Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

SailPoint: VerityStream Integration for Healthcare Provider Management

Sailpoint
07/03/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


I'm Neil Coy, Vice President of Global Delivery Services at SailPoint. In this series, we discuss identity security cloud product extensions, tools and processes that leverage the Atlas platform. We deep dive into our clients' security goals with an aim to defend against today's identity-centric threats. With that, welcome and enjoy. Today, I'm joined by Hardik Modi, Senior Director of Identity Management at IDM Works, and Chad Hoffart, Information Security Architect at Nebraska Methodist Health System. Welcome, Hardik and Chad. Thanks for making the time today. Thank you. Yeah, thanks, Neil. Absolutely. So before we jump into the discussion, I want to take a second to provide some context and background for our audience. Chad, can you start by explaining the challenge Methodist Health System was facing and how you were approaching it? Yeah, we're relatively, what I'll call, I guess, new in our journey with SailPoint. We went live late 22, early 23, and not long after go live, the health system determined that we wanted to replace one of our authoritative sources, which being so young in our journey was a bit startling. So obviously, we wanted to lean on our implementation partner. They were familiar with us, IDM Works and Hardik. So we reached out to them immediately to kind of help us kind of think through that challenge, how that would work doing a rip and replace of one of our authoritative sources. So the way we kind of initially approached it was not only reaching out to them, but using the SailPoint resources such as the health care users group, reaching out to others within that user group. And then we quickly realized that we weren't alone in kind of the challenge we were facing. There was others kind of asking about this VerityStream credentialing system and how are others tackling this? And at that point, it made sense to me to see whether SailPoint was open. I know there was no out-of-the-box connector when I looked. Was SailPoint working on this? When I reached out to SailPoint, they indicated that, yes, they would like to pursue this. I think they have some challenges connecting with the right resources at HealthStream. Who is the vendor for VerityStream? So at that point, we kind of played matchmaker. We set up a call. Hardik was on that call, our contacts from HealthStream, and then we got in touch with the right resources at SailPoint and made those introductions. And I guess the rest is kind of history from there. That's fantastic. Thanks, Chad. Hardik, anything you want to throw in there before I pop into kind of the first big topic? No, I guess what Chad mentioned, like, of course, there was some traditional provider system, again, with that cloud-first mindset, right? The move is pretty much from the echo to VerityStream, to at least have the more visibility around how Methodist health system visualize the data, right? Visualize visibility into the speciality codes, right? Whether the providers into the radiology or the pathology or even the gastroenterology, right? And then, of course, facility codes, because Methodist health system consists of three hospitals and then countless facilities that they support on their day in, day out, right? So at least the visibility on those arena was very important. And that was primary reason that the integration with the VerityStream was very much important. Thanks, Hardik. Well, let's dive a little deeper. So Hardik is one of SailPoint's delivery admiral partners. You built tools to address unique customer problems across hundreds of clients. Can you talk about how you leverage your experience integrating with the VerityStream system for other customers and how that helped inform the build of this new out-of-the-box connector working alongside the SailPoint product team? From our previous integration experience with VerityStream, we have learned some key lessons that have been important in shaping our approach. Firstly, I guess the complex data mappings. VerityStream's data structure required mappings to ensure accurate synchronizations with the downstream systems. Our experience enabled us to develop those advanced mappings, particularly around multi-value attributes through the API call set, because again, there are same providers working into the multiple facilities, right? Maybe the same provider may be inactive into one of the facility calls, right? So we want to make sure that we do have those precision on how we ingest the data and then how we pass through the downstream system, right? So that past experience was very important. Secondly, the understanding of the applications, right? I guess for me, that was super important, very crucial. VerityStream's API are pretty much highly interconnected and that requires those iterative API calls with the complex filtration criteria to extract specific values. And again, this understanding of those API structure was essential in implementing those workflows effectively, because again, within the healthcare industry, you would have those standard multi-persona use cases where you would have that employee provider versus the non-employee providers, visiting providers, right? So we want to essentially make sure that our understanding allows us to correctly interpret and then map those data points. And then the third aspect of this integration was data sensitivity and compliance, right? We understand how critical it is to manage those data that is flowing between the various systems. And then again, you need to keep in mind those healthcare regulatory frameworks, whether it's a HIPAA, PHI or HITECH. Our team assisted in defining those use cases, requirements, designs, such a way that it meets that sale point best practices around the implementations. But at the same time, it handles with the patient care with quick onboarding of those providers. We have also shared the most pressing attributes and API details with the sale point product team. That would eventually help sale point product team to build this out-of-the-box integrations. And then that could be helpful to the larger ecosystem, right? I guess that would be that main