This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

[00:00:00] Today's episode is brought to you by IDMWORKS. Healthcare organizations face growing cybersecurity threats and complex identity management challenges that put patient data and operations at risk.

Since 2004, IDMWORKS has been delivering world class identity and access management solutions that build resilience, ensure compliance, and protect what matters most with vendor neutral expertise and a proven methodology. IDMWORKS has helped thousands of organizations streamline IAM while maintaining the highest security standards.

Learn more at this week. health.com/IDMWORKS.

I am Bill Russell, creator of this Week Health, where our mission is to transform healthcare, one connection at a time. Welcome to today's solutions showcase where we spotlight innovations, making real impact in health systems. Let's take a look at what's working today.

Bill Russell: Today we have a solution showcase and [00:01:00] I am excited to be joined by Bill Willis, IDM Works, and Kristin Hoppe with Baylor Scott and White.

Bill Willis: Thank you, Bill. Good to see you.

Bill Russell: We're gonna talk a little bit of identity and access management.

We'll start with you, Kristen. You know, what is, if you walk into a new organization, typically in healthcare, and maybe this is a better question for Bill. Bill what's either one of you, what is the problem set look like when you walk in?

Kristin Hoppe: I would say the biggest problem story in healthcare, particularly renovating access management is identity and persona. It's a uniquely situated problem in healthcare that we have individuals that perform a lot of positions or different personas within an organization.

And in your traditional kind of IAM space in particular, IGAs, it's not well managed. It's not something that the standard systems handle Well,

Bill Russell: When you describe that, are you talking like you know, we have traveling, nurses, volunteers? We have people moving through the organization and they just Yeah.

Abs they change roles and therefore access changes [00:02:00] based on those roles.

Kristin Hoppe: Or they're performing the roles at the same time. a great example is a nurse that has also gone and gotten him or hers mp and now they want to be a nurse practitioner during the day and pick up ed swing shifts on the weekend.

Same facility, same person. Two different licensure required by law to be documenting under specific licensure. Those are all tied to systems that are now tied into your IGA. They're managed. You need somebody that has to be able to know that's the same person, but they're performing two different.

Functions and then be able to provision them correctly without either giving duplicate logins or now you have duplicate identities. Or traditionally the other that you see a lot of is a lot of healthcare. You get people that change personas, so that's not performing at the same time, but you'll get physicians that were employed that move to contract or you get people that were here as students that are in con that it's kind of a contract contingent type worker position.

And then they pass their exams and they come in and they're in a full-time staff. Now you don't have a way to really track [00:03:00] them well, and you're now creating more duplicate identities and a lot of debt in your system as well as a frustrating experience for that individual.

Bill Russell: Bill. What do we see in health systems when we walk in these days?

I mean, this was a problem for me in 2012. I guess, I guess we haven't solved it yet.

Bill Willis: Yeah,

no, but

the

good news is, Bill, is that if you take a step back and instead of using the fragility of a product and how it's structured, and turn that kind of 180 degrees and say, Bill Russell works at Baylor Scott and White.

During the day, I need him to do this function over here on the weekends. He's a volunteer because he believes strongly in, in that component of his life, and be able to say and put in the right kind of policies on when you get access and where you get access. It's not how you get access. And right now the traditional approaches have always failed multi-person environments, specifically healthcare.

Higher education has this problem wealth [00:04:00] management and large scale financial services that have shared back offices have this same problem. And so the intent quite simply is, to rethink the data that's being consumed by the three main pillars of an identity, which is identity governance.

That's I'm giving you access and I'm taking it away. Privileged access management. Do you have elevated or special privileges? And if you do, then we need to manage you separately. And then access management. What do you need access to? When do you need it? And what should I be giving you when you're knocking on the door to provide it?

So those classic three environments, the three legs to the stool from an application and a consumer, an end user typically is like, you're Kristen. You do this. That's it. You know, Kristen is Kristen. She does the back office. She doesn't have, you know, those things, but she is the minority in a hospital system, as we all know, right?

It's all people on deck all the time doing all those things. [00:05:00] And crystal will explain kind of what she's done, which I believe is very forward thinking from a strategy perspective and a delivery perspective that's gonna solve that at Baylor Scott and White.

Bill Russell: It's interesting 'cause I think people are gonna think we're talking about a technology solution, but we're not necessarily talking about technology solution. Kristen, I'd love for you to walk us through from a sort of, how do you baseline it when you come in and what do you find, and then how do you make progress against that?

