Blog Listing

The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance. Here are a few stats to briefly call out...…

The merger between RxHub and SureScripts has garnered extensive coverage - here,here and here, among others. This is a huge step forward for standardizing on, and speeding the adoption of, electronic prescriptions. It is significant progress, and the latest of many advancements the healthcare sector is driving forward. There is one area of the electronic prescriptions story though that is missing from all of the stories around the RxHub/SureScripts merger, though it's an important piece of the equation - authenticating that the prescription drug order is legitimate, and truly from an approved physician. Electronic transactions are easier and quicker, sure, but so is the potential for misuse and fraud.…

The Digital Healthcare Conference 2010 occurred last week in Madison, WI, under the theme of “Healthcare IT in transition.” Imprivata Chief Medical Officer Dr. Barry P. Chaiken served as the conference chair for this event, which boasted an impressive agenda that kicked off with KLAS Founder and Chairman Kent Gale exploring the obstacles to physician adoption of electronic medical records (EMRs). Gale’s “Top Ten” list highlighted common things that stand in the way of EMR adoption, and the takeaway from the entire session aimed to get attendees to see how establishing transparent workflow can lead to physicians truly embracing EMRs.…

The HIMSS Virtual Conference occurred this week, covering myriad of topics ranging from Electronic Health Records (EHRs), impact of the HITECH Act, workflow optimization as well as privacy and security in the cloud for healthcare systems. One presentation that readers of this blog may find useful was that from Box Butte General Hospital on Nov. 4 at 9:00am CT (you can register on the site for access; HIMSS members can already access it online). Here’s a brief synopsis from the session description highlighting what was covered in the presentation...…

Late last year, California enacted a new state law to help notify patients of potential breaches of their personally identifiable health information, requiring healthcare organizations to report suspected incidents of data breaches. The initial results are in, and it’s not pretty. According to the Journal of the American Health Information Management Association, California officials have received more than 800 reports of potential health data breaches in the first five months since the laws went into effect on January 1st. Of the 122 cases that have been investigated, 116 have been confirmed assecurity breaches. Officials expect the numbers to grow as more organizations put in the processes to report potential breaches.…

I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:…

A couple of weeks ago I moderated a Healthcare IT News webinar session that examined how hospitals today make patient data easily and securely accessible throughout the clinical workflow. I was joined by Dr. Zafar Chaudry, CIO of Liverpool Women’s NHS Foundation Trust & Alder Hey Children’s NHS Foundation trust and Dr. Lawrence Losey, Pediatrician, Chief of Pediatrics and Chief Medical Information Officer (CMIO) for Parkview Adventist Medical Center. The session addressed the clinical workflow, process and technology behind providing fast, secure access to patient data, touching on all the areas within a hospital where a workstation sits and from anywhere a clinician may need access.…

This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year. This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.…

Back in January, I shared some of my observations on 2009 Priorities for identity management in the new economic reality people are faced with - productivity, security and manageable IT projects. This year’s economics have forced people to do more with less, manage tighter budgets and maintain enterprise security while dealing with re-orgs and layoffs. While 2008 was the worst year to date for data breaches, 2009 hasn’t been much better if you look at this chronology of data breaches, including the recently disclosed incident at Goldman Sachs. The Identity Theft Resource Center keeps tabs as well, and has a nice snapshot of high-profile data breaches. Many of these are the result of unauthorized access, some combined with placing malicious code on servers or laptops to siphon off data. It’s amazing the methods that are being used to access systems, steal data, sometimes extort money and always damage reputations. Potential impact of the Goldman Sachs’s unauthorized upload of proprietary software is still under investigation, but information on how easy it was to pull off makes for scary reading. Given the potential impact of data breaches, there has been significant progress made to tighten access to systems, so let’s review some of the relevant things that are happening in identity management. Following are three areas, I believe, we need to watch for in the latter half of 2009...…

