Blog
 / 
Automation Security

8 Key Information Security Considerations While Choosing Workflow Automations for PAC

July 11, 2022
, by 
8 Key Information Security Considerations While Choosing Workflow Automations for PAC

Automation is driving the change in the post-acute care industry. Automation delivers speed and precision while freeing staff to work on more complex, higher value tasks and thus eliminating the repetitive tasks. 

RPA or Robotic Process Automation is a system of recording tasks as a human would. Machines are then instructed to execute these tasks in the exact manner as a human would. Robots (or bots) find logical steps and perform repetitive manual tasks with no human intervention. Several industries including healthcare have begun a widespread adoption of RPA, and the benefits it poses to post-acute care are aplenty. 

With automation, post-acute care providers are able to simplify their daily repetitive work, allowing the robots to manage the repetitive tasks based on a specific set of rules or instructions that are provided. Robots are trained to log on to pre-existing systems on behalf of teams, and follow the instructions to complete tasks. This frees up time from resources to focus on patient care and higher value tasks without the encumbrances of repetitive administrative work. Automating workflows allows post-acute care teams to intervene only when manual intervention is necessary. Most tasks can be handled by automation and since the work occurs at the backend, it does not require supervision or daily direction.

Why security is vital in the workflow automation

Automation Software runs on behalf of users and in the process are required to :

  • Applications: Interact with many applications - both source and target.
  • Process (execute a set of steps) to meet a functionality
  • Rules and logic based execution
  • Manage Data - Store, Transfer, Processing and reporting. 

The automation involved in PAC creates several layers such as web, APIs and data exchange that are vulnerable to attacks. The use of RPA frameworks can expose organizations to new types of security threats. Hence, its security is an utmost priority while using workflow automation.

What should be the steps considered to improve the security

A : Use Password Vaults for Managing Credentials

Credentials - both login and password - should be stored in Vault. A Vault typically stores Passwords in encrypted format and prevents direct access to credentials.

Please note that there are various logins and passwords to be managed - Enterprise applications, API Services, Different Environments (Dev, Test, Production), Applications behind Citrix and many more. Soon this tends to grow. Credential management is core / foundational capability.

B : Role based, Restricted Access

A bot will be accessing Applications - e.g. within Enterprise, External applications, Government Sites and so on. Usually a bot will need to only perform a finite set of activities (E.g. upload files, export data based on criteria etc.). Typically the target applications do provide a set of roles with permission to perform specific activities. 

Restricting access to a Bot will prevent any accidental actions and further help with user confidence.   

C : Audit logs for Visibility to Bot Health

A User needs to understand what actions a bot is performing when a process is automated. More important is to understand the effectiveness of both. This is not only important during initial testing phases of Automation Process development but also for ongoing troubleshooting if there are issues - be it in business failures or technical failures. 

Design a robust logging component where information summary (e.g. Trends, patterns) and detail (e.g. process step level) can be provided.     

D : Manage the Clear ! 

Currently there are many regulations by Sector / Industry. In Healthcare, HIPAA ( Health Insurance Portability and Accountability Act) compliance is key. The HIPAA Privacy regulations require applications to ensure confidentiality and security of protected health information (PHI) when it is used (transferred, received, processed, or shared). 

Automation applications should be designed to overall manage PHI information - at a minimum the following considerations become key::

  • Avoid or Minimize use of PHI data where possible (e.g. for handling failures)
  • PHI data to be encrypted. 
  • Design a suitable data masking technique and mask PHI data. 
  • Access Control (Who gets what access etc.) of PHI data is must. 
  • Prevent direct access to PHI data. Ensure PHI data is only accessed through a known interface like a controlled Service or an application.

E : Perform Audits 

Supplement your Audit Logging Design with formal cadence for performing periodic Audits. This is important from multiple perspectives - key being changed. Change is inevitable and therefore it is important to understand bot’s responsiveness to change and course correct where needed. 

Note: Automation Applications are User Interface (UI) heavy - UI changes are to be expected over the life of an application.

F : Data, Storage and Lifecycle

Business Processes today deal with Bigdata - where volume, variety and veracity are to be planned and managed. Consequently one of the key Security and Risk considerations for an automation application is how data will be stored and managed through its lifecycle. 