Problem set.

Kristin Hoppe: Yeah, so I mean, particularly here at Baylor Scott and White, what we did is we came in and actually did a full baseline assessment of identity access management with the business and let the business have a really strong voice to say what their core problems were. What came out of that was.

Continually. Well, onboarding is really frustrating because we're constantly dealing with merging accounts. We're dealing with duplicate identities. We don't know who's who. We don't have a way to manage it. And that conceptualized for me this concept of we're in healthcare, it's really easy because if you have a patient record, right, it's first to death, right?

You have your [00:06:00] MRN, it's yours. It's there for. All intents and purposes forever, as long as you stay within that health healthcare system. We kind of conceptualize that same concept for a universal identity for. An individual for an employee person whether it as a workforce member as an employee, or a contingent or a volunteer.

And being able to, at that point, we're going to unify the data in our sources of truth. All of our disparate systems, being able to unify that data with a single kind of, immutable number. We're, We're using a number, but an Im immutable. ID that is now permanently assigned to Bill Russell Forever Endeavor.

And we're going to archive that and we're going to leave that in an archive that's containerized and able to be accessed and queried and then restore that to Bill Russell, should you come back or leave or change personas and you shift to a different source of truth that doesn't have any conceptual interspace with the HR system, right?

So if you went and got. You're doctorate and you decided to be a [00:07:00] physician and you moved in through credentialing, that's an entirely different source of truth that's very disconnected. And they don't communicate well. We have conceptualized a way to have that communication take place kind of on the backend and be able to assign that identity, restore your identity or persona then move through the access flows appropriate for that role.

Bill Russell: Interesting. You're not using the HR system. You've decided to set up an immutable system that's based on an id, and those IDs will never be reused.

Kristin Hoppe: Correct. And that data will be fed back to the sources of truth. So that data is actually going to get fed back to the HR systems, to the VMS system, to our credentialing system.

All of those systems will then receive it and it will be immutable to them. They're not allowed to pass that person, that identity. The trigger is they won't allow us be allowed to pass that identity downstream without that data.

Bill Russell: What was the business looking for?

What's the problems they were looking to solve you? You talked about merging records and that kind of stuff. I assume it was taking a long time for people to, [00:08:00] to function within the organization.

Kristin Hoppe: 100, So if you were a brand new person that had never had. Worked or been a contingent workforce member in the Baylor Scott White ecosystem.

Your onboarding is seamless. It would go a hundred percent smoothly. you got your login, you were able to log in, you were able to get your access, move on through your day very quickly. We'd have you stood up if you were anyone else. That had a previous persona or a previous instance with this company, and this is something across healthcare.

This is not unique to me. That was not the case. It could take days, it could take a week. It could take on the outside of two weeks to get your account fully functioning aligned to where it was supposed to be. Your email is restored. All of those pieces of. Access that you needed to function. We were eating into that onboarding experience and that time to value for that individual.

Additionally, we were consuming a massive amount of hours for our onboarding managers. So when you're talking a nurse manager that's onboarding [00:09:00] new nursing staff, that person was spending eight hours. A month onboarding new people. That's a catastrophic amount of time. And so we actually, the business had a different firm come in and do that as a a workforce assessment for burnout.

And we, that's how we got that data and that number, and this is going to eliminate quite a bit of that as the start of kind of this roadmap of where we're going to go. It eliminates a lot of that onboarding time that our managers are having to spend to be able to push their people through the process and make sure they have their access and can log into their accounts and move on about their day.

So we're looking now to be able to return them to, immediate first day login for all returning personas. Additionally, on the backend those merge accounts took five different teams across HRIS and it into potentially credentialing, depending on if it was a physician or not, or somebody with a credentialed license which [00:10:00] is a massive time sink as well as a cost.

I mean, there was a huge cost associated with that.

Bill Russell: Yeah. So if you had five different. I don't know if it's five different departments or just five different people. I mean, you're essentially trying to coordinate that there were

Kristin Hoppe: five different departments, five different teams. It had to be coordinated.

Those teams sat literally on a chat inside of, you know, they use their teams chats and they would sit there and they would man those to address these in real time as they came across is one team would get a ticket and say, Hey, I've got this identity that needs to be merged. And then each team would have to go in and make all of their updates to their systems.

