Blog Listing

Full disclosure: I'm just a medium-sized hospital's IT security guy. I've had Imprivata'sESSO appliance (three of them actually, a pair of HA, and a test box) up and running, happily, for about three years. I was invited by Imprivata and Ping Identity to participate in a panel discussion at the SSO Summit held in Keystone, CO, on July 23-25 (http://www.ssosummit.com/). Andre Durand (Ping Identity) and friends put on a very nice event. There was a good blend of topics, from SSO-centric details, to Federation issues, and a mixture of interesting case studies to visionary presenters like John Haggard (independent security consultant and long-time IT mentor) and Gunnar Peterson (Arctec Group). The event was solid throughout, but to hear John and Gunnar speak about the important issues of the past and future of SSO and IT/Web security, made the event a powerful experience not to be missed.…

Last week, I attended the Privacy and Security Tiger Team Health Information Technology Policy (HIT) Committee Consumer Choice Technology Hearing in Washington, D.C. The gathering brought together an impressive group of healthcare industry leaders, patient data privacy advocates and HIT vendors to discuss technologies that enable consumers to choose whether or not to share their information in health Information Exchanges (HIEs). Here are few things worth highlighting from the conference...…

2009 was a tough year with the global economic downturn resulting in unprecedented workforce reductions. As a result, security risk from insider breaches has never been greater. Now, as we look to turn the page to 2010, it’s already clear that organizations will continue to go beyond the traditional levels of network access security by implementing policies that require users to provide a second form of identity to gain access to IT resources.…

At Parkview Adventist Medical Center we're very proud of our accomplishment of being only one of a handful of hospitals that have been awarded with HIMSS Analytics Stage 6 status.Moving to an EMR format and a paperless environment requires a significant commitment from the executive team and from our clinicians. As we began our move to EMR, we had two major concerns. 1 – Can we maintain patient data security and HIPAA compliance in an electronic format? 2 – Will the clinicians buy into what we’re doing and use the technologies we provide? These are two critical components in achieving Stage 6 status.…

The term 'security policy' used to mean different things to different people. For the facilities management department, it covers physical access points and teaching staff to lock office doors and file cabinets before leaving for the night. For the IT manager, it means keeping up to date with the latest patches and ensuring that users can only access the applications and data that they are allowed to. However, this situation is changing with IT and physical security being managed together. Although they come from separate disciplines, what these two areas have in common is policy.…

I read an interesting story over at HealthcareInfoSecurity.com highlighting the “Official Breach Tally Approaches 100”. The article includes a link to the official federal list of healthcare information breaches that was launched a few short months ago. While the article highlighted the major breaches affecting 500+ individuals as reported to the HHS Office for Civil Rights (OCR) and called out 61% of incidents stemming from stolen computer devices (e.g., laptops, USB drives, hard drives etc.), many of the largest breaches involved unauthorized access. Here’s a snapshot at the major breaches stemming from unauthorized access...…

This week, Computerworld announced the honorees for its annual Premier IT Leaders awards program, and we’d like to congratulate Imprivata customer Bill McQuaid of Parkview Adventist Medical Center for making the 2010 list! Bill was recognized for his innovative approach to electronic medical records (EMR) and the significant contribution he has made to Parkview’s healthcare IT infrastructure.…

Congratulations to Imprivata customer Parkview Adventist Medical Center for recently earning the HIMSS Analytics Stage 6 designation! HIMSS Analytics highlights the Stage 6 award as recognition for hospitals that have made significant investments in healthcare IT and as well as implementing paperless medical records. This is a remarkable achievement for Parkview, considering that they’re one of only 42 hospitals out of 5,166 in the US to attain this level.…

The discussion on desktop virtualization, or hosted virtual desktop, is heating up. Some view it as futuristic. Others say it is throwback to the world of mainframe computing. With economic concerns forcing businesses to take a hard look at expenses across the enterprise, however, there are many reasons this is such a hot topic.…

