Tag Archives: IT

How Data Improves Patient Health

Posted on by

Good compliance and patient engagement are two objectives in the healthcare world that converge more than one would think. Recent health trends have created patients more invested in their own health and willing to work with care providers to meet their objectives. This is outstanding for medical professionals looking to create a solid foundation for their patients and keep them as healthy as possible. However, it is all too easy to get caught up in a fad and make poor decisions, so another burgeoning aspect of patient engagement centers around correcting common misconceptions and getting individuals back on the right track.

In contrast, compliance is a process that happens beyond the perception of patients. As I’ve discussed in the past, an increase in sharing data also increases the need to secure systems and ensure that information is not compromised. However, safely giving patients access to their own data can help empower healthcare providers and patients alike.

While the mass exchange of data, both internally and to patient portals and other healthcare institutions, creates more points where it can be stolen, it also leads to opportunities to educate patients and involve them in the process. The increase in IoT wearables for patients that can track biological metrics also contributes to patient engagement as well as research. Some of these wearables, despite being an ever-present aspect of the lives of some individuals, do not provide data to the people that use them. Freeing up access to this data increases the number of ways that a patient can help sustain their own health.

This is, in many ways, the central premise of patient engagement. There is no one way to instill a desire for self-improvement in patients. The only thing that healthcare providers can do is give them the freedom and the tools to monitor their own health. Patient portals, for instance, give individuals access to their own records, allowing them to do the legwork of tracking their progress over time. Other systems may remind patients to adhere to medication schedules, or help work them through things like physical therapy.

It then falls to providers to achieve good compliance in order to safely give patients leeway to create the foundation for good health. In a competitive industry, a healthcare organization can fall behind if they do not provide a positive experience for patients—to say nothing about what can happen if compliance is not met.

These care providers stand at a crossroads, and they must decide in what ways they will innovate to improve patient outcomes. Compliance should not be a process of checking off boxes for the sake of staying in business—it should be leveraged as a strategic tool to reevaluate aging systems and promote engagement among patients. There are a plethora of other benefits as well, and savvy organizations can use compliance as an opportunity to rethink the way they conduct IT, saving costs and setting up better agility in the long term.

In short, the technology exists to help patients take control of their lives—but it’s up to organizations to adopt it in a safe way that still remains compliant. It may sound strange to some medical professionals to fixate on technology in this way, but the ideal of good patient engagement can only be reached if the systems behind it function seamlessly.

Human-Centered Design and What It Can Teach Us About Cybersecurity

Posted on by

Even with the myriad of system vulnerabilities that can open the door for cyberattacks, the biggest vulnerability in any organization is the people. One mistake among employees can lead to the compromise of entire systems, and even individuals well versed in technology are not immune to error.

In the healthcare industry, closing up these gaps is more important than in most places. In addition to financial information, a cyberattack can compromise confidential medical records and erode trust in an organization. Establishing a strong cybersecurity foundation is but one step toward achieving compliance for a care provider, and is not just about setting up basic countermeasures.

Because the human element is impossible to fully remove from any system, it comes down to organizations to both educate employees on the finer points of cybersecurity and create systems that account for human error. Additionally, any security measures implemented should minimally impact the ability of other employees to do their jobs.

Enter Human-Centered Design (HCD). A concept which underlies any product or service, HCD refers to anything created with common human behavior in mind. For cybersecurity, HCD means designing in such a way that it accounts for mistakes that anyone may make.

Inevitably, the first step to promoting good security practices is education. Staff members are far more vulnerable to making errors if they don’t know what to look for. Standard employee training programs should account for these practices, especially in conjunction with training on certain computer systems. Give them some perspective on how these attacks spread; knowing the extent to which opening a suspect email can cause problems can help employees proceed with caution.

Education should ideally go beyond a simple presentation and strive to engage employees. These sessions should allow for individual input and explain the costs of a breach. Beyond prevention, they should also be aware of steps they should take if they believe that they have been targeted or that a system has been compromised. This can involve outreach to IT departments and easy ways to contact them and make them aware of a potential problem as soon as possible.

