Free EHR, EHR and Healthcare IT Newsletter Want to receive the latest updates on EHR, EMR and Healthcare IT news sent straight to your email? Get all the latest EHR News for FREE!

Exostar Launches Cybersecurity Risk Assessment Solution

Partner Information Manager Allows Organizations to Identify and Address Vulnerabilities throughout their Global, Multi-tier Supply Chains

HERNDON, VA, December 8, 2015Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced the availability of Partner Information Manager (PIM), a new, modular solution that continuously measures risk across a business’s extended value chain.  With the launch of PIM and its cybersecurity module, organizations throughout the enterprise – from procurement, contracting, and IT to compliance, security, and the C-suite – have the information they need to build and manage their supply chains, assess potential vulnerabilities, and initiate steps to protect their intellectual property, reputations, and revenue streams.

Exostar developed PIM by working closely with many of the world’s largest Aerospace and Defense (A&D) industry firms, forming a Security Steering Committee that includes security and supply chain executives from BAE Systems, Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls-Royce.  PIM’s Cybersecurity module reflects best practices input from these companies that is based on internationally recognized standards.

“Our objective was to bring A&D leaders together, understand their cybersecurity risk management initiatives and progress to date, and build consensus for the optimal approach to improving the industry’s cybersecurity posture going forward,” said Dr. Paul Kaminski, Exostar’s Chairman of the Board.  “With PIM, we have created a common platform that A&D supply chain ecosystem partners can jointly use to achieve this much-needed improvement.”

The heart of PIM’s Cybersecurity module is a comprehensive questionnaire and evaluation engine.  Suppliers complete the questionnaire and are assigned a Security Maturity Level that is a measure of their current capabilities.  Buyers get deep visibility into a supplier’s cybersecurity strengths and weaknesses, which lets them assess risk and make better business relationship decisions.  Suppliers have a clear roadmap for improvement recognized and accepted by multiple buyers, which allows them to justify the investments required to raise their Security Maturity Level and promote long-term engagements with buyers.

Exostar’s Managed Access Gateway (MAG) controls access to PIM, making it the most secure risk management solution on the market, while empowering individuals with a single sign-on user experience.  Because MAG brings together over 100,000 A&D organizations worldwide, PIM incorporates a “collect once, share multiple times” supplier engagement methodology.  Suppliers can complete or update the cybersecurity questionnaire one time and send it to any buying organization that is part of the Exostar A&D community – reducing the burden on suppliers by eliminating redundancy and enabling buyers to more rapidly obtain critical risk information.

“Understanding a supplier’s cybersecurity maturity level allows Lockheed Martin to make informed decisions on how best to manage their risk throughout our global, multi-tier supply chain,” said Jim Connelly, Vice President and Chief Information Security Officer at Lockheed Martin and Chairman of Exostar’s Security Steering Committee.  “Exostar’s PIM enables us to implement a consistent, efficient, cost-effective process to measure, assess, and mitigate risk in real-time and over time.”

About Exostar

Exostar’s cloud-based solutions help companies in highly-regulated industries mitigate risk and solve identity and access challenges. Nearly 125,000 organizations leverage Exostar to help them collaborate securely, efficiently, and compliantly with their partners and suppliers. By offering connect-once, single sign-on access, Exostar strengthens security, reduces expenditures, and raises productivity so customers can better meet contractual, regulatory, and time-to-market objectives.

December 8, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Survey Shows Insider Threats on the Rise: Organizations Experience an Average of 3.8 Attacks per Year

Survey by Crowd Research Partners Shows Endpoints Are by Far the Most Common Launch Point for an Insider Attack; Highlights Need for Robust Endpoint Security and Policies

VERO BEACH, FL − (June 24, 2015)SpectorSoft™, a leader in the user activity monitoring and behavior analysis market, today released results of the Insider Threat Report, a crowd-based research project that was done in cooperation with the 260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state of insider threats and solutions to prevent them. The final report results were based on a comprehensive survey of over 500 cybersecurity professionals from organizations of varying sizes across many industries; the results highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

Among the report’s findings:

The Rise of Insider Attacks: A majority of security professionals (62 percent) saw a rise in insider attacks over the last 12 months, while 22 percent saw no rise, and 16 percent were unsure if they had been attacked or not.

