PAM: Privileged Access Management in Remote and Hybrid Healthcare Work
Cybersecurity faces new challenges every day. Hospital IT departments need to ensure that information systems remain as protected as possible. Adding an extra security layer helps protect health systems' privileged accounts and systems, and their highly valuable data.
An article in HealthTech Magazine argues that Privileged Access Management (PAM) is essential for securing critical healthcare systems in remote and hybrid work environments by enforcing extra authentication/authorization for access to “kingmaker” accounts and enabling visibility and control across distributed users. It further emphasizes risk-based and just-in-time access (rather than always-on privileges), balanced with usability and auditability, as a practical way to protect patient data and maintain compliance.
This article falls under Technology and Legal/Regulatory in the Enterprise Risk Management (ERM) risk domains.
Technology
This domain covers machines, hardware, equipment, devices and tools, but can also include techniques, systems and methods of organization. Healthcare has seen an explosion in the use of technology for clinical diagnosis and treatment, training and education, information storage and retrieval, and asset preservation. Examples also include Risk Management Information Systems (RMIS), Electronic Health Records (EHR) and Meaningful Use, social networking and cyber liability.
Legal/Regulatory
Risk within this domain incorporates the failure to identify, manage and monitor legal, regulatory, and statutory mandates on a local, state and federal level. Such risks are generally associated with fraud and abuse, licensure, accreditation, product liability, management liability, Centers for Medicare and Medicaid Services (CMS) Conditions of Participation (CoPs) and Conditions for Coverage (CfC), as well as issues related to intellectual property.