Online Tech exhibits at Chicago internet retailing expo

“Changing, Connecting, Creating” is the theme of this year’s IRCE, the world’s largest e-commerce event happening in Chicago June 10-13. With over 200 speakers, and 10,000 expected guests, plan on tons of connecting and creating. Tracks will range from B2B to fulfillment and operations, from global e-retailing to everything social media.

We’re most excited about the track dedicated entirely to the technology that helps internet retailers continue to grow while more clearly understanding the implications of their data on their company.

For example, don’t miss Alan Higley, Vice President, Consumer Marketing for Code42. He will have a presentation on Thursday, June 12 at 1:30pm entitled: Making Sure Technology Doesn’t Hinder Your Growth. In this talk, he’ll talk about the fine line between having tech at the ready for rapid e-commerce growth, and overspending on tech that isn’t being used. Higley has grown e-commerce businesses in the past, and is now armed with the experiences and wisdom from all the successes and mistakes of that journey. This talk is vital for any internet retailer working through how to make their site nimble enough to withstand the ebb and flow of the internet tide.

If you can get to the show in time for the pre-show workshops, take advantage of some really in-depth tracks and executive focused sessions:

Get Smart: A Roadmap for Sound Technology Investments
Charles Hunsinger – SVP, Chief Information Officer – Harry & David
Michael Arking – President –
Bernardine Wu – Chief Executive Officer – FitForCommerce

This opening session will set the stage for the daylong technology workshop by illuminating the critical considerations of a sound technology investment. Participants will learn about the technology ecosystem to support effective digital commerce, including core platforms and integrations to third party solutions. Learn how to craft your own technology roadmap, complete with phased system implementations and methods to measure success in terms of key performance indicators – and profits.

Online Tech is also going to be at McCormick Place, joining in the education and e-commerce festivities. We’ll be exhibiting our PCI compliant hosting solutions at booth #1741, and spreading the word in Chicago about our newest Great Lakes data center in Indianapolis. Come be a part of the 10 year anniversary of the largest internet retailer’s networking and education event!

Posted in Information Technology Tips, Online Tech News, PCI Compliance | Tagged , , , | Leave a comment

Patient data collection and analytics are key to success in an accountable care organization environment

There’s a fundamental change underway in the healthcare system, which is shifting away from a traditional fee-for-service model toward a more accountable, patient-centered model of care.

Accountable care organizations (ACO) are popping up across the country with what’s being referred to as a Triple Aim: better care for individuals, better health for populations, and lower per capita costs.

In a recent Online Tech Tuesdays at Two webinar session, attorneys Tatiana Melnik and Carrie Nixon extensively defined and discussed the ACO model (what is it, why we are moving in that direction, where the patient fits into the model, and some early success stories), the role technology plays in its emergence, and ways to minimize and mitigate legal risks in the framework.

Melnik specializes in IT legal issues with a specific emphasis on HIPAA, HITECH, and the world of healthcare and cloud computing. Nixon is president of Accountable Care Law & Policy and a founding member of Healthcare Solutions Connection, a network of expert consultants providing solutions for the healthcare industry.

“We’re moving to the ACO model because really, the current system is unsustainable,” said Melnik “Baby Boomers are aging and are straining a system that is already having a difficult time managing and sustaining a patient population.”

Titled PHI in the ACO – Risk Management, Mitigation and Data Collection Issues, the hour-long webinar covered multiple must-know topics for healthcare and health IT personnel – whether they’re already part of an ACO, plan to be part of an ACO, or are simply interested in the movement. (You can find the video replay and presentation slides here.)

Of course, technology plays an integral role in ACOs. So much that Melnik and Nixon weren’t able to cover all aspects in one session and have agreed to return for a second.

PHI in the ACO – A Focus on Data: Analytics, Collection, Risks and Contracting Considerations will be held at 2 p.m. ET on Tuesday, June 17. (Register here.)

That session will focus on an ACO’s need for a strong information technology framework to collect, analyze and report data. This includes the ability to combat fraud and using technology to engage patients and meet reporting requirements. The co-hosts will also cover legal risks – including data breaches and other privacy violations – and contracting considerations with IT and software vendors.

