Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn more about black market PHI driving espionage, an alarming amount of hospital...

Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn about changes to HIPAA telehealth enforcements, privacy rules during the...

Khalid Kark of Forrester Research recently issued a useful whitepaper that outlines the security reforms needed to improve patient data security in the healthcare industry. The whitepaper highlights four key reasons why healthcare organizations are failing behind on security. Khalid provides a comprehensive set of recommendations to help healthcare organizations address these challenges – these are near and dear to what we do here every day. I thought I would share some of the insights gathered from work with our many healthcare customers.

I am currently at the Insight 2009 Annual Conference in Orlando, where 1,200-1,400 attendees are converging to learn and build relationships centered on their McKesson healthcare IT systems. Users are hearing details of new product enhancements and integrations, learning best practices and engaging in valuable peer discussions they can take back to their organizations. Overall, there seem to be two overarching themes that are driving discussions, both in sessions and in the hallways...

A recent BankInfoSecurity article reported that the Massachusetts Data Protection Law has been delayed yet again, pushing the new effective date back to March 1, 2010. As part of the law, organizations are required to protect confidential data – social security numbers, driver license numbers and financial account/credit/debit card numbers – of Massachusetts citizens. The regulation covers all non-public data, regardless of how the company obtains the information.

In February 2009, the Obama administration announced that $2.0 billion in grant money will be made available to help hospitals and other health care providers transition to electronic health records (EHR). This past Monday, the White House took a big step and launched the first of two grant programs under the HITECH act which lays the groundwork for EHR.

I just got back from the annual Siemens Innovations Conference in Philadelphia. Imprivata had a booth at the event. I had an opportunity to talk with existing and prospective OneSign customers. Clearly, single sign-on and authentication are top of mind for many of the Siemens customers we spoke with. One thing is clear - CMIOs and IT folks are looking for ways to make application access seamless and secure for the clinicians while NOT changing workflows. Imprivata OneSign is what Siemens Med is recommending as the solution of choice. In fact, there were two customer presentations where OneSign was discussed.

Security expert Bruce Schneier pulls out an interesting excerpt from an essay “When Security Gets in the Way” that is sparking great discussion on his Schneier on Security blog. The essay, from Don Norman’s jnd site, debates security vs. usability, and addresses design considerations for enterprise security systems. This article captures important concerns often discussed in security circles on how to make security stronger without disrupting user behavior. It’s a delicate balance – we often say the most secure computer is the one in a locked room not powered up but that would hardly be usable. At Imprivata we have always believed that usability and security don’t need to be mutually exclusive.

At Parkview Adventist Medical Center we're very proud of our accomplishment of being only one of a handful of hospitals that have been awarded with HIMSS Analytics Stage 6 status.Moving to an EMR format and a paperless environment requires a significant commitment from the executive team and from our clinicians. As we began our move to EMR, we had two major concerns. 1 – Can we maintain patient data security and HIPAA compliance in an electronic format? 2 – Will the clinicians buy into what we’re doing and use the technologies we provide? These are two critical components in achieving Stage 6 status.