Opinion: IAM’s benefits go beyond good governance

One of the biggest problems I have come across in the past 20 years of working in the healthcare sector is that information governance is only considered from the perspective of compliance and control. The excellent business intelligence that good information governance can bring, such as creating operational efficiencies and identifying gaps in information capability and information systems utilisation, is inevitably missed as a result.

The current NHS Information Governance Toolkit calls for organisations to have the correct tools to manage staff members joining or leaving an organisation or changing roles within it. While this requirement delivers real business intelligence benefits, it is not happening at a vast majority of Trusts.

I have visited over 300 NHS organisations over the past three years and the majority of them are using manual procedures to address the Toolkit’s requirements. Just looking after existing accounts is a huge task. It is not unusual for Trusts to have up to 20 major operational systems in daily use, each with its own user account and access rights mechanism. Consequently, most organisations are using only basic, skeletal identities − name, email address and account name − which doesn’t support the needs of information asset owners, let alone provide a level of intelligence that would lead to greater levels of collaboration and information sharing.

Without a good identity management baseline of information, the opportunity to better understand users and their relationship to information systems becomes nigh on impossible. Most importantly, it is quite difficult to identify staff not proactively using information, which creates a data and information gap, undermining efforts to improve the measurement of business performance, in addition to hindering service quality and clinical performance.

For a moderate level of investment, the adoption of identity and access management (IAM) technology can create considerable time and cost savings, and highlight under-utilisation of existing information and assets by staff. The consistent application of staff identity information across systems and information assets makes it much easier for an organisation to understand the contributions of its staff and to spot gaps in information that undermine business efforts.

Paul White is managing director of eCulture