Melnik and Nixon did dive into several technology issues in their first session. Some highlights:

“Data collection and analytics are really the keys to success in the ACO environment,” Melnik said. “This is because quality metrics must be collected and reported to (Centers for Medicare and Medicaid Services) and must also be shared among the ACO participants so that they can provide better care to the beneficiaries.”

Nixon said one of her key messages during the session was to “underscore the importance of data, data, data. Have your data collection mechanisms in place, and look at your data. Look at your data. Analyze your data. Think about what it means. Think about ways that you can improve.”

However, all the record-keeping requirements of an ACO are extensive – records must be kept for a minimum of 10 years, plus six more if there’s a termination, dispute or allegation of fraud against an ACO. Melnik noted that keeping information for 16 years or longer requires a heavy investment for data storage and data retrieval costs.

Paraphrasing Melnik: Data sharing and collection requires an advanced IT infrastructure, which means ACOs have to understand how the IT environment works and how the data migrates through the system. At the same time, people and processes must be in place so data is understood. Analytics are useless nobody in the system can explain what the numbers mean and how to improve on the information that you’re getting.

Nixon mentioned an ACO that hired three employees who deal strictly with data.

“How many ACOs are considering that they have to do that? Or, are they thinking, ‘We’ll figure that out when we get to that point’?” Melnik said. “That’s really problematic, because that can impact the long-term success of your project. You need to have those considerations in place at the forefront and really account for those costs at the beginning.”

The co-hosts also discussed the need for interoperability, considering the integration of personal health records, mobile devices and other technology with electronic health records (EHR). When a large number of providers with their own EHR systems merge and want to use personal health records (to meet Meaningful Use standards) and mobile device integration (to improve patient engagement), technology issues expand exponentially.

Melnik noted the Federal Trade Commission is involved in assessing whether some software vendors are improperly exerting control on competition when it comes to interoperability. She suggested reviewing materials from the FTC’s Examining Healthcare Competition workshop held in March.

Melnik also discussed how the need for data breach insurance (and the amount of data breach insurance) must be carefully evaluated when forming an ACO. “Consider the recently released report from the Ponemon Institute finding that the cost to remediate a breach in the healthcare space is $359 per record, compared to a $201 dollar industry average,” Nixon said. “If you have 50,000 records involved in a breach, that’s $17.9 million. How many organizations have those kinds of funds to pay out that amount?”

Tatiana Melnik is an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance. Melnik regularly writes and speaks on IT legal issues, including HIPAA/HITECH, cloud computing, mobile device policies, telemedicine, and data breach reporting requirements, is a Managing Editor of the Nanotechnology Law and Business Journal, and a former council member of the Michigan Bar Information Technology Law Council.

Melnik holds a JD from the University of Michigan Law School, a BS in Information Systems and a BBA in International Business, both from the University of North Florida.

Carrie Nixon is the CEO of Nixon Law Group and President of Accountable Care Law & Policy. She is a founding member of Healthcare Solutions Connection, a network of expert consultants providing integrated service solutions for the healthcare industry. As a longtime attorney for a variety of clients in the assisted living and long-term care industry, Nixon has on-the-ground experience with the unique challenges facing those who serve our aging population. She has successfully defended these clients against malpractice claims and deficiency citations, helping them to navigate the ever-changing regulatory and risk management landscape.

Nixon holds a JD from the University of Virginia Law School.


HIPAA Compliant Hosting white paper

Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure PHI

Posted in HIPAA Compliance, Online Tech News | Tagged , , , , , | Leave a comment

Staying ahead of the cloud cybersecurity curve

For the upcoming IMN Data Center East Conference, I’ve been invited to speak on the panel called “Staying Ahead of the Curve on Services” about managed services for data center operators.

From my experience, two of the highest value managed services a data center operator can provide are backup and managed security services. I wrote about backup services in a previous post, so this one is about considerations for offering security services around cloud computing and colocation.

Mike Klein
Online Tech

Hosted security as a managed service requires a much larger investment than backup services. Significant dedication and resources are required to achieve a solid security posture that coordinates a company’s people, processes, and technologies, but greatly increases value for clients.

Some technologies are easy security entry points. Antivirus, patch management, SSL certificates and managed firewall are good places to start. In my opinion, these services are table stakes to play in the cloud computing market and many colocation clients have come to expect the same set of options as managed services.

