The HITECH Act, HIPAA, as well as mandates from State regulations (e.g. Massachusetts 201 CMR 17.00), are raising the minimal requirements that organizations such as healthcare-covered entities and business associates must implement to prevent unauthorized access. Further, the Connecticut Attorney General’s lawsuit against Health Net of Connecticut for failing to secure approximately 446,000 enrollees’ Protected Health Information (PHI), and to notify State authorities and enrollees of a security breach, is a reminder that breaches are not just a risk to information, but a risk to the organization.

Coming out of HIMSS 2010, it was clear that patient data security was a chief concern, but so was the need for improved clinician workflows. For all the requirements driven by new laws and the stimulus bill, what was overlooked was the impact of security in the real-world hospital environment from a user perspective. Forcing someone to change habits and daily routines is difficult, if not impossible, to do. Therefore, it is integral to the successful adoption of these security endeavors that they be paired with improving workflow. If change makes people’s lives easier, it’s easier for them to embrace. It doesn’t need to be an either/or argument.

While many of us were down at HIMSS 2010, on March 1, 2010, Mass 201 CMR 17.00 officially went into effect: 17.05: Compliance Deadline (1)Every person who owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 on or before March 1, 2010.

This year’s HIMSS was quite an active conference, with healthcare IT a national focal point with new legislation and stimulus funding being funneled into reform and modernization initiatives. To kickoff the conference, Imprivata chief medical officer, Dr. Barry Chaiken, who is the current chair of HIMSS highlighted the need for healthcare IT solutions to drive positive industry change. Here are some pull-outs from an InformationWeek blog covering the event that capture the sentiment well...

There’s a lot of discussion around meaningful use, its definition and how organizations can obtain the government incentives that recent legislation promises. However, in the dash for these types of healthcare IT investment reimbursements, one must not overlook the role of security risk in satisfying compliance requirements.

Over at the Life as a Healthcare CIO blog, John D. Halamka MD captured a list of top barriers to electronic health record (EHR) implementations, then added on with another ‘Top 10’ that puts a little fun into the serious business of EHRs. Below are barriers that stood out to me from a data security and healthcare access management perspective, and I urge you to check out John’s blog for more specifics – definitely worth the read and a great source of information. The key Barriers to deploying EHR worth noting...

New study quantifies the clinical and financial value of single-sign on

Lexington, Mass.– July 17, 2019—Imprivata®, the healthcare IT security company, today announced that CHRISTUS Health saved clinicians 49,057 hours per year — the equivalent of 4,088 12-hour shifts — by implementing Imprivata OneSign®, the leading healthcare enterprise single sign-on (SSO) and virtual desktop access platform, across 19 hospitals.