Automation is driving the change in the post-acute care industry. Automation delivers speed and precision while freeing staff to work on more complex, higher value tasks and thus eliminating the repetitive tasks.
RPA or Robotic Process Automation is a system of recording tasks as a human would. Machines are then instructed to execute these tasks in the exact manner as a human would. Robots (or bots) find logical steps and perform repetitive manual tasks with no human intervention. Several industries including healthcare have begun a widespread adoption of RPA, and the benefits it poses to post-acute care are aplenty.
With automation, post-acute care providers are able to simplify their daily repetitive work, allowing the robots to manage the repetitive tasks based on a specific set of rules or instructions that are provided. Robots are trained to log on to pre-existing systems on behalf of teams, and follow the instructions to complete tasks. This frees up time from resources to focus on patient care and higher value tasks without the encumbrances of repetitive administrative work. Automating workflows allows post-acute care teams to intervene only when manual intervention is necessary. Most tasks can be handled by automation and since the work occurs at the backend, it does not require supervision or daily direction.
Automation Software runs on behalf of users and in the process are required to :
The automation involved in PAC creates several layers such as web, APIs and data exchange that are vulnerable to attacks. The use of RPA frameworks can expose organizations to new types of security threats. Hence, its security is an utmost priority while using workflow automation.
Credentials - both login and password - should be stored in Vault. A Vault typically stores Passwords in encrypted format and prevents direct access to credentials.
Please note that there are various logins and passwords to be managed - Enterprise applications, API Services, Different Environments (Dev, Test, Production), Applications behind Citrix and many more. Soon this tends to grow. Credential management is core / foundational capability.
A bot will be accessing Applications - e.g. within Enterprise, External applications, Government Sites and so on. Usually a bot will need to only perform a finite set of activities (E.g. upload files, export data based on criteria etc.). Typically the target applications do provide a set of roles with permission to perform specific activities.
Restricting access to a Bot will prevent any accidental actions and further help with user confidence.
A User needs to understand what actions a bot is performing when a process is automated. More important is to understand the effectiveness of both. This is not only important during initial testing phases of Automation Process development but also for ongoing troubleshooting if there are issues - be it in business failures or technical failures.
Design a robust logging component where information summary (e.g. Trends, patterns) and detail (e.g. process step level) can be provided.
Currently there are many regulations by Sector / Industry. In Healthcare, HIPAA ( Health Insurance Portability and Accountability Act) compliance is key. The HIPAA Privacy regulations require applications to ensure confidentiality and security of protected health information (PHI) when it is used (transferred, received, processed, or shared).
Automation applications should be designed to overall manage PHI information - at a minimum the following considerations become key::
Supplement your Audit Logging Design with formal cadence for performing periodic Audits. This is important from multiple perspectives - key being changed. Change is inevitable and therefore it is important to understand bot’s responsiveness to change and course correct where needed.
Note: Automation Applications are User Interface (UI) heavy - UI changes are to be expected over the life of an application.
Business Processes today deal with Bigdata - where volume, variety and veracity are to be planned and managed. Consequently one of the key Security and Risk considerations for an automation application is how data will be stored and managed through its lifecycle.
This topic is a whitepaper topic in itself. However at a minimum the following needs to be considered:
The Automation Environment involves multiple components - not just the Automation Software but a host of other components - cloud based or otherwise (like Performance Monitoring, Log Analytics, Reporting etc). Policy based access / control to the environment to be formalized - few examples: :
Further, DevOps (build, test, deploy and change cycles) is integral to any Automation Software development. Automating this cycle could also help reduce the overall risk in managing deployment of automation code to production.
IPA is a strategic initiative for many firms today. Organizations should establish suitables policies and controls to secure their Automation Ecosystem.
Further, Automation tends to bring Change - a new way of working, a new way of man-machine collaboration. This change has been managed and executed well for value delivery.
Few key considerations in this context are:
Conclusion - Intelligent Process Automation (IPA) provides powerful capability with tangible impact to both top-line and bottom-line. Like any strategic Initiative, IPA also needs to be planned, governed and managed well. Security and Control is foundational to not just Risk management but also value delivery at Scale. Element5 is working with a host of clients while offering IPA in the SaaS (Software as a Service) model. As we continue to learn working with our clients, we will keep the best practices updated.