Category Archives: Healthcare Tech

Healthcare, Healthcare News, Healthcare Tech, News

Virtual Clinical Sessions Set to Stay After Revolutionising The Way Patient Care Is Delivered

Being diagnosed with a life changing illness or debilitating condition such as cancer, diabetes or coronary heart disease turns your world upside down. Significant intervention in the form of drastic lifestyle changes and pre/rehabilitation to complement essential treatment or surgery can be paramount to increasing survival rates, minimising recovery time and improving quality of life during and after treatment. Before Covid-19 forced the temporary closure of clinics across the country, patients were routinely supported with face-to-face appointments with their healthcare professionals. However, with lockdown came the urgent need for a revolutionary solution that would tackle not only the increasing backlog of patients with clinical needs, but one which would ensure the vital continuity of care.

Virtual clinical sessions have quite literally been a life saver to many people, which is why they are now here to stay.

Prior to Covid-19 there was an initial reluctance around hosting online appointments because of concerns around how successful they would be, but professionals from across the clinical industry are now lauding their success.

TenClinical, London’s leading clinical exercise rehabilitation facility provided by Ten Health & Fitness, successfully transitioned to virtual video appointments during lockdown.

Head of TenClinical, Adam Hewitt said: “The virtual sessions have proved incredibly beneficial, not only for our current patients but also for a completely new group as well. Before Covid-19 we only treated people in clinic, so they had to physically be able to get to us. We have now been able to reach patients who are unable to walk and move significantly, which has been truly fantastic. These people need a huge amount of care and attention to build their strength, mobility, co-ordination and motor patterns, and this can all be done from their own home over a video call.”

The recent success has proved that virtual clinical care from TenClinical will continue to be part of their offering moving forwards. “The virtual sessions have allowed us to focus on the people who arguably need us the most,” continued Hewitt. “It is the most rewarding thing to see a patient gain strength and confidence, helping someone from being almost immobile to being able to function and even join a group class is unbelievable. We will continue to offer virtual sessions as we appreciate many patients are uncomfortable or unable to visit us in clinic – so this is the perfect solution.”

Ten Health & Fitness will continue to offer virtual clinical sessions for clients, regardless as to their geographical location. As Joanne Mathews, Founder of Ten Health & Fitness explains; “The opportunity for us to help a much wider scope of people is what is driving us to continue this offering. We want people to have this option and we have some of the most qualified clinical exercise professionals available to help them. We’re hoping that providing this service will also help ease some of the pressure on other medical organisations such as the NHS.”

The level of care patients have had access to during this unprecedented time has garnered high praise from new and existing clients.

I wasn’t convinced that clinical exercise sessions would work virtually as the ‘face-to-face in-person’ was an essential part in nurturing focus and energy with my journey to become stronger inside and out. 

During lockdown, Adam’s virtual voice filled my living room to gently hold my hand through the rollercoaster of my feelings in self-isolation. Step by step, I discovered that the virtual sessions were enabling me to heal my physical space that is my home with creative energy. Now I’m in the design stages for my home renovation. A thought that was impossible last year after losing my little daughter to a horrific terminal illness. That’s massive win for me from clinical exercise virtual experience!” – TenClinical patient testimonial.

While I was at first reluctant about exercising online, the same rapport that exists between trainer and customer in a studio is replicated online. Much to my astonishment, it was possible to achieve the same standards on a screen as in clinic” – TenClinical patient testimonial.

To book an online clinical consultation, please visit: https://www.ten.co.uk/clinical

Health Tech, Healthcare Tech, News

IAM in the Healthcare Industry for Improved Consumer Experiences and Efficient, Secure Access Management

By Johann Nallathamby, Associate Director – Solutions Architect at WSO2 and Sherene Mahanama, Senior Technical Writer at WSO2

The ongoing COVID-19 pandemic has placed healthcare systems and their efficiency (both operational and technological) under greater scrutiny. The healthcare industry has some of the most valuable, high-priced information sold on the dark web. Since they are a prime target for cybercriminals, it is vital for healthcare organisations to use a strong and secure Identity and Access Management (IAM) system to protect this information, while also ensuring that this extra security does not hinder the time-sensitive nature of healthcare work.

Regions across the UK with good centralised healthcare management systems share patient information and medical records across hospitals, to ensure quick access to patients’ medical history. Sharing information this way requires a solid IAM platform as the central backbone such as NHS Identity to connect, authenticate, and provide quick but secure access to healthcare professionals and patients across multiple systems. Local/ regional systems require a way of mediating with NHS Identity and this can be done using an IAM product such as WSO2 Identity Server.

Let’s take a look at how this can be done easily, saving valuable time for hospital staff.

Adaptive Authentication

Health data requires a high level of security, however, it is tedious for healthcare professionals to constantly go through 2–3 levels of proving their identity when they barely have the time to do it once.

Adaptive authentication can be configured to only prompt extra steps of authentication when the authentication is abnormal in some way (e.g., authorising a high risk medicine, logging in from a different location/device etc.)

