easily access their accounts across every channel. Whether they’ve built authentication on their own or rely on a legacy provider, it’s not enough to simply apply workforce-grade identity management solutions to patient experiences and hope for the best.
Here’s how developers can support a frictionless, secure, and omnichannel patient experience:
Minimize Onboarding and Login Complexity
Some degree of “paperwork” and identity verification will always be necessary in healthcare due to legal and regulatory requirements. But that doesn’t mean the rest of the onboarding and login process has to be complicated. Developers can implement tools that eliminate the need for passwords—like passkeys and magic links—to make setting up and logging on to patient portals fast and secure.
Progressive profiling is another effective way to reduce the onboarding complexity that causes patient frustration. Instead of front-loading information collection, progressive profiling allows patients to provide only the information necessary for their immediate treatment needs and per regulatory requirements. Something as simple as asking the right questions at the right time goes a long way in minimizing friction.
Create a Unified Omnichannel Experience
Developers need to build a unified omnichannel experience spanning both digital and in-person touchpoints. Whether a patient is signing into their portal via web or mobile, they should be able to use the same login credentials. This should apply to any clinic, lab, or other entity associated with their provider. This also has the added benefit of giving healthcare organizations deeper visibility into the patient journey so they can offer a higher level of care.
Secure and seamless authentication methods are important for the call center as well. Asking patients to verify their identity by stating their name, date of birth, and address isn’t enough since these details can easily be stolen by scammers online. Instead, developers can create authentication pathways that let patients verify their identity by reciting a code sent to their email, or clicking a link sent via SMS, while they’re on the phone with healthcare representatives. Patients should be able to verify their identity just as easily in person by scanning a QR code or authenticating via a mobile app linked to their account.
Adopt a Robust Multi-Factor Authentication (MFA) Strategy
Not all MFA is created equally. Given the extremely sensitive nature of healthcare data, phishing-resistant adaptive MFA is a critical part of healthcare organizations’ identity and access management (IAM) strategy. MFA methods like SMS OTP aren’t robust enough for healthcare, as they’re prone to phishing. The aforementioned passkeys and magic links are much more effective at upholding security without adding unnecessary barriers for users.
MFA is an extra step by design, but that doesn’t mean it needs to add unnecessary friction to the patient experience. Developers shouldn’t require MFA every time—only when it’s warranted. This can be determined through a risk score or an anomalous signal, like when patients try to access their account from a new device.
Enable Fine-Grained Access Control
Developers need to get granular when it comes to access control for patient portals. In many instances, people aside from the primary patient need the ability to access that patient’s account. For example, parents need access to their children’s accounts to make appointments, and spouses may need access to each other’s accounts to participate in their care. Fine-grained access control supports a more holistic patient experience while ensuring sensitive health information is only seen by the right eyes.
Streamlined healthcare experiences aren’t just nice to have—they’re an integral part of keeping patients happy and healthy. Building a cohesive, frictionless experience is easier said than done, but by adopting the strategies above, developers can turn even the most complex patient journey into an easy and secure experience.
About Rishi Bhargava
Rishi Bhargava is a Co-Founder at Descope, a drag & drop external IAM platform. In a career spanning over 20 years, Rishi has run product, strategy, go-to-market, and engineering for category-creating cybersecurity startups and large enterprises. Before Descope, Rishi served as VP of Product Strategy at Palo Alto Networks, which he joined via the acquisition of Demisto. Rishi was a Co-Founder at Demisto, where, under his stewardship, the company created and later led a new “security orchestration” category within 3 years before being acquired. Prior to Demisto, Rishi was VP and GM of the Datacenter Group at Intel Security and launched multiple products at McAfee (acquired by Intel).
No comments:
Post a Comment