Frequency of Insider Attacks: Forty-five percent of respondents cannot determine whether their organizations experienced insider attacks in the last 12 months. Twenty-two percent said they experienced between one and five attacks, and 24 percent of organizations believe they experienced no attacks at all. Of the respondents who were willing to admit they suffered an insider attack, the average number was 3.8 incidents per organization per year.

Cost of Remediation: The overall average cost of remediating a successful insider attack is around $445,000. With an average risk of 3.8 insider attacks per year, the total remediation cost of insider attacks can quickly run into the millions of dollars.

Monitor Insider Activity on the Endpoint: The survey highlights the need for robust endpoint security and policies; respondents identified endpoints as the most common launch point for insider attacks (56 percent); this was followed by networks (43 percent) and mobile devices (42 percent).

Top Insider Threats: Organizations overwhelmingly maintained that data loss was the top concern regarding insider threats. When asked which types of insider attacks were most concerning, 63 percent of respondents said data leaks, 57 percent said inadvertent data breaches and 53 percent said malicious data breaches.

Vulnerable Data: Sixty-four percent of respondents feel extremely, very or moderately vulnerable to insider threats. Due to its value to attackers, the most vulnerable type of data is customer data (57 percent). This was closely followed by intellectual property (54 percent) and financial data (52 percent).

Internal versus External Attacks: Sixty-two percent of respondents find it more difficult to detect internal threats than external threats, while 38 percent cannot determine which type of threat is most difficult to detect.

Monitoring the Threat: When it comes to threat monitoring, 75 percent of companies monitor the security controls of their applications, 60 percent monitor a majority of all of their key IT assets, while only 21 percent continuously monitor user behavior taking place on their networks.

“The survey and report called out a rise in insider threats, the difficulty in detecting them, and the significant costs in cleaning up after a successful insider attack,” said Mike Tierney, COO, SpectorSoft.  “Companies need the ability to detect for anomalies in user behavior to make sure they are aware of the threats that exist within their organizations, because insiders will deviate from their normal behavior patterns when planning and executing an attack.”

About SpectorSoft

SpectorSoft is the leader in user activity monitoring and an innovator in user behavior analysis software. SpectorSoft has helped more than 36,000 businesses, government organizations, schools and law enforcement agencies improve how they address security and achieve compliance. SpectorSoft award-winning solutions include enterprise-grade insider threat detection software, a powerful user activity monitoring solution deployed by thousands of companies in more than 110 countries, robust Event and Security Log Management, and the world’s leading employee investigation tool. For more information, please

June 26, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

HIPAA Secure Now! Helps Covered Entities Comply with HIPAA Privacy Rule; New Privacy Tools Augment Company’s HIPAA Security Compliance Services

MORRISTOWN, NJ – APRIL 8, 2015 – Today HIPAA Secure Now! began offering covered entities, a suite of HIPAA  Privacy Tools to help them meet requirements of the HIPAA Privacy Rule.  The suite includes an updated HIPAA privacy policy manual and training module, which complements its HIPAA security services package.  A secure portal gives customers access to policies and procedures, and all the forms needed to implement the HIPAA Privacy Rule.  An Education Center for training employees provides interactive slides and videos, a compliance quiz and completion certificates.

“While most medical practices have implemented the Privacy Rule to some degree they may lack written policies, all the necessary forms, or they may be falling behind on employee training,” said Art Gross, CEO for HIPAA Secure Now!  “Initially we concentrated on helping clients comply with the HIPAA Security Rule.  We guided them in protecting electronic patient information with a security risk analysis, policies, training and technology recommendations.  Now we’re adding Privacy Tools, which offers similar resources and training but is geared toward the overall use, management and distribution of patients’ health information, as laid out by the Office of Civil Rights.”

The HIPAA Privacy Rule obligates covered entities to comply with standards that address the protection, use and disclosure of an individual’s health information.  The Rule states how a medical practice can use a patient’s health information, whether it shares that information with another covered entity to provide additional care, or submits it to an insurer for reimbursement.