Login analytics can be used to gain insights into potential security risks and configure risk-based adaptive authentication. For example, if a doctor logs in from within the hospital network, this might require only one factor of authentication whereas a doctor logging in from home might require two-factor authentication.

Identity Federation and Just-in-Time Provisioning

The NHS identity federation service supports OpenId Connect, SAML or WS-Federation Federated Identity. Using one of these standards, WSO2 Identity Server can federate user accounts of patients/doctors over to the local system, saving countless hours that administrators would spend creating user accounts for hospital employees.

When we factor in the increasingly fluid staff that includes visiting surgeons, residents, part-time doctors etc., who require limited privileges and access to the hospital’s data in real time, access control becomes an even bigger nightmare. Fortunately this can be handled with Just-in-Time (JIT) provisioning where visiting specialists can be authenticated into the system in real time, using their existing NHS credentials, and can gain limited access to resources.

Furthermore, approval workflows can be set up for provisioning or granting access to certain applications for trainee or part-time doctors. NHS Identity supports six deployment patterns as detailed in NHS Identity: Authentication and Authorisation Deployment Patterns. WSO2 Identity Server can represent the local/regional AuthN or AuthZ server in any of the six patterns to support the local system to authenticate and authorise with NHS Identity.

Fine-grained Entitlements

One of the primary reasons for healthcare vendors and hospitals to require a good, stable IAM solution is to authorise users securely according to the different levels of access they require. A pure role-based access control (RBAC) model will usually not be scalable in a health institution considering the different types of roles and specialisations in each of those roles.

Instead, we could use permissions-based-access control to assign permissions to roles on a more granular level by defining exactly which actions are allowed for a particular resource depending on the role.

However, most practical real world scenarios in the health industry would have more complex requirements and may require authorising access to certain resources based on attributes such as time of access, assigned patient ID, location, etc., in addition to the roles/permissions.

Therefore, usually the most appropriate form of access control would be to use a fine-grained, attribute-based authorization policy language like XACML to define these complex and detailed authorisation rules. WSO2 Identity Server can be used as a XACML engine to securely handle authorisation rules and access control.

API Security

APIs and microservices are used to collect and update patient data efficiently and securely. Healthcare APIs are an essential part of centralised healthcare management. Using APIs, hospitals and medical offices can share data within local systems in the UK to gain quick access to patient information, reduce errors, and improve overall efficiency.

The WSO2 Healthcare Integration Platform is a solution built on top of our industry-leading, open-source integration platform which allows you to quickly transform your data and expose secure APIs to meet interoperability requirements mandated by governments.

In NHS Identity deployment patterns 5 and 6, the user identity is sent from the NHS system to the local service provider to authenticate the user but the authorisation rules are handled by the local system. WSO2 Identity Server uses OAuth2 and can support the token exchange from NHS services to the local system and from the local system to NHS. Using WSO2 as the authorisation server for the local system, enables complex authorisation rules/policies, application of security to verify the API calls, and throttling to regulate the number of authentication calls.

Furthermore, all six of the NHS Identity deployment patterns highlight token exchange with a local/regional authorization server. WSO2 Identity Server can also play the role of the local/regional server to accept incoming token requests in an API Manager ecosystem.

Progressive Profiling For Better Patient Profiling

Treating the healthcare platform as a CIAM project (Customer Identity and Access Management) can be a good approach to gain insights and a 360 view of a patient’s activities.

APIs can help towards providing better patient care by capturing every part of the patient’s journey in that hospital. A patient may enter the hospital for a simple appointment that later escalates into multiple tests and scans, medications, surgery, post-care appointments, etc. With standardisation of APIs across all these services, the medical industry or at least hospitals in the UK, can avoid all this data being isolated among different, disconnected data silos and instead, use all of it to get a full and detailed collection of the patient’s healthcare story.

A unified view of a collection of patient information that is this big can be used to help profile or categorise patients. This is helpful in order to improve patient service in a variety of ways including alerting them when a doctor they were trying to channel is available or to do targeted marketing and promotions for patients depending on their interests.

User Managed Access

Patients increasingly wish to share sensitive health data extracted from Internet of Things (IoT) devices and wearables such as smart watches but struggle to do this in a secure and controlled manner. Enabling patients to do this would contribute towards improving health outcomes and providing quality patient care and patient satisfaction.

IAM solutions can provide ‘user managed access’ mechanisms to enable this level of controlled data sharing between patients and healthcare providers.

These are just a few ways that an IAM solution can help healthcare organisations protect the sensitive nature of the information they are dealing with on a daily basis without introducing a burden of bureaucracy that could get in the way of delivering a quick and seamless healthcare service to patients.

If you would be interested to find out more about WSO2’s services or your organisation is considering integrating open-source APIs into your business practices, please visit:

www.WSO2.com/?utm_source=external&utm_medium=media&utm_campaign=wso2ishealthcare_jul20