I often have conversations with customers about the level of effort that is required to support OneSign once it is deployed. We usually talk about the resources that are required to work on testing new application profiles or changes to existing profiles, but if you back up one level, you will see the X factor.…
As we all know, the CJIS policy is now final and mandates that all agencies must have enforced unique IDs strong passwords by September, 2010, and that all agencies must comply with the CJIS Advanced Authentication requirement by 2013. However, if your agency has performed a system upgrade after 2005, the 2013 deadline advances to the time of the upgrade. If your agency is audited and found not to be in compliance with the CJIS policy, it could face losing access to CJIS systems.…
Last week, I attended the Privacy and Security Tiger Team Health Information Technology Policy (HIT) Committee Consumer Choice Technology Hearing in Washington, D.C. The gathering brought together an impressive group of healthcare industry leaders, patient data privacy advocates and HIT vendors to discuss technologies that enable consumers to choose whether or not to share their information in health Information Exchanges (HIEs). Here are few things worth highlighting from the conference...…
As we turn the page to 2010 and look to delve into the top–level security concerns that lie ahead, we’d be remiss not to reflect on those security events that helped shape 2009 into the ‘year of the data breach,’ and take these as learning experiences for the New Year.…
Security expert Bruce Schneier pulls out an interesting excerpt from an essay “When Security Gets in the Way” that is sparking great discussion on his Schneier on Security blog. The essay, from Don Norman’s jnd site, debates security vs. usability, and addresses design considerations for enterprise security systems. This article captures important concerns often discussed in security circles on how to make security stronger without disrupting user behavior. It’s a delicate balance – we often say the most secure computer is the one in a locked room not powered up but that would hardly be usable. At Imprivata we have always believed that usability and security don’t need to be mutually exclusive.…
In our last blog posting, we discussed three priorities all organizations should focus on in 2009: security, productivity and manageable IdM projects. Today we're looking more closely at enterprise security.…
Full disclosure: I'm just a medium-sized hospital's IT security guy. I've had Imprivata'sESSO appliance (three of them actually, a pair of HA, and a test box) up and running, happily, for about three years. I was invited by Imprivata and Ping Identity to participate in a panel discussion at the SSO Summit held in Keystone, CO, on July 23-25 (http://www.ssosummit.com/).
Andre Durand (Ping Identity) and friends put on a very nice event. There was a good blend of topics, from SSO-centric details, to Federation issues, and a mixture of interesting case studies to visionary presenters like John Haggard (independent security consultant and long-time IT mentor) and Gunnar Peterson (Arctec Group). The event was solid throughout, but to hear John and Gunnar speak about the important issues of the past and future of SSO and IT/Web security, made the event a powerful experience not to be missed.…
As part of their Signature Learning Series, The American Hospital Association (AHA) recently featured a presentation from Mahaska Health Partnership, “…
We are pleased to recognize our inaugural 2012 Healthcare Innovation Award finalists, including Catholic Health Partners, Johns Hopkins, Memorial Healthcare,…
One of the key takeaways from last week’s AHIMA Conference in Atlanta was the focus on mobility and instant communication in healthcare. CIOs and other IT professionals are thinking deeply about the movement of data, especially protected health information (PHI) and how to provide clinicians with the access to information they need, wherever and whenever they need it, while remaining compliant with security and industry regulations.…
Introducing Electronic Prescribing of Controlled Substances is a great business move for pharmacists - read a pharmacist's arguments for EPCS adoption…
The Best Way to Fend Off Attackers: Think Like a Hacker
David Ting
|
The recent spate of high-profile security breaches across the healthcare industry has revealed a shift in how attackers are accessing and pilfer patient records and other sensitive information. Most healthcare organization leaders I speak with have taken steps to reinforce their perimeter defenses with firewalls, intrusion detection, deep packet inspection, and other strategies.…
Electronic prescribing of controlled substances (EPCS) delivers a number of benefits. However, in order to enable EPCS, healthcare providers must meet DEA requirements that can be disruptive and cumbersome to implement.…