Backup video series: The risks of using one backup solution over another

Note: This is the ninth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

We’ve covered many possible data backup solutions in this video series. Whatever backup solution you choose — on-site, off-site, third-party vendor or a cloud provider — there are going to be risks to evaluate.

“You have, as a business owner, decisions and you need to weigh the different risks that you have,” Aiello says. If you keep backed up data on-site, what if the building burns down? If you send it off-site with an employee, you’re open to theft or loss. Have the security processes of third-party and cloud partners been properly vetted?

Also remember, the more that is done in-house, the more technical liability is assumed.

“If you decide that you’re going to do your own backup and you’re going to ship it off site, you have to assume the technical burden of operating the backup system, making sure the backup is encrypted and managing that relationship to ship the tapes or hard drives off-site,” Aiello says. “Using a cloud provider takes that technical burden off your plate and you can focus more on your business.”

Powered by EMC Avamar, the market leader in data center backup software, Online Tech’s backup solution is a powerful, fully managed and encrypted offsite backup.

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “How to make data backup an easier process.”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment

Client profile: instaRounds revolutionizes the most challenging piece of healthcare

Online Tech is profiling several clients that will join us at the HIMSS14 annual conference and exhibition on Feb. 23-27 in Orlando. Read more here. Stop by booth #3904 to learn more.

Looking for solutions to the inefficiencies of modern-day healthcare, Dr. Kurian Thott created a communication system that manages and monitors all day-to-day aspects of a healthcare team.

Most critically, Thott notes, the web-based mobile application instaRounds revolutionizes “the most challenging pieces of medicine today” – the point of patient handoff. Thott says instaRounds is the first app to offer a mobile patient sign-out application, where care of a patient goes from one provider to another provider.

instaRounds allows subscribed members of a healthcare team to keep everyone – from care providers to office staff – updated on the status of patients in real time. No more incomplete sign-outs from fellow physicians. And even when physicians aren’t on call, they see what’s going on with their patients and can securely communicate with other members of their call group to consult on patients.

“Giving a steady communication stream that’s seamless and connected to the next provider only enhances what that patient’s experience is going to be like,” Thott says. “Less mistakes, better healthcare, saves everyone money. Everyone’s a winner in that system.”

instaRounds also offers an “MD to MD” communication platform that allows physicians to text other members of a preferred network over HIPAA compliant servers, an on-call schedule so physicians are never left wondering who is caring for patients, and an appointment calendar.

All of this highly-classified functionality is securely hosted on an Online Tech HIPAA-compliant, encypted cloud server.

During Thott’s evaluation of potential hosting partners, he sought out cloud providers that could fulfill the security, compliance and availability requirements to protect the electronic protected health information (ePHI) that instaRounds would be collecting.

He selected Online Tech – the only independently HIPAA audited managed cloud provider – as his trusted hosting business associate. An independent certified HIPAA security specialist found Online Tech to be 100-percent compliant across all 54 standards detailed in the HIPAA Security Rule.

Thott said partnering with Online Tech eliminated “a lot of the back-end, laborious pieces of the puzzle out of our equation” and allowed his team to focus strictly on instaRounds.

“We don’t have to worry about a lot of the regulatory pieces that can stifle innovation and growth,” he said. “Thankfully, Online Tech showed us to be the leader in that.”

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Encryption, HIPAA Compliance | Tagged , , , , | Leave a comment

Backup video series: Why it’s important to encrypt data backups

Note: This is the eighth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

If your data backup plan includes protected health information (PHI) or credit card data, encryption of that backed up data is critical.

There are countless reports of backups on a external hard drive or tape turning up missing or stolen. If that data isn’t encrypted, business are needlessly exposing themselves to peril.

“Because of the transient nature of backups and getting it off site, especially for small- to medium-size businesses, encryption is just so, so important to stop the theft of that backup data,” Aiello said.

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “What are the risks of using one backup solution over another?”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Disaster Recovery, HIPAA Compliance, Information Technology Tips | Tagged , , | Leave a comment

Against prior popular belief, cloud computing a boon for professional IT jobs

Remember years ago when the prevailing thought was that the proliferation of cloud computing would decimate professional IT jobs? As the folks at VMware point out in a recent blog post, just the opposite appears to have happened:

Never before have opportunities for IT professionals been greater. IDC, for one, predicts cloud spending will reach $100 billion over the coming year. Add to that the fact that employers have been on an unstoppable IT hiring binge over the past three years – Career Builder, an employment firm, says software developer jobs alone have increased 12% since 2010.

In the course of compiling press releases and client profiles, numerous organizations have told Online Tech that moving to our encrypted, enterprise-class cloud has freed up their own IT staff to spend more time on projects with a greater direct impact on the success of the business.

