skip navigation
Subscribe via RSS  


Tag Cloud
data security, strong authentication, user authentication, password management, data breach, hitech, breach, security, hipaa compliance, secure authentication, healthcare access management, password policy, password sharing, security risk, security breach, biometrics authentication, fingerprint biometrics, user access, data breaches, biometric authentication, healthcare single sign on, fingerprint biometrics,, hipaa, access management, single sign-on, onesign, application access, proximity cards, insider breaches, network access, compliance, finger biometrics, emr, healthcare, authentication management, two-factor authentication, biometric fingerprints, security risks, identity management, identity and access, management, secure application access, enterprise security, biometrics, application security, single sign on, mckesson insight conference, medical records, healthcare single sign-on, enterprise single sign on, single sign on technology, fingerprint biometric, identity and access management, biometric fingerprint, password policy management, himss 09, two factor authentication, physical and logical convergence, insider threat, biometric identification, events, user provisioning, electronic transactions, passwords, physical-logical convergence, physical logical security, esso, simple sign-on, sso, sso appliance, summit, keystone, 2008, authentication and access management, physical and logical access, authentication, asis, convergence, physical/logical, physical security, access and authentication, strong passwords, security breaches, secure access, sign-on


Archive
August 2010 (4)
July 2010 (2)
June 2010 (3)
May 2010 (3)
March 2010 (4)
February 2010 (5)
January 2010 (1)
December 2009 (3)
November 2009 (3)
October 2009 (4)
September 2009 (4)
August 2009 (7)
July 2009 (4)
June 2009 (4)
May 2009 (1)
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (1)
December 2008 (1)
November 2008 (2)
October 2008 (3)
September 2008 (4)
August 2008 (4)
July 2008 (6)
June 2008 (5)
May 2008 (8)


Authors
Brian Mullins
Michael Bilancieri
Dr. Barry Chaiken
Jim Whelan
Ali Pabrai
Tom McDermott
Jon Hamdorf
Chris Feeney
David Ting
Bill McQuaid
Jason Mafera
John Clark
Chip LeBlanc
Christopher Paidhrin
Rik Van Bruggen


Recent Posts
Imprivata at VMworld 2010: Healthcare IT Panel; OneSign, Multiple Booths; Booth Giveaways
The DLP Argument for VDI in Healthcare
Secure User Access and VDI: Improving Productivity with Secure “Follow-Me” Desktops
The Impact of New HHS Rules for Health Information Privacy and Security
Even Spies Have Password Management Problems


Chat Now
Chat Now
 


SSO and Strong Authentication: How OhioHealth Built a Paperless Hospital
In this case study presentation, Joe Greene, IT Security Director at OhioHealth, explains how he and his team approached employee access challenges when they laid the IT foundation at Dublin Methodist, a brand new paperless hospital. More than a year after the doors opened at Dublin, their project is a proven success and there are many best practices and lessons learned to be shared with viewers.  Download the webinar today!

Identity 360 - An Imprivata Blog



Imprivata at VMworld 2010: Healthcare IT Panel; OneSign, Multiple Booths; Booth Giveaways

August 26, 2010 at 10:52 AM by Brian Mullins

We’re about to hit the virtual road out to San Francisco for VMworld 2010 next week, and are excited for the many activities and conversations that are lined up for our team at the event.  If you’re going to the event, stop by booth #441 for a chat about securing user access in virtual desktop environments, or a demo of the integration of VMware View and Imprivata OneSign.  We’d love to share ideas, perspectives and experiences onsite!

I thought I’d call out some things you may want to check out as you navigate through the clouds of people milling around the various sessions, booths and labs within the Moscone Center:

