Oktane19: Drive Digital Transformation in Traditional Industries with Okta

Ilir Lako: Hello, everyone. My name is Ilir Lako. I'm here to represent Dignity Health. For those of you who may not be familiar with Dignity Health, we are a healthcare system mostly based on the west coast. We are comprised of about 60,000 caregivers and staff, providing excellent care to diverse communities in 21 states in the country. And, as of the beginning of 2019, we are now part of CommonSpirit Health, with our merger with Catholic Health Initiatives, and that makes us one of the biggest not for profit healthcare systems in the country.

Ilir Lako: Today I want to talk a little bit about our digital transformations in healthcare and how Okta plays a role in it. But before we talk about healthcare, I kind of want to take a step back and talk about another traditional industry. So, banking. Raise your hand if you've, in the last ten years, gone to a bank branch to deposit a check, to, you know, do some transactions. Yep. Fair amount of you. And now raise your hand if any of you had to wait in line for any of those times in the last ten years. Yep. Now, raise your hands if any of you in the last three years haven't set foot in a bank. So as you can see, the banking industry has come a long way and has put the tools there to give us an experience that we can bank at our convenience, we can do things at our convenience without having to interact.

Ilir Lako: And as you saw yesterday from the presentation, like Ally Bank is a bank that doesn't even have any branches. So we think healthcare is very similar and has a long way to go. Now, let's think about your experience of going to a doctor's appointment. Well, the first thing you need to do is make an appointment. So usually you make that appointment ... if you're seeing a doctor and so it would be a follow up appointment or you'd have to call a doctor's office. Usually when you call them, they'll ask you for information about yourself, trying to verify who you are, the reason why you're calling. And then you kinda go back and forth maybe a couple times with dates and times that work for your schedule. And 10, 15 minutes later maybe, depending on if you're on hold, you have an appointment date.

Ilir Lako: Next thing is you need to get to the office. When you go to the office, if it's your regular doctor, you're probably familiar with the office, you have no problem going there, but if it's a new place or if it's an office in a large hospital, you have to navigate your way around. And sometimes, it takes a little more effort, people get lost. But let's say you successfully navigated that. You get to the doctor's office and you have to check in at the front desk. They take your information, they probably give you a pad to fill more forms about yourself with information that most of the time, you've probably given it to them in the past and you're wondering, "Why you asking me the same questions? Which you should already know who I am."

Ilir Lako: You kill some time filling out those forms and you're waiting in the waiting room, and if it's the end of the day, maybe they're running late. The wait gets longer. But these are all experiences that we are familiar with. And when you compare it to what the banking industry looked like in the past 10 years and how far along they've come, we think that there's a lot of improvement for doing the same in healthcare. So the big question is how do we provide the tools, and how do we build the products that our patients expect with a standard that they've come to expect from other industries, such as finance, travel ... and so we at Dignity Health did a lot of work on trying to map our patient journeys and understand our patient's and consumer's needs.

Ilir Lako: And, at Dignity Health, Office of Digital was created and its main purpose was to create an intensely, positively, and personalized patient experience. A digital experience. And if you walk through these chevrons, think about now the same experience we talked about doing in person, but doing it online. So you can go to our site, browse for the products, browse for the services and the doctors that we offer, and then once you've found a doctor that you like, you can search. You can search their schedule and you schedule an appointment with them online without having to call anyone. And now that you've scheduled that appointment, you have a central place, what we call My Home, where you can go in, view all your appointments, view data about you, view your profile. And after you've seen your doctor, you have your patient portal, where you can go and see your medical records, message your doctor, see lab results.

Ilir Lako: And then later on, maybe you need a quick interaction with your doctor but you don't wanna go to the office, you do Telehealth visit. So we've taken that same journey that you would have to do in person in every step and converted it into a digital journey. And we thought hard about it, what components we need to put and what building blocks we need to put in place to have that great experience for our users. But we all started somewhere, right? And if you're in healthcare, I'm sure your picture looks very similar. We all had ... Dignity Health is a large health system. I mean, we've grown by acquisitions and mergers, so we had many hospitals that had different EMR systems. And most of you remember when 2009, the American Recovery and Reinvestment Act required healthcare providers to attest to meaningful use of EMRs in order to maintain same levels of reimbursement from Medicaid and Medicare.