Offering an expanded set of services for strong security is a much harder business decision. The investment to deliver expanded security services such as two-factor authentication, log monitoring and review, file integrity monitoring, vulnerability scanning and web application firewalls requires additional expertise and ongoing support resources.

Often, it is the commitment to developing repeatable, reliable processes that truly begins to differentiate those with a thin layer of security “frosting” compared to those who are baking it in throughout the solution. This requires deliberation at the design level, rigorous testing at the implementation level, and expertise in standard frameworks that prioritize thorough change management, peer review, and often third party auditing. Strong services can take a significant investment that may not fit many it can take for a colocation provider to offer cloud computing and colocation providers’ business plans.

The benefits the client receives with managed security hosting is both direct and ongoing. For many clients, the cost to build the security skill set and bring the technology in-house is an order of magnitude higher than what they pay their hosting provider to deliver. The service provider can amortize the investment in technology, people and processes over thousands of clients, delivering a very cost effective approach to strong security.

For example, at Online Tech, we chose to implement a full PCI-DSS (Payment Card Industry – Data Security Standard) security suite based on the mid-market, security conscious market we serve. PCI-DSS requires one of the most comprehensive, prescriptive security suites of all of the compliance audits that we support, so we decided to base our security offering around these security requirements. We offer the PCI-DSS security suite as part of the PCI Compliant Cloud offering, but all of the security services can be added to environments even if they don’t have to protect cardholder data.

There are a number of managed services that data center operators can offer as win-win services for their clients. Services that the service provider can deliver more cost effectively than the clients can purchase or hire out themselves because service providers can deliver these services repeatedly and reliably across thousands of servers.

Backup and security are examples of two of the managed services that we see a high uptake from our client base, but with very different investment profiles. Of course, the managed services a data center operator provides needs to match the client base that a company is serving and be competitive in the market.

I’m sure we’ll be talking more about this at the IMN panel later this month.

Related content:
Staying ahead of the enterprise cloud backup and recovery curve
Disaster Recovery white paper
Backup video series

IMN’s Spring Forum

Posted in CEO Voices, Cloud Computing, Managed Servers | Tagged , , , , , , , , | Leave a comment

Northern Ohio HIMSS Summer Conference

If you’ve ever been to a HIMSS show, you know it’s one of the most important healthcare organizations ever made. It’s brimming with healthcare information management hot button topics and innovative ideas. It’s working collectively to optimize patient outcomes and care through technology and policy changes that will keep people safe and healthy. It’s comprised of the field’s leading experts and advocates, and is continually making positive change in the healthcare industry.

Which is why we’re so excited to go to the Northern Ohio HIMSS Summer Conference. It will be on June 6th at the new Global Center for Health Innovation in Cleveland. The theme is, “The Winds of Change: The Impacts of Information Technology on the Economy of Healthcare & Patient Outcomes”. From the Northern Ohio HIMSS site, here’s an idea of what you’ll get if you join us for the show:

“We are in the center of a substantial change in Healthcare, with Information Technology playing a major role. This conference explores how components of the Patient Protection and Affordable Care Act (e.g. eHealth Initiatives, the shift from the Fee-For-Service model, Health Information Exchanges, and the Health Insurance Market Place) impact Operations, Revenue Cycle and Knowledge Management of Healthcare Systems.

Subject areas:

  • Healthcare Reform Impact on Healthcare
  • Accountable Care Organizations (and/or Patient Centered Medical Homes)
  • Information Technology Efficiencies in Healthcare
  • eHealth Initiatives

So join in the conversation, and give your insight on the impact of IT on overall patient health and wellness. Come to the show and share how your company solved an inefficiency or vulnerability within your systems. We hope to see you there!

Want to register right this second? Head over to the NOHIMSS chapter website.

Posted in HIPAA Compliance, Information Technology Tips | Tagged , , , , , | Leave a comment

iHT2 recommendations for HIPAA-compliant cloud business associates

Cyber criminals are being drawn to the healthcare industry like moths to a flame and providers are more vulnerable as the sharing of electronic health records proliferates.