  • Product Demos: OneSign 4.5 will be featured at the Imprivata booth (#441), the VMware booth (#716), as well as inside and outside of the 2010 VMware Express Virtualization Truck Tour which will be making a stop on the show floor (booth #119) before continuing to travel the country.  See firsthand the power that OneSign’s brings to VMware View™ by enabling secure and convenient end-point application access and user roaming desktops in a virtual desktop environment.
  • Healthcare Industry Panel: On Tuesday, Aug. 31 @ 2pm PT in Moscone North Room 130 CTO David Ting will be sitting on the “Virtualization’s Impact on the Delivery of Healthcare IT Services” panel which will feature healthcare industry thought leaders discussing how virtualization impacts the delivery of healthcare IT services. The session will be anchored by real world experiences and best practices for bridging the gap between clinician productivity and security in a virtualized environment.  This is sure to be a hot topic as healthcare continues to blaze a path for virtual desktop environments.
    • Other panel participants include Frank Nydam, Director Healthcare Solutions, VMware, Inc.; Dr. James Philbin, Senior Director Medical Imaging, Johns Hopkins Hospital; Scott Dresen, Vice President, Enterprise Technology Services, Spectrum Health System; and James Fitzgerald, Chief Technology Officer, Dell Services, MEDITECH Solutions Group. 
  • Booth Giveaways:  We’re keeping our booth giveaways under wraps for now, but come by the booth for a throwback giveaway that will let you View the future for secure Follow-Me Desktops.  We’ve inserted a little fun in the business of VDI with these giveaways, so hope you can recapture a bit of your youth while mastering what you set out to accomplish at this year’s event.

If you’re going to VMworld 2010, follow Imprivata on Twitter (www.twitter.com/imprivata) for the latest from the show floor and drop us at tweet @Imprivata with #VMworld in it if you want to set up a meeting on the fly.  We’ll be able to coordinate availability quickly and hopefully show you some really cool things we’re up to with virtual desktop environments.  See you there!

--Brian Mullins

 

Tags

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

The DLP Argument for VDI in Healthcare

August 19, 2010 at 1:35 PM by David Ting

Steve Coplan of The 451 Group recently published a terrific report on Virtual Desktops that examines the intersection of management and security.  The report (subscription required) does a great job of capturing how far virtual desktops have come in enabling productivity and efficiencies, while also emphasizing the security needs that these environments must meet.  It’s definitely worth a read so be sure to check it out.

Steve hit the nail on the head in describing the importance of user authentication in securing virtual desktops. This is especially relevant in healthcare, which is rapidly adopting virtual desktop infrastructure (VDI) to improve clinician productivity and secure patient data. We were also pleased that Steve mentioned the work Imprivata is doing with VMware around fast, seamless user access for virtual desktops:

One of the early movers in this area in both tying strong authentication to SSO and embedding its technology into the virtualized desktop agent, specifically VMware View, is Imprivata.

Imprivata has made the astute decision to build VDI support into what we have described as its authentication management middleware, and frame it as one element within the scope of its technology. Imprivata has integrated features for VDI session security, including authentication management, SSO access to applications, user roaming and location awareness, as well as user audit and compliance reporting. The company has not productized the VDI features, instead slotting them into its OneSign appliance – which is also now available as a virtualized version – since it views VDI as part of a broader set of authentication management requirements.

This report reflects many of the conversations we’ve had with our customers.  Healthcare organizations evaluating or moving towards a VDI environment are driven not only by cost/ROI reasons but in many cases the desire to reduce exposure to data breaches, improve clinician productivity and support greater mobility of the clinical desktop.

The data loss prevention (DLP) argument is one that is becoming relevant in healthcare because of the public nature of most healthcare organizations and the penalties/damages associated with patient record breaches. Recently enacted privacy regulations around breach disclosures have forced many organizations to rethink how they are securing patient data. Many hospitals have moved to using thin clients to eliminate the need to have any patient data on public facing computers to reduce exposure if the computer is lost or stolen.

The mobile nature of a clinician’s workflow in a hospital setting forces a clinician to constantly logon and logoff the shared computers spread throughout the hospital. Needless to say this activity is viewed by the clinicians as reducing the time spent taking care of the patient. The ability for the clinician to roam from workstation to workstation and rapidly reconnect to an already-running session has tremendous impact on clinician satisfaction and productivity. We’ve done specific integration with VMView to support the roaming workflow described above and this has been well received in a hospital setting especially when combined with location based services.

From a future-proofing perspective, the ability for a healthcare organization to deliver the same desktop on any device is perhaps the most compelling driver to consider Virtual desktops as clinicians want access to the same applications from their clinics, home offices or while they are on the road.  This trend is only starting as many hospitals are now evaluating how they can support the iPad for clinical use.

At the upcoming VMworld Aug. 31-Sept. 2 in San Francisco, we’ll be demoing some exciting capabilities for secure “follow-me desktops” and VDI in healthcare environments. If you are going to at the event, come by our booth (#441) and see how secure virtual desktops can help your organization. We’d love to talk to you!

