skip navigation
Subscribe via RSS  


Tag Cloud
password management, hitech, data breach, breach, security, hipaa compliance, biometrics authentication, password sharing, security risk, security breach, secure authentication, data security, password policy, healthcare access management, user authentication, fingerprint biometrics, user access, data breaches, biometric authentication, healthcare single sign on, strong authentication, fingerprint biometrics,, hipaa, access management, single sign-on, onesign, application access, network access, proximity cards, insider breaches, compliance, authentication management, healthcare, emr, finger biometrics, two-factor authentication, security risks, biometric fingerprints, identity management, management, identity and access, secure application access, enterprise security, biometrics, application security, single sign on, mckesson insight conference, medical records, healthcare single sign-on, enterprise single sign on, single sign on technology, fingerprint biometric, identity and access management, biometric fingerprint, password policy management, himss 09, physical and logical convergence, two factor authentication, biometric identification, insider threat, events, user provisioning, electronic transactions, passwords, physical-logical convergence, physical logical security, esso, simple sign-on, sso, sso appliance, summit, keystone, 2008, authentication and access management, physical and logical access, authentication, physical/logical, asis, convergence, strong passwords, physical security, access and authentication, security breaches, secure access, sign-on


Archive
July 2010 (2)
June 2010 (3)
May 2010 (3)
March 2010 (4)
February 2010 (5)
January 2010 (1)
December 2009 (3)
November 2009 (3)
October 2009 (4)
September 2009 (4)
August 2009 (7)
July 2009 (4)
June 2009 (4)
May 2009 (1)
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (1)
December 2008 (1)
November 2008 (2)
October 2008 (3)
September 2008 (4)
August 2008 (4)
July 2008 (6)
June 2008 (5)
May 2008 (8)


Authors
Michael Bilancieri
Dr. Barry Chaiken
Jim Whelan
Ali Pabrai
Tom McDermott
Jon Hamdorf
Chris Feeney
David Ting
Bill McQuaid
Jason Mafera
John Clark
Chip LeBlanc
Christopher Paidhrin
Rik Van Bruggen


Recent Posts
Even Spies Have Password Management Problems
HIT Policy Committee Consumer Choice Technology Hearing Recap
Major Healthcare Patient Data Breaches Nearing 100-Mark
PHI Access Requires Robust Security and Privacy
User Access Relevance in a HITECH Age


Chat Now
Chat Now
 


SSO and Strong Authentication: How OhioHealth Built a Paperless Hospital
In this case study presentation, Joe Greene, IT Security Director at OhioHealth, explains how he and his team approached employee access challenges when they laid the IT foundation at Dublin Methodist, a brand new paperless hospital. More than a year after the doors opened at Dublin, their project is a proven success and there are many best practices and lessons learned to be shared with viewers.  Download the webinar today!

Identity 360 - An Imprivata Blog



filter by tag: authentication management

Bill McQuaid Named Computerworld Premier IT Leader for 2010

December 10, 2009 at 10:57 AM by David Ting

This week, Computerworld announced the honorees for its annual Premier IT Leaders awards program, and we’d like to congratulate Imprivata customer Bill McQuaid of Parkview Adventist Medical Center for making the 2010 list!  Bill was recognized for his innovative approach to electronic medical records (EMR) and the significant contribution he has made to Parkview’s healthcare IT infrastructure.

Bill and the Parkview team have had a record year including the prestigious achievement of earning HIMSS Analytics Stage 6 EMR Adoption Status.  When Parkview first embarked on the move to EMR, Bill had the foresight to anticipate the password management issues associated with accessing digital records, and his team incorporated single sign-on (SSO) and finger biometrics into the project.  This initiative provided Parkview’s clinicians and staff secure and full access to the applications they needed, while helping the hospital comply with HIPAA.

This marks the second time in many years that one of Imprivata's customers has been recognized by Computerworld for their technological achievements, as Michael Krouse was honored in 2009 for successfully transforming OhioHealth into a fully paperless facility, deploying Imprivata OneSign for secure and convenient access to electronic records. 

Both Bill and Michael’s accomplishments are indicative of the role SSO and authentication management solutions can play when moving to EMR.

 

Tagsauthentication_management finger_biometrics HIPAA healthcare EMR password_management

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

Five Things to do in Identity Management this Summer

June 15, 2009 at 8:20 AM by David Ting

Theoretically, as employees go on vacation during the summer months, there will be fewer demands on your IT team. Realistically, we know that’s not true and it seems like there is actually more to do. However, summer can provide the opportunity to step back and evaluate the state of your identity and authentication management infrastructure and policies. Here are five things that are easy to overlook throughout the year that you should consider doing this summer:

1. Check for Ghost and Orphaned Accounts: user provisioning and de-provisioning of accounts can happen in a flurry of activity, especially during times like these with turnover in the workforce being common. In the haste to move through the termination process, accounts are left open or missed – even those organizations with the tightest policies and procedures. Often a user’s primary network credentials are locked but what about remote access accounts or critical applications accounts. Use this time to eliminate any that may be in question.