In sequence to not generate more issues.

Bill Russell: You described early on the process where somebody is, you know, wanting to function as a nurse practitioner during the day and take ed shifts and those kinds of things that would sort of indicate that the system that has been designed is able to, see that, address that almost in real time? Is that is that accurate?

Bill Willis: The one thing we've done here, Bill, is remember in Boston we were talking a little [00:11:00] bit about we have to do more with less? Yes. Right. And we heard it from all 12 of those chief information officers that were at the dinner.

One of the things that we found at Baylor Scott and White is that it's not the tooling, it's the data and the flow mechanics to automate the process. And by just being able to have a single place where all of the onboarding comes through with flow mechanics and the data is ensured to be on point and in a high quality and high fidelity.

By having that single identifier that says, oh, it's Bill Russell. We know that he used to be over here. He's coming over here now because he is changed what he's doing. Fantastic. We know we don't have to give him another email address 'cause he already has one. We'll just reactivate it. We already know that he has the birthright access that he needs to do.

We just need to turn it back on. And now that he has this new job, we'll give him the [00:12:00] new stuff based on what we know he's going to be doing. Those things are almost instantaneous now because the data is in a place where it be can be consumed instead of the historical challenge where human capital management worries about.

Salary and benefits instead of the downstream effects and putting the pressure on the total cost of ownership to engage in the identity ecosystem for the CIO

Bill Russell: Bill, do you still find that most organizations are looking for the magic tool that's gonna make all that happen?

Bill Willis: The ones that we talk to recognize it's not the tool.

It's not the tool. The tool. The tool is actually the data is the missing tool. So when we talked the other day about, here's the six. Use cases that generate this overarching significant TCO that can be eliminated for all practical purpose by just leaning into the quality of the data downstream.

That is the tool.

Bill Russell: I'd love for you to walk through that process. Looked like working with [00:13:00] IDM works and. And Bill and that team and just what had to happen within your organization, within Baylor, Scott and White in order to get to that high quality, high fidelity data at the source so that you could clean up this process and make it work for the system.

Kristin Hoppe: Yeah, so I mean, when we brought, when I came into the position I'm here and kind of did, my first order of business was to baseline everything and let the business kinda articulate what their needs were. I kinda understood what that was gonna be and that there was. Not only some tech debt to be cleaned up inside of identity access management, which I think is everybody's problem.

But that we had a data issue and then we had kind of an ownership issue to understand that if our systems and our data wasn't flowing correctly, then. We were always gonna be in this place. We were always gonna have this issue. This would never be, there was, it was an unsolvable problem at that point.

And so our HR partners, really our HR partners and our credentialing partners both leaned in very heavily to [00:14:00] this effort and have been stewards of modernizing their systems, modernizing their process. To support what we're doing and understand that why the why is so key to creating an ROI for them, not only for their staff and their day-to-day workload, but for the employee experience.

So for the workforce experience, which is key it came at the right time for Baylor Scott and White as an organization, as we kind of moved into the idea of a customer journey. So not only for our patients, but for our workforce. That is a core tenet of how Baylor operates, if Baylor Scott and White operates, that they want their customer journey to be the best in the industry, whether you're an employee.

Whether you're a contractor, whether you're a patient that's what they want their experience to be and they want it to be fluid and digital and efficient. So this is very much in line with kind of where the organization itself was moving. Occasionally if your organization is not positioned to hear the [00:15:00] issue, you might not get traction.

And that's, I think, kind of a tale as old as time there

Bill Russell: I'd love to talk about ROI, but before we get there I, you know, what surprised you most as you sort of walked through this process? What was the surprise as you, it got to the other side of this. I mean, is it that once it's cleaned up, it sort of operates? Well, I mean, I'm just curious what you were sort of surprised at the outcome of the process.

Kristin Hoppe: I think I surprised, I think it surprised me that we were able to be successful. So a lot, for a long time, this was kind of like

Bill Russell: the unsolvable problem,

Kristin Hoppe: this thing that we dreamed up and we're like, yeah, it'll work.

It's gonna work. And we're just convincing people that it's going to work. And we've now validated and have, you know, live test ca like live test cases and live events where it's occurred and it's worked and people are like, oh, it does work. So I think just overall when you do something in the art of the possible and you do something a little newer and you kind of are running a little bit of in front of some, just in [00:16:00] front of the industry it's a little always surprising when it actually does work.