To help diminish both those trends, the Institute for Health Technology Transformation (iHT2) recently compiled its “10 Steps to Maintaining Data Privacy in a Changing Mobile World.”

With a goal of explaining “how healthcare organizations can best protect themselves from the rapidly growing threat of security breaches and medical identity theft,” the paper is compiled by CIOs and security consultants who describe best practices for preventing these incidents and suggesting “how to deal with the proliferation of electronic data on the web and on mobile devices, which has created many new avenues for cyber attacks and the theft of personal health information.”

The paper ends with 10 suggested strategies to follow, each of them worth investigating further. (Find the full paper here.) For brevity’s sake, let’s take a look at two of the suggested strategies that are particularly relevant to our secure and compliant data hosting world.

The first deals with business associate agreements:

Get business associate agreements. All outside partners and service providers, including cloud storage providers, should sign BAAs acknowledging their responsibility to protect PHI. You should also require business associates to upgrade their security procedures.

As of September 2013, the HIPAA Omnibus Final Rule asserts that business associates are as liable for data security breaches as the HIPAA-covered entities they work with. This includes cloud vendors, many of whom had earlier been reluctant to sign these pacts.

There’s strong rationale for providers to insist vendors and partners sign business associate agreements: according to the Ponemon Institute, healthcare organizations simply don’t trust their third parties or business associates with sensitive patient information.

A recent Ponemon study revealed that 73 percent of organizations are either “somewhat confident” (33 percent) or “not confident” (40 percent) that their business associates would be able to detect, perform an incident risk assessment and notify their organization in the event of a data breach incident as required under the business associate agreement. … Only 30 percent are “very confident” or “confident” that their business associates are appropriately safeguarding patient data as required under the Final Rule.

To fully manage cloud security risks, we recommend you go beyond business associate agreements and review the provider’s complete policies, procedures and processes. The business associate agreement should outline policies and procedures. Review a copy of your cloud provider’s independent HIPAA audit report, if they invested in one, and check that they’ve been audited against the OCR HIPAA Audit Protocol.

The good news: The iHT2 report presents data that indicates business associates are paying greater attention to data security. From 2009 to 2012, business associates were involved in 56 percent of large-scale data breaches of 500 records or more. In 2013, that number was reduced to just 10 percent of breaches.

The second suggested strategy deals directly with cloud security:

Choose your cloud provider and cloud type carefully. A cloud service provider should sign a BAA and be HIPAA compliant. Healthcare providers might find the public cloud enticing because of cost efficiencies, but a hybrid cloud might be preferable because it allows them to control their data.

The iHT2 report cites a HIMSS focus group of senior health IT executives that said they are “more comfortable using a private cloud” than a public cloud and were “more likely to store administrative data than clinical data in the cloud.”

The report also cites legal expert John DeGaspari recommending healthcare organizations wanting to use a cloud vendor should make sure the company has a comprehensive set of security procedures. At a minimum, DeGaspari says, the vendor should have third-party certification from an entity such as Services Organization Control (SOC) 2.

Online Tech — which is backed by independent HIPAA, PCI, SOC 2 and Safe Harbor audits — produced its own list of what to look for in a HIPAA cloud provider:

1. Encryption. Do they offer encryption of data at rest and in transit with their cloud solution? Or do you have to spend more time and resources to add another encryption service on top of their cloud to make it work? Encrypting data exempts you from the HIPAA Breach Notification Rule and keeps data confidential even if accessed.

2. HIPAA Report on Compliance (HROC). The final HIPAA rule says cloud providers are considered business associates. Wouldn’t you rather your cloud provider has already undergone a third-party audit of their services to ensure your data safety and compliance (and to save you the trouble of paying for another audit of your business associate)? Don’t just take their word for it – review a copy of their HIPAA audit report and check they’re audited against the OCR HIPAA Audit Protocol.

3. Business Associate Agreement (BAA). Check on their policies around data breach notification, data termination, data access and what services they provide that help you meet compliance.

4. Private clouds. A HIPAA compliant private cloud environment can give you dedicated compute, memory and disk performance, meaning your resources are always reserved for you when you need them. Some public cloud setups allocate resources to other tenants on a first-come, first-served basis, meaning you may be out of luck.