Ilir Lako: And at the same time, they also provided incentives if you attested or there were penalties if you didn't have all these things in place by 2015. So a lot of healthcare systems put in place their EHRs and along with that came patient portals, which most of the time were tether one to one with the area HR, and it worked great. People were attesting. But it wasn't the greatest patient experience. In our case, we had multiple patient portals and some of those were spread geographically because different areas had different systems. Some of them could be in the same region, whether you were in an ambulatory office or whether you were in the hospital. So that created, you know, an experience for our patients where you had multiple log ins across the products. And patients have to remember those. And it wasn't a great experience.

Ilir Lako: So the more products we started trying to offer to our patients, it became more obvious that we needed a platform to build on. We needed a modern and secure identity system which all our products would be built on. So we started this project, and the motto was one person, one login, one password. And the idea was that we would create a single entry point, with one password that would allow you to access our digital products. Another main piece was Dignity Health would own the identity. So, we would not rely on any other vendors. We were the keepers of identity for our patients. And we would ensure that Dignity Health would have a consistent brand experience across all our products, regardless of what vendor the product came from or what team built it together.

Ilir Lako: So we set together on this long journey to build a system together, and Okta was part of that process. So, we picked Okta as our Dignity Health's identity system, and our project went live in April of 2017. And now, that identity system powers My Home which allows people to search and schedule for appointments, view their profile, view their future appointments, provide Telehealth visits. Some of the features that you might be aware of and might be using in your solutions with Okta is universal directory, obviously. Single sign on into our products. API access management was another piece that we make big use of. And then, we had on our side, both OIDC and SAML integrations, so we kinda had a taste for both flavors.

Ilir Lako: We used custom email templates and custom email domains and that was one that we actually pushed hard and we were probably one of the early adopters for it, when it first came out. Currently, we support both cell service password resets and temporary passwords via our support agents. And we've also made use of the sign in page with custom URL domains, so that is all part of having that consistent experience for our users where everything they see is Dignity Health. But that wasn't, you know, always the case. So we still have a lot of work to do. The future is that everybody has one login across all our products and all our patient portals, all our other products. We're not there yet. We're a good ways in our journey, but we're not quite there yet.

Ilir Lako: The next big piece that we're gonna do and we're actually about to go live in a couple of months is uplifting the identity from our patient portals, which is My Care. Cerner is our vendor for our EMR and patient portals. And currently, those patient portals, the identity lives with Cerner. So we're uplifting that, switching over to our identity platform. And that's been a big undertaking that it's been really great experience in collaborating between our teams, the Cerner teams, the Okta team to come up with a solution that it's not only safe and secure but also elegant and the least disruptive for our patients. Because we have patients who are coming in and just signing up for their accounts, but then we have also large number of patients who will need to be migrated from the one identity system to the other.

Ilir Lako: And, this is kind of like a very high level diagram of what we do. So we have our identity cloud in Okta, we have our cloud with all our, you know, API services and CMS. And then Cerner on the other side has opened up their APIs for us to collaborate, and the result is a unified experience across My Home and My Care. We have both versions of web ... desktop version of the apps, and also native mobile apps in both Android and IOS. So when you look at this, some of you might say, "I have patient portals. Everything works fine. Why am I doing this? Why should I take this effort and go through these steps?"

Ilir Lako: And initially, if you just have a patient porta, that's probably great. But the moment you start offering different products that go across different vendors and you need that unified identity, that's when this solution makes it all come together. So, what we've seen is that ... what we've put together ... it benefits our patients, because now they have a simplified access to digital services. They're better engaged in health and health care, because their whole experience is easier. They can do everything online. They can book their appointment, they can talk, message their doctor. It makes it easier. They can do it at their convenience. And it's better and it's more personalized. We know more about our patients, so we can track their journeys and offer them services that are personalized to them.

