A Busy Week at Both HIMSS and RSA Conferences
I am just returning from a week of travel and conference activity, which start for me in Newark, NJ on Monday March 1, from there to Atlanta, GA for the HIMSS Conference 2010 (north of 25,000 attendees), and then on to San Francisco, CA on Wednesday March 3 for the last 2 days of RSA Conference 2010 (about 16,000 attendees), and then back home in NJ on Friday March 5. In all, last week was very busy but very productive for me.
It was good to see a lot of familiar faces as well as new ones, and to see that despite the economy, both of these conferences seem to be well-attended, with tons of vendor participation, and great sessions all around. Maybe this is an uncommon economic indicator (worthy of mention in the NY NPR radio show by Brian Lehrer). This time around I must confess that I spent most of my time outside of the conference session and exhibits meeting with colleagues, prospective customers and friends. For me, this was one of the most productive conference trips I've had in a few years. Since my focus is always on identity and access management, it is exciting to see the convergence of business [and in many cases technical] requirements and various trends across industries, which drive the need for identity and access management as both an enabler and risk mitigation approach.
At the HIMSS conference, a theme that was very top of mind was "meaningful use" which is driving a lot of vendors and healthcare providers towards electronic health record (EHR) technology, and specifically, the 45 CFR Part 170 specifications. It is clear the US Government incentives for those providers (both professionals and hospitals) that can demonstrate adherence to the meaningful use guidelines is generating momentum.
I had the opportunity to present at HIMSS, thanks to our partner Novell. My topic was "Identity Assurance in Healthcare: what does it mean to you?" (below is my slide deck)
While the 45 CFR Part 170 criteria was published on December 30, 2009, it is interesting to see that at the heart of the requirements regarding authentication, specifically §170.210 "Standards for health information technology to protect electronic health information created, maintained, and exchanged", is the issue of identity assurance, which was captured very cleverly in the 1993 New Yorker cartoon by Peter Steiner, where one dog with a paw on a computer's keyboard tells another: "On the Internet, nobody knows you're a dog". For well over 15 years, this very issue: knowing, with certainty, who is at the end of the keyboard, has been one of the biggest challenges in the enablement of true paperless transactions and trusted online services in all industry verticals. And healthcare has been no exception.
Inevitably, these requirements and standards will impact the way healthcare information systems will operate and interconnect, whether they are new or legacy, and inaction will most likely not be an option.