And it's been challenging. I mean, While it is a data and a process problem, there's still a technology component and there's still a component of getting all of these systems to speak together, all of these systems to integrate which is a lot of different teams.

So there's a very big project management portion of this project. That's probably been the biggest challenge over anything is getting all of disparate groups and parties to come to the sandbox, play in that sandbox together, and then all start speaking the same language.

Bill Russell: I'd love to talk about ROI Bill you referred to the Yeah.

The di dinner we were at together. And everybody seems to be looking for money in the cushions at this point, and this is one of those places that has money not only in the cushions, but sitting on the top of the cushions and everywhere else at this point. Yeah,

Bill Willis: It's really interesting, Bill, because one of the things that we try and advocate as a journey partner at Baylor Scott and White is that this problem is not too big to solve.[00:17:00]

You just need to think about it in a much different way. Everybody thinks about, well, I've gotta onboard to Epic, and what are the technology steps in order to do that? That's not what Kristen advocated and what we lean on in the journey. The question is. Do we have the data from HR or from licensure or from accreditation, and if we have those end number of pieces of data, we can actually automatically onboard it onto Epic or any EMR that you've got.

That was the question. It wasn't the fact that somebody could type it in because that's what they've been doing for bazillion years. You know, that's the institutional knowledge that we always talk about. So to be able to say, I need these four pieces of data, and as long as we can feed that directly to the connector for lifecycle management and identity governance, we can automate that journey that now takes person by hand and does it 20, 30, 40, 50 [00:18:00] times a day every day.

Now you can take the amount of money that it costs to do that, both in wall time and support time and the person that you're trying to onboard them tapping their foot 'cause they can't get into Epic yet. And add just those three pieces times the number of people you're going to do in a year times what you pay every single one of those people.

'cause those are hard dollars. At times three or four years. And if you look at that simple formula that everybody understands and you put what your total cost of fully burdened cost is for a person in there it's a lot of money. By just leaning in and partnering as Kristen has done with the people that give her the data and the signals and making sure that the data has high fidelity and quality and it's right on time.

So when that person shows up they can have full access in a matter of minutes instead of days.

Bill Russell: give me an idea [00:19:00] of the biggest challenges you faced during the implementation itself. Like what was. Particularly hard about this project.

Kristin Hoppe: Getting everyone to the table and, convincing everybody to be able to understand the solution, articulate the solution, and be able to start building to that. So we're talking, I had obviously my implementation partner on this through this journey is IDM works, but you're still talking.

We had an HR system, an IGA system, some data systems. We're looking at API development. We're looking at an identity verification solution. In hr, you actually branch that out into a couple of different teams. So you're looking at, we had five core external partners and we had 1, 2, 3. Four or five very core internal teams that had to all come together and be able to run with what this vision is and understand the use case.

Where we created something quite literally from nothing. This [00:20:00] is something that we hadn't done. Nobody had thought about it. This is not a way that anybody was thinking about solving for this issue. And it took, I would say, a year. Of really heavy involvement from myself and from Bill to get people to fully conceptualize everything.

Even when we were in Dev, like we're sitting in Dev and they still weren't fully conceptualizing it, I knew that I had succeeded, truly succeeded before we ever went live, before we ever had even a valid test case. I knew I'd actually succeeded when I sat on a call back in late April, early May, and I didn't say a single word.

All of my engineers, all of the other people, everyone on the call were off and running to the races and explaining exactly what it was, all of the use cases, all of the test scenarios, and they just, I mean, it was rapid fire and they were all, the synergy was there and I, and that was when I knew it, that no matter what happened.

That project was a success and it was going to [00:21:00] be implemented and golden. I think every project has something like that, like has that moment in time, and that was that moment in time where I knew 100% we had, we'd overcome any major challenge. But that was the biggest challenge. Technology was definitely not the biggest challenge.

I mean, obviously that's some, you know, you always getting things to work is its own special beast. But I was getting the. Messaging across and getting everybody to understand the buy-in and actually come together.

Bill Russell: Okay. Getting them to see something that hadn't existed before is always a lot of fun.

Bill Willis: Yeah. It's always about the vision. And Kristen and her leadership team has decided to take the reins from an industry perspective. As she said, she wants to have that NPS score, if you will. The net promoter score that's off the charts. The great thing I think from an industry perspective, Bill, from my chair at least, is that the rest of the folks that aren't nearly as willing to take a lead and take some of the risk of being lead, they actually now have a reference that they can point to, to say, [00:22:00] okay, now we get it.

