Blog Listing

We often hear of security getting in the way when it comes to clinicians wanting immediate access to patient data. Since it's better to hear from one's peers, Imprivata asked some of its healthcare customers for tips on implementing single sign-on and strong authentication to eliminate password management headaches and how it facilitated making it easier for clinicians to get access to the records they need. As we turn our attention to HIMSS 2009, we want to share our customers' advice, thoughts and concerns on how best to navigate through the employee access management obstacles:…

The New York Times recently posted an article decrying passwords as an inadequate defense mechanism for security today in a wave of identity theft occurrences. The article goes on to push a cryptography-based approach to log-on systems, touting ‘information cards' that rely on the computer handshake between machines to authenticate a user, or in this case, a site visitor. The article goes on to rail against the OpenID initiative because of its password-driven approach to SSO to access OpenID-enabled Web sites.…

To paraphrase Princess Leia, ‘the more you tighten your grip, the more star systems will slip through your fingers.' The same can be said in trying to manage identities in today's enterprise. A number of weeks back, I got into a discussion with the 451Group's Steve Coplan about this very topic: the chaos of identities.…

Steve Coplan of The 451 Group recently published a terrific report on Virtual Desktops that examines the intersection of management and security. Steve hit the nail on the head in describing the importance of user authentication in securing virtual desktops. This is especially relevant in healthcare, which is rapidly adopting virtual desktop access (VDA) to improve clinician productivity and secure patient data. We were also pleased that Steve mentioned the work Imprivata is doing with VMware around fast, seamless user access for virtual desktops...…

Over at the Life as a Healthcare CIO blog, John D. Halamka MD captured a list of top barriers to electronic health record (EHR) implementations, then added on with another ‘Top 10’ that puts a little fun into the serious business of EHRs. Below are barriers that stood out to me from a data security and healthcare access management perspective, and I urge you to check out John’s blog for more specifics – definitely worth the read and a great source of information. The key Barriers to deploying EHR worth noting...…

A recent BankInfoSecurity article reported that the Massachusetts Data Protection Law has been delayed yet again, pushing the new effective date back to March 1, 2010. As part of the law, organizations are required to protect confidential data – social security numbers, driver license numbers and financial account/credit/debit card numbers – of Massachusetts citizens. The regulation covers all non-public data, regardless of how the company obtains the information.…

We've found that the best resource for better understanding how to solve employee access management are our customers. So over the past week or so, as a few of our customers have shared details of their OneSign experiences, I thought you may want to hear what some of them are saying and doing...…

Recently, according to a Federal Computer Week article, the Drug Enforcement Administration proposed rules to allow e-Prescribing of controlled substances, such as painkillers and stimulants. The proposed rules require doctors to use two forms of identification for each transmission of e-Prescriptions for controlled substances in addition to an annual audit of each system by a certified public accountancy. Under current rules, doctors may use e-Prescribing for most prescriptions but must sign a written prescription for Schedule II controlled substances, such as Nembutal, OxyContin and opium. The DEA rule, if it becomes final, would allow doctors to use the same system for generating and transmitting all prescriptions.…

I'm often asked what seems like a simple question: 'what's new in identity management?' As simple as it is, it's a big question so here are five trends that I see out there for identity management... at least for now.…

Data breaches in healthcare are certainly not new. Most data breaches today occur when electronic patient information (known as "protected health information" or PHI in the HIPAA regulation) is stored unencrypted on a device that is lost or stolen. All of the data breach laws in effect today state that as long as the data or device are encrypted, there is no data breach and therefore no liability or legal remedy. So if it's that easy, why do the number of breaches in healthcare continue to grow at alarming rates? …

As leaders in technology adoption, Radiologists are starting to look to biometrics to help provide No Click Access to the various systems and places they nee…

On November 30, 2011 HHS announced that they approve of the proposed push of Stage 2 Meaningful Use from 2013 to 2014 that has been talked about since July of this year. But who does this decision really impact?…

Study spotlights the value of single sign-on solutions for hospitals seeking meaningful use credits. An eye-opening new study that was just released from the Ponemon Institute revealed roughly 60 percent of the more than 400 healthcare IT respondents believe that single sign-on (SSO) solutions support their organizations’ efforts to demonstrate the “meaningful use” of EMR adoption. …

Today, Teradici have released Teradici PCoIP® Firmware release 3.5. Within this firmware update is code specifically designed to integrate with a new API from Imprivata that enables full No Click Access™ from a Teradici-enabled PCoIP zero client. This integration supports strong authentication with just the tap of an access card or ID badge to automate the process of bringing the user directly to their virtual desktop.…

On April 21st, the HIT Policy Committee Certification/Adoption Workgroup held a meeting to discuss Electronic Health Record (EHR) usability.…

By combining the benefits of roaming desktops with the simplicity of No Click Access delivered by Imprivata OneSign, clinicians can now access Citrix XenDesktop or XenApp with the tap of a badge or swipe of a fingerprint - enabling clinicians to dedicate more of their time with their patients and less time with the computer.…

Security compliance often requires complex passwords – causing user frustration and helpdesk calls. Jon Wu, System Engineer at Verity Credit Union, joined me for a webinar on how SSO helped Verity increase user productivity and customer satisfaction. Below is the transcribed Q&A from the webinar. View the full webinar here Question 1: Did auditing play a role in your decision to buy single sign-on, and has it helped with reporting on user access? Answer: Yes it did. When we first mentioned that we would be getting a password program, users were nervous. They thought, “is this password program going to remember all of my passwords and keep it secure?” When we presented to Imprivata, they said no problem, it’s all taken care of. From end to end the passwords are encrypted. Imprivata takes care of both situations, and we don’t have to worry about it being exposed in any way.…

Healthcare has the reputation of being highly resistant to change, that paper based systems are the best solution and that clinicians will simply not use any replacement. Why else would a hospital have to prove that they are meaningfully using new technology in order to receive the HITECH funding? Couldn’t we just trust them? So who’d have thunk it that in a survey of 477 IT professionals across multiple industries, it’s healthcare that are leading the way in the deployment of desktop virtualization!…

As we all know, the CJIS policy is now final and mandates that all agencies must have enforced unique IDs strong passwords by September, 2010, and that all agencies must comply with the CJIS Advanced Authentication requirement by 2013. However, if your agency has performed a system upgrade after 2005, the 2013 deadline advances to the time of the upgrade. If your agency is audited and found not to be in compliance with the CJIS policy, it could face losing access to CJIS systems.…

I often have conversations with customers about the level of effort that is required to support OneSign once it is deployed. We usually talk about the resources that are required to work on testing new application profiles or changes to existing profiles, but if you back up one level, you will see the X factor.…