Frictionless health security: Design for users

For a long-time, there’s been a prevailing view that disruption is the inevitable cost of improving security. A locked door is more secure than an open archway, but adding the lock incurs the inherent disruption of having to use – and take care of – a key. You might even lose the key and find yourself locked-out entirely. Your life is now so secure that even you can’t access it.  

In such a world, it’s clearly tempting to make a second key and leave the spare under the flowerpot or give it to a trustworthy neighbour. Of course, flowerpots are the first-place criminals will look and neighbours can prove less trustworthy than you imagine. In our quest for security we’ve created a system where we actively compromise the measures we have put in place.  

We do the same thing in the digital world, reusing passwords across multiple services or writing them down somewhere. So, do we just have to accept that security and user-experience can never exist together?  

Healthcare can’t wait 

For healthcare providers this is not an option. In healthcare, disruption and friction are like kryptonite. It can go from being a minor inconvenience to a potentially life-threatening risk. No practitioner is going to accept that a patient suffered because they couldn’t remember the password to log on to an essential service. It’s no surprise that, in 2019, an Accenture survey¹ found that 20% of healthcare workers wrote usernames and passwords down and kept them by their workstations – tantamount to leaving their house keys in the lock. 

This has clearly been an issue for some time and is particularly important in the UK healthcare environment, where practitioners need to access the same patient records on a wide variety of devices. However, this challenge has deepened during the pandemic.  

When asked as part of the Accenture Digital Health Technology Vision 2021 research 98% of healthcare provider leaders surveyed reported that they had developed some form of remote working strategy to cope with COVID-19.  And 93% agreed that their organisation was moving to a truly virtualised way of working. With remote working becoming business as usual it’s essential to strike the right balance between security and access.  

In short, to empower the frontline worker of the future we need to challenge the assumption that security must be disruptive and an inconvenience. We need to improve user experience while handling rapidly growing and changing cyber threats. We need to deliver frictionless cybersecurity, where users hardly notice the security measures that are in place and are able to access the vital services they need without delay. We need to create a more human approach that puts people’s needs front and centre.

A pathway to frictionless cybersecurity 

Achieving this will cover every element of security, from procurement to delivery. And while this will be a complex and ongoing process, we see three key ways that security leaders can get started with implementing frictionless systems immediately.  

1. For cybersecurity buyers: consider adding frictionless as a scored criteria in procurements. Ask suppliers to specify how their solution will include experience as an integral part of their delivery process to mitigate the impact on users and improve security. The UK Government’s Social Value Act² is a great example of how an approach like this can shape the agenda with suppliers.  
2. For cybersecurity suppliers: get ahead of the demand and engage end users early in the process to understand their needs. Develop a clear view of how frontline staff are using existing services, how they might use new services and how security will interact with this experience. Not only can this help users access services more easily, but it could even help suppliers identify potential vulnerabilities early.  
3. For cybersecurity solution designers and innovators: understand that while security is everyone’s responsibility, not everyone should be equally responsible. Currently the burden for cybersecurity falls disproportionately on the end-user. Look at how you can invert this and create systems where it is easy to comply with security processes and don’t make the end-user the single point of failure.  

Of course, exploring these approaches will open up new questions. Scoring frictionless cybersecurity will mean developing a clear definition of what that means to your users specifically. Engaging end-users means ensuring they feel confident in talking frankly about how they really interact with security processes. And inverting the responsibility for security will mean defining what a new reasonable balance is.  

However, getting the process right will be essential to ensuring that we don’t go back to a world of keys in plant pots – or worse, archways. Ultimately, the greatest disruption in healthcare is caused, not by the presence of cybersecurity, but by a breach in it. Disruptive security solutions don’t improve organisational cyber resilience as much as they could, but they are still a lot better than no solution at all.  

COVID-19 has helped us all remember a truth we’ve always known; healthcare is a fundamental bedrock of a successful society and front-line workers do essential work at great personal risk. More than that, our health system is crucial to ensuring our national security, so we have to protect it.  

To respond to the increasing demand and a shift to a truly hybrid working model we must give healthcare workers secure tools that just work. We’d welcome the opportunity to discuss the challenges and opportunities of securing an increasingly remote workforce, so don’t hesitate to connect with Ashish and Rob.  

<<< End >>>

¹ Accenture Health Employee Cybersecurity Survey, 2019

² www.gov.uk/government/publications/social-value-act-information-and-resources/social-value-act-information-and-resources