 

Tagsstrong_authentication data_security user_authentication

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

Secure User Access and VDI: Improving Productivity with Secure “Follow-Me” Desktops

August 6, 2010 at 8:53 AM by David Ting

This week Imprivata announced its partnership with VMware, an exciting time for our company as more and more customers and prospects inquire about combining virtual desktops with simplified and secure user access to improve user productivity.  Partnering with a market leader like VMware presents a great opportunity for both organizations to deliver a secure working environment that allows end users to access their desktops from machines in any location.

As readers here know, healthcare is a big focus for Imprivata, and this sector is actively deploying virtual desktop infrastructure (VDI).  It makes a lot of sense.  Healthcare environments have unique workflow requirements, relying heavily on shared workstations as doctors, nurses and staff go from room to room, patient to patient.  Virtual desktops give clinicians the freedom that comes with roaming sessions which means they can treat more patients, spend more time with patients and have critical information at their fingertips.  Securing the user experience within the virtual desktop means that patient data is easily accessible yet protected from inappropriate access – and clinicians are empowered by a secure “Follow-Me” desktop wherever they are, especially in an increasingly mobile environment.

Combining virtual desktops and secure user access is a win-win combination for productivity and security – whether in a hospital setting, a government agency setting or any other corporate business setting, organizations need to explore whether VDI can be a boon for workflow and must ensure data security at the same time.

Secure user access and VDI: they’re great together, and great for workflow.  Are you exploring or deploying virtual desktops?  Tell us your story; we’d love to hear it!

--David

 

Tagsdata_security

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 

The Impact of New HHS Rules for Health Information Privacy and Security

August 4, 2010 at 2:11 PM by Michael Bilancieri

The U.S. Department of Health and Human Services (HHS) recently announced new rules surrounding health information privacy and data security that is important for everyone involved in healthcare IT (HIT) to understand.

By now, you’ve likely seen these rules, however the Healthcare IT Consultant blog has a nice synopsis of the news that drills down into the aspects most relevant for those in the Imprivata community.   Pulling the key points from that blog and summarizing the primary requirements of the rules, here are some things to consider:

  • Expanding individuals’ rights to access their information and to restrict certain types of disclosures of protected health information to health plans.

As was confirmed at the HIT Policy Committee Technology Hearing a couple of weeks ago, the ability for patients to actually restrict disclosure of their PHI is not readily available. While patients can fill out paper forms at the doctor’s office as to the HIPAA compliance regulations, this doesn’t necessarily do anything to actually restrict disclosure of their data.  These new HHS rules should instigate a wave of innovation, process overhaul and investment in new technologies to help the healthcare industry achieve this directive to empower individuals with greater rights and controls of their own personal health information (PHI). 

However, there is still tremendous work to do to, and until that happens, it’s crucial for hospitals to instill safeguards to ensure only appropriate access to PHI by authorized personnel, and to eliminate any potential misuse of PHI.  In addition, until total privacy can be ensured, hospitals need to  actively monitor and track PHI access and take appropriate actions, including being diligent about alerting patients when their PHI has been exposed in a security breach, or even potentially exposed, or face the penalties enforced by the HITECH Act.

  • Requiring business associates of HIPAA-covered entities to be under most of the same rules as the covered entities;

This mandate provides additional levels of protection to PHI beyond just the main healthcare entity, ensuring that PHI that is needed by business associates carries the same protections and requirements as for the main entity.  The true value of PHI lives not in its siloed containment, but in its appropriate, approved sharing with doctors and other entities to help best serve the patient.  Strengthening the rules by forcing business associates to adhere to the same policies is a logical step to securing PHI and the integrity of the entire healthcare ecosystem.  In conjunction with this, proactively monitoring direct and indirect business associates activities related to PHI allows privacy officers to easily and efficiently monitor and take action on suspect activities.  These protections should follow PHI wherever it may be used.

  • Setting new limitations on the use and disclosure of protected health information for marketing and fundraising; and
  • Prohibiting the sale of protected health information without patient authorization.

These are both very interesting, and often overlooked. These restrictions are absolutely critical in limiting the abuse and misuse of PHI as there is money to be made here – otherwise why would entities not use/sell PHI without regard for the patient?  This is a valuable aspect of PHI, and limitations of use in this manner will have serious ripple effects that our industry is only now beginning to understand.

What are your thoughts on these new rules?  How do they impact your organization? 

-Michael

Tags

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 
 1 | 2 | 3 | 4 | 5 ... 23   Next >>
© 2010 Imprivata, Inc. all rights reserved | Sitemap