Back to the post from VMware (Online Tech uses their fault tolerant hosts in its next-generation cloud architecture), they claim “the rise of the cloud-powered enterprise not only means greater opportunities for IT professionals, but for their bosses and business colleagues as well.”

They say cloud computing has elevated the role of IT leaders to full-fledged advisors and consultants to the business; has created “an insatiable demand for software developers, engineers and architects;” and has created a “potential path to success for many business professionals.”

Read the full VMware post here.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing | Tagged , , | Leave a comment

Client profile: Rimage Solutions streamlines integration and data protection for ACOs

Online Tech is profiling several clients that will join us at the HIMSS14 annual conference and exhibition on Feb. 23-27 in Orlando. Read more here. Stop by booth #3904 to learn more.

In the Accountable Care Organizations (ACOs) model, health providers of all sizes serving Medicare patients, are being tested as new Affordable Care Act regulations come online.

“For small to mid-sized physician-led ACOs, we found there was no perfect solution in the market,’’ said Malay Shah, CEO of Rimage Solutions based in Lakeland, Fla. “Everybody is in a transition phase, especially in multi-EHR scenarios.’’

Rimage Solutions develops custom “cloud-based” software specifically tailored to the needs of ACOs, streamlining the complexities related to back-end system integration and protection of data, especially for data coming from different EHRs, CMS, clinics and hospitals.

ACOs focus on coordinated care ensuring that patients, particularly the chronically ill, get the right care at the right time, while avoiding unnecessary duplication of services and preventing medical errors.

Organizing data and related operations can be especially daunting, Shah said, noting HIPAA privacy laws are growing increasingly strict along with the changes being brought online by the Affordable Care Act, also known as Obamacare.

Sarbanes-Oxley, PCI and Safe Harbor add to the regulatory complexities healthcare providers need to be prepared for.

Rimage Solutions partnered with Ann Arbor, Mich.-based Online Tech to make sure client data would be secure through its encrypted compliant cloud, making data safe and accessible.

“We interviewed a host of providers and found Online Tech to be the best partner for us,’’ Shah said. “The encrypted cloud is a very difficult piece and we wanted to do what was best for our clients.’’

Online Tech recently announced “end-to-end’’ encryption keeping data securely encrypted at every step of the way from the time it leaves it origination point through transit to the encrypted cloud services where it is stored.

Organizations in regulated industries that must ensure the protection of confidential information often avoid cloud computing because they have incomplete encryption strategies that leave them in non-compliance and at risk of embarrassing, costly security breaches.

The common areas of non-compliance for most hosting providers are due to a lack of encryption for data in the cloud and for backup of that data. The cloud infrastructure and backup techniques used by the vast majority of companies today leave patient and customer information

For more on Online Tech’s encrypted, compliant cloud solution, visit here. For more information about Online Tech’s encrypted backup solutions, visit here.

 

 

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Encryption, HIPAA Compliance | Tagged , , , , , , | Leave a comment

Backup video series: What is the difference between a snapshot and full data backup?

Note: This is the seventh in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

As its name implies, a data snapshot — think Polaroid or Instagram — captures a distinct point at the storage level. It’s an appropriate data backup solution for certain types of data, but inappropriate for others.

Because it doesn’t have the intelligence of true backup system, snapshots can have issues with memory intensive applications and can result in a state of “crash inconsistency.”

Backup software can communicate with applications. “With a full data backup, you can be sure that your server – if you have to restore it – is in a “crash consistent” state, and you can be sure that your data is available,” Aiello says.

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “Why is it important to encrypt data backups”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Disaster Recovery, Information Technology Tips | Tagged , , | Leave a comment

Backup video series: What are the different ways to restore data?

Note: This is the sixth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

Did Bob in accounting accidentally delete an important Excel spreadsheet? Was your server hacked or otherwise compromised? Those are two very different reasons for a data backup plan, and they require different solutions.

The ability for file-level restoration is very helpful, and the most common requirement of organizations. But the ability to perform a complete system restoration is a great option for compromised data.

“These are two very different, but very important, things to look at in a backup software,” Aiello says. “Can we restore individual files with granularity, and can we restore the entire system to a clean, consistent state.”

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “What is the difference between a snapshot & a full data backup?”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Disaster Recovery, Information Technology Tips | Tagged , , | Leave a comment

Client profile: Annkissam helps nonprofits navigate their HIPAA-sensitive data

Online Tech is profiling several clients that will join us at the HIMSS14 annual conference and exhibition on Feb. 23-27 in Orlando. Read more here. Stop by booth #3904 to learn more.

Gavin Murphy helped to grow a healthcare delivery nonprofit from minimal annual revenue to over $100 million in just three years. Understanding and helping to solve the operational bottlenecks that developed convinced him that he could help other nonprofits to do the same, particularly in healthcare.