Ilir Lako: And from the healthcare systems' perspective, we know so much more about our patients now because we can have deeper insights. We can track this whole journey from them coming in our sight the first time, create an account, schedule an appointment, and all the way to having the patient portal, interacting with their doctors, having follow up appointments, and we can better understand our conversion and non conversion points, so we can tailor our products to make improvements there.

Ilir Lako: Another big one for us is reduced support calls. In the past, a lot of times people would call and say, "My password ... my username and password isn't working." And sometimes, they'd put in username and password for one portal, and they'd put it in the other. And sometimes people couldn't keep them straight or they said, "Why do I need to create another account?" There's a lot of confusion. Like, "How many accounts do I need with you guys?" And we've all been there. Sometimes, you get frustrated and you say, "I'm done with this, you know? This is no good."

Ilir Lako: So in reducing support calls, we have high user satisfaction. And the support calls also come with a financial price to it, so that helps the health system as well. And many of you might look at it and say, "Is this a journey we wanna embark on?" We're well on our journey, and we're looking forward to kinda getting further into it, and getting into that future state where everything is powered by the same identity system. It hasn't been the easiest journey, I mean there's a lot of work that went into it. A lot of collaboration between the different teams involved. And a lot of times, we've asked the questions that sometimes aren't answered yet. And we've pushed all our partners at times, but it's been a very rewarding experience for us, and the feedback we've got from our patients has been positive.

Ilir Lako: Thank you.

Speaker 2: Okay, thanks Ilir. So, Dignity Health story. Again, this is healthcare in general and industries that are making significant change, and it's more than just about the product, but everything that our customers do internally to fight that battle and make meaningful change. And that's actually one of the reasons Dignity won our evangelist award this year at Octane, so just wanted to ... major congratulations to Dignity for that.

Speaker 2: Okay. So our next speaker, Sasha Kaltsios, had a digital transformation at Hanover Research. And, you know, when it comes to companies that have a significant global presence, 38 offices around the world, it's a lot to get them to all be aligned and buy in to making change and adopting the solutions that we are trying to make it easier and more secure for their end user. So this a little bit of the story you're gonna hear from Sasha.

Sasha Kaltsios: Thank you. Yeah. Hi, my name is Sasha Kaltsios. I'm going to tell you today a little bit about our story, when we started with Okta three years ago with our idea of building an OS indication framework to drive our digital transformation and to make our customer and all our employees more successful. But first things first, I want to tell you some facts about Hanover Re. So, we were funded in 1966, and we have approximately 3300 or 3500 employees worldwide, so we are operating in a lot of countries and we have offices in 38 ... 38 offices all over the globe. So ... but for those of you who don't know what Re insurance is about, that is the insurance for the first insurers.

Sasha Kaltsios: So to say that it is a second level of insurance. So what we mainly do, we spread individual risk all over the globe to make sure that they are not having major losses to first insurers and something like that. So, actually when we started with Okta, we were looking forward to what I mentioned, to having an OS indication framework. So, in standard to do our cloud authentications in the future. So, as we had had years before with our pyramid and all that, we were looking forward to have an adoption plan and a standard to do that in the future.

Sasha Kaltsios: So, we also want to aim for and wanted to aim for our first integrations and we ... from the beginning, we wanted to have every user was a multi-factor enrolled. They are to security's access to our systems in future from outside of the pyramid. And so as we had before, we want to have the single sign on and mobile access to our solutions. So mobile access is gonna grow at Hanover Re a lot and so we want to have these easiness to access what we know from private use, also in our business. Yeah?

Sasha Kaltsios: So we also wanna have secure access for our externals. So we are heavily collaborating with them all over the globe, and we want to have them to have easy access to our systems. Yeah, Okta's helped us there a lot, and I can tell you right now we achieved all of that until right now. And the next thing here is these API access management, which we are going to look out to reach a similar experience even to our customers, like Ilir mentioned. But in the beginning, we were facing some challenges, like re insurance is a traditional business and it was, yeah, challenging sometimes to bring of the idea of a cloud and OS indication framework onto our company. And to tell everybody, "Hey, in future we'll get access from outside the pyramid and it would be easy from your mobile and so on." It was a not super likely here from everybody, somebody have concerns and so on, but actually, we made good forward steps there.