goal. One of the biggest challenge that we faced as part of this integrations was handling those large volume of data without degrading those performance, right? So we tackled this challenge by optimizing API calls, countless call with the VerityStream team, and then implementing our logic around paginations. And then, of course, to manage those data efficiently. Once this integrations was available between the VerityStream and then sale point, I guess we were able to see those positive outcomes, right? The biggest thing for me was, of course, time to value, because provider onboarding time was pretty much significantly reduced. Providers who are focused on those mission-critical patient care were onboarded faster and more seamlessly, granting them those quicker access to the clinical applications and enabling them to support patient care more effectively. I guess that's the biggest for me. Of course, number two for me was a cost savings, right? That's another positive outcome. With automation in place around those lifecycle events, workflows, hospitals such as Methodist Health Systems, right? Those benefited from those reduced, I would say, that administrative cost, and the savings pretty much allowed resources to be reallocated to the other initiatives. And then, essentially, this will, once you set something into that autopilot mode, I guess it will ultimately lower those incident calls. Next, from my eyes, compliance, and then, of course, audit passing rate, right? Because, again, with those reduced manual intervention in lifecycle events, like the passing of those audit controls, whether it's an external or internal, I guess the likelihood would be those increased. And then make sure that Methodist Health System essentially falls with those compliance requirements. And then last but not the least, I would say that better security posture. I guess that's the key thing, right? Especially into that healthcare industry where, again, providers working to the multiple hospitals, multiple clinics. The only thing I would say is it's never as simple as you think it's going to be. I think there's a jellyfish analogy that IDM Works uses where they show the top-down look at a jellyfish. And then when you turn it on its side, you get to see all the tentacles. And that's really what these projects are. So relying on someone with that experience, I think, is critical when it's one of your foundational authoritative sources. No doubt. First of all, I'm going to steal that jellyfish analogy, Hardik. I love it. So just to dive into the cost savings for a second. You know, when we first start talking to prospective clients, we bring in business value assessment that talks to cost savings, you know, at a very high level. But it's nice every now and then to think about where we can get cost savings during the project, right? Hey, we can go in and implement this change, and this is kind of the cost savings outcome. Is there anything you can throw in there from a cost savings specifics around VerityStream that we were like, hey, this one aspect really allowed us to tune and tweak what we do and save some time? So personally, I don't think we're quite there yet. But what we're doing is building the foundation. So we didn't want to just take what we have in the current system and replicate it. What we tried to do is enhance that and pull the information that will lead to that cost savings that you're referencing. So we were kind of just getting out of the blocks when this decision was made. So we kind of had to pump the brakes and tear out part of that foundation and replace it. And so now the project that we have in place right now is going to set us up to realize that by pulling the right attributes so we can streamline those things like provisioning access to our EMR and downstream system. So I think that's where we'll really realize that cost savings with provider onboarding and offboarding as well. Sure. Thanks, Chad. So Hardik, I'm going to head back over to you and talk a little tech. So you kind of touched on it once or twice in terms of maybe some of the APIs and other things, but what technologies and frameworks serve as the foundation for the new VerityStream connector? And then how does that help address identity related challenges in the overall health care industry? Correct. OK. So again, to build these integrations, we have used, of course, SailPoint's Atlas platform, which is on identity security cloud, and then to consume this VerityStream data. We have used those RESTful endpoints to have those bidirectional communications between the Atlas platform and VerityStream. For the authentications we have used, Verity has something called Verity Auth for that authentication mechanism. And then for the authorizations, we have leveraged those JSON web tokens. Like this is a pretty much industry standard around how you authenticate and authorize to pull the data and at least provision some of those activities. So again, by aggregating those data into the SailPoint platform, we have again, definitely, absolutely followed those regulatory framework as well as other internal audit control just to make sure that we pull the data on a need to know basis. But once we have these integrations available, we are able to address some of the biggest challenges in the health care industry. For me, I guess the biggest one would be that lack of visibility into the providers or any other populations into the health care vertical altogether. So visibility is the key. That's a period. And again, with these integrations, Chad and team have a full visibility of all the providers that are serving Methodist health system. And then again, with having that visibility into the provider information, SailPoint provided that secure experience while accessing the patient data by ensuring that right providers can access those sensitive data, thus mitigating those risk of breaches or even unauthorized access. With all of this control in the place, Chad and team essentially setting up, as Chad mentioned, like setting up those strong foundations to essentially implement that certification process or even that access request right down the line to comply with those HIPAA and PHI regulatory framework. Sure. So since you talk a little bit about integration there, how easy is it