2. Map the Apps: Take an inventory of what apps are running in your environment. Are they all approved? Any that are ‘rogue’? Are any being used that are not tied to identities at your organization? Getting a clear view of the application population can help ensure holes are plugged, policies followed and data security is optimal. This gets much harder to do as organizations increasingly subscribe to services that are not managed by IT. Getting a handle on those accounts will become even more important as we rely more on applications delivered by service providers.

3. Cut Costs by Weeding Out Unused Application Licenses: While you’re mapping what apps are in your environment, cross examine their usage by analyzing the activity logs of your employees’ identities. Are there shared accounts and passwords being used inappropriately? Are there under-utilized applications? Are you paying for more licenses than you need for an application? There’s a treasure trove of cost savings to be found if you take the time to dig in to your identity and application logs. If you can squeeze savings out of somewhere unexpectedly, your CFO will love you.

4. Let Your Fingers do the Walking: If you’re not using finger biometrics or proximity cards, give these user authentication technologies a try. They are relatively inexpensive and can easily integrate into most identity management systems nowadays. Pull in a small focus group to try them out, and see how they can improve employee productivity while strengthening security… and minimizing password management help desk calls to your team.

5. Reconnect with your customer: Review the identity policies and procedures you’ve set forth for your organization -- when were they originally created? Has anything changed? New industry regulations your organization must adhere to? Examine user authentication requirements, strong authentication modalities that are available to your employees and password management parameters to follow. Update, distribute and schedule a series of brief sessions to educate your user base on security best practices to follow. Remember your customer base is everyone that interacts with or uses the IT system.

What else are you doing during these summer months? Any best practices to share? We’d love to hear them.
--David

Tagsuser_authentication data_security password_management authentication_management finger_biometrics strong_authentication

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

Who’s Really Afraid of HIPAA?

September 4, 2008 at 4:00 pm by John Clark

Since 1996, HIPAA has become one of the most important and highly publicized pieces of healthcare legislation in the United States. Over this time it has also become one of THE biggest topics of conversation within the healthcare and security industries and with good reason-HIPAA involves two major issues, patients and privacy. What's truly amazing to me is that behind the scenes, one would naturally have to assume that the majority of healthcare organizations are being driven by the worry of the potential penalties that might be levied on them by the Department of Health & Human Services (HHS) for their failure to fully comply with HIPAA.

Something tells me the industry isn't quite as concerned as I thought. The latest piece of evidence lending credence to this suspicion involves the recent news around Providence Health & Services, which just last month was penalized for their violation of the privacy section of HIPAA. The fact that a healthcare organization failed to properly protect patient information is not unusual. There have been over 10,000 HIPAA-related complaints filed in recent years. There have also been numerous patient privacy violations as well, including the high-profile breaches that took place earlier this year at the UCLA Medical Center. What we have learned from these incidents is that while many organizations have taken concrete steps to protect their patients, many turning to access management and authentication management solutions, there are always going to be those that fail to properly address their areas of weakness.  What really stands out to me is that while both complaints have been filed and incidents have occurred, Providence Health & Services holds what CSO Magazine's Bill Brenner describes as the "uncomfortable distinction of being the first organization penalized for violating the privacy section of the Federal Health Insurance Portability and Accountability Act (HIPAA)."

That's right. While many healthcare organizations have failed to meet the regulations of HIPAA, fines such as the recent $100,000 bill levied to Providence Health & Services, have been few and far between. What this tells us is that while HIPAA has raised the bar for the protection of patient information and created an immediate call to action to most organizations, HHS has limited the effectiveness of HIPAA due to its lack of commitment to enforcing the guidelines. The result? Companies which should be focusing on meeting HIPAA's standards and considering the consequences they might face if they fail to do so are ultimately deciding to focus on other projects that they deem more important.

The question is - will HHS ever become more hands on within the industry regarding HIPAA? Because, until HHS becomes consistently more involved and penalizes those that are in violation, the industry will continue with its "business as usual" approach instead of taking all the precautions as outlined by HIPAA.  I'd be interested to know - are you addressing HIPAA? And, which is your greater worry - HHS levied fines, or media exposure to a data breach?

If you are interested in hearing more about how a specific healthcare organization - William Osler Health Centre - is leveraging technology to address HIPAA issues, feel free to sit in our September 9 Webinar titled, "Imprivata, Single Sign-on and Biometrics Deployment: One Hospital Corporation, 3 Strategies." See you there!

-John

Tagsauthentication_management HIPAA_compliance access_management

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 
© 2010 Imprivata, Inc. all rights reserved | Sitemap