melpomen ©

Federal Healthcare agencies face a unique set of challenges that can be much different from commercial Healthcare organizations and other Government agencies. In this interview with Okta’s Habib Hourani, Team Leader for Federal Solutions Engineering and Michael Giroux, Manager for Federal Healthcare, FedHealthIT’s President, Susan Sharer digs into these unique challenges and what the future of Healthcare and technology might look like.

Common Challenges

Across Government Healthcare agencies like HHS, CMS, Veterans Affairs, and Defense Health, there are commonalities in challenges to provide value-based care that is secure and efficient. Providers need to ensure personally identifiable information (PII) for every patient is stringently protected, accessible only to those with authorization, and that data sharing between agencies or third-party organizations is as intended.

Identity as a Foundation for Patient Portal Engagement

“Identity has to be a foundational layer to all Healthcare-related information, not just a facet of how it should be used,” says Okta’s Habib Hourani. “Once that foundation is established, everything is driven by who the system is communicating with, whose information is being shared or accessed, and why.”

Identity takes on multiple roles in any communication. From the patient view, it means ensuring the right patient is accessing the right profile. That requires properly vetting the transaction including identity proofing, multi-factor authentication and ensuring access is being granted under the right conditions.

“From the Healthcare provider side, it means ensuring access to a specific patient’s data by the clinical staff within a provider organization is tightly controlled at a granular level,” says Michael Giroux.

Personal health data is vitally important. That means we need to have the right data, and we need the security and cyber positions in place to ensure there is controlled and validated access to that data.

Access Management and Partner Collaboration

When thinking about long-term care for patients, individuals will likely need to move around within the Healthcare system to different care providers. Collaboration among outside parties is essential, which requires capabilities for exchanging data and records. “Efficient and secure collaboration across the provider spectrum ensures that patients have a 360-degree view of their Healthcare footprint and that clinicians have timely access to a patient’s history of medical care – which, in many cases, can be the difference between life and death,” says Giroux.

But in order to deliver on these data sharing capabilities, agencies need to ensure PII is protected and has uniformity – so that sensitive patient information is readily accessible and secured on both sides of the fence.

The Role of APIs

APIs, or application programming interfaces, can play a large role in the user authentication component, ensuring that access is granted to one explicit patient or provider for a specified purpose. APIs can support one medical facility or provider requesting needed information from another and can involve validating that initial request and then being able to revoke that access at any time as the situation evolves. That focused access also extends to payers, ensuring a frictionless experience and one that is scoped to exactly the right patient.

Identity Management and the Use of APIs

There is a huge push within the Federal Healthcare space toward standardization of APIs, rivaling that of the commercial health industry. “That has to be a continued focus,” says Hourani, “particularly on the provider side where new technologies are evolving that allow for a level of service never seen before.”

Between the patient and provider, a level of service and accuracy is needed that allows for access to appropriate data wherever it exits, at a moment’s notice. Moving toward a standard of transparency and a fully transferrable medical record can ensure mistakes aren’t made, simply because information isn’t available or because the wrong patient information has been accessed. But in an industry that has typically been siloed and required multiple logins and data portals, standardization has been a challenge.

“We’re excited to see a greater effort toward building a common language among Federal Healthcare agencies and providers,” adds Giroux. “Significant gains have already been made in application integrations and security through standardization on modern APIs, achieving a level of interoperability that has historically been out of reach.”

Changing Industry

As Federal Healthcare agencies continue to march toward a common goal of improving the overall patient experience and quality of care, partnering with today’s industry leading technology providers is accelerating a path toward success. Establishing a unified and continuous medical record that transitions with a patient from active-duty Military Service through their care as a Veteran will provide Healthcare practitioners a holistic medical history so they can make the most informed decisions on treatment.

One fact not lost on anyone is that EHR modernization is a complex and enormous undertaking. “Unfortunately, there’s no ‘easy button’ for this,” adds Giroux. “Especially when you consider how siloed and disparate these legacy systems have operated and been maintained in the past. But advancements in modern technology have created a foundation for this goal to be realized.”

Modern Identity for a Seamless Employee Experience

We’re seeing the increasing demand for telework with the current pandemic and the need for Healthcare providers to access information from wherever they may be. Having a modern identity platform for managing secure access and authorization to application systems and patient records, and ensuring this data is only accessible by those with the appropriate security entitlements to do so, is more critical than ever. One aspect of this includes managing the lifecycle of an identity. Not just for automating the onboarding and offboarding (provisioning and deprovisioning) of personnel, but more importantly for creating secure access policies to maintain granular control of user permissions. A good identity provider will be able to further secure access requests based on the context of an individual authentication attempt.

As Hourani explains, “Some of that context can include the geographic location of where someone is attempting to gain access, and denying requests that don’t make sense. But also having the ability to layer-in additional security measures and confirm access requests that are valid but under conditions that are outside the norm for that particular user. Think of the employee who may be traveling on approved business and have a legitimate reason to be logging in from across the globe.”

The Future of Healthcare

As standardization in the Federal Healthcare space improves, we should see providers being able to choose the software and solutions that are right for them. That will require a continued and greater shift to a more open ecosystem in which different organizations can share data, and have that data all mean the same thing, and allow access based on that verified patient/ provider identity.

Care will improve as the technology improves, as interoperability is achieved, and as those providing care gain access to a more complete personal medical record. We’re moving in the right direction.

About Michael Giroux

Michael came to Okta in April 2016 to help lead the development and strategy of Okta’s newly formed Public Sector business, primarily focused on building business with the Federal Government. Okta strives to help Government accelerate cloud strategies by aligning mission-critical IT initiatives with the industry’s most innovative enterprise technologies—effectively driving value to taxpayers through transformative IT modernization, and improving secure, digital user experiences for the workforce, civilians, Veterans, and our Armed Services men and women.

About Habib Hourani

Habib is a Senior Federal Solutions Engineer at Okta where he helps Federal and DoD agencies implement strong identity and access management policy within a Zero Trust Framework. He started his career in telecommunications and infrastructure, bringing with him over a decade of end-user and IT operations experience. Prior to joining Okta, Habib was the ICAM lead for a Fortune 500 company where he deployed Okta and was responsible for its day to day operations in addition to his other responsibilities.

About Okta

Okta provides easy, centralized identity and access management for all key Healthcare user groups: patients, partners, and government. The Okta Identity Platform allows for flexible and customizable use cases to fit each organization’s needs. This allows Healthcare providers to easily create secure, customized patient portal experiences and to adopt digital transformation at their own pace. Our API-based infrastructure is designed for extensibility to fit Healthcare’s custom needs, accelerating your integrations across apps and services. To discover how Okta can help modernize and secure your Healthcare organization, visit



Please enter your comment!
Please enter your name here