Greetings from the Eighteenth National HIPAA Summit in Washington, DC! It’s turned out to be an interesting event pulling in an array of people as it is co-located with the National Health IT Summit for Government Leaders, the National Health Information Exchange (HIE) Summit and the International mHealth Networking and Web Conference. Mid-way through the week-long event, there are some notable highlights from the conversations I’m having, and from the chatter on the floor and the breakout rooms. In no particular order...

On Feb. 17, 2009, the HITECH Act was enacted, giving birth to new tiered civil monetary penalties for data breach violations, new powers to state attorney generals (AGs) for class-action pursuit and new guidelines for technology and methodologies that render data “unusable, unreadable or indecipherable.” While we previously covered how HITECH will make available $2.0 billion in grant money for organizations to transition to electronic medical records (EMRs) and deploy appropriate security measures, the time is now upon us for full compliance. Otherwise, organizations risk significant penalties from the department of Health and Human Services (HHS)/ Office of Civil Rights (OCR). The Healthcare & Technology blog has a good, quick post with some useful resources...

As we turn the page to 2010 and look to delve into the top–level security concerns that lie ahead, we’d be remiss not to reflect on those security events that helped shape 2009 into the ‘year of the data breach,’ and take these as learning experiences for the New Year.

2009 was a tough year with the global economic downturn resulting in unprecedented workforce reductions. As a result, security risk from insider breaches has never been greater. Now, as we look to turn the page to 2010, it’s already clear that organizations will continue to go beyond the traditional levels of network access security by implementing policies that require users to provide a second form of identity to gain access to IT resources.

This week, Computerworld announced the honorees for its annual Premier IT Leaders awards program, and we’d like to congratulate Imprivata customer Bill McQuaid of Parkview Adventist Medical Center for making the 2010 list! Bill was recognized for his innovative approach to electronic medical records (EMR) and the significant contribution he has made to Parkview’s healthcare IT infrastructure.

Imprivata’s Geoff Hogan authored an article for Security Technology Executive last month titled, “Passwords in Peril” that delves into the password management conundrum that organizations face with the growing number of applications that employees use daily. While the article summarizes succinctly the helpdesk costs issue, employee productivity and the data security vulnerabilities that a runaway password management problem causes, it also highlights effective single sign-on (SSO) strategies and tactics to overcome these challenges. I wanted to take this opportunity to pull out a couple of SSO and Password Management best practices that Geoff covered, while adding a couple more...

The right single sign-on (SSO) solution can resolve your password management issues. However, some SSO solutions raise as many issues as they promise to solve—the cost of purchase can be quite high, and the complexity of implementation and management can overwhelm IT departments. As you start your SSO vendor evaluation process, it’s important to know what questions to ask to ensure that you have a thorough understanding of the complete solution including product features and functionality, implementation and deployment, and ongoing management. Sample questions across important categories include...

The HIMSS Virtual Conference occurred this week, covering myriad of topics ranging from Electronic Health Records (EHRs), impact of the HITECH Act, workflow optimization as well as privacy and security in the cloud for healthcare systems. One presentation that readers of this blog may find useful was that from Box Butte General Hospital on Nov. 4 at 9:00am CT (you can register on the site for access; HIMSS members can already access it online). Here’s a brief synopsis from the session description highlighting what was covered in the presentation...

This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year. This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.

Back when this blog was in its infancy, we outlined a number of identity management resources that readers should check out. Those blogs are still on the “must-read” list, but there are a number of new ones that have popped up that people interested in identity and access management may find useful...