Notifications
Clear all
Topic starter
25/06/2026 1:38 pm
TL;DR: ECU Health’s IAM lead describes identity security as essential to delivering patient care, with the team focusing on EMR integrations, programme evolution, and next-step priorities, according to SailPoint’s Navigate Studio interview. The practical lesson is that healthcare identity governance must be treated as an operational control plane, not a back-office compliance function.
NHIMG editorial — based on content published by SailPoint: Inside the Navigate Studio with ECU Health
By the numbers:
- ECU Health serves more than 1.4 million people in 29 eastern North Carolina counties.
Questions worth separating out
Q: How should healthcare teams govern provider access without disrupting patient care?
A: Healthcare teams should govern provider access by linking entitlements to role, location, and care duty, then reviewing those entitlements on a tight lifecycle cadence.
Q: Why does EMR integration change identity governance requirements?
A: EMR integration changes identity governance because access is no longer just a login problem.
Q: What do healthcare IAM programmes often get wrong about access reviews?
A: They often review whether an account should exist instead of whether the person still needs specific clinical entitlements.
Practitioner guidance
- Tie clinical access to role and duty context Review how provider access is granted, changed, and removed when staff move between teams, locations, or care responsibilities.
- Validate EMR entitlement mappings regularly Check that EMR-linked access paths still match the underlying identity source, especially after org changes or application updates.
- Shorten mover and leaver turnaround times Measure how long it takes for role changes and departures to remove outdated access from clinical systems.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- A closer look at ECU Health’s identity strategy evolution over time and the milestones behind it.
- Direct commentary on why EMR integrations mattered to the programme’s design and adoption.
- Peer advice from Nickisha Bennett-Burton for teams building healthcare identity programmes.
- A forward view of the team’s 2025 areas of focus and priorities.
👉 Read SailPoint’s interview with ECU Health on identity strategy and EMR integration →
ECU Health identity strategy: what it means for IAM teams?
Explore further
25/06/2026 3:37 pm
Healthcare IAM is operational infrastructure, not administrative overhead. ECU Health’s framing shows that identity security sits directly on the path to patient care, which makes access governance a delivery requirement rather than a compliance afterthought. In a health system, identity failures are service failures because clinical work depends on timely access to systems and records. The practitioner conclusion is straightforward: healthcare IAM must be judged by operational continuity as much as policy compliance.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 44% of developers are reported to follow security best practices for secrets management, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can hospitals tell whether identity controls are supporting operations?
A: Hospitals can tell by checking whether access changes keep pace with staffing changes, whether EMR mappings remain accurate, and whether clinicians can do their jobs without relying on standing exceptions. If those signals drift, identity controls are supporting neither governance nor care delivery.
👉 Read our full editorial: ECU Health’s identity security program shows IAM’s operational role