Murphy and his wife, Mollie Murphy co-founded Cambridge, Mass.-based Annkissam in 2007 to provide innovative, affordable technology solutions for mission-driven organizations, focusing on helping nonprofits and social enterprises navigate their data. Annkissam has grown steadily since then and now provides services to clients in 20+ states with a staff of 24.

“We realized the nonprofit sector is often structurally behind by the latest great technology as well as the latest improvements in operations and we set out to short circuit that pattern and get them the best developments right away,” Murphy said. “We’re not just focused on technology but on improving operations — there are few companies that combine those well.”

Annkissam services include: operations consulting, technology consulting, software development and hosting. Hosting involving healthcare or other secure data requires that all data be fully compliant with the Health Insurance Portability and Accountability Act (HIPAA).

Annkissam helps growing nonprofits develop custom software to organize everything they do. In healthcare, organizing data and related operations can be especially daunting with HIPAA privacy laws growing increasingly strict as well as the changes being brought online by the Affordable Care Act, also known as Obamacare.

Annkissam partnered with Michigan-based Online Tech to make sure client data would be secure through its encrypted compliant cloud, making data safe and accessible.

While other vendors had to scramble looking for last minute quick patches, Online Tech prides itself on staying ahead of an ever-changing environment, going to the root of the problem, Murphy said.

“Our experience was great with Online Tech,” Murphy said. “They’re always looking for structural solutions rather than just plugging the dike. They don’t just treat the symptoms of a problem, they find the root cause and that’s a great approach.”

 

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Encryption, HIPAA Compliance, Michigan Data Centers, Online Tech News | Tagged , , , , | Leave a comment

Backup video series: How often you should back up data

Note: This is the fifth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the previous entries here.

Just as there are options when considering where to back up data (to disk, to tape, locally, off-site), there are also fluid “when” answers  when building a strong data backup plan.

In today’s video, Aiello uses a mortgage company and a highly-transactional ecommerce business as examples to show that the answer to the question “how often should you back up data?” can vary.

Rules surrounding how frequently to back up depend on:

  • Sensitivity of data
  • Frequency of change
  • Volume of change

This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “What are the different ways to restore data?”


Learn more by downloading our disaster recovery white paper. This white paper is ideal for executives and IT decision-makers seeking a primer, as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.


facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, Disaster Recovery, Information Technology Tips | Tagged , , | Leave a comment

Healthcare IT arena buzzing with enforcement, breaches, ICD-10 conversion, BYOD and more

BY TATIANA MELNIK
Health IT Attorney

As the clock struck midnight on New Year’s Eve, it was already clear that 2014 was shaping up to be an exciting year for all things healthcare IT. With enforcement actions squarely on the heels of the new year, the on-going healthcare-related data breach litigation (and a renewed focus on data breaches from federal legislators because of the Target incident), the upcoming ICD-10 conversion deadline, the continued move to BYOD, and the growth of Big Data, there is a lot happening in healthcare IT.

Data Breaches, Identity Theft, and Enforcement

On Christmas Eve, the Office of Civil Rights (OCR), the HHS department in charge of enforcing HIPAA, announced a settlement with Adult & Pediatric Dermatology, P.C., for $150,000. According to OCR, this case marked “the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions” required by the HITECH Act. Then on December 31, the Federal Trade Commission (FTC) announced a settlement with Accretive Health, a company providing medical billing and revenue management services to hospitals, where the parties entered into a consent agreement calling for a 20 year compliance period. Both cases involved the loss of an unencrypted portable device—a USB drive in the case of the dermatology practice, and a laptop in the case of Accretive—which is a wholly preventable breach through the use of encryption. Both cases serve as a reminder to covered entities and business associates that federal regulators are watching.

Private plaintiffs (and their attorneys) are watching too. While succeeding in a data breach class action continues to be difficult, as the AvMed Inc. $3 million settlement showed, it is not impossible. AvMed, a Florida health insurance company, suffered a data breach in December 2009, when two unencrypted laptop computers were stolen from its office. Plaintiffs argued, among other things, that part of the funds used to pay for the premiums were supposed to be used to pay for data security. As part of the settlement, AvMed agreed to create a $3 million settlement fund from which customers could claim $10 for every year they were an AvMed customer (up to $30), to recoup the funds that were supposed to be spent on data security. What made this settlement stand apart was that the company settled with class members that could demonstrate damages (i.e., they were identity theft victims), as well as those that did not demonstrate that they were ‘damaged.’ Plaintiffs’ firms have been studying the AvMed settlement. Healthcare providers who suffer a data breach should be particularly concerned if impacted individuals can demonstrate identity theft.

BYOD Policies and Procedures

The Bring Your Own Device (BYOD) phenomenon continues to grow in healthcare and is now expanding to notions of Bring Your Own Cloud (BYOC) and so forth.

