Sage advice: Healthcare space ‘a great opportunity and a significant burden’

Scared of HIPAA? Don’t be. It represents huge opportunities for the IT world.

April Sage | Director Healthcare IT

That was the message from April Sage, Director of Healthcare IT for Online Tech, when she joined Karl Palachuk on his ‘Odd Tuesdays‘ podcast yesterday. (Find the replay here.)

Palachuk invited Sage to join his bi-weekly show because its primary audience – managed service providers – has been engaged in a debate about whether HIPAA regulations and the HITECH Act make working in the healthcare space “so big and so complicated and so scary” that it’s best to just run away.

Sage counters that the rapidly growing health IT industry creates “a wonderful opportunity” and that while understanding HIPAA regulations “does require a bit of homework to understand the compliance rules, they’re not so different than the normal security protocols that one would find to protect any sensitive data.”

Here is more of the sage advice delivered by April (pun credit: Palachuk):

“For smaller businesses, the healthcare space is both a great opportunity and a significant burden. The smaller businesses really have the kind of agility to react to the disruptive innovation that the healthcare industry is screaming for in order to figure out how on Earth we are going to lower the cost of healthcare, but also have better outcomes for our patients. On the other side, the cost of compliance and those external audits and making sure all of those safeguards are in place – not just at any point in time, but on an ongoing basis – is really significant. We find that we end up in very close partnerships with our IT service providers so that we make sure we clearly understand who is addressing which of the safeguards and going through the complete list to make sure that we have all of our bases covered. We find that that’s a huge relief for our clients. We end up with some very enterprising physicians who identify a need in the healthcare system and suddenly become founders of mobile healthcare apps. They understand their business incredibly well, but they don’t understand how to keep the IT infrastructure safe. This is a place where an IT consultant can be a huge benefit to those people, by connecting them in a network of partners that can make sure the safeguards are in place.”

Listen to the full podcast to hear Sage also discuss the Department of Health and Human Services clarifying responsibility and accountability issues, the importance of understanding the Business Associates Agreement, and the kinds of clients that Online Tech is able to assist with its range of hosting services – from colocation to managed dedicated servers to encrypted cloud, all with the main focus on handling the security and compliance safeguards that are required for sensitive data.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in HIPAA Compliance, Information Technology Tips, Online Tech News | Tagged , , , , , | Leave a comment

Client profile: CoherentRx uses visual display to improve retention of doctor-patient communication

This is the latest in a series of Online Tech client profiles. Read more here.

How do you move from founding Hour Detroit magazine to being the president of Spin Media to starting an app development company to Apple requesting healthcare-focused iPad apps that are saving lives via improved communications?

“Either way, you’re still trying to get people to respond and to react to something,’’ said Tom Hartle, founder and CEO of CoherentRx. “Whether it’s publishing an app, a magazine or website, the business models can be nearly the same. The format is a thing by which you deliver the content. A lot of people really don’t have the true will or temperament to succeed in other formats.”

Referring to David and Goliath matchups between giants and startups, Hartle argues smaller companies can usually “out-maneuver’’ bigger ones “because we can out engineer bigger companies.”

“The reason Hour Detroit was successful was we leveraged new technologies in desktop publishing and distribution outlets. At the time (1994), desktop publishing technology was new. Our competition was tied to their old expensive publishing infrastructure,” Hartle said. ““Because the technology is always changing, publishers live in a constant state apprenticeship, with the master being technology. Content is not king. Technology and delivery formats are.’’

With CoherentRx, based in Troy, Mich., new iPad apps are helping doctors show and tell treatment information to patients, making a major difference on the overall hospital experience.

Typically, hospital patients retain just 10-15 percent of the information they hear from medical staff, compounded by high levels of anxiety. Showing patients images on an iPad rapidly increases those retention levels while reducing anxiety, he said.

To keep all that data safe and secure, CoherentRx partnered with Ann Arbor, Mich.-based Online Tech to make sure sensitive protected health information (PHI) would be secure and accessible through its encrypted, compliant cloud.

Online Tech recently announced “end-to-end’’ encryption, keeping data securely encrypted at every step of the way from the time it leaves its origination point through transit to the encrypted cloud services where it is stored.

“Online Tech is extremely responsive and very approachable,’’ Hartle said. “Unlike most tech companies, they also have a human touch that’s old school: if you picked up a phone to call, they are there. They’re on top of it, in front of it, to the sides and below. It was kind of a full circle.’’

Organizations in regulated industries that must ensure the protection of confidential information often avoid cloud computing because they have incomplete encryption strategies that leave them in non-compliance and at risk of embarrassing, costly security breaches.