Likewise, the Privacy Rule sets standards designed to safeguard an individual’s privacy rights and gives the patient control over how his health information is used.  For example, a patient can put restrictions on a diagnosis if they don’t want it disclosed to a family member.  And they can file complaints if their health information has been shared without their permission.

With HIPAA Secure Now’s Privacy Tools, covered entities now have an online manual that they can search, and print out forms, including patient request for amendment of their protected health information, patient complaint forms, as well as patient restrictions on their protected health information, to name a few. The manual covers policies and procedures, including different scenarios of the privacy rules, such as when covered entities can share patient information with or without authorization.

An in-depth training program, also provided in an online format, helps employees understand the standards of the HIPAA Privacy Rule and what could put the practice at risk for breaking patients’ confidentiality.  Training information is updated annually and takes less than two hours to complete.

About HIPAA Secure Now!

HIPAA Secure Now! has been helping clients comply with the HIPAA Security Rule since 2009.  The company’s all-in-one solution provides risk assessment, which also satisfies Meaningful Use requirements, as well as privacy and security policies and procedures, and training.  HIPAA Secure Now! moves customers toward HIPAA compliance quickly and easily, and protects them in the event of an audit. Customers can complete the entire process in less than three hours, and regularly comment that it is painless and has made their lives easier.  For more information visit

April 8, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

TransUnion Survey: Nearly Seven in 10 Patients Would Avoid Healthcare Providers That Undergo a Data Breach

Chicago, March 24, 2015A new survey from TransUnion Healthcare found that more than half of recent hospital patients are willing to switch healthcare providers if their current provider undergoes a data breach. Nearly seven in 10 respondents (65%) would avoid healthcare providers that experience a data breach.

Older and younger consumer groups responded differently to data breaches. While 73% of recent patients ages 18 to 34 said they were likely to switch healthcare providers, older consumers were less willing. Nearly two-thirds (64%) of patients older than 55 were not likely to consider switching healthcare providers following a data breach.

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new healthcare provider following a data breach,” said Gerry McCarthy, president of TransUnion Healthcare. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Other survey insights on consumers’ expectations following a data breach include:

·         Nearly half of consumers (46%) expect a response or notification within one day of the breach.

·         31% of consumers expect to receive a response or notification within one to three days.

·         Seven in 10 (72%) consumers expect providers to offer at least one year of free credit monitoring after a breach.

·         Nearly six in 10 (59%) consumers expect a dedicated phone hotline for questions.

·         More than half of consumers (55%) expect a dedicated website with additional details.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” said McCarthy. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

For more information about data breach services, visit TransUnion Healthcare.
About the Survey
The online survey included responses from 1,228 U.S. consumers who have received medical care at a doctor’s office, clinic or hospital in the past two years. The survey was conducted in February 2014.

About TransUnion Healthcare
TransUnion Healthcare, a wholly owned subsidiary of credit and information management company TransUnion, empowers providers with Intelligence in an Instant® by providing data and analytics at the point of need.  TransUnion offers a series of data solutions designed to provide greater ease of use, accuracy and transparency in the revenue cycle process thereby assisting providers in lowering their uncompensated care.

About TransUnion
Information is a powerful thing. At TransUnion, we realize that. We are dedicated to finding innovative ways information can be used to help individuals make better and smarter decisions. We help uncover unique stories, trends and insights behind each data point, using historical information as well as alternative data sources. This allows a variety of markets and businesses to better manage risk and consumers to better manage their credit, personal information and identity. Today, TransUnion reaches consumers and businesses in more than 30 countries around the world on five continents. Through the power of information, TransUnion is working to build stronger economies and families and safer communities worldwide.

March 24, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Caradigm Identity Access Management Solution Certified for Use With FairWarning’s Patient Privacy Monitoring System

BELLEVUE, WA – Mar. 17, 2015Caradigm, the leader in enterprise population health, today announced that Caradigm Provisioning has achieved certification in the FairWarning Ready® for Identity Management program, creating an integrated solution that offers healthcare organizations enhanced data privacy monitoring and alerting.

Hospitals using Caradigm Provisioning with the FairWarning® Patient Privacy Monitoring Platform (“FairWarningPlatform”) will be able to more rapidly determine if there is inappropriate access to patient records when they receive alerts and then take actions to remediate the problem.

