While many of us were down at HIMSS 2010, on March 1, 2010, Mass 201 CMR 17.00 officially went into effect: 17.05: Compliance Deadline (1)Every person who owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 on or before March 1, 2010.…

This week I had a chance to talk with Network World’s director of programming Keith Shaw about the various ways that employees breach data security – both intentionally and inadvertently. The podcast interview captures a number of ways that employees breach enterprise security, whether by accident or with malicious intent. Here are some of the highlights...…

The National Institute of Standards and Technology (NIST) recently put out a draft “Guide to Enterprise Password Management” for public comment for feedback and improvement. While it gives a lesson in password management history, it doesn’t quite break new grounds on prescriptive opinion. Dave Kearns provided useful analysis of the NIST paper in his recent Managing Passwordsarticle on Network World, and a couple of nuggets of wisdom jumped out at me:…

Since 1996, HIPAA has become one of the most important and highly publicized pieces of healthcare legislation in the United States. Over this time it has also become one of THE biggest topics of conversation within the healthcare and security industries and with good reason-HIPAA involves two major issues, patients and privacy. What's truly amazing to me is that behind the scenes, one would naturally have to assume that the majority of healthcare organizations are being driven by the worry of the potential penalties that might be levied on them by the Department of Health & Human Services (HHS) for their failure to fully comply with HIPAA...…

I work in the field for Imprivata, working with customers day in, day out. And the single most heard question I get relating to our products is: 'which authentication technology should I use'. Fingerprint? Yeah that's good, I will never forget my finger, right? Or a prox card? Even better, because I can use that to open doors, pay at the lunch cashier, and so forth. Nah - maybe a smartcard is better. Or a one-time-password token. Or ... Of all of the suggestions I made above, none of them is ideal. All of them have pros and cons, and really, all of them have very different characteristics. In my mind, there are three/four things to ask yourself when choosing an authentication technique...…

Catching up on some reading after a few weeks on the road, most notably at VMworld 2010, I read Joseph Goedert’s Health Data Management article on the Privacy and Security Tiger Team’s recommendations for privacy issues that were sent to The Office of the National Coordinator for Health Information Technology (ONC). The core recommendations focus on how to empower patient consent and how to ensure appropriate use and exchange of personal health information (PHI) by care givers and business associates – all in the name of good data stewardship – as ONC encourages adoption of healthcare IT.…

This year’s HIMSS was quite an active conference, with healthcare IT a national focal point with new legislation and stimulus funding being funneled into reform and modernization initiatives. To kickoff the conference, Imprivata chief medical officer, Dr. Barry Chaiken, who is the current chair of HIMSS highlighted the need for healthcare IT solutions to drive positive industry change. Here are some pull-outs from an InformationWeek blog covering the event that capture the sentiment well...…

Khalid Kark of Forrester Research recently issued a useful whitepaper that outlines the security reforms needed to improve patient data security in the healthcare industry. The whitepaper highlights four key reasons why healthcare organizations are failing behind on security. Khalid provides a comprehensive set of recommendations to help healthcare organizations address these challenges – these are near and dear to what we do here every day. I thought I would share some of the insights gathered from work with our many healthcare customers.…

HIMSS is right around the corner. It's one of our favorite conferences of the year, as we get to see many of our healthcare customers all in one place. As I mentioned in my last post, if you're attending the conference this year, please plan to stop by our booth (#7339) and say hello, or check out the presentations by Imprivata's customers. OhioHealth and Southwest Washington Medical Center will be discussing the ‘Paperless Hospital' and ‘HIPAA Audits' respectively. With all the focus on healthcare now, what trends am I going to be looking for at HIMSS this year? Here are a few topics that our customers have shared with us:…

Physical logical security convergence has garnered increased attention over the past year, and we've had countless conversations with both IT departments and physical security teams about the people, process and technology issues that come with the territory. Integrating teams and policy, not just the technology, needs to be well thought out. Increasingly, the path of our conversations with prospects and customers interested in converging physical and logical access focuses on where to start that type of project.…

Next week, Tuesday 27th of May, we will be speaking at the ICT & Healthcare seminar in Ede, the Netherlands. Topic of our discussions will be clear and simple: how can we restore the 'Identity balance'. With this topic, we aim to explore how customers and partners can work with healthcare organisations to strike the right balance between...…

The Siemens show has been fantastic. What a great group of people, from Siemens and their customers, as well as all the other great Siemens partners that are participating. What are we hearing? Signing on to desktops and applications is extremely painful! Remembering all the different passwords, trying to type them in while a patient is waiting for you, the time it takes for the applications to load… We need to simplify access to EMR and hospital IT systems for our clinicians! For those that know Imprivata, and for those that have been introduced to us this week, the response has been consistent; We can simplify access saving clinicians 15 minutes per day and help drive EMR adoption.…

The Meaningful Use Analysis presented at the recent HIT Policy Committee Meeting indicates that 2,246 Eligible Professionals and 100 Hospitals have attested successfully. That’s a good start to EHR Adoption; with Stage 2 potentially delayed for these earlier adopters it will be interesting to see how many more attest to Meaningful Use in 2011.…

Data breaches in healthcare are certainly not new. Most data breaches today occur when electronic patient information (known as "protected health information" or PHI in the HIPAA regulation) is stored unencrypted on a device that is lost or stolen. All of the data breach laws in effect today state that as long as the data or device are encrypted, there is no data breach and therefore no liability or legal remedy. So if it's that easy, why do the number of breaches in healthcare continue to grow at alarming rates? …

As leaders in technology adoption, Radiologists are starting to look to biometrics to help provide No Click Access to the various systems and places they nee…

On November 30, 2011 HHS announced that they approve of the proposed push of Stage 2 Meaningful Use from 2013 to 2014 that has been talked about since July of this year. But who does this decision really impact?…

Study spotlights the value of single sign-on solutions for hospitals seeking meaningful use credits. An eye-opening new study that was just released from the Ponemon Institute revealed roughly 60 percent of the more than 400 healthcare IT respondents believe that single sign-on (SSO) solutions support their organizations’ efforts to demonstrate the “meaningful use” of EMR adoption. …

Today, Teradici have released Teradici PCoIP® Firmware release 3.5. Within this firmware update is code specifically designed to integrate with a new API from Imprivata that enables full No Click Access™ from a Teradici-enabled PCoIP zero client. This integration supports strong authentication with just the tap of an access card or ID badge to automate the process of bringing the user directly to their virtual desktop.…

On April 21st, the HIT Policy Committee Certification/Adoption Workgroup held a meeting to discuss Electronic Health Record (EHR) usability.…

By combining the benefits of roaming desktops with the simplicity of No Click Access delivered by Imprivata OneSign, clinicians can now access Citrix XenDesktop or XenApp with the tap of a badge or swipe of a fingerprint - enabling clinicians to dedicate more of their time with their patients and less time with the computer.…