TRENDING:

The Security Scrutinizer with Howard Anderson

CISOs Compare Notes at HIMSS

Howard Anderson (ismg_editor) • March 1, 2010    
CISOs Compare Notes at HIMSS

For example, one member of the audience said it was a "huge challenge" to ensure that when an employee is fired, their password is promptly deactivated so they cannot wreak havoc.

One of the workshop speakers, David Wiseman, information security manager at St. Luke's Health System in Kansas City, Mo., urged attendees to work closely with their human resources departments to make sure HR gives timely alerts to the IT department when someone is about to be terminated.

How does your organization handle deactivation of passwords when someone is fired? 

An attendee suggested having the termination form normally submitted to HR simultaneously forwarded to the IT department so security staff can prepare to deactivate passwords.

But another attendee said the "best case" scenario would be to set up the HR information system so that it's linked to the password management system and triggers an automatic password deactivation at a specified time.

How does your organization handle deactivation of passwords when someone is fired?

A subject of lively debate at the workshop was whether to encrypt electronic health records before giving them to a patient.

Wiseman said his hospital encrypts data on CDs it gives to patients who want an electronic copy of their records. But several audience members strongly disagreed with that policy.

"Handing them a CD is just like handing them a paper record," said one CISO in the audience, saying that encryption was unnecessary and could prove bothersome to patients.

But Wiseman said that patients at St Luke's have commented that they found the use of encryption reassuring.

That left some audience members shaking their heads, questioning whether the average consumer could figure out the instructions for accessing and reading the encrypted data.

Will your organization encrypt CDs or USB drives it gives to patients? We'd like to hear from you.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

How to Address Telehealth Cloud Security Risks
How to Address Telehealth Cloud Security Risks
Secret Service Agent Offers Cybercrime-Fighting Insights
Secret Service Agent Offers Cybercrime-Fighting Insights
Analysis: The Hacking of Mobile Banking App Dave
Analysis: The Hacking of Mobile Banking App Dave
Analysis: Did Barclays Go Too Far in Monitoring Employees?
Analysis: Did Barclays Go Too Far in Monitoring Employees?
Derek Manky of FortiGuard Labs on the Shift to Proactive Defense
Derek Manky of FortiGuard Labs on the Shift to Proactive Defense
Mitigating Brand Impersonation Fraud
Mitigating Brand Impersonation Fraud
Congressman Makes Case for National Patient ID
Congressman Makes Case for National Patient ID
Analysis: Hijacking of Twitter Hacker's Virtual Hearing
Analysis: Hijacking of Twitter Hacker's Virtual Hearing
Detecting Payroll Fraud With Data Analytics
Detecting Payroll Fraud With Data Analytics
Behavioral Biometrics: Avoiding Mistakes
Behavioral Biometrics: Avoiding Mistakes

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.