This topic is a whitepaper topic in itself. However at a minimum the following needs to be considered:

  • Data Storage: Typically a bot needs to provide storage (ideally shared storage) where not only the bot inputs or outputs are managed but  also shared with Users (Business or Technical). This storage should also be designed considering key factors like access control, synchronization if needed, data archival etc. 
  • Data at Rest:  Make sure data at Rest is access controlled, encrypted (so that even in case of breach the compromise can be minimized)
  • Data in Motion: In many cases a bot is designed to process high-volume transactional data - with bulk of the processing happening in-memory underpinned by a messaging / queue based architecture. It is important to ensure that the data in motion is also encrypted and controlled (even queue based persistence) - Ideally the Automation platforms will be able to provide this but if not a bot design should account for the same. 

G : Automation Environment and Access

The Automation Environment involves multiple components - not just the Automation Software but a host of other components - cloud based or otherwise (like Performance Monitoring, Log Analytics, Reporting etc). Policy based access / control to the environment to be formalized - few examples: :

  • Has the automation code been reviewed and is per Quality standards?
  • Are there formal best practices ? Have they been institutionalized and enforced (like handling failures to be consistent and comprehensive) ? 
  • Is the code thoroughly tested and accepted by end users?  
  • Who gets to execute / trigger a bot?
  • Who gets to release code between environments? 
  • Who gets to change configurations etc.
  • Who gets to build and release code? 

Further, DevOps (build, test, deploy and change cycles) is integral to any Automation Software development. Automating this cycle could also help reduce the overall risk in managing deployment of automation code to production. 

H : Governance and Change

IPA is a strategic initiative for many firms today. Organizations should establish suitables policies and controls to secure their Automation Ecosystem. 

Further, Automation tends to bring Change - a new way of working, a new way of man-machine collaboration. This change has been managed and executed well for value delivery.

      Few key considerations in this context are:

  • Monitoring and Managing Bot effectiveness
  • Design with Business Continuity in mind
  • Risk Management
  • Performance management
  • Selecting candidates for Automation

Conclusion - Intelligent Process Automation (IPA) provides powerful capability with tangible impact to both top-line and bottom-line. Like any strategic Initiative, IPA also needs to be planned, governed and managed well. Security and Control is foundational to not just Risk management but also value delivery at Scale. Element5 is working with a host of clients while offering IPA in the SaaS (Software as a Service) model. As we continue to learn working with our clients, we will keep the best practices updated. 

No items found.
Interested in Workflow Automation?
Schedule A Demo
Recommended
Press Releases
Element5 Announces the Closing of $2.5M Seed Funding
Read more
Press Releases
Element5 and LBMC announce strategic partnership to bring greater security to automation for post-acute care
Read more
Newsroom
4 Benefits of Robotic Process Automation in Home-based Care
Read more
Newsroom
How Robot Process Automation (RPA) Helps Connect Disparate Systems and Increase Efficiencies
Read more
Newsroom
Hospice Leverage Emerging Technologies to Build Efficiency
Read more
Newsroom
HHCN Voices: Jennifer Maxwell CEO & Co-founder at Maxwell Healthcare Associates
Read more
Post-Acute Care
You’ve heard of AI for post-acute care. But have you heard of RPA? The new technology home-health, hospices & others are turning to
Read more
Post-Acute Care
Three technologies that are changing the landscape of home health organizations in 2021
Read more
Post-Acute Care
5 Processes RPA can automate for post-acute care
Read more
Press Releases
Element5 announces the appointment of post-acute care industry leader, Jennifer Maxwell to Board of Directors
Read more
Post-Acute Care
Series A: It’s more than just funding, it’s the roadmap to a new future
Read more
Post-Acute Care
What is Review Choice Demonstration and how to simplify pre-claim review
Read more
Post-Acute Care
How post-acute care is making OASIS submissions to iQIES less tedious using workflow automation
Read more
Element5 strengthens commitment to security, achieves SOC2 Type 2 Certification
Read more
Post-Acute Care
Why Census Migration should be automated using AI and RPA
Read more
Post-Acute Care
Can automation help post-acute organizations reduce claim denials and recognize revenue faster?
Read more
Newsroom
We’re attending our very first Home Care 100 - and here’s why we’re excited!
Read more
Post-Acute Care
Workflow automation is the future of work at home health and hospice agencies
Read more