A zero trust architecture for health information systems

BackgroundAdvances in technology have birthed a new dimension to managing patient healthcare data from a brick-and-mortar principle to a digitized phase, while this new paradigm is appraised for its simplicity and efficiency, a critical subject of concern is system vulnerability, with the prevalence of insider attack and recurrent data breaches in the healthcare sector, a more nuanced approach is required to close the insider vulnerability incidences. Although several models have been proposed such as blockchain, biometrics, and firewalls, insider threats continue to gain momentum. Hence the adoption of the Zero Trust Model seeks to pacify these loopholes.MethodsZero Trust model is founded on an access policy based on context and continuous user and device authentication and verification. To block lateral movement in system architecture, the ZTA proposes deduction engines as a panacea to patient data security.ResultsPrior and current studies have suggested a more technical principle and philosophy in managing and securing patient data, the ZTA has been adopted in other domains and has remained an effective countermeasure in closing the data vulnerability gap. Our model is designed with a full-scale ZTA framework and as such combats the information security gaps.ConclusionA new architecture for data security is proposed, and insight was drawn from the ZTA principle, with a combination of several technology tools, The adoption of this framework will help to mitigate the current lapses and provide a gateway to ZTA adoption.