Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Fewer But Better – Connected Health at #HIMSS17

Posted on March 3, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Since I go to so many connected health related conferences, seeing the latest in connected health at HIMSS is not really a huge deal. In most cases, I’ve already seen it somewhere else in a less hectic environment. With that said, I thought I’d see a real explosion of these devices at the conference. Certainly, there were many there, but I didn’t see the explosion that I had expected.

While there was a concentration of them in the Connected Health area, most of the rest of the show floor didn’t have many that I noticed. No doubt we each have our own unique experience at a 40,000 person and 1200 exhibitor conference. So, I’d be interested in hearing what other people’s experiences were at the event.

Even though I didn’t see an explosion of connected health devices (In fact, I may have seen fewer!), I do think that the devices that were being demonstrated are going a lot deeper and doing much more than previous years. That’s a good thing because these devices need to be medical relevant for the healthcare establishment to really care about them.

One example was a demo I saw at the DellEMC booth. They had an incredible dashboard of data that was pulling in a number of different health devices. One tracking pill that you swallow was particularly intriguing. The pill showed that the guy demoing the software had been pretty stressed that morning when the demo wasn’t working quite right. Luckily when I was there he was doing better.

Another feature of these connected health devices that hit me was how far they could reach. At the same demo with DellEMC, they had devices that could be tracked for nearly the entire HIMSS Exhibit hall (All of the Orlando Convention Center). While that’s not needed for home applications where wifi is basically ubiquitous, this is a very valuable tool to connect devices in a hospital setting.

As I mentioned, I hadn’t seen many new things, but we’re seeing the natural evolution of these connected health devices. They haven’t really broken out at HIMSS, but they are definitely getting more mature and that’s a good thing.

Costs Of Compromised Credentials Rising

Posted on I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations face unique network access challenges. While some industries only need to control access by professional employees and partners, healthcare organizations are increasingly opening up data to consumers, and the number of consumer access points are multiplying. While other industries face similar problems – banking seems particularly relevant – I don’t know of any other industry that depends on such a sophisticated data exchange with consumers to achieve critical results.

Given the industry’s security issues, I found the following article to be quite interesting. While it doesn’t address healthcare concerns directly, I think it’s relevant nonetheless.

The article, written by InfoArmor CTO Christian Lees, contends that next-generation credentials are “edging toward a precarious place.” He argues that because IT workers are under great pressure to produce, they’re rushing the credentialing process. And that has led to a lack of attention to detail, he says:

“Employees, contractors and even vendors are rapidly credentialed with little attention given to security rules such as limiting access per job roles, enforcing secure passwords, and immediately revoking credentials after an employee moves on…[and as a result], criminals get to choose from a smorgasbord of credentialed identities with which to phish employees and even top executives.”

Meanwhile, if auto-generated passwords are short and ineffective, or so long that users must write them down to remember them, credentials tend to get compromised quickly. What’s more, password sharing and security shortcuts used for sign-in (such as storing a password in a browser) pose further risk, he notes.

Though he doesn’t state this in exactly these words, the problem is obviously multiplied when you’re a healthcare provider. After all, if you’re managing not only thousands of employee and partner credentials, but potentially, millions of consumer credentials for use in accessing portal data, you’re fighting a battle on many fronts.

And unfortunately, the cost of losing control of these credentials is very high. In fact, according to a Verizon study, 63% of confirmed data breaches happening last year involved weak, default or stolen passwords.

To tackle this problem, Lees suggests, organizations should create a work process which handles different types of credentials in different ways.

If you’re providing access to public-facing information, which doesn’t include transaction, identifying or sensitive information, using a standard password may be good enough. The passwords should still be encrypted and protected, but they should still be easy to use, he says.

Meanwhile, if you need to offer users access to highly sensitive information, your IT organization should implement a separate process which assigns stronger, more complex passwords as well as security layers like biometrics, cryptographic keys or out-of-band confirmation codes, Lees recommends.

Another way to improve your credentialing strategy is to associate known behaviors with those credentials. “If you know that Bill comes to the office on Tuesdays and Thursdays but works remotely the rest of the week and that he routinely accesses certain types of files, it becomes much harder for a criminal to use Bill’s compromised credentials undetected,” he writes.

Of course, readers of this blog will have their own strategies in placefor protecting credentials, but Lee’s suggestions are worth considering as well. When you’re dealing with valuable health data, it never hurts to go that extra mile. If you don’t, you might get a visit by the HIPAA police (proverbial, not actual).