Kill the clipboard in healthcare: what it means for identity teams

TL;DR: Patient record access is increasingly an identity and workflow problem, with frictionless exchange linked to fewer duplicate records, less administrative burden, and stronger protection of health information, according to Imprivata. The governance challenge is to make access simple without weakening identity assurance or auditability across patients, providers, and connected applications.

NHIMG editorial — based on content published by Imprivata: Imprivata pledges support for CMS Kill the Clipboard initiative to simplify and secure patient access to medical records

Questions worth separating out

Q: How should healthcare teams balance patient convenience with identity assurance?

A: Use a layered model that separates identity proofing, authentication, and authorisation.

Q: What breaks when patient identity is not managed across interoperability channels?

A: Weak identity management allows duplicate records, mismatched entitlements, and misplaced access decisions to spread across connected systems.

Q: How do organisations know whether frictionless access is safe?

A: They should look for consistent identity binding across channels, low duplicate-record rates, complete audit trails, and a clear revocation path.

Practitioner guidance

• Map patient identity proofing to each access channel Document where identity is established, where it is re-validated, and where that decision is reused across portals, apps, and partner networks.
• Treat duplicate-record prevention as an access control requirement Link patient matching rules to IAM and data governance processes so duplicate identities are identified before they propagate entitlements, billing events, or record access across systems.
• Require auditability for every frictionless workflow Preserve event logs for enrolment, authentication, record retrieval, and revocation so security, privacy, and compliance teams can reconstruct the access path after the fact.

What's in the full article

Imprivata's full post covers the operational detail this post intentionally leaves for the source:

• How Patient Access verifies identity at enrolment and at each point of care
• How CMS-aligned networks and personal health record applications fit into the access model
• How the workflow reduces duplicate medical records and insurance fraud risk
• How the 'Friend of the Ecosystem' commitment supports interoperability participants

👉 Read Imprivata's pledge supporting CMS's Kill the Clipboard initiative →

Kill the clipboard in healthcare: what it means for identity teams?

Explore further

View Full Forum →  |  NHI Foundation Course →