“Operating Caradigm Provisioning and the FairWarning Platform together has enhanced our organization’s ability to proactively discover, respond to, and mitigate potential security incidents,” said Vincent Berretta, manager of security for Virtua, one of New Jersey’s largest health systems. “As a result, Virtua has been able to further solidify our overall security posture.”

Part of Caradigm’s suite of Identity and Access Management solutions for healthcare, Caradigm Provisioning helps healthcare organizations minimize security and compliance risk through role-based management of user identity. By codifying access and entitlement rights for the organization in a central repository, and by managing the creation, modification and termination of user access to clinical and core systems, Caradigm Provisioning helps organizations protect patient data while giving their clinicians rapid access to the applications and information they need to perform their jobs.

“Healthcare organizations are facing unprecedented risks to patient privacy and security, and they’re not fully prepared to manage that risk,” said Ralf Klein, vice president, identity and access management, Caradigm. “Caradigm’s collaboration with FairWarning® will give health systems the comprehensive tools they need to quickly pinpoint security issues and take steps to rectify them.”

FairWarning Ready® for Identity Management is a comprehensive program designed to help hospital customers make better use of their existing investment in IT infrastructure. The FairWarning Ready® for Identity Management program enables identity management application vendors to seamlessly integrate with FairWarning® Patient Privacy Monitoring to provide customers with advanced privacy monitoring and alerting.

“By leveraging identity management investments, healthcare providers are able to dramatically reduce the time and effort required to integrate key user identity data and deliver sustainable compliance through their patient privacy monitoring program,” said Shane Whitlatch, FairWarning enterprise vice president.

Customers that integrate Caradigm Provisioning with the FairWarning Platform now have the following capabilities when privacy alerts are triggered:

  • Caradigm’s Provisioning solution provides FairWarning® with a more complete view of the users accessing systems through a daily import of provisioned users.The additional information, including their location, department, role, telephone number, email address, manager’s name, etc. provides the security and privacy managers need when performing an investigation.
  • Using Caradigm’s Provisioning solution, security officers can then take critical security actions, such as suspending all access to clinical applications until the investigation of the person in question is complete; modifying access rights to certain pieces of the clinical application; or removing all access completely from that clinical application.
  • By alerting security officers with potential problems, providing them with additional information and empowering them to take critical actions, Caradigm and FairWarning® can now provide customers with a more complete lifecycle of patient privacy protection.

With customers representing over 7,000 facilities globally, FairWarning® is seeing increased investment in identity management infrastructure across the healthcare industry. The FairWarning® Ready program focuses on partnering with identity management vendors who have demonstrated a track record of customer success in the healthcare industry, to speed and improve patient privacy monitoring deployments and to protect against inadvertent, criminal and fraudulent misuse of electronic health records.

About FairWarning®

FairWarning®’s mission is to lead the industry expansion of trust in Electronic Health Records empowering care providers to grow their reputation for protecting confidentiality, scale their digital health initiatives and comply with complex Federal and state privacy laws such as HIPAA. By partnering with FairWarning®, care providers are able to direct their focus on delivering the best patient outcomes possible while receiving expert, sustainable and affordable privacy and compliance solutions. Customers consider FairWarning® privacy auditing solutions essential for compliance with healthcare privacy regulations such as ARRA HITECH privacy and meaningful use criteria, HIPAA, UK and EU Data Protection, California SB 541 and AB 211, Texas HB 300, and Canadian provincial healthcare privacy law. For more information on FairWarning® visit or email

About Caradigm

Caradigm is a population health company dedicated to helping organizations improve care, reduce costs, and manage risk. Caradigm analytics solutions provide insight into patients, populations, and performance, enabling healthcare organizations to understand their clinical and financial risk and identify the actions needed to address it. Caradigm population health solutions enable teams to deliver the appropriate care to patients through effective coordination and patient engagement, helping to improve outcomes and financial results. The key to Caradigm analytics and population health solutions is a rich set of clinical, operational, and financial data delivered to healthcare professionals within their workflows in real time. Learn more at:

March 17, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Sookasa Launches a Cloud Encryption Capability that Lets Users Securely Receive Files from Anyone

SAN MATEO, CA February 02, 2015

Cloud security company Sookasa, Inc. has added a breakthrough capability to its portfolio of data encryption services, now allowing customers to securely receive documents from anyone, including non-users of Sookasa.

