Blog Listing

Are you ready for Stage 2 Meaningful Use? The proposed ruling states hospitals must attest to 18 objectives, 16 core and 2 of 4 menu objectives and Stage 2 now begins in FFY 2014 (10/1/2013). By consolidating some objectives, introducing new ones and raising the threshold on some the bar is certainly raised. …

Here’s the problem.…

I thought I’d give you the condensed version of the great customer presentations and comments we had here at booth #3160 from the HIMSS show floor.…

A great day at the Imprivata stand today.…

In the case of a OneSign implementation, the answer may surprise you.…

VMworld was markedly different from a healthcare IT point of view this year. I wrote a guest blog for HealthITExchange summarizing a few of my thoughts which you can find here. Were you at VMworld this year? What was your impression?…

I read an interesting story over at HealthcareInfoSecurity.com highlighting the “Official Breach Tally Approaches 100”. The article includes a link to the official federal list of healthcare information breaches that was launched a few short months ago. While the article highlighted the major breaches affecting 500+ individuals as reported to the HHS Office for Civil Rights (OCR) and called out 61% of incidents stemming from stolen computer devices (e.g., laptops, USB drives, hard drives etc.), many of the largest breaches involved unauthorized access. Here’s a snapshot at the major breaches stemming from unauthorized access...…

This week, Computerworld announced the honorees for its annual Premier IT Leaders awards program, and we’d like to congratulate Imprivata customer Bill McQuaid of Parkview Adventist Medical Center for making the 2010 list! Bill was recognized for his innovative approach to electronic medical records (EMR) and the significant contribution he has made to Parkview’s healthcare IT infrastructure.…

Congratulations to Imprivata customer Parkview Adventist Medical Center for recently earning the HIMSS Analytics Stage 6 designation! HIMSS Analytics highlights the Stage 6 award as recognition for hospitals that have made significant investments in healthcare IT and as well as implementing paperless medical records. This is a remarkable achievement for Parkview, considering that they’re one of only 42 hospitals out of 5,166 in the US to attain this level.…

A recent Gartner Blog Network post and Wall Street Journal article both focus on new, stricter data regulations being passed in several states, including Massachusetts. The final set of the Massachusetts regulations focus on restricting employee access to data, monitoring malicious activity on the network, and strong authentication protocols. The new regulations will go into effect beginning January 1, 2009.…

Users from temporary staff all the way up to the corner office complain about ‘drowning in security.' Why does it take four more passwords to open an email at work in some cases than to check a bank balance via the home PC? The things that make a car safe - airbags, safety glass, crumple zones, etc. - are not obvious to the driver. What lessons can we adopt from hidden security measures to make security less of a drag on employee performance?…

A nonprofit organization recently reported, over the last five years more than 45 million U.S. electronic health records (EHRs) were either lost or stolen by insiders and/or outsiders. How do we reconcile the absolute need of timely information access critical to patient welfare, while simultaneously protecting a patient’s right to privacy as granted by HIPAA and HITECH?…

Imprivata’s Geoff Hogan authored an article for Security Technology Executive last month titled, “Passwords in Peril” that delves into the password management conundrum that organizations face with the growing number of applications that employees use daily. While the article summarizes succinctly the helpdesk costs issue, employee productivity and the data security vulnerabilities that a runaway password management problem causes, it also highlights effective single sign-on (SSO) strategies and tactics to overcome these challenges. I wanted to take this opportunity to pull out a couple of SSO and Password Management best practices that Geoff covered, while adding a couple more...…

Another insider unauthorized access incident came across my radar just as I put the finishing touches on my most recent blog post highlighting Lesmany Nunez’s case being the latest example of a disgruntled employee breaching a network. As of today, the most current remote access security breach involves Danielle Duann, an IT director of a nonprofit organ and tissue donation center.…

The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance. Here are a few stats to briefly call out...…

The merger between RxHub and SureScripts has garnered extensive coverage - here,here and here, among others. This is a huge step forward for standardizing on, and speeding the adoption of, electronic prescriptions. It is significant progress, and the latest of many advancements the healthcare sector is driving forward. There is one area of the electronic prescriptions story though that is missing from all of the stories around the RxHub/SureScripts merger, though it's an important piece of the equation - authenticating that the prescription drug order is legitimate, and truly from an approved physician. Electronic transactions are easier and quicker, sure, but so is the potential for misuse and fraud.…

The National Institute of Standards and Technology (NIST) published its Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule back in late 2008, but spurred by a jolt of healthcare IT investment driven by HITECH mandates has renewed relevance today. From a user access perspective, there are important technical safeguards outlined in the area of Access Control, Audit Control, Integrity, and Person or Entity Authentication that are worth calling out. Specific Key Activities within these technical safeguards criteria you should review include...…

The right single sign-on (SSO) solution can resolve your password management issues. However, some SSO solutions raise as many issues as they promise to solve—the cost of purchase can be quite high, and the complexity of implementation and management can overwhelm IT departments. As you start your SSO vendor evaluation process, it’s important to know what questions to ask to ensure that you have a thorough understanding of the complete solution including product features and functionality, implementation and deployment, and ongoing management. Sample questions across important categories include...…

I was reading the recent security breach news about Lesmany Nunez, a former IT administrator who was recently sentenced to a year and one day in federal prison for computer fraud. Mr. Nunez was an employee at Miami-based Quantum Technology Partners (QTP) and three months after his employment ended, he was still able to access the company’s network with an administrator password. What he did then was break into QTP’s servers, shut them down, change the system administrators’ passwords and erase files, all of which ended up costing QTP more than $30,000.…

I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:…