5. Disaster recovery and offsite backup. The HIPAA Contingency Plan standard requires covered entities to establish and implement a backup and full disaster recovery plan to recover systems that contain electronic protected health information (ePHI) – having one for the cloud ensures your data is always available regardless of a natural disaster.

Related content:
HIPAA Compliant Hosting white paper

What to look for in a HIPAA cloud provider

Top 5 healthcare cloud security guides

IHT2’s 10 Steps to Maintaining Data Privacy in a Changing Mobile World

Ponemon Institute’s Benchmark Study on Patient Privacy and Data Security

Posted in Cloud Computing, HIPAA Compliance, Information Technology Tips | Tagged , , , , , , , , | Leave a comment

Cloud Security at Columbus Information Security Conference

On May 22nd, industry experts from around the Columbus area will converge to speak at the Data Connectors Columbus Tech Security Conference. This will be held in the Quest Conference Centers in Columbus.

The focus of the Data Connectors event circuit is information security. Within these events, topics range from VoIP and LAN security to wireless security and securing USB drives. Below is a sampling from the agenda in Columbus:

The Evolution of Endpoint Security: Detecting and Responding to Malware Across the entire Kill Chain
Brian Orr, CISSP, GISP,
Systems Engineer, Bit9

Over the past decade, the volume of malware produced and potentially infecting organization, has multiplied by orders of magnitude. The scope of the threat, in conjunction with little to no innovation by traditional security vendors has left organizations like yours vulnerable. The time is NOW to expand security infrastructures to include detection and response capabilities that allow you to fully scope, contain, and remediate each threat in real-time on your endpoints and servers. Join Bit9 to discuss the emergence of endpoint malware and the new class of security solutions that can detect threats early and across more points on the kill chain.

Anatomy of the Target Stores Breach: Lessons Learned
Ken Donze, Senior Manager of Customer Engineering Solutions, Trend Micro

Target Stores has invested millions in “next gen” cyber security and had received PCI certification. And yet hackers compromised its systems and credit card data during the busy retail holiday season. Over 70 million people were impacted. Join Trend Micro as they outline the breach, how people and processes were impacted, and how warnings and false positives were overlooked. As more and more firms consolidate data centers and invest in new solutions, how can human error and social engineering be mitigated and risks managed? How can organizations balance risk and security investment? What Best Practices and controls are recommended?

At 3:15pm Jason Yaeger, Director of Product Management will also be speaking, about security in the cloud:

Securing the Cloud in a Regulated World
Jason Yaeger, Director of Product Management, Online Tech

Securing the cloud for one organization is hard enough. A cloud architecture that can fit within the performance, security, and compliance constraints across many organizations and industries requires a few novel approaches – and investments. For one, a positive partnership with auditors. Second, security and compliance driven culture, not checkboxes. Third, serious technology investments to enable key functions like encryption and remote backup to play nicely together. This presentation with share a behind-the-scenes look into the architectural decisions behind a cloud capable of protecting sensitive data in the healthcare, banking and other regulated industries.

Head to our event page to find out more about our session at the Data Connectors event this week, or to the Data Connectors site to register to attend.

Posted in Cloud Computing, HIPAA Compliance, Information Technology Tips, Online Tech News, PCI Compliance | Tagged , , , , , , , , | Leave a comment

Staying ahead of the enterprise cloud backup and recovery curve

At the end of May, I’m speaking on a panel at IMN’s Data Center East Conference in New York City. The panel is titled “Staying Ahead of the Curve on Services (for data center operators)” and will focus its message on market demand for managed services that deliver high value for colocation and cloud computing users.

Mike Klein
Online Tech

I define high value as an essential service that a service provider can deliver at a lower cost and with higher quality than their clients can build or buy on their own. For example, many colocation providers offer “rack & stack” service to rack and wire servers in colocation racks. “Rack & stack” is a good example of a “win-win” service. It is typically far more cost effective for the full-time staff at the data center to rack and wire new servers in the rack than for a client to drive to the data center to do it themselves.

“Rack & stack” services give both the service provider and the client a “win.”  The service provider uses their full-time staff that has expertise wiring thousands of servers with a process and documentation that delivers a high quality experience.  The service provider can deliver the service profitably and more cost effectively compared to their clients’ staff time and travel costs to and from the data center.

