Dave McNamee's Work Weblog
Thanks for coming.

 
Home

Product Management

My Products

Application Development

Web Stuff

Directory Services

War Room

DaveMcNamee.com


ITS Product
Realization Process



Subscribe to "Dave McNamee's Work Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

Enter your email address below to subscribe to Dave McNamee's Work Weblog!


powered by Bloglet

 
 

  Wednesday, May 21, 2003
Enterprise Infrastructure and HIPPA

Yesterday I attended a training on the HIPPA Security Rule. For those unfamiliar with HIPPA I think it stands for Health Information Privacy and Portability Act. HIPPA has rules on privacy, security, and transactions, and it has implications for a number of state agencies, including ITS.

Two issues stuck with me from the training. The first was a realization made by one of the participants of the training that it would make sense for agencies to collectively solve HIPPA-related issues, and let all benefit from the work. I think agencies will be realizing more and more that, for a lot of IT challenges that they face, it is a good idea to solve those issues as an enterprise rather than each agency on their own. With shrinking budgets and increased business and regulatory demands on our IT resources, it makes sense to solve things once for everybody.

That brings me to the second thing that stuck with me, and that was the fact that UMD-based authentication could really solve a lot of HIPPA issues. One of the security rules stipulates that agencies need to be able to assert that access to protected information is indeed limited to those that should have it. This includes being able to revoke access efficiently when necessary. UMD-based authentication could really benefit agencies that have to meet these HIPPA requirements. One example would be an employee termination. If every application that said employee had access to was protected by UMD-based authentication (web or non-web, it doesn't matter) then as soon as the HR tech enters the termination event in the HR Enterprise database, access to those applications would be immediately revoked. The application administrator would not have to do a thing. 

A gartner study revealed that the average employee has access to 15 to 17 applications during employment. The same study reveals that employees usually still have access to about 10 of those applications after termination. If we can tie authentication to UMD, we could solve this problem for the state enterprise.


7:48:12 AM    
 


Click here to visit the Radio UserLand website. © Copyright 2003 Dave McNamee.
Last update: 6/11/2003; 7:18:05 AM.

May 2003
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Apr   Jun

Utah.gov blogroll...
Phil Windley
Dave Fletcher
Joe Leary
Al Sherwood
Wade Billings


Enterprise Product Management...
path.utah.gov


Utah.gov Sites...
ITS
Utah.gov