This week, Computerworld announced the honorees for its annual Premier IT Leaders awards program, and we’d like to congratulate Imprivata customer Bill McQuaid of Parkview Adventist Medical Center for making the 2010 list! Bill was recognized for his innovative approach to electronic medical records (EMR) and the significant contribution he has made to Parkview’s healthcare IT infrastructure.…

Congratulations to Imprivata customer Parkview Adventist Medical Center for recently earning the HIMSS Analytics Stage 6 designation! HIMSS Analytics highlights the Stage 6 award as recognition for hospitals that have made significant investments in healthcare IT and as well as implementing paperless medical records. This is a remarkable achievement for Parkview, considering that they’re one of only 42 hospitals out of 5,166 in the US to attain this level.…

A recent Gartner Blog Network post and Wall Street Journal article both focus on new, stricter data regulations being passed in several states, including Massachusetts. The final set of the Massachusetts regulations focus on restricting employee access to data, monitoring malicious activity on the network, and strong authentication protocols. The new regulations will go into effect beginning January 1, 2009.…

Users from temporary staff all the way up to the corner office complain about ‘drowning in security.' Why does it take four more passwords to open an email at work in some cases than to check a bank balance via the home PC? The things that make a car safe - airbags, safety glass, crumple zones, etc. - are not obvious to the driver. What lessons can we adopt from hidden security measures to make security less of a drag on employee performance?…

I read an interesting story over at HealthcareInfoSecurity.com highlighting the “Official Breach Tally Approaches 100”. The article includes a link to the official federal list of healthcare information breaches that was launched a few short months ago. While the article highlighted the major breaches affecting 500+ individuals as reported to the HHS Office for Civil Rights (OCR) and called out 61% of incidents stemming from stolen computer devices (e.g., laptops, USB drives, hard drives etc.), many of the largest breaches involved unauthorized access. Here’s a snapshot at the major breaches stemming from unauthorized access...…

Imprivata’s Geoff Hogan authored an article for Security Technology Executive last month titled, “Passwords in Peril” that delves into the password management conundrum that organizations face with the growing number of applications that employees use daily. While the article summarizes succinctly the helpdesk costs issue, employee productivity and the data security vulnerabilities that a runaway password management problem causes, it also highlights effective single sign-on (SSO) strategies and tactics to overcome these challenges. I wanted to take this opportunity to pull out a couple of SSO and Password Management best practices that Geoff covered, while adding a couple more...…

Another insider unauthorized access incident came across my radar just as I put the finishing touches on my most recent blog post highlighting Lesmany Nunez’s case being the latest example of a disgruntled employee breaching a network. As of today, the most current remote access security breach involves Danielle Duann, an IT director of a nonprofit organ and tissue donation center.…

The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance. Here are a few stats to briefly call out...…

The merger between RxHub and SureScripts has garnered extensive coverage - here,here and here, among others. This is a huge step forward for standardizing on, and speeding the adoption of, electronic prescriptions. It is significant progress, and the latest of many advancements the healthcare sector is driving forward. There is one area of the electronic prescriptions story though that is missing from all of the stories around the RxHub/SureScripts merger, though it's an important piece of the equation - authenticating that the prescription drug order is legitimate, and truly from an approved physician. Electronic transactions are easier and quicker, sure, but so is the potential for misuse and fraud.…

A nonprofit organization recently reported, over the last five years more than 45 million U.S. electronic health records (EHRs) were either lost or stolen by insiders and/or outsiders. How do we reconcile the absolute need of timely information access critical to patient welfare, while simultaneously protecting a patient’s right to privacy as granted by HIPAA and HITECH?…

The right single sign-on (SSO) solution can resolve your password management issues. However, some SSO solutions raise as many issues as they promise to solve—the cost of purchase can be quite high, and the complexity of implementation and management can overwhelm IT departments. As you start your SSO vendor evaluation process, it’s important to know what questions to ask to ensure that you have a thorough understanding of the complete solution including product features and functionality, implementation and deployment, and ongoing management. Sample questions across important categories include...…

I was reading the recent security breach news about Lesmany Nunez, a former IT administrator who was recently sentenced to a year and one day in federal prison for computer fraud. Mr. Nunez was an employee at Miami-based Quantum Technology Partners (QTP) and three months after his employment ended, he was still able to access the company’s network with an administrator password. What he did then was break into QTP’s servers, shut them down, change the system administrators’ passwords and erase files, all of which ended up costing QTP more than $30,000.…

I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:…

The Digital Healthcare Conference 2010 occurred last week in Madison, WI, under the theme of “Healthcare IT in transition.” Imprivata Chief Medical Officer Dr. Barry P. Chaiken served as the conference chair for this event, which boasted an impressive agenda that kicked off with KLAS Founder and Chairman Kent Gale exploring the obstacles to physician adoption of electronic medical records (EMRs). Gale’s “Top Ten” list highlighted common things that stand in the way of EMR adoption, and the takeaway from the entire session aimed to get attendees to see how establishing transparent workflow can lead to physicians truly embracing EMRs.…

The HIMSS Virtual Conference occurred this week, covering myriad of topics ranging from Electronic Health Records (EHRs), impact of the HITECH Act, workflow optimization as well as privacy and security in the cloud for healthcare systems. One presentation that readers of this blog may find useful was that from Box Butte General Hospital on Nov. 4 at 9:00am CT (you can register on the site for access; HIMSS members can already access it online). Here’s a brief synopsis from the session description highlighting what was covered in the presentation...…

Late last year, California enacted a new state law to help notify patients of potential breaches of their personally identifiable health information, requiring healthcare organizations to report suspected incidents of data breaches. The initial results are in, and it’s not pretty. According to the Journal of the American Health Information Management Association, California officials have received more than 800 reports of potential health data breaches in the first five months since the laws went into effect on January 1st. Of the 122 cases that have been investigated, 116 have been confirmed assecurity breaches. Officials expect the numbers to grow as more organizations put in the processes to report potential breaches.…

While the concept of cloud computing (accessing applications online) has been around for close to a decade, talks on the subject have intensified significantly in recent months. The catalysts to these discussions range from the sharp decline in hardware and network infrastructure costs to the desire for a business to 'go green' to the need for accessibly by an increasingly distributed workforce. Whatever the reason, big business has taken notice and as this interest turns into action, these companies must be prepared to look at all of the key issues around this move before taking action.…

There's a lot of news and opinions on the web as the blogosphere continues to grow. As a result, the web can be overwhelming on one hand and full of wonder on the other as you sort and click through the rabbit hole of conversations on the other side. In light of this, I thought I would provide a short list of great blogs and resources that I follow from the identity management circles that are worth checking out and engaging with:…

A couple of weeks ago I moderated a Healthcare IT News webinar session that examined how hospitals today make patient data easily and securely accessible throughout the clinical workflow. I was joined by Dr. Zafar Chaudry, CIO of Liverpool Women’s NHS Foundation Trust & Alder Hey Children’s NHS Foundation trust and Dr. Lawrence Losey, Pediatrician, Chief of Pediatrics and Chief Medical Information Officer (CMIO) for Parkview Adventist Medical Center. The session addressed the clinical workflow, process and technology behind providing fast, secure access to patient data, touching on all the areas within a hospital where a workstation sits and from anywhere a clinician may need access.…

This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year. This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.…