I can, the CIO of one hospital assistant can go talk to Baylor Scott and say, Hey, talk to Kristen. It's like, this is what they did. They have a pattern, they have a deployable thing, they know it works, and now you there can now be in a position to do more with less. Instead of wondering, well, how do I even make this happen?

They now have a playbook for that.

Bill Russell: you know, when you had mentioned patients, is it the identity system for patients as well?

Kristin Hoppe: It's not today. However, it is extensible to them, and that may be something we explore in the future.

Bill Russell: I mean, is it necessary for patients. I mean, we do end up with duplicates. It is a problem

Kristin Hoppe: we do. Yeah, essentially there is a really solid use case for that for patients as well. Particularly also giving them something protected around, you know, their MRN and their data. So there is a use case for it.

Absolutely. It's definitely not something that we have started exploring here in our journey, but we did we did absolutely select the right solutions to be able to extend [00:23:00] it if we choose.

Bill Russell: My last question is, there's people listening to this right now that are saying you know.

How do we know that this solution's gonna work for us? How do we know that? You know, you know, business as usual. I think sometimes people get used to how bad it is. They just go, well, it sort of works for us. We have a problem every now and then somebody does this, or there's elevated rights over here.

That kinda stuff. But it's not a massive problem for us. I mean, what's your message to those people who are sort of sitting in the old models not really wrestling the problem to the ground. I mean, what is it what's the message to them to say, Hey, this is what it looks like before and this is what it looks like after, and might be better to take on the journey.

Bill Willis: So probably the most interesting thing, especially in the healthcare system, is. From my role is to be that person that comes in puts their arms around and say, you don't have to have the Stockholm syndrome of this anymore. Right? It, just because it exists doesn't mean it can't change.

And instead of putting in 16 hours a day because [00:24:00] you've been told you have to do more with less, you just need to think about giving the car good gas. Meaning give the process data and automate the process, and now you can actually do exponentially more work by just making those transitions to the way it's done today.

The other part is that. I've yet to see in a long time with the gray hair is that if you show leadership a success, they will continue to give you what you need to extend that success. And that's what happened with Christian. She had a vision. They said, yes, we agree. Let's see how it go. Let's crawl, let's walk, and let's run.

She showed the vision and the passion and the creativity to partner with everybody. They showed the initial success, the CIO. The executive board, the CISO said yes, this is exactly how we want to run our environment and be able to get that [00:25:00] return.

Bill Russell: fantastic. Kristen, I'll give you the last word

Kristin Hoppe: mine on that is.

For any healthcare system. I mean, we are all now competing. We're all in competing markets, right? It's huge. You're competing for workforce, you're competing for patients. It's a sometimes, maybe not the funnest way to think about it, but that's the reality of it. But one thing that you want to do is you want to set up your organization to create the most frictionless experience for your providers.

And that's not just physicians. That is every person that is in your brick and mortar facilities providing care to a patient. Your job is to make their lives frictionless and seamless so they can then extend their time and effort to. The patients that they're providing care for.

That is absolutely my driving tenant in everything that I do in the IAM space in healthcare is to create that experience so that my providers, anyone on the front lines of healthcare doesn't have a negative experience and is not sitting on their hands for a week. 'cause they can't log into their account, which means they cannot provide care, which means they cannot do what we need them to be doing in the [00:26:00] community.

And so I think that's a really core tenant for identity and access management. When you look at that and everybody thinks, oh, we gotta, you know, might be a sunk cost because you're all operational and there's no return value there and it's, nope, your return value is absolutely providing that frictionless experience to your physicians, to your nurses and allowing them to be the caregivers that they are.

And if they have a good experience, they turn right around and pass that on.

Bill Russell: Right. That's a great principle. Kristen, Bill, I appreciate you coming on the show. Always good to see you, my friend. Yeah, absolutely. Thank you for

Kristin Hoppe: having us.

thanks for watching this solution Showcase on Keynote with me, Bill Russell. We believe every healthcare leader needs a community they can lean on and learn from. Discover more solutions and join our community at this week. health.com/subscribe. Share this with someone who could benefit from these insights.

Thanks for listening. That's all for now.

[00:27:00]