Whitepapers

 The move away from paper-based medical records systems to electronic medical records (EMR) is rightly viewed as a step towards improving patient outcomes, increasing clinician productivity, and lowering costs. The transition, however, is often hampered by the challenge of providing secure access to patient information, particularly given the increased focus on regulatory compliance. Read this white paper to learn about a one-touch desktop roaming solution that makes EMR management both secure and convenient for clinicians.

With the proliferation of electronic patient information, hospital administrators, compliance officers, privacy officers and information security officers are required to enforce patient privacy. Motivated by patient-citizen damages from increased healthcare privacy breaches, law-makers across the United States, Canada, and Europe have enacted new regulation protecting patient privacy and penalizing those involved. Snooping, identity theft and general inappropriate access of medical records are now explicitly prohibited.

Imprivata OneSign® offers many strong authentication device solutions that healthcare organizations can choose from. Matching the method to users’ roles, needs, and relative security risks to the selected device is a critical success factor. In general, clinicians will welcome a solution that does not require them to alter or abandon their established workflows. Moreover, gaining clinician acceptance before making a purchase by consulting with them on the options and their preferences is an important step in your selection process. Use this as a tool to evaluate the pros and cons for each solution to ensure you make the right choice for your hospital.

The right single sign-on (SSO) solution can resolve your password management issues by enabling users to sign in only once to the network and have access to all the applications they are authorized to access—eliminating password headaches and enabling productivity. However, some SSO solutions raise as many issues as they promise to solve - the cost of purchase can be quite high, and the complexity of implementation and management can overwhelm IT departments.  As you start your SSO vendor evaluation process, you need to know what questions to ask in order to ensure that you have a thorough understanding of the complete solution including product features and functionality, implementation and deployment, and ongoing management.

Insufficient security is a hidden problem that many businesses are not fully aware of until it is too late. Weak authentication, silos of compliance reporting, a multitude of management tools, and poor security practices contribute to data breaches and compromised systems and leave organizations vulnerable to other pervasive threats. Fortunately, strong authentication systems can address these issues. A combination of consolidated identity management, single sign-on services, and comprehensive compliance reporting can reduce compliance costs, improve security, and remove significant drag on innovation. The Essentials Series: Architecting the Right Solution for Strong Authentication examines ways in which weak authentication hampers business operations, criteria for selecting a strong authentication system, and tips on how to deploy and manage strong authentication systems to control risks and improve the efficiency of business operations.

This paper addresses the strategic benefits of Patient Information Aggregation, an emerging category within healthcare that effectively addresses and eliminates the challenges noted above. In one seamless and interoperable platform, Patient Information Aggregation sleekly combines single sign-on, Context Management and Compliance Management technologies and tools, resulting in improved workflows, enhanced patient care, increased application utilization and IT ROI. In particular, this paper reviews the specific elements of the Fusionfx solution suite from Carefx™, an open and scalable workflow platform that aggregates patient information across existing systems and delivers it in a single, clear, clinically relevant view to physicians at the point of care or decision.

You know your clinicians need faster access to patient data, and that accessing applications and searching for patient data is time consuming and frustrating for them. And, security requirements get in the way and cause disruption to their workflows. To address these issues, you need to eliminate password headaches and increase clinician satisfaction without negatively impacting patient data security. At times like these, you need expert advice - not from a vendor, but from actual peers who have successfully deployed SSO and strong authentication at their hospitals - from those who have measured the results against the investment, and can share their experiences.

Traditionally, engineers attempt to balance the selection of individual components that go into a system by finding the best technologies to achieve the overall design objectives. We are taught early on not simply to choose what is most familiar, comfortable, or the "obvious choice," but rather, to focus on identifying the limitations of the components to make sure they do not compromise the integrity or robustness of the system. This design principle mandates that engineers challenge the premise behind component selection decisions, evaluating the capabilities and limitations of individual components and how they might compromise the operation of the overall system. This type of analysis differentiates designs that are merely functionally adequate from those that are rock-solid and built to scale to future needs.

When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, among the law’s many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. In February of 2009, with the passage of the HITECH Act (Health Information Technology for Economic and Clinical Health Act)—part of the American Recovery and Reinvestment Act—the U.S. Congress gave teeth to the HIPAA law. Because the HITECH Act mandates a massive expansion in the exchange of electronic protected health information (ePHI), it also broadens the scope of privacy and security protections available under HIPAA.

According to a study published recently in the Journal of Computer Mediated Communication, about 80% of publicized data breaches in 2006 came from internal sources. This suggests that organizations that have focused most of their IT security efforts on protecting the perimeter are at high risk for potentially disastrous insider security breaches. Recognizing the magnitude of the insider threat, Carnegie Mellon University's Software Engineering Institute has conducted research on the problem and issued a report that recommends 13 best practices that can help organizations prevent and detect insider threats. This Imprivata paper discusses the effectiveness of the Imprivata OneSign Platform in supporting these best practices and countering the insider threat.

In response to the increased threat of identity thefts and fraudulent credit card charges, governments around the world have been considering an array of new laws and regulations to systematically combat this problem. A key to success with any regulatory compliance effort is to accomplish measurable goals using policy and controls that are easy for the users to implement and accept. This paper will examine some of the requirements of the new standard and review identity and access management technology that can help organizations comply with these regulations in an efficient and cost-effective manner that is easy for users to embrace.

Today, the abundance of online information and enterprise applications available to employees improves productivity. However, facilitating fast and secure access to that information is a complex and daunting task. Read how you can enhance productivity with an integrated provisioning/SSO solution to generate and manage user credentials and access.

As the global economic downturn results in unprecedented workforce reductions, the security risk of insider security breaches has never been greater. At the same time, Strong Authentication technologies have become more practical, affordable, easy, and flexible to implement. For all of these reasons, there’s never been a better time to take advantage of the increased data security of Strong Authentication. But what form(s) of Strong Authentication are best for you and your organization? What factors should you consider as you evaluate Strong Authentication? What capabilities do you require? What are the opportunities, issues, and trade-offs you can expect? Imprivata has published this white paper to help answer these and other key questions.

For more than a decade, government and industry bodies around the world have issued a growing number of regulations designed -- in whole or in part -- to ensure the security, integrity and confidentiality of personal and corporate data . Combined, these individual regulatory guidelines outline what constitutes best practices in identity management and IT security. This white paper explores these compliance-driven best practices, how Imprivata® OneSign® solutions support them, and how prioritizing their implementation makes good business sense beyond the fulfillment of compliance requirements.

Over the past decade, most organizations have focused their IT security efforts on protecting and defending the network perimeter from the threat of anonymous hackers determined to compromise data and disrupt their systems – and for the most part, investments in this area have largely mitigated these threats.

The threat of a data breach and the need to address regulatory compliance are forcing you to look at your organization’s security. You need to implement more stringent security policy and procedures, however user password problems continue to consume time, resources and money. With the cost of a security breach far out weighing the cost of a solution, the benefits of single sign-on (SSO) and strong authentication are too significant to pass up. But with tight budgets, resource constraints, and the prospect of a disruptive enterprise-wide deployment, the idea of such an undertaking can be daunting and solution options confusing. At times like these, you need expert advice -- not from a vendor, but from peers who have successfully deployed SSO and strong authentication at their own companies – from those who have measured the results against the investment, and can share their experiences.