to lift and shift this solution from Methodist over to the next hospital system? From the lift and shift perspective, I would say that the integration is a fairly straightforward, right? Bearing, I would say that some of the challenges that are addressed during the use case built up and then design sessions, right? How the data mapping is done, and this is where partners like IDM Works can help, right? Where we take the experience we have in the past using our standard methodology of deployments around data gathering, addressing the processes, how data is going to flow from one system to another system, right? Because, again, let's be honest, like each hospitals are different on how they operate. Again, similar concept applies to some of the clinical applications, right? And this is where we see one of the challenges, right, around the data mapping, as it could have the different data schemas, formats, attributes across the platform, right? But during these workshops, we map out those transformations requirements and normalize the data between the systems. And again, as we build these integrations, another common challenge that we have seen within the provider community is lack of adoption of technology, right? And this is where we use our experience to work with organizational change management for the wider adoption, because this is the area I would say that often overlooked, right? And that causes that lack of adoption, right? I do have a technology in place, but no one is using it, right? People, providers still calling the help desk, right? So we wanted to avoid this one. So this is where we work with organizational change management communication team to provide the training to the user populations, provider populations, help desk. So transition from those manual workflows to the automated workflows are as seamless as possible. As you build some of these integrations, my recommendations would be have that early engagement of that stakeholders. Of course, my second one would be start with the clear scope and then outcomes, right? I guess the definition of that objectives would be super helpful. Begin with the small scale pilot, maybe start with the one or two facilities before launching hospital wide, right? So that way, if there are any potential issues that pops up, I guess this will give us enough time to fix it, resolve it, and then move on. That's super helpful, Hardik. So Chad, just kind of deep diving into one of the points where Hardik meant, what was your rollout process like? Did you guys go hospital wide? Did you go smaller? What did that look like from your user perspective? You know, maybe throw in a little change management details as well. I'm sure a lot of folks would love to hear about that. So our go live was more, I guess, behind the scenes from a provisioning perspective. Our project was, I guess, a sub project of the ERP implementation that we were in the middle of. So that provisioning piece was mostly like for like from our old system that we were replacing. So it was mostly invisible to the end user. However, we did implement the self-service password reset functionality as part of our implementation. And so we partnered with our marketing team to get that communication out. And obviously, for each population and each, I guess I'll call it profile or authoritative source, we targeted our communication to those groups. So students, providers and employees. So it's keeping the audience in mind as you address each group, I'd say. I like it, Chad. Thanks. So sticking with you, Chad, we're going to swing over to regulatory requirements for a second. So how does VerityStream Connectivity cater to kind of the regulatory requirements within the health care industry? So I think it really circles back to HIPAA and making sure that the right people have the right access to your EMR, really, or PHI in general. And the way we do that is by connecting to VerityStream for providers to make sure that their lifecycle state is correct within SailPoint. If we have an applicant in the system, we obviously don't want to give them full access to our EMR. So that's reflected in our in our processes. And it's just it's really that basic and expanding from there. So beyond is their lifecycle state correct? Do they have access to the right data for the organizations that they're active in within the health system? So that's I would just say at a high level, that's how it would help us from a regulatory perspective. Thanks, Chad. Hardik, anything you throw in there? I would add that in addition to this compliance, I guess the configurable workflows with this integration. Right. So using that SailPoint Atlas platform that are specifically designed for those health care operations. This pretty much workflows, streamlines those processes like the provider onboarding, offboarding, credentialing, pretty much reducing those administrative burdens and enhancing the accuracy and speed of those essential functions. And again, this is our foundations. Right. So down the line, it paves the way for building that robust role based access control, whether you are working into the emergency or working to the clinic. Right. Because we do have that multiple facility codes, specialty codes, organizations. So down the line, we are looking to have that full role based access control model so that we move more towards that list of privilege principle basis. And again, this integration that we have developed is highly customizable to cater the needs for those different health care organizations. Right. Whether you are a large hospital network like Methodist Health System or a smaller medical practice. I guess that flexibility ensures that that integration can adapt the unique regulatory landscape and then operational requirements of that various health care providers, whether you are an employee provider or the non-employee providers. Well, I can tell you it's always stressful when you have to replace an authoritative source and sounds like you guys did this one by the book and absolutely knocked it out of the park. So congratulations on both sides. Look, guys, this has been a great conversation. Thank you again, Hardik and Chad for sharing your experiences. I hope this has been insightful for those watching. Thank you and have a great day. You.

