Is your HIPAA security like a washing machine?
Is your HIPAA security management like a washing machine? Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s […]
The facts of life for HIPAA business associates
If you are a biomed vendor and you collect any kind of PHI (protected health information) in your medical device or store information in the cloud (including public cloud services like Google Drive and Dropbox) you need to be aware of US healthcare information privacy regulation. As a medical device vendor selling to healthcare providers, hospitals, physicians and […]
How to use BI to improve healthcare IT security
Information technology management is about executing predictable business processes. Information Security Management is about reducing the impact of unpredictable attacks to your healthcare provider organization. Once we put it this way – it’s clear that IT and security and compliance professionals, as dedicated as they are to their particular missions – do not have common […]
Why big data for healthcare is dangerous and wrong
The Mckinsey Global Institute recently published a report entitled – Big data: The next frontier for innovation, competition, and productivity . The Mckinsey Global Institute report on big data is no more than a lengthy essay in fallacies, inflated hyperbole, faulty assumptions, lacking in evidence for its claims and ignoring the two most important stakeholders of […]
Five things a healthcare CIO can do to improve security
A metaphor I like to use with clients compares security vulnerabilities with seismic fault lines. As long as the earth doesn’t move – you’re safe, but once things start moving sideways – you can drop into a big hole. Most security vulnerabilities reside in the cracks of systems and organizational integration and during an M&A, those […]
Clinical trials in the cloud
Ben Baumann from Akaza and Open Clinica fame, recently blogged about clinical trials in the cloud. Ben is pitching the relatively new offering from Akaza called Open Clinica Optimized hosting that offers quick startup using validated Open Clinica instances and resources on-demand on a SAS-70 compliant platform. As Ben noted that in the clinical research field, […]
The valley of death between IT and information security
IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. In order ot bridge the chasm – IT and security need to adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or […]
Problems in current Electronic Health Record systems
Software Associates specializes in helping medical device and healthcare technology vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. As I noted here and here, the security and compliance industry is no different from other industries in having fashion and trends. Two years ago, PHR (Personal […]
Monica Belluci and Security
Trends – security and movie stars, Manuela Arcuri and Monica Bellucci, Verisign and Mcafee. Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical […]
Security sturm und drang – selling fear.
Sturm und Drang is associated with literature or music aiming to frighten the audience or imbue them with extremes of emotion”. The Symantec Internet Security Threat Report is a good example of sturm und drung marketing endemic in the information security industry. Vendors like Symantec sell fear, not security products, when they report on “Rises on Data […]
