Blog Listing

We often hear of security getting in the way when it comes to clinicians wanting immediate access to patient data. Since it's better to hear from one's peers, Imprivata asked some of its healthcare customers for tips on implementing single sign-on and strong authentication to eliminate password management headaches and how it facilitated making it easier for clinicians to get access to the records they need. As we turn our attention to HIMSS 2009, we want to share our customers' advice, thoughts and concerns on how best to navigate through the employee access management obstacles:…

The New York Times recently posted an article decrying passwords as an inadequate defense mechanism for security today in a wave of identity theft occurrences. The article goes on to push a cryptography-based approach to log-on systems, touting ‘information cards' that rely on the computer handshake between machines to authenticate a user, or in this case, a site visitor. The article goes on to rail against the OpenID initiative because of its password-driven approach to SSO to access OpenID-enabled Web sites.…

To paraphrase Princess Leia, ‘the more you tighten your grip, the more star systems will slip through your fingers.' The same can be said in trying to manage identities in today's enterprise. A number of weeks back, I got into a discussion with the 451Group's Steve Coplan about this very topic: the chaos of identities.…

This week Imprivata announced its partnership with VMware, an exciting time for our company as more and more customers and prospects inquire about combining virtual desktops with simplified and secure user access to improve user productivity. Partnering with a market leader like VMware presents a great opportunity for both organizations to deliver a secure working environment that allows end users to access their desktops from machines in any location.…

Greetings from the Eighteenth National HIPAA Summit in Washington, DC! It’s turned out to be an interesting event pulling in an array of people as it is co-located with the National Health IT Summit for Government Leaders, the National Health Information Exchange (HIE) Summit and the International mHealth Networking and Web Conference. Mid-way through the week-long event, there are some notable highlights from the conversations I’m having, and from the chatter on the floor and the breakout rooms. In no particular order...…

In February 2009, the Obama administration announced that $2.0 billion in grant money will be made available to help hospitals and other health care providers transition to electronic health records (EHR). This past Monday, the White House took a big step and launched the first of two grant programs under the HITECH act which lays the groundwork for EHR.…

We've found that the best resource for better understanding how to solve employee access management are our customers. So over the past week or so, as a few of our customers have shared details of their OneSign experiences, I thought you may want to hear what some of them are saying and doing...…

Recently, according to a Federal Computer Week article, the Drug Enforcement Administration proposed rules to allow e-Prescribing of controlled substances, such as painkillers and stimulants. The proposed rules require doctors to use two forms of identification for each transmission of e-Prescriptions for controlled substances in addition to an annual audit of each system by a certified public accountancy. Under current rules, doctors may use e-Prescribing for most prescriptions but must sign a written prescription for Schedule II controlled substances, such as Nembutal, OxyContin and opium. The DEA rule, if it becomes final, would allow doctors to use the same system for generating and transmitting all prescriptions.…

I'm often asked what seems like a simple question: 'what's new in identity management?' As simple as it is, it's a big question so here are five trends that I see out there for identity management... at least for now.…

The U.S. Department of Health and Human Services (HHS) recently announced new rules surrounding health information privacy and data security that is important for everyone involved in healthcare IT (HIT) to understand. By now, you’ve likely seen these rules, however the Healthcare IT Consultant blog has a nice synopsis of the news that drills down into the aspects most relevant for those in the Imprivata community. Pulling the key points from that blog and summarizing the primary requirements of the rules, here are some things to consider...…

On Feb. 17, 2009, the HITECH Act was enacted, giving birth to new tiered civil monetary penalties for data breach violations, new powers to state attorney generals (AGs) for class-action pursuit and new guidelines for technology and methodologies that render data “unusable, unreadable or indecipherable.” While we previously covered how HITECH will make available $2.0 billion in grant money for organizations to transition to electronic medical records (EMRs) and deploy appropriate security measures, the time is now upon us for full compliance. Otherwise, organizations risk significant penalties from the department of Health and Human Services (HHS)/ Office of Civil Rights (OCR). The Healthcare & Technology blog has a good, quick post with some useful resources...…

I just got back from the annual Siemens Innovations Conference in Philadelphia. Imprivata had a booth at the event. I had an opportunity to talk with existing and prospective OneSign customers. Clearly, single sign-on and authentication are top of mind for many of the Siemens customers we spoke with. One thing is clear - CMIOs and IT folks are looking for ways to make application access seamless and secure for the clinicians while NOT changing workflows. Imprivata OneSign is what Siemens Med is recommending as the solution of choice. In fact, there were two customer presentations where OneSign was discussed.…

The stimulus package recently signed by President Obama has been the cause for vigorous debate. One by-product of the package that has not been widely discussed is a provision that would reshape the medical industry by creating a central repository of computerized medical records for all American's. An increase in the level of electronic information of this magnitude exponentially raises the vulnerability of a security breach, which we'll focus on today.…

Risk management seems to be the conversation du jour. I was just a the Lenel Paradigm Conference in Rochester with some of their leading security consultants and the topic that constantly came up was Risk and how security practioners needed to understand the business drivers around mitigating risk. With access and authentication management-centric security breaches like LendingTree and Societe Generale making headlines and compliance requirements mandating greater information security, how does one even begin to understand what a company needs to do?…

Catching up on some news from last week and I thought Tim Greene’s article in Network World was an interesting piece on the Russian spy ring story that is currently grabbing headlines. One of the most glaring errors made by one of the spy defendants was leaving an imposing 27-character password written on a piece of paper that law enforcement officers found while searching a suspect's home. They used the password to crack open a treasure trove of more than 100 text files containing covert messages used to further the investigation.…

As we turn the page to 2010 and look to delve into the top–level security concerns that lie ahead, we’d be remiss not to reflect on those security events that helped shape 2009 into the ‘year of the data breach,’ and take these as learning experiences for the New Year.…

Security expert Bruce Schneier pulls out an interesting excerpt from an essay “When Security Gets in the Way” that is sparking great discussion on his Schneier on Security blog. The essay, from Don Norman’s jnd site, debates security vs. usability, and addresses design considerations for enterprise security systems. This article captures important concerns often discussed in security circles on how to make security stronger without disrupting user behavior. It’s a delicate balance – we often say the most secure computer is the one in a locked room not powered up but that would hardly be usable. At Imprivata we have always believed that usability and security don’t need to be mutually exclusive.…

In our last blog posting, we discussed three priorities all organizations should focus on in 2009: security, productivity and manageable IdM projects. Today we're looking more closely at enterprise security.…

Full disclosure: I'm just a medium-sized hospital's IT security guy. I've had Imprivata'sESSO appliance (three of them actually, a pair of HA, and a test box) up and running, happily, for about three years. I was invited by Imprivata and Ping Identity to participate in a panel discussion at the SSO Summit held in Keystone, CO, on July 23-25 (http://www.ssosummit.com/). Andre Durand (Ping Identity) and friends put on a very nice event. There was a good blend of topics, from SSO-centric details, to Federation issues, and a mixture of interesting case studies to visionary presenters like John Haggard (independent security consultant and long-time IT mentor) and Gunnar Peterson (Arctec Group). The event was solid throughout, but to hear John and Gunnar speak about the important issues of the past and future of SSO and IT/Web security, made the event a powerful experience not to be missed.…

Last week, I attended the Privacy and Security Tiger Team Health Information Technology Policy (HIT) Committee Consumer Choice Technology Hearing in Washington, D.C. The gathering brought together an impressive group of healthcare industry leaders, patient data privacy advocates and HIT vendors to discuss technologies that enable consumers to choose whether or not to share their information in health Information Exchanges (HIEs). Here are few things worth highlighting from the conference...…