TL;DR

  • Nebraska Methodist Health System successfully replaced a core authoritative source mid-implementation by migrating from a legacy provider system to VerityStream, working with IDMWORKS to build a custom SailPoint connector that became an out-of-the-box solution.
  • The integration leverages SailPoint's Atlas platform with RESTful APIs, Verity Auth authentication, and JSON web tokens to provide complete visibility into provider populations across three hospitals and multiple facilities while maintaining HIPAA compliance.
  • IDMWORKS applied lessons from previous VerityStream integrations to handle complex data mappings for multi-value attributes, optimize API performance with pagination, and implement workflows for both employee and non-employee provider personas.
  • The solution enables automated provider lifecycle management, reduces administrative costs, improves audit passing rates, and establishes a foundation for role-based access control and least privilege principles in clinical application access.
  • Methodist facilitated collaboration between SailPoint's product team and HealthStream to develop a standardized connector, demonstrating how customer-driven partnerships can create reusable solutions for the broader healthcare identity management community.

Replacing an Authoritative Source Mid-Journey

Nebraska Methodist Health System faced a significant challenge early in their SailPoint implementation when they needed to replace a core authoritative source for provider data. Having gone live in late 2022/early 2023, the health system decided to migrate from a legacy provider credentialing system to VerityStream, a cloud-based solution offering enhanced visibility into specialty codes, facility assignments, and provider credentials across three hospitals and numerous facilities. This transition required careful planning to avoid disrupting provider onboarding and access to clinical applications while maintaining HIPAA compliance and audit controls throughout the migration.

Building a Custom Connector Through Partnership

When Methodist discovered no out-of-the-box SailPoint connector existed for VerityStream, they leveraged the healthcare users group to identify others facing similar challenges. Working with implementation partner IDMWORKS, Methodist facilitated introductions between SailPoint's product team and HealthStream (VerityStream's vendor) to develop a standardized integration. IDMWORKS brought critical experience from previous VerityStream integrations, including expertise in complex data mappings for multi-value attributes, understanding VerityStream's interconnected API structure requiring iterative calls with filtration criteria, and implementing workflows that handle both employee and non-employee provider personas while maintaining data sensitivity and regulatory compliance.