Sookasa provides seamless Dropbox encryption and facilitates HIPAA- and FERPA-compliant use of the cloud, enabling users to securely store, sync, and share confidential files. The company’s new secure receipt capability joins the previously released secure sending feature to form Sookasa’s new File Delivery platform—the seminal one-way sharing suite designed to eliminate the need for high-risk email or clunky faxes to exchange information. Sookasa’s encryption solution now addresses every step of the sharing process to ensure compliance.

“Receiving information from clients has long posed a security challenge to businesses in regulated industries,” said Asaf Cidon, CEO and co-founder of Sookasa. “No matter how many precautions businesses take to secure and send data responsibly, their own customers can undermine these efforts by relying on easy modes of transfer—especially email—without regard for security of their own data. We deliver file encryption on non-users’ terms—they don’t need to have Sookasa or Dropbox to take advantage of both services.”

For the first time, content can be automatically encrypted and delivered securely by non-users, with no download or setup required by the sender. Each Sookasa user has a unique secure receipt URL that they can share with others.

For example, if a patient needs to send sensitive health information to her doctor, she simply clicks the link provided by her physician and uploads the document. It’s seamlessly encrypted by Sookasa, and the file is transferred directly to a secure subfolder in the Sookasa user’s account.

Don Murray, a criminal defense attorney and founding partner of New York firm Shalley & Murray, uses Sookasa to receive critical case documents from clients. “I’m thrilled to have Sookasa’s secure uploads capability,” Murray said. “It’s become a competitive advantage with clients, allowing me to distinguish myself from other lawyers who don’t care as much about security and still rely on email.”

Jayson Hanelius, director of behavioral health agency Positive Services for Kids, said Sookasa’s new feature has made sharing files and collaborating in a HIPAA-compliant environment easier. “It’s changed how we do things—we used to rely completely on faxing—and has made communicating much simpler,” Hanelius noted. “Electronic communication is vital to us, because we’re not actually meeting in a central location. With Sookasa, I have real-time insight into the work of my 28 clinicians who are out in the field seeing patients and sending me files.”

The File Delivery suite, like the rest of Sookasa’s solutions, is geared toward putting the onus on technology to ensure effortless compliance.

“This is a key tool for users who need to give their own customers confidence that their personal information is being protected, but without the inconvenience of making them find a way to secure the information on their end,” Cidon said.

About Sookasa
Sookasa delivers seamless Dropbox encryption and security, enabling professionals to use their favorite cloud service to store, sync, and share sensitive data while complying with regulations such as HIPAA and FERPA. Sookasa provides a complete compliance shield around files by encrypting with bank-grade AES 256-bit encryption and using patented cloud-based key management to restrict access to authorized employees and partners. Through the Sookasa dashboard, businesses can effortlessly control and audit access to their sensitive data across users, devices and files. In addition, administrators can revoke access in real-time to any user or device. Learn more at

February 2, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Electronic Health Data Breaches Remain Primary Concern Despite Increased Use of Security Technologies and Analytics #HIMSS14

Hospitals and physician practices show progress in securing patient information, but security breaches and medical identity theft still raise concerns

CHICAGO (February 19, 2014) – Results of the 2013 HIMSS Security Survey show that, despite progress toward hardened security and use of analytics, more work must be done to mitigate insider threat, such as the inappropriate access of data by employees. Although federal initiatives such as OCR audits, Meaningful Use and the HIPAA Omnibus Rule continue to encourage healthcare organizations to increase the budgets and resources dedicated to securing patient health data, in the previous twelve months, 19 percent of respondents reported a security breach and 12 percent of organizations have had at least one known case of medical identity theft reported by a patient.