While the concept of cloud computing (accessing applications online) has been around for close to a decade, talks on the subject have intensified significantly in recent months. The catalysts to these discussions range from the sharp decline in hardware and network infrastructure costs to the desire for a business to 'go green' to the need for accessibly by an increasingly distributed workforce. Whatever the reason, big business has taken notice and as this interest turns into action, these companies must be prepared to look at all of the key issues around this move before taking action.…

There's a lot of news and opinions on the web as the blogosphere continues to grow. As a result, the web can be overwhelming on one hand and full of wonder on the other as you sort and click through the rabbit hole of conversations on the other side. In light of this, I thought I would provide a short list of great blogs and resources that I follow from the identity management circles that are worth checking out and engaging with:…

I’m excited to join Imprivata at a time where healthcare IT, patient data security and clinician workflow efficiencies are front and center in boardrooms and nurses' stations across the country’s healthcare institutions. With more than 500 hospitals on the customer roster, one million healthcare users and strategic relationships with all of the popular HIS vendors, Imprivata has built a strong foundation that was very attractive for me to join and bring my experiences. Imprivata’s healthcare pedigree enables us to focus on delivering practical innovations for solving real-world problems surrounding simplifying and securing user access in hospital environments.…

Back when this blog was in its infancy, we outlined a number of identity management resources that readers should check out. Those blogs are still on the “must-read” list, but there are a number of new ones that have popped up that people interested in identity and access management may find useful...…

The New York Times recently published an interesting article on the rising problem of medical identity theft. When the federal government last researched the issue in 2007, more than 250,000 Americans reported that they were victims of medical identity theft. Since that last report, most experts agree the problem has undoubtedly grown, in part because of the growing use of electronic medical records built without extensive safeguards. To exacerbate the situation, cleaning up after medical ID theft can be hindered by HIPPA compliance – the regulations protect the medical information of the ID thieves as well as you.…

Strong authentication can come in a variety of forms, each with it's own unique strengths and weaknesses. Before selecting a type of strong authentication, think about the following:…

Insider threat is among the biggest challenges security folks face in 2008. The perimeter is dissolving with increased reliance on distributed computing and the mobile workforce, making it more difficult than ever to put up definitive walls around the enterprise. It's a simple reality that we all have to deal with. Check out last month's 2008 Global Information Security Workforce Study conducted by Frost & Sullivan for ISC(2) and SearchSecurity.com's coverage. Two-factor authentication using biometrics as well as physical-logical convergence will gain speed in dealing with the insider threat.…

The recent Ponemon Institute benchmark study on patient data privacy and security practices sheds some much-needed light on the practice of data protection within our nation’s hospitals. According to the study, today’s hospitals have little confidence in their ability to secure patient records, revealing just how vulnerable they are to data breaches – a concern for all patients. Highlighted are some of the key findings...…

The HITECH Act, HIPAA, as well as mandates from State regulations (e.g. Massachusetts 201 CMR 17.00), are raising the minimal requirements that organizations such as healthcare-covered entities and business associates must implement to prevent unauthorized access. Further, the Connecticut Attorney General’s lawsuit against Health Net of Connecticut for failing to secure approximately 446,000 enrollees’ Protected Health Information (PHI), and to notify State authorities and enrollees of a security breach, is a reminder that breaches are not just a risk to information, but a risk to the organization.…

I read a good article on FierceEMR recently surrounding a PricewaterhouseCoopers survey on electronic medical records (EMRs) that indicated that the secondary use of this information may be an organization’s greatest asset over the next five years. An overwhelming 76 percent of respondents agreed, and pointed to the abilities for mined data to decrease healthcare costs, predict public health trends and improve patient care. EMRs, with vendors such as Allscripts, NextGen and QuadraMed blazing the trail, have been a huge focal point of healthcare payers and providers, pharmaceutical companies and the general public with healthcare reform a primary platform of the Administration.…

Join us for an informative session on the “Do’s and Don’ts” of employee access management next Wednesday, June 24. Forrester Research’s Bill Nagel will lead the discussion on what organizations should do to improve security with strong authentication. In addition, the session will discuss the pros and cons of various strong authenticationmethods, explain why a single point of authentication to the network is key to employee access and provide examples of a wide range of implementations via real-world case studies.…