Sasha Kaltsios: And here's some numbers, some informations about insurance companies and re insurance especially, so when we were facing ... like we have people who stay 15 years with our company and our job. That is a very great amount, and we love it. But it comes also with a price, as they have systems and tools useful for over 15 years. They are not so likely to shift to new ones, yeah? And some kinds of ... yeah, they present questions. "Why are we have to use new tools? And what are they for?" And so on, yeah. And, we are heavily regulated business and we have approximately over 40 audits every year with what IT have to deal with every day, so therefore again, having these standards and this framework was very easy for us to then go through all of the audits, yeah?

Sasha Kaltsios: And mainly, we are risk management company. So we are well known what risks all about. And unfortunately, when IT introduces new risks and new tools and new technologies coming with risks, often, they ... IT is not bringing any money with that, yeah? So that is just the risk and tools, what IT brings, but yeah, no premium, actually. Yeah.

Sasha Kaltsios: So, yeah, actually you will see some risk here, and I promise you, you have all seen that on your own business, yeah? Like on ramp up phases for projects and something. It is like years ago, we were starting project, onboarding and so on and so on. And we have software updates that keep us busy every day, and they are coming faster and faster, and it is hard to do that on ramp today, yeah? And prioritization, no doubt about that. Lack of resources. We all know that, yeah? So Okta helped us there very much with our constant forward moves, with that, so that infrastructure is so easy to manage for us that it really helps us in these operative challenges, yeah?

Sasha Kaltsios: And, the other word, security and compliance challenges all the time, yeah, when we started with Okta, it was pretty close to the announcement of there's a new GDPR coming, maybe in a half year, and yeah that will need you to treat systems different and actually, people were looking at the systems right now and seeing, "Oh, they are not GDPR compliant." Something like that, yeah? And yeah we were pretty sure that they will be when it comes to the point GDPR is gonna be real and gonna be established. And yeah, again, a lot of vendors and especially Okta did their good job to being GDPR ready from the first day, yeah? That was very good thing to us.

Sasha Kaltsios: And there were also some general IT challenges, like, you know, aging technology. Something with you have to treat with care, because we have a long story, a long business, and some technical depths there which we need to care about, and this technology is coming into an evolution and to a change, and yeah that is challenging for us, and we need some time and to spend efforts to overcome that challenges.

Sasha Kaltsios: And another one he mentioned is poor technology adoption. Yeah? People are seeing new tools and they are not often starting from the very day, very first day, to use them, yeah? So take time to let them grow and get everybody get comfortable with the tools and work with them. And so, sometimes, if ... it's just hard to step into that technology, they will let it down and they will use the tools they have used for the last years, yeah?

Sasha Kaltsios: So I can tell you can be busy with all the challenges, all the day, and we are often in that situation, but in that project, we were looking into the hill which was in front of us, we were asking ourselves, "What is there important? So is there a list we can write down? What is most important? What is second, what is third? And how would we treat them?" And so on. And luckily, we came to a good solution for us, and I'm pretty sure it could be also something for you. There is one thing we figured out that is really, really, really important, and that is focusing on your business partner, yeah? That helped us a lot to solve these issues and to overcome these challenges. Because the challenges are still there, but your business partner and when we spoke with them a lot of times, we figured out that they have a serious need to do or go with new tools and to solve their business issues.

Sasha Kaltsios: And with that in mind and with that in focus, there was a solution for everything what we were seeing, what was challenging us in the day to day business, yeah? And that was really important for us, but we didn't have been there from the first day, yeah, so it was pretty new for us from IT to speak with the business in that way and being that earlier in contact with the business and ask them a lot about their needs because we need to know that to build solutions to all the challenges. Yeah.