The 2013 HIMSS Security Survey, supported by the Medical Group Management Association and underwritten by Experian® Data Breach Resolution, profiles the data security experiences of 283 information technology (IT) and security professionals employed by U.S. hospitals and physician practices. The data from respondents suggests that the greatest perceived “threat motivator” is that of healthcare workers potentially snooping into the electronic health information of friends, neighbors, spouses or co-workers (i.e., inappropriate data access).

Recognizing inappropriate data access by insiders as an area for which organizations are at risk of a security breach, there has been increased use of several key technologies related to employee access to patient data, including user access control and audit logs of each access to patient health records. On a related note, although more than half of the survey’s respondents (51 percent) have increased their security budgets in the past year, 49 percent of these organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.

“Our collaboration with HIMSS for the sixth annual security survey has provided insight into the current state of security within provider organizations,” said Michael Bruemmer, Vice President for Experian® Data Breach Resolution. “Though progress is noticeable, it is critical that healthcare organizations put in place a comprehensive plan that addresses potential security threats – whether internal or external – to prevent electronic health data breaches and minimize the impact of a breach should one occur.”

Other key findings from the survey include the following:

  • 92 percent of organizations conduct a formal risk analysis.
  • 54 percent of organizations report having a tested data breach response plan; 63 percent of these organizations test their plan annually.
  • 93 percent of organizations indicate their organization is collecting and analyzing data from audit logs.
  • Healthcare organizations are using multiple means of controlling employee access to patient information; 67 percent of survey respondents use at least two mechanisms, such as user-based and role-based controls, for controlling access to data.

The survey also pinpoints shortcomings within the healthcare industry. Barriers to improving an organization’s security posture included budget, dedicated leadership and the following:

  • Organizations reported an average score of 4.35 regarding the maturity of the security environment (where 1 is not at all mature and 7 is highly mature).
  • Nearly half (49 percent) of the survey’s responding organizations are still spending 3 percent or less of their overall IT budget on security initiatives that will secure patient data.
  • 52 percent of the hospital-based respondents reported that they had a CSO, CISO or other full-time leader in charge of security of patient data.

“Healthcare organizations are increasingly deploying technologies to increase data security, but continued analysis is crucial in ensuring the proactive prevention of data breaches within hospitals and physician practices. Without these anticipatory measures, security of patient data will remain a core challenge within our nation’s healthcare organizations,” said Lisa A. Gallagher, BSEE, CISM, CPHIMS, FHIMSS Vice President, Technology Solutions, HIMSS.

For more information on the survey results and on innovation:


HIMSS is a global, cause-based, not-for-profit organization focused on better health through information technology (IT). HIMSS leads efforts to optimize health engagements and care outcomes using information technology.

HIMSS is a cause-based, global enterprise producing health IT thought leadership, education, events, market research and media services around the world. Founded in 1961, HIMSS encompasses more than 52,000 individuals, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 600 corporations and 250 not-for-profit partner organizations, that share this cause.  HIMSS, headquartered in Chicago, serves the global health IT community with additional offices in the United States, Europe, and Asia.

About Experian® Data Breach Resolution

Experian® Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses plan for and mitigate consumer risk following data breach incidents. With more than a decade of experience, Experian® Data Breach Resolution has successfully serviced some of the largest and highest-profile breaches in history. The group offers swift and effective incident management, notification, call center support and reporting services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian® Data Breach Resolution received the Customer Service Team of the Year award from the American Business Awards. Experian® Data Breach Resolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association, the American Health Lawyers Association, the Ponemon Institute RIM Council and InfraGard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit and follow us on Twitter @Experian_DBR.

February 19, 2014 I Written By

John Lynn is the Founder of the blog network which currently consists of 5 blogs containing over 11,000 articles with John having written over 5500 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 18 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Authasas Adds the Lumidigm Advantage to Its Advanced Authentication Platform

Solution delivers reliable, convenient, secure, and compliant authentication at all points of access across the enterprise

ALBUQUERQUE, NM — October 30, 2012 — Lumidigm today announced that enterprises can now authenticate users with Lumidigm multispectral imaging biometrics as part of an integrated authentication platform from Authasas. With the addition of Lumidigm’s unique capabilities, the Authasas Advanced Authentication® solution is more secure, more convenient, and strongly spoof-resistant. This combined solution delivers the high levels of security, accountability and compliance that organizations are demanding with the single-touch convenience they expect.