It’s much like when I hire a plumber. I may be able to do the work myself, but when I consider the cost of my time and the quality of my own plumbing work, it’s a higher value – and safer – to have the job done correctly and quickly by a professional. (My wife would agree that hiring a plumber is “win-win” for our household.)

From our experience, two of the highest value managed services a data center operator can provide are backup and managed security services.  I’ll talk about security services in a future blog post – for now, let’s discuss enterprise backup and recovery services for colocation and cloud computing.

The single highest uptake of all of the services we offer at Online Tech is our managed backup offering. I use it as an example of a high value managed service that data center operators can use to deliver a strong value to their clients with a good return on their investment in people, tools and processes – a true “win-win” service in my book.

There are a number of ways to deliver backup services. Some providers offer unmanaged backup – with a local or offsite storage target where the client loads and manages the backup software. For clients willing to take on the burden of managing their own backups, this DIY option provides the ultimate in flexibility because the client can select the backup software, schedule, network bandwidth and the amount of storage they need.

Another popular approach used by many of the commodity cloud providers is daily snapshots. This is typically a local copy of the entire virtual cloud server as a file that a client can fall back on if they lose their server. While cheap to deploy and easy to offer, our experience is that many clients shy away from this approach because:

  1. they prefer to have their data offsite to protect the data in case of a disaster at the production data center; and;
  2. the work it takes to restore a single file makes it impractical to do file-level restoration – you can only restore the entire snapshot of the whole server.

Contrary to popular belief that backups are primarily used to recover from major incidents or total loss of data, 95 percent of the time our clients use their backup to recover a single lost or corrupted file. Less than 5 percent of the time backups are actually used for a total system recovery. We’ve seen file level restoration to one of the highest demand use cases for backup services.

At Online Tech, we decided to offer a full service offsite backup product that:

  • supports file level restoration.
  • backs up offsite to a geographically disperse data center.
  • supports daily backup for severs with 10 TB+ of data.
  • encrypts all backup traffic and data at rest.
  • offers clients their choice of backup windows to run in their low work periods.

The technology investment to deliver these capabilities in this service was significant. We use EMC Avamar technology – essentially leveraging an enterprise-grade backup architecture – to deliver a full service product experience to our mid-market client base.

Obviously, the decisions of which managed services and feature sets to offer varies – and frankly depends on the service provider’s business model. In our case, we choose to deliver a full service, fully encrypted backup service for the mid-market client base we serve, many of which are in regulated industries where compliance & data security are paramount.

One point I’ll contribute to the panel at IMN is that there are a number of services that colocation and cloud computing providers can offer that deliver high value to their clients from a win-win perspective – a profitable service that can be delivered more cost effectively than clients can do it themselves. Backup is a great example of this type of service, which in our experience has a high uptake because of the value it delivers to clients. The mix of features and capabilities of these services depends on the market and type of clients that the service provider is targeting.

… and that’s where the differentiation and fun starts for those of us in the colocation and cloud computing business.

Download Mobile Security White PaperRelated content:

Encryption of Cloud Data white paper

Mobile Security white paper

PCI Compliant Hosting white paper

HIPAA Compliant Hosting white paper


IMN’s Spring Forum

Posted in CEO Voices, Disaster Recovery, Managed Servers, Michigan Colocation | Tagged , , , , , , , , | Leave a comment

Webinar: Healthcare IT and HIPAA policy attorneys discuss risks of sharing PHI in the ACO and protection strategies

Accountable Care requires clear visibility into longitudinal patient data across multiple providers, but interoperability introduces legal and security risks that must be carefully navigated if organizations hope to become trusted, data sharing entities. In this complex environment, collaborative knowledge sharing is just what the doctor is ordering to improve outcomes while reducing costs.

When attorneys Tatiana Melnik and Carrie Nixon met for coffee at HIMSS in Orlando, each realized the combination of their respective fortes would be beneficial to the other’s clients in the bigger picture of accomplishing meaningful use. Now it’s your turn to reap the benefits of that alliance when they co-present the latest edition of Online Tech’s ‘Tuesdays at 2’ webinar, PHI in the ACO: Risk Management, Mitigation, and Data Collection Issues.

