Home » Interviews » Currently Reading:

HIStalk Interviews David Ting, CTO, Imprivata

February 9, 2015 Interviews No Comments

David Ting is founder and CTO of Imprivata of Lexington, MA.

image

Tell me about yourself and the company.

I’m the CTO and founder of Imprivata. We focus on healthcare IT security and streamlining clinical access to computer systems.

 

What are the technology trends in positively identifying users and patients?

Government regulations are increasingly tightening up from both a privacy perspective to meet HIPAA requirements as well as the new requirement, which is how you tie a prescriber’s identity to an electronic prescription, or in fact, any other transaction. This started years ago with Ohio’s positive ID program, where every electronic prescription has to be confirmed by a provider who is authenticated using some form of two-factor authentication. 

More recently, the DEA has allowed controlled substances to be electronically prescribed, again provided there is a means for the e-prescribing systems to confirm that prescribers are using two-factor authentication. The DEA’s requirements are much more rigorous. They consulted with NIST — National Institute of Standards and Technology — to provide the recommended procedures for not only the second-factor authentication, but also identity proofing. NIST is very prescriptive in terms of the methods that are allowed. It has to be a combination of well-known authentication modalities that we all know – something you know, something you have, or it could be a token or something biometric.

We have done a fair amount of work over the past few years making sure that two-factor authentication is integrated into the clinician’s work flow. Our Confirm ID product packages a lot of the compliance requirements of the two-factor authentication capabilities into one product that a number of EMR vendors are using. Today, it’s something that you know like a strong password, a fingerprint that has to meet specific NIST requirements in terms of both of accuracy of the match as well as the imaging capabilities of the scanner, and something that you have, which could be a token, something that generates a passcode, or a cryptographic smart card.

The trend clearly today is on wireless authentication and the ability to leverage the mobile phone, and in the future, secure wearable devices that can all vouch for your identity and serve as one of the “what you have” tokens or components of the authentication process. That is a trend that we are very actively working on and see a lot of promise in — simplifying that task for the clinicians so they don’t have to remember something and don’t have to take a one-time passcode out and transcribe that eight-character code into a form.

Those are the technologies that we believe will become dominant as policies get tighter and government regulations become more prescriptive.

 

Is the age of passwords just about over?

Passwords have been around as long as computers have been around because it was the simplest form of authentication. In today’s world, we have too many passwords and passwords are too easily compromised. Anything from shoulder-surfing to keyboard-sniffing technology can easily lift them. Increasingly, the new phishing attacks that are being launched in a wholesale manner are much more sophisticated. It’s very, very hard for the average employee to distinguish between a legitimate request from the IT staff and a malware attack.

The only way you’re going to defend against that is to use “something you have” or “something you are.” Something that can’t be electronically stolen — it has to be physically stolen. Apple has done a great job with the Touch ID on the phone. Unfortunately, it doesn’t meet the DEA requirements of “something you have,” but it is a step in the right direction. 

I believe the phone, together with Bluetooth technology, will become a very powerful mechanism for eliminating the need for password. That together with some form of simple but DEA-approved biometric medication could become very useful. Increasingly, facial recognition is being used, as is palm vein scanning, for a lot of patient identification.

The technology will improve. With the advent of the 3D cameras that Intel and other vendors are building, you can start to see how that technology can potentially play into much more active facial recognition. Passwords will hopefully become something you use only in case of emergency as opposed to something that you need all the time.

 

Another seemingly obsolete technology is pagers. Will hospitals get rid of them completely any time soon?

Pagers have been around since 1950. It was initially used in some critical industries to alert people to use the phone as a means of communication. Pagers have morphed over the last 60 years from an alerting mechanism to now providing very simple textual output with the opportunity to respond from some pagers bi-directionally.

Those capabilities are rapidly being surpassed or provided by the smart phone and even simple flip phones. Technology, certainly in healthcare, is moving towards the increasing use of secure electronic messaging using smart phones. As Wi-Fi coverage and Wi-Fi reliability is improved within the hospital and certainly outside the hospital with 4G technology, the ability for smartphones to serve as a reliable communications mechanism will eventually displace many of the uses for pagers. It’s more cost effective and there’s much more informational content that you can share.

Our Cortext product is a secure messaging product that allows a clinician to send textual data or photos. In the future, we can see sending all kinds of complex PHI in a secure fashion and also to have that receipt mechanism that indicates when the receiver actually saw it, whether they received it, whether they saw it, whether they can respond to it. That will eventually become the predominant communication mechanism.

 

Your have a lot of experience with document management and other systems. Are we missing opportunities by worrying too much about text field entry instead of other forms of media?

Text fields are only relevant because that’s the way computers originally were built. We had keyboards. We added a pointing device with the mouse.

A physician with a smart phone is carrying a microphone, an accelerometer, and a camera with them. That will allow more media-rich content to be integrated into the EMR record. We have lots of clinicians who want to take photos of their patients’ wounds or their gait and then incorporate that into the EMR as opposed to textually describing it. 

More complex sensors  will become available. A lot of personal fitness devices and vitals devices will become easily accessible through the smart phone. That will become the means by which a lot of the data that we enter today manually, like your vitals, will be electronically captured and passed into the EMR systems.

View/Print Text Only View/Print Text Only


HIStalk Featured Sponsors

     







Subscribe to Updates

Search


Loading

Text Ads


Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Tweets

Archives

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reader Comments

  • FRANK POGGIO: Shows to go ya...answering black and white Jeopardy questions is a far cry from the massive grey area of medicine/pharma...
  • Number Cruncher: You are right AC. The cost is seriously underestimated here. Just looking at the numbers - $1 B for 5 years = $200 M ...
  • Abraham Van Helsing: Re Theranos. Will be interesting to follow the saga. As I and others had noted going back 2+ years, something was obvi...
  • Prof. Moriarty: Re: Watson pull out. I've not been directly involved with this product, but from its beginning I have always seen Watso...
  • mih: Of course they can, and for much much cheaper. But why would they do it? Existing arrangement works for everyone in the ...
  • Andrew M. Harrison: Thanks for (actually) reading our paper. I enjoyed the story of your friend, as well as the translation of numbers to em...
  • Mike: I would love to see this type of discussion around Blockchain. It is being hyped heavily currently. Yet, I wonder how we...
  • Brian Too: Just slightly off-topic, but I recently heard an interesting downtime rule-of-thumb: Every hour of downtime requires 2 ...
  • James E Thompson: AI in particular isn't disruptive until it can offer an effective alternative against which a go/no-go decision makes se...
  • Former Newspaper Guy: I applaud your attention to grammar and style. In high school, I worked for the local newspaper in the sports department...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links