Sasha Kaltsios: Actually, and how did we achieve that? We started with workshops with our business partners, pretty classic way, but it was kind of new with IT, yeah, to speak with everybody not only about a tool to implement, but about the issues and the reasons and so on, why our business need to move forward, and what are their challenges they want to overcome and we want to help with that. Yeah? And we engaged a strong partnership with them, and we did one on one sessions, we learned from our business and we trained them in IT and so we rendered a good partnerships. We both have digital mind teams to work with the business and sometimes, they are invited even from the business parties to come to their meetings and get close with them. Yeah? That was really a game changer for us, yeah? We foster that close alignment with our business peers in IT and with our business peers and all over the globe right now and we feel also it is a good idea and it was helping us to include especially this international point of view, this international thinking into what we from IT are doing together with the business.

Sasha Kaltsios: So as we are all mainly located in Germany with our headquarters, yeah, we have some kind of a view to our IT landscape and so on, but there are so many different point of views from our international teams that it was very, very valuable even in that process to come with them together. Yeah. And, yeah, there's one last thing I can give you and I can tell you what is absolutely essential is when you start that race and when you start that run and you have to overcome these hurdles all the time, then it will happen that you hit one and that you punch that down, yeah, but don't stop yeah? And don't build that hurdles on your own. You're in IT, you should solve solutions, you should help the business and you should not stop and say, "Yeah, that's nice but you can put them up". But you should not do that. You should help the business going forward here. Yeah. Thank you.

Speaker 2: Perfect. So we have some time for a Q and A. And I thought I would just open up to the audience if there's anyone who's either on the beginning of a journey for a digital transformation or if you have any particular questions on how these speakers went to addressing this within their organizations, feel free to ask questions.

Speaker 4: I have a question for Sasha.

Speaker 2: Okay.

Speaker 4: I saw you-

Speaker 5: Hey! Just ... I'm gonna run the mic to you. We're recording, so we gotta make sure we get your question.

Speaker 2: Do we need it? Okay.

Speaker 4: Sasha, you mentioned in your slide 100% MFA, right?

Sasha Kaltsios: Yeah, right.

Speaker 4: How do you handle non user accounts? Service accounts, shared accounts, any of that type of thing? We have encountered certain applications struggle when you're making an API call or you're using an authentication key to ... from an application and it requires an MFA input. How do you guys address that?

Sasha Kaltsios: Yeah. Actually we are in beginning to do that story. Luckily we had our pyramid is still there, and we can keep that non user account inside of our environment and there are measurements to verify that account regularly, but we started with that idea to have even multi-factor for that account, and we are in speech with Okta right now to how we gonna absolve that issue in particular for our systems. But it is a challenging thing, because when it comes to multi-factor users, the system is a user. And on the other side, you have so many different systems and the abilities to have a more secure access from the systems to others, they are various, yeah? And there is no one single solution for it.

Speaker 6: Hi. Can you talk about your use cases for API access management?

Speaker 2: Sure. Ilir, I think this would actually be a good one ... well, to give us some context, it might be helpful to learn a little bit more of what you are ... you know, what's your role and what you're trying to do. Are you actively looking at that right now?

Speaker 6: So we have Okta, we have it for our work force, and we just deployed it to our customer base, and we're trying to get a good understanding of where we would use the API access management.

Speaker 2: Okay. Got it.

Ilir Lako: Sure. I can answer that from a healthcare perspective. So we build our APIs, and we have different levels of users. So we have users who have just created an account, we call them level two users. We have users who are proofed, patient proofed. We know for sure they're our patients that have been seen. And different levels of users can do different things in our systems, so we use API management to control our API end points that ... a lot of API points will take tokens and based on what level you are and what permissions you have, you can either call certain API end points or you can be stopped right there. And we also have some end points that are open for public, so that's one of the ways we use API management to control access level.

Speaker 7: Hi, this question is for Sasha. A bit of a classic one. You've been now an Okta customer for three years.

Sasha Kaltsios: Yeah.

