TL;DR: Healthcare access architecture must balance patient care, performance, and compliance, and the article argues that traditional VPN and network-based models break down in clinical environments while NIST SP 800-207 style zero trust requires identity, context, visibility, and tightly scoped connectivity. The security case is not about branding a network as zero trust, but about whether the control model can support care without broad trust assumptions.
NHIMG editorial — based on content published by Appgate: Zero trust architecture for healthcare access and clinical workflows
Questions worth separating out
Q: How should healthcare teams implement zero trust without disrupting clinical workflows?
A: Start with the highest-risk access paths, usually remote access and third-party connectivity, then enforce resource-scoped policy based on identity, device posture, and context.
Q: Why do VPN-style access models create risk in healthcare?
A: VPN-style models usually trust a user once they are inside the network, which gives them broad reach that is too coarse for healthcare.
Q: How do organisations know if their healthcare zero trust programme is working?
A: Look for narrower resource exposure, lower unauthorized discovery of clinical systems, stable application performance, and auditable access logs that show who accessed what and under which conditions.
Practitioner guidance
- Redesign clinical access around resource scope Replace broad network reach with application-level and resource-level policies for EHR, imaging, telehealth, and device administration paths.
- Validate routing against clinical latency tolerances Test direct-routed and cloud-routed paths for response time, session stability, and failover behaviour in the exact workflows clinicians use.
- Tighten third-party access lifecycle controls Apply explicit onboarding, review, and offboarding steps for vendors and service partners so remote access does not outlive the business need.
What's in the full article
Appgate's full article covers the operational detail this post intentionally leaves for the source:
- Direct-routed ZTNA design considerations for latency-sensitive clinical systems.
- Implementation guidance for integrating access policy with IAM, SIEM, and EDR tooling.
- Policy examples for resource cloaking and third-party connectivity in healthcare.
- Practical deployment considerations for hybrid on-prem and cloud-hosted environments.
👉 Read Appgate's analysis of zero trust architecture for healthcare access →
Healthcare zero trust access: are your controls keeping up?
Explore further
Healthcare zero trust fails when it inherits perimeter-era assumptions. The article is right to frame access as part of care delivery, but the deeper issue is that many healthcare programmes still assume network location can substitute for context. That assumption was designed for internal enterprise traffic, not for clinicians, vendors, telehealth, and connected devices spread across hybrid environments. The implication is that healthcare security teams have to redesign access decisions around identity and workflow, not just wrap old controls in new language.
A few things that frame the scale:
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to the same report.
A question worth separating out:
Q: Who is accountable for third-party access in healthcare zero trust?
A: The healthcare organisation remains accountable for scoping, reviewing, and revoking third-party access, even when a vendor operates the system. Third-party connectivity should follow the same lifecycle discipline as privileged access, because access that outlives the business need becomes a standing risk.
👉 Read our full editorial: Zero trust for healthcare needs identity-aware access, not VPN logic