Monthly Archives: July 2010

Getting Things Done – Building and Improving an Application Security Program

Posted on July 28, 2010 by John Reno in Main | 1 Comment

It seems that the realization that applications provide the most dangerous attack vector and the most common area of exposure for enterprise data has begun to take hold with the healthcare and financial services organizations that I have been talking to recently. The natural question that results is what should be done. What is the best approach to building or improving an application security program? Often security teams look to industry analysts for their views on trends and developments with …

The final rule on meaningful use – an opportunity for healthcare process improvement and security program development

Posted on July 17, 2010 by John Reno in Main | Leave a comment

Earlier this week the CMS and ONC released the final Standards Rule for meaningful of electronic health records. This culminates a process in which the ONC received thousands of comments and struggled to reach a balance between specificity (presumed to make certification and implementation a simpler task) and generalization (which can enable more rapid innovation). An analysis of the requirements can be daunting. For those who choose to go through the details of the requirements, key resources can be found …

Hard work – The ONC privacy and security tiger team

Posted on July 8, 2010 by John Reno in Main | Leave a comment

Last week I attended the Healthcare IT Standards Committee meeting. The all day meeting covered a wide variety of topics ranging from the interoperability framework, NHIN governance as well as updates from several teams, including the security and privacy tiger team. The Office of the National Coordinator (ONC) who heads this effort has done a great deal of hard work in gaining the perspectives from a broad set of constituents and communicating progress. Many commercial products and services have working …