Call Us (877) 740-5028
Call Us (877) 740-5028
BY TATIANA MELNIK Health IT Attorney As the clock struck midnight on New Year’s Eve, it was already clear that 2014 was shaping up to be an exciting year for all things healthcare IT. With enforcement actions squarely on the heels of the new year, the on-going healthcare-related data breach litigation (and a renewed focus on data breaches from federal legislators because of the Target incident), the upcoming ICD-10 conversion deadline, the continued move to BYOD, and the growth of Big Data, there is a lot happening in healthcare IT. Data Breaches, Identity Theft, and Enforcement On Christmas Eve, the Office of Civil Rights (OCR), the HHS department in charge of enforcing HIPAA, announced a settlement with Adult & Pediatric Dermatology, P.C., for $150,000. According to OCR, this case marked “the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions” required by the HITECH Act. Then on December 31, the Federal Trade Commission (FTC) announced a settlement with Accretive Health, a company providing medical billing and revenue management services to hospitals, where the parties entered into a consent agreement calling for a 20 year compliance period. Both cases involved…
Note: This is the fourth in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the entire backup video series. There are many options to consider when starting a data backup plan. Primarily, where are you backing up that data (to disk, to tape, locally, off-site) and how often will you do it (daily, weekly, monthly). There are benefits and drawbacks to most options. Backing up locally to tape is secure but time intensive. Backing up locally to disk is less secure but improves speed. Aiello suggests that backing up offsite to disk offers the best of both worlds. “It allows you to transmit data offsite, so it’s secure,” he said. “But you also have the added benefit of writing it to disk, so if you need to do a recovery, generally it will be much faster than if you were to have to recall a tape from third-party provider, mount the tape in your tape system and do the restore.” This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “How often should I back up my data?” Learn more by downloading our disaster…
Over the past couple of years, the HIPAA Omnibus Rule has been hovering its head over health care organizations, Software-as-a-service (SaaS) companies and anyone holding, processing, or transmitting Electronic Protected Health Information (ePHI) and Electronic Health Records (EHRs). With 2014 in full swing, organizations that consider themselves to be Business Associates (BAs) and Covered Entities (CEs) need to be looking at their policies and procedures, because the OCR may be knocking on your door this upcoming year. So what did the final rule require of hosting providers and SaaS organizations? When the rule was issued in March 2013 & implemented in September 2013, the following changes were made: Hosting providers and SaaS organization are now considered a Business Associate (BA) and must sign a Business Associate Agreement (BAA) with the organization they are to do business with in regards to HIPAA. They must be able to demonstrate that they can meet the HIPAA administrative, physical and technical requirements to assure the confidentiality, integrity and availability of ePHI. All subcontractors under BAs and CEs are now included under the final rule. Most hosting providers and SaaS organizations have been under the impression that if the data is only housed and never…
Note: This is the third in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the entire backup video series. So you want to start a data backup plan at your organization. Odds are, the first hurdle to overcome is managing data overload. We generate tons of data, and if you don’t have the budget or time to back up everything, an important first step is to determine what’s most important to the business. Classifying your data involves a little initial work, but saves time and money. “If you don’t do that first, generally what happens is you spend a lot of time just trying to back up everything,” Aiello said. “You can either do a data classification program and implement backups incrementally as you go from most important or least important; or you can back up everything on the server — and generally the more cost effective manner is using an outsourced provider.” Online Tech’s enterprise-level offsite backup provides the highest level of protection with encrypted, offsite backup in a fully managed environment. Key features include file-level restoration, offsite backup and end-to-end encryption. This video series will continue throughout February. Check back for…
Note: This is the second in a 12-part data backup video series by Online Tech Senior Product Architect Steve Aiello. View the entire backup video series. Why would a company NOT have a data backup plan? Though it’s certainly not a recommended approach, there are some rationale that makes it understandable: 1) Tough to manage: Businesses don’t have available man hours to manage a backup solution. 2) Lack technical experience. 3) Not a core competency: Data security just may not be their mindset. Aiello points out that while he and other Online Tech team members “are paid to focus on your data and your security,” he understands those running a law firm or restaurant, for instance, have their mindset wrapped up in their own day-to-day tasks. “Having a partner that that’s their job and that’s what they’re focused on, that’s really where the value comes in,” Aiello said. “You can focus on your law practice … and you can let us focus on your data security and your backups.” This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “What is the Biggest Obstacle to Successful Data Backup Plans?” Learn more…