Hospitals, physicians’ practices, nursing homes, and other healthcare stakeholders continue to permit employees to use employee owned devices for work purposes. Yet, many organizations have yet to institute BYOD policies and procedures that fit their specific work environment. Not having proper policies and procedures in place will be problematic for healthcare organizations, particularly as terminated employees challenge a company’s authority to remotely wipe their devices as well as seek the devices for use in litigation.

Moreover, many organizations have not implemented specific policies and procedures to address physicians’ texting with patients, including, for example, saving the communications or otherwise ensuring that information is added to a patient’s medical record. While few courts have looked at this issue specifically, it is clear that text messages are discoverable in the event of litigation and must be preserved. Parties that fail to preserve text messages risk sanctions. In Christou v. Beatport, LLC, for example, the defendant failed to preserve text message in response to litigation hold letter. (Civil Action No. 10-cv-02912-RBJ-KMT, 2013 U.S. Dist. LEXIS 9034 (D. Colo. Jan. 23, 2013).) The mobile device containing the text messages was later lost. While the Court declined to order an adverse jury instruction, the Court did permit the plaintiffs to “introduce evidence at trial, if they wish, of the litigation hold letter and defendants failure to preserve Mr. Roulier’s text messages. Plaintiffs may argue whatever inference they hope the jury will draw. Defendants may present evidence in explanation, assuming of course that the evidence is otherwise admissible, and argue that no adverse inference should be drawn.”

The Move to ICD-10

The move to ICD-10 by the October 1, 2014 deadline will also pose challenges to healthcare providers. The transition to ICD-10 is required for everyone covered by HIPAA, but the level of training among staff members will depend on their specific role.

In August 2012, HHS delayed the transition from ICD-9 to ICD-10 by one year. As of now, it is unclear whether HHS is amenable to another delay, particularly because HHS wants providers to collect and report more data. The transition to ICD-10 is in line with this push because it includes codes for new procedures and diagnoses, which is expected to improve the quality of information available for quality improvement and payment purposes.

The transition to ICD-10 is expected to be costly for providers (e.g., lost productivity, the cost of training and implementation, etc.). The transition is also made particularly difficult because there are reports noting that many electronic healthcare records vendors have yet to make the ICD-10 codes available for physicians’ practices. Without updated systems, staff members are finding little opportunity to practice the skills they are learning in training sessions. Physicians’ practices must also work with payers to plan for any reimbursement changes for ICD-10. That is, as payers convert to ICD-10, they may make changes to benefit coverage based on new diagnosis codes.

The Continued Push for Telemedicine

Telemedicine continues to be a hot topic among providers, legislators, and insurance companies. Many states have yet to adopt laws and regulations to permit providers to offer services through telemedicine, despite the continued pressure on the healthcare system by an aging population as well as the Affordable Care Act. But, states do continue to evaluate the issue. It is expected, for example, that Florida will pass a law in 2014 expanding the scope of telemedicine services.

Providers using telemedicine enabling technologies must also carefully consider existing state and federal compliance requirements. The Oklahoma Board of Medical Licensure and Supervision, for example, suspended a psychiatrist for, in part, providing telepsychiatry services through Skype, which is not an approved method of providing telemedicine services in that state.

De-Identifying Big Data for Analytics

With the growth of electronic healthcare records, personal healthcare records, and patients using mobile technologies to track everything from how many steps they walk to what foods they eat, ‘Big Data’ is expected to be big business in healthcare. ‘Big data’ is also expected to greatly improve the lives of patients as payers, providers, and manufacturers of medical devices and drugs can evaluate data for patterns. But, healthcare stakeholders will need knowledgeable staff to manipulate the data, new technologies to store and process the data, and, importantly, ways to de-identify the data to minimize privacy and security concerns.


Tatiana Melnik will present “Identity Fraud and Data Breaches: Criminal and Civil Enforcement Efforts” at HIMMS14. A session description is available here. She will also appear at Online Tech’s exhibition booth (#3904) during HIMSS14. Set up a time to meet with her directly via her website, or stop by the booth to schedule a time.

Melnik is an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance. She regularly writes and speaks on IT legal issues, including HIPAA/HITECH, cloud computing, mobile device policies, telemedicine, and data breach reporting requirements. She is managing editor of the Nanotechnology Law and Business Journal, and a former council member of the Michigan Bar Information Technology Law Council. Melnik holds a JD from the University of Michigan Law School, a BS in Information Systems and a BBA in International Business, both from the University of North Florida. For more information, visit www.melniklegal.com.

 

facebooktwittergoogle_pluspinterestlinkedinmail
Posted in Cloud Computing, HIPAA Compliance, Mobile Security | Tagged , , , , , | Leave a comment