Melnik, a frequent contributor to the Online Tech webinar series, concentrates her practice on healthcare data privacy, security and regulatory compliance. Nixon focuses on healthcare law and policy issues relating to the Affordable Care Act reforms. She launched Healthcare Solutions Connection, a network of consultants providing integrated service solutions for the healthcare industry.

At 2 p.m. on Tuesday, May 20, Melnik and Nixon will share lessons learned from early adopters, role of patient health and quality, legal risk exposure, risk mitigation strategies, role of technology and data collection in coordinated care, and ways to align risk management programs, technology, and interests to improve patient health and quality of care. This is the first in a two-part presentation on PHI in the ACO. The second part, A Focus on Data: Analytics, Collection, Risks and Contracting Considerations, will be held on June 17.

Register: PHI in the ACO: Risk Management, Mitigation and Data Collection Issues (May 20)

Register: PHI in the ACO: A Focus on Data: Analytics, Collection, Risks and Contracting Considerations (June 17)

Nixon said it is critical to understand that an ACO is not going to succeed in a vacuum, but rather the data obtained from patients must be analyzed to determine what care given can succeed in a lower-cost environment.

“I hope that people walk away understanding the important role that Health Information Technology and data play in making an ACO successful,” Nixon said. “In general, I think ACOs have become sort of a catch phrase … ‘I need to have an ACO,’ ‘Should I form an ACO?’ The larger picture is the important role that data and patient data plays in an ACO. You’ve got to be looking at data, analyzing data and asking questions about how we improve based on that data.”

Because of that dependence on data, Melnik said she hopes the key takeaway for attendees of the webinar is, simply, that “an ACO cannot succeed without the proper use of technology.”

While Nixon will explain why it’s important to collect and analyze data, Melnik will focus on the importance of keeping that data safe. She will discuss the risks and concerns surrounding data use, sharing and aggregation, the importance of data analytics, and the related privacy and security concerns.

Tatiana Melnik is an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance. Melnik regularly writes and speaks on IT legal issues, including HIPAA/HITECH, cloud computing, mobile device policies, telemedicine, and data breach reporting requirements, is a Managing Editor of the Nanotechnology Law and Business Journal, and a former council member of the Michigan Bar Information Technology Law Council.

Melnik holds a JD from the University of Michigan Law School, a BS in Information Systems and a BBA in International Business, both from the University of North Florida.

Carrie Nixon is the CEO of Nixon Law Group and President of Accountable Care Law & Policy. She is a founding member of Healthcare Solutions Connection, a network of expert consultants providing integrated service solutions for the healthcare industry. As a longtime attorney for a variety of clients in the assisted living and long-term care industry, Nixon has on-the-ground experience with the unique challenges facing those who serve our aging population. She has successfully defended these clients against malpractice claims and deficiency citations, helping them to navigate the ever-changing regulatory and risk management landscape.

Nixon holds a JD from the University of Virginia Law School.

Posted in Information Technology Tips, Online Tech News | Tagged , , , | Leave a comment

Expansion of secure, compliant hosting into Indianapolis a ‘win-win-win’ for current clients, future clients and Online Tech

Well hello, Indy!

Earlier today, Online Tech announced it has acquired a data center in downtown Indianapolis and will outfit it with the company’s full product line of secure, compliant cloud and colocation services. The Indianapolis Data Center, located roughly an Andrew Luck hail mary pass from Lucas Field, is the company’s fifth data center and its first outside of Michigan.

At Online Tech, co-CEOs Yan Ness and Mike Klein stress the importance of “win-win” situations between the company and its clients and business partners. In this case, expanding our footprint is a “win-win-win” situation … for our current Michigan data center clients, our future Indiana data center clients and Online Tech.

For current clients, the 44,000 square foot Indianapolis data center is ideal for providing disaster recovery services—not only because of the quality and security of the facility, but because of its geographic distance from our Michigan data centers. With more than 300 miles in between, we will be able to support clients that need disaster recovery services across state lines and want significant geographic separation between sites.

In Indianapolis, Klein feels the city’s large population of healthcare companies and growing community of financial, retail, e-commerce and software businesses are “underserved by secure cloud computing providers.” The $10 million investment – renovation will be complete in the third quarter of this year – will provide up to 25 permanent jobs (see our careers page).