The common areas of non-compliance for most hosting providers are due to a lack of encryption for data in the cloud and for backup of that data. The cloud infrastructure and backup techniques used by the vast majority of companies today leave patient and customer information vulnerable.

For more on Online Tech’s encrypted, compliant cloud solution, visit here. For more information about Online Tech’s encrypted backup solutions, visit here.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Encryption, HIPAA Compliance | Tagged , , , | Leave a comment

Backup video series: What are cost-effective data backup technologies?

Note: This is the 12th in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

What two technologies give you the most “bang for your buck” in data backup software? Deduplication and compression.

The benefits of compression are well known. But implemented properly, deduplication can save a considerable amount of time on backups and a considerable amount of space on backup storage.

Deduplication eliminates duplicate or redundant information and only backs up new data. Aiello estimates it can cut a typical 6-to-8 hour backup window down to 30-to-50 minutes. That’s a huge benefit particularly for servers that are both mission critical and need to be online servicing customers.

“You’re spending less time backing up the server and the server can spend its time the way it’s supposed to be, servicing requests from customers,” Aiello says.


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment

Online Tech’s April Sage to talk HIPAA compliance on ‘Odd Tuesdays’ podcast

April Sage, Director of Healthcare IT for Online Tech, will join the ‘Odd Tuesdays‘ podcast on Tuesday, March 4, to give advice on HIPAA compliance.

Odd Tuesdays is a podcast for IT consultants that discusses what’s new in tech management and best practices for running an IT business. The podcast airs on the first and third Tuesdays of each month and features a variety of vendor and managed service provider consultant interviews and advice segments.

The March 4 podcast, titled Fear Not HIPAA, will be hosted by MSP-focused author, speaker, consultant and business coach Karl Palachuk and include Rayanne Buchianico, whose business provides complete accounting, business, and tax consulting services to IT professionals.

Online Tech’s HIPAA compliant data centers annually pass a HIPAA audit with 100% compliance against the OCR Audit Protocol.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in HIPAA Compliance, Online Tech News | Tagged | Leave a comment

Backup video series: Do you need a testing plan for data backups?

Note: This is the 11th in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

Here is Aiello’s three-part answer to the question driving today’s data backup entry:

  1. Always test the restore process.
  2. Always test the restore process.
  3. Always test the restore process.

So, yes, you do need a testing plan for data backups. It doesn’t matter if you back things up if you can’t restore it. If data is in your backup catalog, do a test restore and make sure that restore works.

“Any good cloud provider or backup provider worth their salt should be able to work with you and provide that for you as part of the service,” Aiello says. “That way you can validate that the data you’re backing up is actually retrievable in the event of an emergency.”

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “What are cost-effective data backup technologies? Deduplication and compression.”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment

On-site with Online Tech at HIMSS14

April Sage, Director of Healthcare IT for Online Tech, contributed some photos from HIMSS14, where a group of Online Tech employees are spending their week networking, learning and exhibiting the company’s enterprise cloud with end-to-end encryption. (If you’re in Orlando, stop by booth #3904.)

Above you see the outside of the Orange County Convention Center in Orlando, the location of this year’s annual event. Below are a couple scenes from inside the conference’s 440,000 square feet of exhibition space. Sage notes the buses are “great metaphors of BIG data, mobility, integration … all keys for moving ONWARD with innovation!”

Stay tuned to this blog for thoughts from HIMSS14 live sessions and keynote addresses.

Today’s keynote address is from former Secretary of State, Senator and First Lady Hillary Clinton. Her husband, former President Bill Clinton, spoke at HIMSS13 in New Orleans.

In a keynote address on Monday, Aetna CEO Mark Bertolini called for change to a healthcare system that he says is “breaking the bank” of the U.S. economy. Forbes transcribed his speech, and interesting coverage of it can be found at Medical Economics, Modern Medicine, Modern Healthcare and Healthcare IT News.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Online Tech News | Tagged | Leave a comment

Backup video series: How to make data backup an easier process

Note: This is the 10th in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

Want to make data backup an easier process? In today’s entry, Aiello suggests following the same business practices that you would for almost every other decision: Trust the experts. Talk to people that know data backup and do it every day.

“If my toilet doesn’t work, I’m definitely calling a plumber. I’m not going to try to fix these solutions myself,” Aiello said. “And, really, the same thing goes with any IT service. If you’re struggling with backups, contact somebody that knows what they’re doing and does this regularly.”

Your time is best spent focusing on your key business objectives. Most problems with IT systems come from human error. Don’t realize a do-it-yourself backup system isn’t working properly after it’s too late to save lost data.