Speaker 7: Looking back, is there anything you would have done differently to make it even better than it ended up being?

Sasha Kaltsios: Yeah, actually, there is something. So even due to the fact we were adopting Okta in the beginning for our mobile devices and for our authentication story, we had some issues when we tried to run both in the same speed. And that was actually not the fact, the identity thing was so fast, we could start with them so super, super fast, but then it comes to the mobile thing. We had a former solution which we need to get rid of, and that was different speed. Actually, if you have mobile devices all over the globe and you need to change the management of that, that took you time.

Sasha Kaltsios: And in the beginning, we tried to do both in the super, super high speed, and we were like, "Yeah, that is not gonna go in when it comes to this hard way to all these technology stuff that is aging, yeah." So I would trade that in the beginning, more in deep, and I would look at what speed could you run what. Yeah. So for example, perhaps these adoption of multi-factor in the beginning, and we were like, "We have the enrollment with the first touch doctor." Yeah, there is immediately an enrollment and that is maybe hard for somebody to overcome, but there is something you wanna access, yeah? There is something people wanna get access from outside of the business and say, like, "Yeah, I wanna get there!" And that was a big forward push, but yeah. We should have treated that in different speeds, yeah.

Speaker 8: That 100% MFA has got me intrigued because corporate devices, bring your own devices, the IOS, the ... so we have corporate iPhones, iPads, but you're gonna put that ... you'll verify on one of those devices. Did you supply your users with devices? Or did you enforce their use of their own personal devices?

Sasha Kaltsios: Yeah. That is a good question, and I am looking a little bit to my colleague here from GSI, because they're yelling at us and saying, "Hey, could you help bring your own devices?" And mainly in the European environment and there is not that common use of bring your own devices or use your own devices. So therefore, we only have company mobile devices right now, but when it comes to MFA, we allow the people to use whatever they want, so we have this Okta verify, we have SMS authentication, and we have phone call systems, so for people who don't have even a mobile device or even don't have a smart phone, yeah? So they're gonna use this phone call.

Speaker 9: I have a question for Ilir.

Ilir Lako: Okay.

Speaker 9: I'm wondering how you're thinking about the patient migration process when you're going from Cerner identity to the migration from Okta. Both how you're thinking about balancing usability and security. So are you implementing things like MFA? And also about like ... communicating the concept of that single credential to patients in a way they understand?

Ilir Lako: Yeah. That's a great question because the migration and how we build that flow is something that we kinda went back and forth a couple of times and have different versions of it. The biggest ... and like you said, it's a balancing act between providing a secure solution and making the user not jump through too many hurdles because then they'll get confused and they'll end up even creating more calls to our support.

Ilir Lako: The way we went about it is we wanted to be kinda ... as hands off and seamless as we could, so what we did is we put them through a flow where they use their existing credentials to verify themselves with the current IDP, and then once they're logged in, they get passed to our migration flow, where at that point, we know exactly who they are. We can take their data, create their, you know, new account and let them set up everything, but otherwise ... another thing that we were going back and forth was, you know, do you send them an email invitation with a code and what if that gets lost?

Ilir Lako: So this way was they use what they already know, what they already have, and the fact that they authenticate against their current IDP, it just makes it that much ... makes it easy for them, makes it secure for us, we trust Cerner to do that part and then pass them over to us in an authenticated state, and that's how it works. And then to your point of how do you tell people and not create confusion about, "Hey, what's going on?" We have email campaigns that once this switch is done will go out to customers and tell about what's happening, the identity switch, and the benefits that come with it. And also, if they're not getting that email or they're not seeing it and they got into the site ...

Ilir Lako: Like if they wanted to go in and see their portal before they even got their email, you'll walk them right through. It's kind of, you know, a three step wizard type of approach that nobody at any point should be stuck wondering, "I got here, now what?"

Speaker 2: All right, I think that's about all the time we have for questions. So thank you to the speakers. Thank you for attending this session. Each of you should have a survey card on or near your seat, along with some pens. Please feel free to complete that and let us know your thoughts about the track and the session. Thank you.