In the first of his 12-part data backup video series, Online Tech’s Senior Product Architect Steve Aiello takes a look at the difference between data backup and data replication. Though sometimes used interchangeably, the terms are not synonymous. “There are appropriate uses for backup technologies and there are appropriate uses for replication technologies,” Aiello says. “It really just depends on what you are trying to achieve.” This video series will continue throughout February. Check back for new entries every Monday, Wednesday and Friday. Up next: “Why Many Companies Don’t Have a Data Backup Plan.” Learn more by downloading our disaster recovery white paper. Online Tech’s enterprise-level offsite backup provides the highest level of protection with encrypted, offsite backup in a fully managed environment. Key features include: File-level restoration Most backup needs relate to specific files. If you only have snapshots for backup, recovering a single file requires restoration of the entire server. Online Tech lets you recover files as needed, as a self-serve or with our assistance. Offsite backup Service disruptions often affect an entire data center. You can’t protect data unless it is remote and offsite. Rest assured, your data will never leave Online Tech’s private network. No third…
On Tuesday, the Michigan chapter of AFCOM held a meeting at Jackson National Life in Lansing, MI. AFCOM is an association working to help advance data center and facilities management professionals around the world. They do this through research, magazines, conferences, and the educational meetings of local chapters. In the morning Brendan Nageotte from Schneider Electric spoke about DCIM (Data Center Infrastructure Management) systems. After lunch Online Tech’s Director of Product Management Jason Yaeger spoke in tandem with Jeff Jaskot, Director of Infrastructure Operations of Henry Ford Health System about the choice of Henry Ford to colocate their disaster recovery solution with Online Tech. Jeff started by giving a brief overview of Henry Ford Health System (HFHS), and explained that they were made up of 5 hospitals, all located in Michigan, but with 140 sites maintained on their network. There were many drivers, he continued, that led to a change in the disaster recovery plan Henry Ford had in place. Recently HFHS had moved from an in-house EMR system to Epic, which is a large investment they wanted to protect. Also, they are undergoing a large renovation of their production site, and wanted the added protection of a robust disaster…
Online Tech’s Director of Product Management, Jason Yaeger, will be joining the 7×24 Exchange Southeast Michigan Chapter event, Data Center Design Concepts For Today…And Beyond in Livonia on Thursday, January 30th. Some of the questions this panel will answer: What factors need to be considered in designing or retrofitting a data center today? What has changed in the last decade that determines an optimal design or retrofit? What has been learned to make data centers more flexible for future needs? Are metrics from the past still relevant today, and what will be important in the future? This event will be hosted at the VisTaTech Center at Schoolcraft College Thursday January 30, 4pm-7:30pm. For more information, go to 7x24semichigan.org. About 7×24 Exchange: Lake Michigan Region Chapter 7×24 Exchange Lake Michigan Region Chapter serves as a vehicle to carry out the national 7 x 24 Exchange mission at the regional and local level. It provides an educational forum within which individuals from a broad spectrum of responsibilities, such as Information Services/ Technology and Facilities/ Engineering/ Real Estate, can share experiences and facilitate better understanding of the design, implementation and management issues involved in achieving high levels of uninterrupted infrastructure support.
“I’ll take a large deep dish with pepperoni, banana peppers and … encryption.” Yep, encryption is everywhere. Even at your local pizza shop, hopefully, if its owners heeded the advice offered in a recent PizzaMarketplace.com article titled ‘Why now is the time to upgrade your POS system.’ The author cites several industry executives discussing how the investment for an upgraded system is worth it compared to the flaws of outdated systems. One big reason: PCI compliance. Newer systems provide end-to-end encryption, cloud-based processing and tokenization, effectively eliminating all credit card data storage. A particularly interesting nugget of information from that story: Laura Gaudin, product manager at Revention, tells the website that PCI compliancy is a moving target that will continue to change as software hackers discover new vulnerabilities. It’s true. And Online Tech is at the forefront of data centers keeping their sights set on that moving target, well before we introduced our next-generation, encrypted enterprise-class clouds. Why is encryption so important at a data center? That question was already answered quite well by our co-CEO Mike Klein, in an Industry Perspectives article on Data Center Knowledge. Let’s recycle, shall we: So why is encryption important? The short answer is…
In the days following the Snapchat data breach, a number of tech publications wrote a version of the same story: Startups don’t (or can’t) pay enough attention to security. Earlier this month, phone numbers associated with 4.6 million accounts with the mobile photo-sharing service were breached by non-malicious hackers. The numbers were published with the last two digits obscured. Qualys chief technology officer Wolfgang Kandek told CSO Online he was not surprised Snapchat had trouble securing its application programming interfaces. “I think this is almost normal for a company at their stage that is focused mainly on scalability and functionality,” he said. “I am sure they will pay more attention to abuse and security issues in the future.” In an article for BizTech Magazine, Ricky Ribeiro writes that “building a business requires founders to wear so many hats that sometimes the security hat just never makes it out of the closet. Scale, stability and revenue take precedence.” Ribeiro ends his story like this: “If startup founders weren’t thinking about securing their corporate user data before, the Snapchat breach should definitely inspire them to build a strategic security plan going forward.” Of course, not all startups should be characterized as security…