Said Ness, in today’s press release:

“The world-class infrastructure that we are bringing to Indianapolis will support the local economy. It will provide local businesses access to one of the most secure and compliant clouds in the world—right in their backyard. We looked at the entire Great Lakes region, and chose Indianapolis as it has a need for the full suite of security products and services that we offer. CIOs and CEOs know the challenges of making cloud computing not only secure, but also fully encrypted and compliant with regulations and standards ranging from HIPAA and SOX to PCI and Safe Harbor. Our record of accomplishment helping businesses to keep their data safe and their systems compliant is unmatched. Our Indianapolis investment will allow us to serve the expanding and critical needs of the region’s businesses immediately.”

For Online Tech, the addition of the Indianapolis Data Center to our portfolio is a milestone in our goal to become the leading provider of secure, encrypted and compliant hosting services in the Great Lake region. It follows major investments to expand and upgrade our Mid-Michigan Data Center and the build-out of our first data center in Metro Detroit.

Win. Win. Win.

Related content:

Online Tech Named One of the “20 Most Promising Enterprise Security Companies” in the U.S. by CIO Review Magazine

Cloud Protects PHI with Encryption from Front End to Back Up

Posted in Data Centers, Michigan Data Centers, Online Tech News | Tagged , , , , | Leave a comment

Is Apple dying because it ‘doesn’t think about the cloud’? That’s debatable, but future of cloud computing is not

Highly successful tech venture capitalist Fred Wilson created some waves last week when he predicted Apple wouldn’t be among the top three most important tech companies in the world by 2020. Speaking at a conference in New York City, he said he envisions Google, Facebook and “one that we’ve never heard of” making up that triumvirate.

Why would his dismiss the current largest tech company in the world (Apple’s first quarter revenues of $43.7 billion was more than Google, Facebook and <insert name of any company you’ve never heard of here> combined). According to a TechCrunch article, he said Apple is “too rooted in hardware” and not sufficiently tied into the cloud.

“I think hardware is increasingly becoming a commodity,” he said. “Their stuff in the cloud is largely not good. I don’t think they think about data and the cloud.”

Of course, Wilson – who has backed huge success stories like Twitter and Tumblr – has been wrong about Apple before. As CNN Money points out, he dumped all of his Apple stock at $91.36 per share in January 2009. The day of his comments at the TechCrunch Disrupt conference, Apple closed at $600.96. (Note: Wilson said he sold his stock because he didn’t feel Apple was being honest about Steve Jobs’ health.)

Mark Rogowsky, a contributing technology writer at Forbes, took Wilson’s comments to task in a recent article – citing “1/3 of a billion people use iCloud backups regularly” and the success of Apple’s massive iTunes/App Store. Of iTunes, Rogowsky writes:

“Apple’s revenues from all those downloads would total $23.5 billion if it were accounted for as a standalone business, according to Asymco. That small part of Apple’s overall business would be #130 on the Fortune 500 if it were a standalone company. For a sense of just how much that is, Facebook — the company Wilson says will be the second-most valuable behind Google in 2020 — took in just under $8 billion last year. For having “nothing,” Apple’s producing a good deal more than nothing in cloud revenues.”

So, check back in six years and see if Wilson or the plethora of pundits who disagree with him were correct.

What’s not disputable in this conversation is that hardware, as Wilson points out, is indeed becoming a commodity and cloud computing is essential for future innovation and success.

Online Tech co-CEO Yan Ness discusses that topic in the following video clip, saying “(organizations) don’t want to deal with the hardware anymore … they just want to pay the price and have somebody else take care of it.”

Related content:

Is Data Less Secure in a Cloud Environment?

Private Cloud Computing Explanation, Benefits, and Recommendations

After the Cloud, What’s Next? Mobile Technology in Data Centers


TechCrunch: VC Fred Wilson: By 2020 Apple Won’t Be A Top-3 Tech Company, Google And Facebook Will

CNNMoney: Fred Wilson writes off Apple, and not for the first time

Forbes: New York’s Top VC Says Apple Doesn’t Get The Cloud; He’s (Mostly) Wrong

Posted in Cloud Computing | Tagged , , | Leave a comment