PRIVACY & SECURITY FORUM: A HIMSS EVENT
San Francisco, CA - May 11 - 12, 2017
Todd Rossin is responsible for the oversight of IDMWORKS business segments and for the development of strategic plans to sustain the company’s rapid growth.
Todd has over 20 years experience in managing, architecting and deploying Identity Management, LDAP Directories, Single/Reduced Sign-On (SSO), Identity Provisioning and Identity Workflows, Access Management, RBAC (Role-Based Access Control), ABAC (Attribute Based Access Control) and PBAC (Policy Based Access Control), Compliance and Auditing Technologies, Federated Identity/SSO, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks for regulatory requirements including Sarbanes Oxley, HIPAA/HITECH, FERC/NERC, NIST and HSPD-12.
Todd routinely speaks about risk and security practices at industry events, including ISC2, ISSA and ISACA.
All healthcare organizations, including health insurers, medical practices, hospitals, labs, and government agencies, process and store huge volumes of sensitive information – from medical records to payment information to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to exposure of this data and HIPAA and PHI non-compliance issues.
IAM failure rates are high for healthcare organizations because many practices rely on individuals to manage complex processes completely by hand. Often organizations neglect to deal with faulty processes and bad data. They make the mistake of acquiring technology to mitigate the risks without taking the time to correct any known or perceived gaps in the process or data. The result of this approach is that governance is ad hoc and informal, tools are put in place on a piecemeal basis, and responsibilities are poorly defined.
IAM assessments identify these gaps and provide an organization with a roadmap to better Identity & Access Management and stronger security of their data and applications.