[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, May 23, 2024

94% of Healthcare Organizations Breached

Information Security
Author: Mark Dixon
Tuesday, April 30, 2013
7:52 pm


94%. Almost 100%! That is a pretty sobering statistic.  Please take a few minutes and scan the very informative info graphic at background check.org.  

Just think. Almost all healthcare organizations – the ones we trust with our most sensitive information – are leaking data like a sieve. How does this affect you?

Comments Off on 94% of Healthcare Organizations Breached . Permalink . Trackback URL
WordPress Tags:

Telepresence in Every Home – Why not Mesa, AZ?

Author: Mark Dixon
Friday, June 4, 2010
10:48 am

image An interesting ZDNet article by Larry Dignan yesterday described Songdo, South Korea, which is aiming to be a global business hub and a sustainable city. This new city is being developed on 1,500 acres of reclaimed land in South Korea along Incheon’s waterfront, 40 miles from Seoul.

Songdo is also being wired by Cisco as a “grand telepresence experiment.”

According to Marthin De Beer, senior vice president of Cisco Systems’ emerging technology group:

Every home will have a Telepresence unit built in like a dishwasher. And it’s the developer that is putting those into those apartments as they get built out, because that is how education, health care and government services will get delivered right into the home. It will come to you. You don’t have to go find it. And that is how they will reduce traffic congestion and pollution in the cities. …

Until you’ve tasted it, it’s hard for me to explain to you what it’s like. But you can literally sit back on the couch and see your friends and family in life-size, full high definition, right in your living room, and interact with them. It’s not a small computer screen. You get a full view of everyone. And it’s very different.

But that is just 10% of why I’m excited about it, because the other 90% is that I believe it will do what the browser did for commerce into your home. You used to drive down the street to buy things. Today you go online, and it arrives at your doorstep once you’ve purchased it.

Home telepresence would do the same for services. Today, you still go to see your banker, your lawyer, your accountant, your tutor, etc. Well, what if these services can come in a virtual model right into your home and you can consume them in that way?

OK.   Sounds cool.  I have an appointment to visit my doctor on Monday afternoon.  It would be nice to visit him electronically.  But in order to make that work, it would need to accommodate things like weight, temperature, O2 and blood pressure measurements – all by remote control. How would that work?

It will be interesting to see how this works in South Korea … I’m looking forward to getting on the bandwagon in Mesa, AZ.

Comments Off on Telepresence in Every Home – Why not Mesa, AZ? . Permalink . Trackback URL
WordPress Tags: , , ,

Personal Medical Files to go Online

Author: Mark Dixon
Friday, June 4, 2010
9:06 am

image Thanks to Mike Waddingham for sharing the link to an article in the Canadian National Post on Monday:

“Telus announced an electronic health service yesterday that will give patients instant online access to all their medical files.”

Telus chief executive Darren Entwistle said this move will "revolutionize" health care:

"Now, Canadians will have the ability to create, store and manage their personal health information across their computers and smartphones and, in the future, TVs," Mr. Entwistle said in an announcement at an e-health conference in Vancouver.

"In a world where wireless network technology has enabled powerful mobile computing, their health information can be right at their fingertips, wherever their lifestyles or business travels take them because their smart-phone will accompany them."

The article further states:

In a demonstration, Telus officials showed how a patient could start a personal health record, inputting their own information — from childhood vaccinations, to allergies, to blood pressure readings — to share with their doctors, pharmacists and other health-care providers.

In turn, patients would have access to their medical records, so if they move, see a specialist or end up unexpectedly in an emergency department, vital health information would be instantly available.

Parents would be able to start and maintain health records for their children.

I applaud this type of automation that puts more control of personal health information in the hands of consumers.  While it certainly demands necessary privacy and security controls, this move recognizes the need to make health records from multiple sources more available, which should lead to improved health care and reduced costs.

It will be interesting to seek how quickly this type of system become available in the US.

Technorati Tags: ,,
Comments Off on Personal Medical Files to go Online . Permalink . Trackback URL
WordPress Tags: , ,

Identity-Enabled Patient Consent Management

Author: Mark Dixon
Thursday, January 28, 2010
3:47 pm

Last Thursday, January 21st, I gave a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.”  The title of my talk was “Identity Management: Securing Information in the HIPAA Environment.”  I explored how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective Patient Consent Management, a vital requirement for online health information networks.

A copy of my presentation deck is available for download here.

At the heart of my the presentation was the following diagram, which illustrates major components required in a Patient Consent Management system:


A brief explanation of key components follows:

Identity and Role Repository

IAM technology and methods provide the foundation for an effective patient consent management system.  An Identity and Role Repository contains Identities, roles and access control credentials necessary to support the consent system.  This repository includes:

  • Patients
  • Providers
  • Access Rights
  • Roles (map business responsibilities to access rights)
  • Override Rights (Only users with specific roles can perform override without consent)

Consent Registry

A consent registry is required to specify what permissions have been granted by patients, within the allowable limits specified by each applicable jurisdiction.   Some of the key attributes include:

  • Consent Permissions for
    • Patients
    • Organizations
    • Users
  • System-wide mask (everyone)
  • Fine gained access
  • Include or exclude attributes
  • Accommodation for multiple jurisdictions

Master Patient Index

A Master Patient Index enables correlation of patient data across multiple repositories.  This is essential because patient records are typically help in multiple locations.  In other cases, if patient records exist in the same physical data warehouse, they are often logically separated. 

Federated Data Access

If patient data is located in physically or logically separate locations, Federated data access controlled allows access across domain boundaries without compromising the privacy or integrity of individual patient record repositories.

Data Access Services

By providing a set of centralized data access services governed by IAM, the Consent Registry and the Master Patient Index, a secure method of patient data access is possible.

Comments Off on Identity-Enabled Patient Consent Management . Permalink . Trackback URL
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.