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “Do I need a testing plan for data backups?”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment

Online Tech at HIMSS14: Cloud protects PHI with encryption from front end to backup

If you’re a member of a healthcare company at HIMSS14 this week, chances are you’re looking for innovations to improve patient outcomes at lower costs. As outlined in a recent press release, Online Tech will exhibit its innovative approach to securing patient data by incorporating encryption at the very core of its cloud and backup infrastructure to protect PHI from the front-end of patient portals all the way to the data-at-rest in offsite disaster recovery environments. This approach means PHI is never in an unencrypted state.

At HIMSS booth #3904, Online Tech will have enterprise architects available for one-on-one consultations with companies seeking advice and best practices for health IT architecture, compliance strategies and security for PHI.

Security and healthcare attorney Tatiana Melnik, will be dropping by the booth to answer questions about compliance in the cloud and Online Tech will put a spotlight on customer stories, allowing healthcare organizations like CoherentRx, Annkissam and Rimage Designs to tell their stories about protecting PHI and demonstrating compliance with the encryption requirements of HIPAA. This video of instaRounds CEO & Founder Kurian Thott gives a preview of the case studies that Online Tech will highlight at the event.

Online Tech’s end-to-end encryption addresses one of the most disturbing discoveries by the OCR: encryption is often completely overlooked or not included at the point of implementation.

“One of the key issues facing healthcare CIOs is the security of patient information from end-to-end. We want to protect PHI from the point of access in the cloud by mobile devices, all the way to its long-term storage destination for disaster recovery protection,” Online Tech co-CEO Mike Klein said. “Each stage of its lifecycle is a challenge that can lead to non-compliance with HIPAA, making this an urgent issue to resolve.

“At HIMSS, we will demonstrate how end-to-end encryption solves that non-compliance challenge and keeps confidential patient information secure.”

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, Encryption, HIPAA Compliance | Tagged , , , , , , , , | Leave a comment

Security alert: Flaw in iOS could impact HIPAA and other privacy security compliance obligations

A hat tip to Tatiana Melnik – an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance – for passing on this security alert, which could impact HIPAA and other privacy security compliance obligations for those using iPhones, iPads and Mac computers, and any company with a Bring Your Own Device (BYOD) policy in the workplace:

ArsTechnica has reported today an extremely critical cryptography flaw discovered in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1 that has exposed sensitive communications.

A critical iOS vulnerability that Apple patched on Friday gives attackers an easy way to surreptitiously circumvent the most widely used technology for preventing eavesdropping on the Internet. That made the security bug about as dire as one can be. Now, there’s strong evidence that the same flaw also exposes sensitive e-mail and Web communications on fully patched versions of OS X, with no indication that there is a patch currently available for the millions of people who use the Mac operating system.

The flaw, “according to researchers, causes most iOS and Mac applications to skip a crucial verification check that’s supposed to happen when many transport layer security (TLS) and secure sockets layer (SSL) connections are being negotiated. … independent security researcher Ashkan Soltani … and other researchers say virtually all applications that rely on the SecureTransport TLS layer are susceptible to the attack, regardless of whether they use a technique known as certificate pinning designed to block counterfeit encryption certificates.”

ArsTechnica suggests these next steps:

  • Immediately update iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network; and
  • For the time being, people using Macs should avoid using public networks.

If you are operating in a BYOD environment, you may want to disable network access to iPhones and iPads until staff members update the operating system on their devices and disable network access to Macs until Apple announces that a patch is available.

Resource:
ArsTechnia:
Extremely critical crypto flaw in iOS may also affect fully patched Macs


Related Content
For more BYOD security information, check out a replay of a past Online Tech webinar co-hosted by Melnik, “To be BYOD or not to be BYOD: Is a Bring Your Own Device Policy Right for Your Organization?”

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in HIPAA Compliance, Information Technology Tips | Tagged , | Leave a comment

Backup video series: The risks of using one backup solution over another

Note: This is the ninth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

We’ve covered many possible data backup solutions in this video series. Whatever backup solution you choose — on-site, off-site, third-party vendor or a cloud provider — there are going to be risks to evaluate.

“You have, as a business owner, decisions and you need to weigh the different risks that you have,” Aiello says. If you keep backed up data on-site, what if the building burns down? If you send it off-site with an employee, you’re open to theft or loss. Have the security processes of third-party and cloud partners been properly vetted?

Also remember, the more that is done in-house, the more technical liability is assumed.

“If you decide that you’re going to do your own backup and you’re going to ship it off site, you have to assume the technical burden of operating the backup system, making sure the backup is encrypted and managing that relationship to ship the tapes or hard drives off-site,” Aiello says. “Using a cloud provider takes that technical burden off your plate and you can focus more on your business.”

Powered by EMC Avamar, the market leader in data center backup software, Online Tech’s backup solution is a powerful, fully managed and encrypted offsite backup.

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “How to make data backup an easier process.”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment