The recent Ponemon Institute benchmark study on patient data privacy and security practices sheds some much-needed light on the practice of data protection within our nation’s hospitals. According to the study, today’s hospitals have little confidence in their ability to secure patient records, revealing just how vulnerable they are to data breaches – a concern for all patients. Highlighted are some of the key findings...…

Coming out of HIMSS 2010, it was clear that patient data security was a chief concern, but so was the need for improved clinician workflows. For all the requirements driven by new laws and the stimulus bill, what was overlooked was the impact of security in the real-world hospital environment from a user perspective. Forcing someone to change habits and daily routines is difficult, if not impossible, to do. Therefore, it is integral to the successful adoption of these security endeavors that they be paired with improving workflow. If change makes people’s lives easier, it’s easier for them to embrace. It doesn’t need to be an either/or argument.…

I just left the annual Cerner Health Conference in Kansas City, where clinical and technical users of Cerner software gather to share ideas, best practices and technology solutions that are molding the future of healthcare.…

I was reading about the recent access management related breach at the California Water Services Company, where an auditor resigned, but illegally accessed computer systems to steal more than $9 million before leaving. While the company should be lauded for catching the fraud before the wire transfers could go through and irreparable damage could be done, it should serve as another cautionary tale in what has become a recurring theme on the application security front. This is just one more saga in an every growing litany of tales of breaches that we’ve hearing about.…

I was recently asked to comment on the future of biometrics so I wanted to share my thoughts here after distilling them down into four buckets... What's Next in Adoption, What's Next in the Tech, What's Next in the Enterprise, and What's Next in Consolidation.…

After the recent 2008 HIMSS Conference, we conducted a survey of 171 healthcare IT decision makers to identify some of the trends they face relating to identity management. I wanted to call out a few interesting data points...…

On Wednesday, November 10th at 1:00 PM EST, I am fortunate to host Kristi Roose, IT director at Mahaska Health Partnership on a webinar where Kristi will share her insights on how to successfully deploy an EMR and help satisfy the requirements of meaningful use and the privacy and security standards embedded in the HITECH Act.…

While many of us were down at HIMSS 2010, on March 1, 2010, Mass 201 CMR 17.00 officially went into effect: 17.05: Compliance Deadline (1)Every person who owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 on or before March 1, 2010.…

This week I had a chance to talk with Network World’s director of programming Keith Shaw about the various ways that employees breach data security – both intentionally and inadvertently. The podcast interview captures a number of ways that employees breach enterprise security, whether by accident or with malicious intent. Here are some of the highlights...…

The National Institute of Standards and Technology (NIST) recently put out a draft “Guide to Enterprise Password Management” for public comment for feedback and improvement. While it gives a lesson in password management history, it doesn’t quite break new grounds on prescriptive opinion. Dave Kearns provided useful analysis of the NIST paper in his recent Managing Passwordsarticle on Network World, and a couple of nuggets of wisdom jumped out at me:…

Since 1996, HIPAA has become one of the most important and highly publicized pieces of healthcare legislation in the United States. Over this time it has also become one of THE biggest topics of conversation within the healthcare and security industries and with good reason-HIPAA involves two major issues, patients and privacy. What's truly amazing to me is that behind the scenes, one would naturally have to assume that the majority of healthcare organizations are being driven by the worry of the potential penalties that might be levied on them by the Department of Health & Human Services (HHS) for their failure to fully comply with HIPAA...…

I work in the field for Imprivata, working with customers day in, day out. And the single most heard question I get relating to our products is: 'which authentication technology should I use'. Fingerprint? Yeah that's good, I will never forget my finger, right? Or a prox card? Even better, because I can use that to open doors, pay at the lunch cashier, and so forth. Nah - maybe a smartcard is better. Or a one-time-password token. Or ... Of all of the suggestions I made above, none of them is ideal. All of them have pros and cons, and really, all of them have very different characteristics. In my mind, there are three/four things to ask yourself when choosing an authentication technique...…

Professional Services are not something that should only be considered during the initial implementation of Imprivata OneSign. As our customer base has grown through the years, we’ve seen their personnel come and go, departments change, infrastructure develop and new technology appear. What doesn’t change is the need to provide simple secure access even though regulations get more rigorous and security threats become greater.…

Head over to the Imprivata booth #1070 to take a look at the tech preview of the joint development between Teradici and Imprivata. And just in case it’s too busy to get close, you can also see it at the VMware, Teradici, Dell and VCE stands. Yes, it’s that cool. While you’re there, ask Michelle for some sonic rocks – I hear they’re kind of fun...…

The Siemens show has been fantastic. What a great group of people, from Siemens and their customers, as well as all the other great Siemens partners that are participating. What are we hearing? Signing on to desktops and applications is extremely painful! Remembering all the different passwords, trying to type them in while a patient is waiting for you, the time it takes for the applications to load… We need to simplify access to EMR and hospital IT systems for our clinicians! For those that know Imprivata, and for those that have been introduced to us this week, the response has been consistent; We can simplify access saving clinicians 15 minutes per day and help drive EMR adoption.…

The Meaningful Use Analysis presented at the recent HIT Policy Committee Meeting indicates that 2,246 Eligible Professionals and 100 Hospitals have attested successfully. That’s a good start to EHR Adoption; with Stage 2 potentially delayed for these earlier adopters it will be interesting to see how many more attest to Meaningful Use in 2011.…

Data breaches in healthcare are certainly not new. Most data breaches today occur when electronic patient information (known as "protected health information" or PHI in the HIPAA regulation) is stored unencrypted on a device that is lost or stolen. All of the data breach laws in effect today state that as long as the data or device are encrypted, there is no data breach and therefore no liability or legal remedy. So if it's that easy, why do the number of breaches in healthcare continue to grow at alarming rates? …

As leaders in technology adoption, Radiologists are starting to look to biometrics to help provide No Click Access to the various systems and places they nee…

On November 30, 2011 HHS announced that they approve of the proposed push of Stage 2 Meaningful Use from 2013 to 2014 that has been talked about since July of this year. But who does this decision really impact?…

Study spotlights the value of single sign-on solutions for hospitals seeking meaningful use credits. An eye-opening new study that was just released from the Ponemon Institute revealed roughly 60 percent of the more than 400 healthcare IT respondents believe that single sign-on (SSO) solutions support their organizations’ efforts to demonstrate the “meaningful use” of EMR adoption. …