“Because of Lumidigm’s success in bringing higher levels of performance to border crossings, thousands upon thousands of ATMs and even the gates of major amusement parks, we felt it was important to bring the power of their technology to our customers,” emphasizes Reiner van der Drift, Authasas CEO. “Together we provide a very powerful combination of authentication methods, seamlessly delivered at all points of access, to replace the fragmented array of point solutions that is regrettably the common, makeshift response to today’s complex requirements.”

“With our large-scale successes in the banking and healthcare industries, we know our fingerprint sensors offer convenience and security wherever they are deployed,” says Phil Scarfo, Lumidigm Senior Vice President of Worldwide Sales and Marketing. “Today, in partnership with Authasas, we are expanding our no-compromises approach into comprehensive authentication solutions where multispectral imaging will play an important role in streamlining compliant access for large enterprises requiring seamless transactional authentication.”

The Authasas Advanced Authentication platform lets an enterprise optimize authentication for every transaction by balancing the right level of certainty based on “who” is requesting access with the right level of convenience for the actual user, resulting in a secure, compliant transaction. This flexible, scalable approach meets the size and complexity requirements of any enterprise with authentication methods such as multispectral imaging biometrics, smart cards, NFC, cell phone OTP tokens, USB authenticators and user ID/passwords integrated with a wide variety of SSO and identity management vendors such as NetIQ/Novell, HID ActivIdentity, Oracle, Computer Associates and HealthCast.

About Authasas

With our HQ, Research & Development in The Netherlands and offices in London and Austin, TX, Authasas® delivers strong authentication to Windows networks. Authasas® Advanced Authentication is distributed across the globe via a network of value added distributors and resellers. Authasas is a subsidiary of BioXS International BV. For more information please visit

About Lumidigm

Lumidigm Inc., a global leader in authentication solutions is dedicated to enabling convenient, secure, and reliable identification of people, products and credentials. Developed with “real world” performance as a priority, Lumidigm’s multispectral imaging technology, innovative software and biometric fingerprint sensors allow customers to know “who” or “what” to a high degree of certainty. Lumidigm and its strategic partners have met challenging authentication requirements in markets such as banking, healthcare, entertainment, and government services. The Lumidigm Advantage is also suitable for industrial, commercial, and transportation applications. Lumidigm is headquartered in Albuquerque, New Mexico. For more information, visit

November 21, 2012 I Written By

triCerat Introduces Cliptite™ to Help Ensure Data Loss Protection

U.S. software developer triCerat is launching Cliptite™ today to help healthcare professionals secure sensitive data sharing and prevent data loss when using Windows Clipboard. Cliptite™ is designed specifically for remote desktop and application environments in hospitals and other healthcare settings that require an additional level of security.

COLUMBIA, MD, USA (October 31, 2012) — To help healthcare professionals secure sensitive data sharing and prevent data loss when using Windows Clipboard, software developer triCerat, Inc. – creator of the revolutionary ScrewDrivers® printing technology – is introducing its Cliptite™ software.

triCerat’s Cliptite™ software is designed specifically for remote desktop and application environments in hospitals and other healthcare settings that require an additional level of security to prevent data loss when using Windows Clipboard, the integrated Microsoft component that allows content to be copied and pasted between applications.

Employing assignable encryption technology, Cliptite™ allows administrators to safely enable the Windows Clipboard redirection across multiple ICA and RDP sessions without worrying that the data will be copied to an unauthorized client system.

“When sharing sensitive data in the workplace, many organizations tend to either overlook the potential data loss of the Windows Clipboard copy and paste mechanism and hope for the best, or turn off the Windows Clipboard entirely to ensure data loss protection,” according to Andrew Parlette, Vice President of Product Engineering at triCerat.

Cliptite™ allows organizations to enable the Windows Clipboard securely without great implementation or testing burdens by intercepting all data before it is copied onto the Windows Clipboard. The data is then encrypted using a secure 128-bit key and subsequently placed on the Windows Clipboard as encrypted data. If a user running an unauthorized server or workstation attempts to access the Windows Clipboard, the resulting data will be scrambled and unrecognizable. However, when a user running an authorized server or workstation accesses the Windows Clipboard, the data will be transferred and decrypted to the requesting application.