Technical Architecture and Healthcare-Specific Considerations

The integration leverages SailPoint's Atlas platform with RESTful endpoints for bidirectional communication, using VerityStream's Verity Auth authentication mechanism and JSON web tokens for authorization. The solution addresses healthcare-specific challenges including lack of visibility into provider populations, secure access to patient data, and compliance with HIPAA and PHI regulatory frameworks. Key technical considerations included optimizing API calls and implementing pagination logic to handle large data volumes without performance degradation, mapping complex data schemas across different clinical applications, and establishing configurable workflows for provider lifecycle events including onboarding, offboarding, and credentialing processes.

Implementation Strategy and Change Management

Methodist's rollout focused on building a strong foundation rather than simply replicating existing processes. The implementation ran as a sub-project within a larger ERP deployment, with provisioning changes largely invisible to end users. The team partnered with marketing to communicate self-service password reset functionality to distinct populations—students, providers, and employees—with targeted messaging for each group. IDMWORKS recommended starting with clear scope definition, beginning with small-scale pilots at one or two facilities before hospital-wide launch, and engaging organizational change management teams early to drive adoption and prevent providers from reverting to manual help desk calls despite available automation.

Chapters

0:00 - Introduction to Built on SailPoint Series
0:52 - Methodist's Challenge: Replacing an Authoritative Source
3:22 - Why VerityStream Integration Was Critical
4:49 - Lessons from Previous VerityStream Integrations
8:19 - Positive Outcomes: Time to Value and Cost Savings
10:49 - Cost Savings and Foundation Building
12:35 - Technical Architecture and Frameworks
15:13 - Lift and Shift: Reusability Across Healthcare Organizations
18:14 - Rollout Process and Change Management
19:39 - Regulatory Compliance and HIPAA Requirements
22:29 - Closing Remarks

Key Quotes

2:24 "There was others kind of asking about this VerityStream credentialing system and how are others tackling this? ..."
3:02 "We set up a call. Hardik was on that call, our contacts from HealthStream, and then we got in touch with the right resources at SailPoint and made those introductions."
8:33 "Provider onboarding time was pretty much significantly reduced. Providers who are focused on those mission-critical patient care were onboarded faster and more seamlessly."
10:20 "It's never as simple as you think it's going to be. I think there's a jellyfish analogy that IDM Works uses where they show the top-down look at a jellyfish. And then when you turn it on its side, you get to see all the tentacles."
14:20 "Visibility is the key. That's a period. And again, with these integrations, Chad and team have a full visibility of all the providers that are serving Methodist health system."
20:13 "If we have an applicant in the system, we obviously don't want to give them full access to our EMR. So that's reflected in our processes."

FAQ

Why did Nebraska Methodist Health System need to replace their provider authoritative source so soon after going live with SailPoint?

Methodist decided to migrate from a legacy provider credentialing system to VerityStream, a cloud-based solution that offers enhanced visibility into specialty codes, facility assignments, and provider credentials. This cloud-first approach better aligned with their strategic goals despite the timing challenge of replacing a foundational authoritative source early in their identity security journey.

How does the VerityStream integration help healthcare organizations maintain HIPAA compliance?

The integration ensures that only authorized providers with correct lifecycle states can access electronic medical records and protected health information. It prevents applicants or inactive providers from gaining EMR access, enforces organization-specific access boundaries, and establishes audit trails for certification processes. The solution aggregates data on a need-to-know basis following regulatory frameworks including HIPAA, PHI, and HITECH requirements.

What makes the VerityStream connector reusable across different healthcare organizations?

The connector is highly customizable to accommodate varying healthcare operational models, whether large hospital networks or smaller medical practices. While the core integration is standardized, IDMWORKS works through data gathering and design sessions to map unique data schemas, address organization-specific processes, and normalize data between systems. The solution adapts to different regulatory landscapes and handles both employee and non-employee provider populations.


Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Healthcare
  • Technical Deep Dive
  • Customer Story
  • Compliance & Governance
  • Healthcare Identity Management
  • Provider Credentialing Systems
  • SailPoint Atlas Platform
  • Custom Connector Development
  • HIPAA Compliance
  • API Integration Architecture
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: SailPoint: VerityStream Integration for Healthcare Provider Management

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version