Managing the Increasing Vulnerability of a Decentralized Workforce More and more companies today are enabling employees and partners to work remotely, accessing networks, data and applications from just about anywhere to be productive. Being productive is good. Behaving less responsibly is not. I was reading that Cisco Systems commissioned a survey to examine the security behavior of remote workers, and I found some of the findings startling -- here's a few that stood out for me:…

I often have conversations with customers about the level of effort that is required to support OneSign once it is deployed. We usually talk about the resources that are required to work on testing new application profiles or changes to existing profiles, but if you back up one level, you will see the X factor.…

Last week, ecfirst's CEO, Ali Pabrai joined me for a live webinar that discussed a checklist for healthcare IT Security compliance. If you missed the webinar, you won't want to miss this -- we've gone ahead and transcribed our answers from the Q&A session. Question 1: Where can I go to find out exactly which set of rules / regulations apply to my business? There are so many different ones which change often that it's difficult to stay current. Answer: That is one of the areas that must be addressed in a comprehensive risk analysis activity. It’s critical to keep up with HITECH Act changes. The best source is the OCR site at www.hhs.gov. Also, it’s important to keep up with State regulations, especially CA, Massachusetts, etc.…

Following the announcement that NHS Scotland had selected Imprivata to provide single sign-on for all of its health workers across Scotland, the Scottish Government has published an update to their e-health strategy for 2011-2017.…

Recent survey results released show only 50.7% of U.S. hospitals with implemented electronic medical records (EMRs). While transitioning to a paperless system seems to be a logical evolution in the health care system, the rather slow rate of EMR adoption does not surprise me. Even with the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in February 2009 which attached a monetary incentive to implementation, technologies that do not seamlessly fit into clinicians’ day-to-day activities, improve patient care, and enable them to work more efficiently fail to achieve widespread acceptance. In order to improve EMR adoption rates in the U.S., we must provide doctors with tools that do not disrupt time spent with the patients, while enhancing their ability to access vital information quickly and efficiently.…

The highlight of today was undoubtedly the customer panel in the session Healthcare and the Journey to the Cloud- State of the Industry.…

There' s been a lot of talk and focus on the Meaningful Use provisions of the HITECH Act. I worry that we're becoming too focused on the details of Meaningful Use, and losing the bigger picture. The government instituted the Meaningful Use criteria and incentives because they believe that electronic medical records can improve quality of care and access to care – but only if the EMR solutions are actually deployed and used. Hence Meaningful Use.…

Many agencies that I’ve spoken to are not aware of the Advanced Authentication requirements of the FBI CJIS Security Policy 5.6.2.2 and are therefore not aware that they may be in breach of this requirement. This video will quickly enable you to find out whether you may be in breach and how Imprivata can put you back in compliance.…

Last month, Kristi Roose from Mahaska Health Partnership joined me for a live webinar that discussed deploying SSO and Strong Authentication, and the steps you can take to get to Meaningful Use faster. If you missed the webinar, you won't want to miss this -- we've gone ahead and transcribed our answers from the Q&A session. Question 1: How long did it take to roll a unit out to all the departments and how long did it take to see acceptance to the change? Answer: We approached these rollouts one unit at a time, and the time frame depended on the number of users. Usually it took about 1-2 weeks per unit to make sure that everyone was comfortable with the product. Once the unit was rolled out acceptance was immediate; customers were grateful for the product and relieved to be able to access data more easily. It was a relief for their workflow. …

Day 2 is now in full swing at VMworld 2011. We had a very busy Day 1 yesterday. While the show attendance was clearly impacted by Irene, it sure feels like there are 15,000+ VMworld attendees here in sunny Vegas.…

I’m extremely excited about our participation in this year’s show particularly the opportunity to demonstrate the results of our collaboration and integration with some of our partners. Imprivata is working in conjunction with VMware, Teradici, Dell, and VCE to showcase our joint solutions, which showcase VMware View serving up virtual desktops,…