Blog Listing

Khalid Kark of Forrester Research recently issued a useful whitepaper that outlines the security reforms needed to improve patient data security in the healthcare industry. The whitepaper highlights four key reasons why healthcare organizations are failing behind on security. Khalid provides a comprehensive set of recommendations to help healthcare organizations address these challenges – these are near and dear to what we do here every day. I thought I would share some of the insights gathered from work with our many healthcare customers.…

HIMSS is right around the corner. It's one of our favorite conferences of the year, as we get to see many of our healthcare customers all in one place. As I mentioned in my last post, if you're attending the conference this year, please plan to stop by our booth (#7339) and say hello, or check out the presentations by Imprivata's customers. OhioHealth and Southwest Washington Medical Center will be discussing the ‘Paperless Hospital' and ‘HIPAA Audits' respectively. With all the focus on healthcare now, what trends am I going to be looking for at HIMSS this year? Here are a few topics that our customers have shared with us:…

Physical logical security convergence has garnered increased attention over the past year, and we've had countless conversations with both IT departments and physical security teams about the people, process and technology issues that come with the territory. Integrating teams and policy, not just the technology, needs to be well thought out. Increasingly, the path of our conversations with prospects and customers interested in converging physical and logical access focuses on where to start that type of project.…

Next week, Tuesday 27th of May, we will be speaking at the ICT & Healthcare seminar in Ede, the Netherlands. Topic of our discussions will be clear and simple: how can we restore the 'Identity balance'. With this topic, we aim to explore how customers and partners can work with healthcare organisations to strike the right balance between...…

There’s a lot of discussion around meaningful use, its definition and how organizations can obtain the government incentives that recent legislation promises. However, in the dash for these types of healthcare IT investment reimbursements, one must not overlook the role of security risk in satisfying compliance requirements.…

We often hear of security getting in the way when it comes to clinicians wanting immediate access to patient data. Since it's better to hear from one's peers, Imprivata asked some of its healthcare customers for tips on implementing single sign-on and strong authentication to eliminate password management headaches and how it facilitated making it easier for clinicians to get access to the records they need. As we turn our attention to HIMSS 2009, we want to share our customers' advice, thoughts and concerns on how best to navigate through the employee access management obstacles:…

The New York Times recently posted an article decrying passwords as an inadequate defense mechanism for security today in a wave of identity theft occurrences. The article goes on to push a cryptography-based approach to log-on systems, touting ‘information cards' that rely on the computer handshake between machines to authenticate a user, or in this case, a site visitor. The article goes on to rail against the OpenID initiative because of its password-driven approach to SSO to access OpenID-enabled Web sites.…

To paraphrase Princess Leia, ‘the more you tighten your grip, the more star systems will slip through your fingers.' The same can be said in trying to manage identities in today's enterprise. A number of weeks back, I got into a discussion with the 451Group's Steve Coplan about this very topic: the chaos of identities.…

Steve Coplan of The 451 Group recently published a terrific report on Virtual Desktops that examines the intersection of management and security. Steve hit the nail on the head in describing the importance of user authentication in securing virtual desktops. This is especially relevant in healthcare, which is rapidly adopting virtual desktop access (VDA) to improve clinician productivity and secure patient data. We were also pleased that Steve mentioned the work Imprivata is doing with VMware around fast, seamless user access for virtual desktops...…

Over at the Life as a Healthcare CIO blog, John D. Halamka MD captured a list of top barriers to electronic health record (EHR) implementations, then added on with another ‘Top 10’ that puts a little fun into the serious business of EHRs. Below are barriers that stood out to me from a data security and healthcare access management perspective, and I urge you to check out John’s blog for more specifics – definitely worth the read and a great source of information. The key Barriers to deploying EHR worth noting...…

A recent BankInfoSecurity article reported that the Massachusetts Data Protection Law has been delayed yet again, pushing the new effective date back to March 1, 2010. As part of the law, organizations are required to protect confidential data – social security numbers, driver license numbers and financial account/credit/debit card numbers – of Massachusetts citizens. The regulation covers all non-public data, regardless of how the company obtains the information.…

We've found that the best resource for better understanding how to solve employee access management are our customers. So over the past week or so, as a few of our customers have shared details of their OneSign experiences, I thought you may want to hear what some of them are saying and doing...…

Recently, according to a Federal Computer Week article, the Drug Enforcement Administration proposed rules to allow e-Prescribing of controlled substances, such as painkillers and stimulants. The proposed rules require doctors to use two forms of identification for each transmission of e-Prescriptions for controlled substances in addition to an annual audit of each system by a certified public accountancy. Under current rules, doctors may use e-Prescribing for most prescriptions but must sign a written prescription for Schedule II controlled substances, such as Nembutal, OxyContin and opium. The DEA rule, if it becomes final, would allow doctors to use the same system for generating and transmitting all prescriptions.…

I'm often asked what seems like a simple question: 'what's new in identity management?' As simple as it is, it's a big question so here are five trends that I see out there for identity management... at least for now.…

This week Imprivata announced its partnership with VMware, an exciting time for our company as more and more customers and prospects inquire about combining virtual desktops with simplified and secure user access to improve user productivity. Partnering with a market leader like VMware presents a great opportunity for both organizations to deliver a secure working environment that allows end users to access their desktops from machines in any location.…

Greetings from the Eighteenth National HIPAA Summit in Washington, DC! It’s turned out to be an interesting event pulling in an array of people as it is co-located with the National Health IT Summit for Government Leaders, the National Health Information Exchange (HIE) Summit and the International mHealth Networking and Web Conference. Mid-way through the week-long event, there are some notable highlights from the conversations I’m having, and from the chatter on the floor and the breakout rooms. In no particular order...…

In February 2009, the Obama administration announced that $2.0 billion in grant money will be made available to help hospitals and other health care providers transition to electronic health records (EHR). This past Monday, the White House took a big step and launched the first of two grant programs under the HITECH act which lays the groundwork for EHR.…

The stimulus package recently signed by President Obama has been the cause for vigorous debate. One by-product of the package that has not been widely discussed is a provision that would reshape the medical industry by creating a central repository of computerized medical records for all American's. An increase in the level of electronic information of this magnitude exponentially raises the vulnerability of a security breach, which we'll focus on today.…

Risk management seems to be the conversation du jour. I was just a the Lenel Paradigm Conference in Rochester with some of their leading security consultants and the topic that constantly came up was Risk and how security practioners needed to understand the business drivers around mitigating risk. With access and authentication management-centric security breaches like LendingTree and Societe Generale making headlines and compliance requirements mandating greater information security, how does one even begin to understand what a company needs to do?…

The U.S. Department of Health and Human Services (HHS) recently announced new rules surrounding health information privacy and data security that is important for everyone involved in healthcare IT (HIT) to understand. By now, you’ve likely seen these rules, however the Healthcare IT Consultant blog has a nice synopsis of the news that drills down into the aspects most relevant for those in the Imprivata community. Pulling the key points from that blog and summarizing the primary requirements of the rules, here are some things to consider...…