“Regardless of industry, Cliptite™ provides a cost-effective solution that enables users to secure the Windows Clipboard over a remote connection and safely provide Windows Clipboard data sharing,” says Parlette. For more information, visit

About triCerat, Inc.

Creator of the revolutionary ScrewDrivers® print management technology that changed the way thousands of organizations operate on a daily basis, triCerat has developed its complete Simplify family of desktop management tools that improve the performance, stability, security, and reliability of server, workstation, and virtual desktop environments. Based in Columbia, MD, triCerat has more than 10,000 clients worldwide. Founded in 1997, triCerat is a Citrix Ready Technology Partner, a Microsoft Gold Certified Partner, and a VMware Technology Alliance Partner.

November 19, 2012 I Written By

Verizon Offers Six Tips to Help Consumers Protect their Personal Health Information and Fight Health Care Fraud

BASKING RIDGE, N.J. – “The best protection against health care fraud in the U.S. is a cautious and vigilant consumer, and all of us should be aware of common tactics and abuses that are driving up our health care costs,” says Verizon Health IT Solutions Managing Director Renu Chipalkatti.

About 10 percent of the $2.6 trillion spent annually on health care goes to fraud and abuse, including falsified billings, false coding of services, billing for services not delivered or excessive, and billing separately for elements that should be part of a bundled service.

To help in the estimated $260 billion battle against annual health care fraud, Verizon offers six tips for consumers, including:

1.      Guard your personal information – Provide your insurance identification only to those who provide you with medical services and don’t allow anyone to borrow your insurance identification/Medicare card.

2.       Beware of “free” medical services – If it sounds too good to be true, it probably is. A common fraud scheme has door-to-door or telephone sales people offering medical services or equipment for free in exchange for your insurance/Medicare identification number.

3.      Keep accurate medical records – Even if your doctor uses electronic medical records, you should always keep your own records. You could use a personal health information service or keep a written record of any medical services and medications you’ve received – just write down the doctor or doctors you saw, the services you received, and when they occurred.

4.      Review your medical bills — Be sure to ask for your bill at the time of your doctor visit. Then check your bills and compare it with your insurer’s description of your benefits to make sure you aren’t charged for services you didn’t receive or charged for the same service twice. Also check that the dates of services and charges match up. If you find a problem or have questions, contact your health care provider immediately. If your questions are not resolved, contact your health plan provider.

5.      Destroy medical records before discarding – Be sure to shred or rip up any medical documents to stop your information from ending up in the wrong hands, or worse yet, having your identity stolen.

6.      Report possible fraud – If you suspect you’re a victim of fraud, contact your health plan provider or the Department of Health and Human Services, Office of the Inspector General. 

In an encouraging sign that efforts to combat health care fraud and abuse are gaining momentum, public and private health insurance companies are adopting new methods of detecting and preventing fraud.  There are still some providers who use the “pay and chase” model – which is ineffective and expensive – but a growing number are focused on aggressive, proactive approaches.

Predictive modeling technology, for example, can proactively identify unusual patterns in provider behavior that can indicate fraudulent activity. Verizon offers this as part of a comprehensive set of prevention, detection and management tools to help combat fraudulent health care activity.

Verizon’s Fraud Management for Healthcare service is able to monitor 100 percent of claims in near-real time and automates pre-payment detection with speed and efficiency.  Verizon builds models to detect specific behaviors that signal fraud, flags them and assigns a priority based on a risk score so case managers can focus on the activities that will have the biggest impact.

Verizon’s health IT practice offers a comprehensive portfolio of managed, IT and consulting services for the health care industry to help transform patient care delivery, enhance access to care and better manage costs.

Verizon Communications Inc.

(NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers.  Verizon Wireless operates America’s most reliable wireless network, with nearly 96 million retail customers nationwide.  Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries, including all of the Fortune 500.  A Dow 30 company with $111 billion in 2011 revenues, Verizon employs a diverse workforce of 184,500.  For more information, visit

November 17, 2012 I Written By