Marin General Hospital even included a system for reporting attacks, rewarding any employee that reports a threat to IT.

As an IT professional, it can be easy to get slotted into a specific way of thinking. Tools and techniques that seem commonplace may be utterly alien to some employees. As a result, be aware of the ways that each employee interacts with a given system and strive to seamlessly integrate a solution into their daily work. For instance, setting up the infrastructure to encrypt emails can be difficult, but doing so on a limited basis based on the people that each employee interacts with the most frequently can seriously cut down on potential vulnerabilities.

Programs to bolster cybersecurity are created not only to fix technical issues, but to hedge against internal mistakes from employees. Even with hackers creating more and more advanced malware, the simplest phishing scheme can still cost an organization thousands of dollars. By designing a cybersecurity program to conform to the needs of employees, IT professionals can prevent the possibility of attacks before they can even happen.

The New Age of Data Compliance

Posted on by

The constant advance of tools necessary to generate and share data has created an environment in which developments are made by increments and security measures struggle to keep up with the latest variety of cyber attack. Indeed, many corporations have fallen victim to these new threats, and even a small breach can cost a company dearly in both money and reputation. Perhaps the most egregious example of this has been the recent Equifax breach, which compromised customer information and sparked a discussion about the efficacy of cybersecurity.

As they say, an ounce of prevention is worth a pound of cure, and that’s where information compliance comes in. It’s worth noting that compliance is not the same thing as cybersecurity. While security is IT-centric and often a futile effort due to the ever-changing nature of threats, compliance simply involves promoting best practices in corporate communities to prevent a potential breach. A staggering number of cyber attacks are made possible due to the negligence of employees, and it’s up to corporate leadership to ensure that all are informed of the ways they can prevent a click from turning into a catastrophe.

The benefits of compliance are manyfold. Again, the difficulty in implementing security solutions that account for a business’s needs, budget, and information distribution means that compliance is more important than ever. This is also due to in-house IT often being outmoded; there’s a good chance that, if your company does not work in technology, that better out-of-house options are available. Additionally, reducing the risk of a cyberattack is valuable from a legal standpoint. Compliance also helps provide thorough documentation that allows for a better response in the event of an attack.

So how does a business leader implement good compliance practices in an impactful way? It can often be difficult to steer an entire business in this direction, especially considering that one case of negligence can lead to disaster. Many make the mistake of believing that any such initiatives should be IT-led when in fact the department should just guide teams in the right direction rather than wasting time micromanaging the entire effort.

Education is an important step in the right direction. Even with thorough countermeasures in place, a simple email phishing scheme can spread quickly if not avoided. Recognizing fraudulent emails is a great topic of conversation, as is creating strong passwords. This may require giving employees access to certain files or documents on an as-needed basis. It may seem like an unnecessary hassle, but it cuts down on vulnerability and allows for the original threat to be isolated and tracked.

Of course, even if all of this information is imparted to employees, there’s still the matter of convincing all staff members to abide by it. I cannot stress enough the importance of a business being “all-in” when it comes to compliance. Therefore, change should start with leaders and work its way down. The tools necessary to ensure compliance should also improve the quality of an employee’s life; if they are forced to take extra steps, they are far less likely to adopt these new measures. Thoroughly research solutions to compliance and work to automate as much as possible. Check websites pertaining to your industry for more information about compliance guidelines and ways to safely share information. Governmental regulations should also be researched and observed.

Ensuring proper compliance can be a difficult task, but far worse is the prospect of lost or corrupted data. It is up to corporate leaders to choose to adopt a culture of compliance and enforce the standards that continue to become more and more necessary in the wake of devastating cyber attacks.

Compliance In The Cloud World: Challenges and Opportunities

Posted on by

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

The following is a podcast recorded by Scott Maurice. Listen here, or read the full transcript below!

[/et_pb_text][et_pb_audio admin_label=”Audio” audio=”http://scottmaurice.com/wp-content/uploads/scottmaurice-com/sites/521/scott_podcast.mp3″ background_layout=”dark” use_border_color=”off” border_color=”#ffffff” border_style=”solid” /][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

Hi, my name is Scott Maurice. I am managing partner and cofounder of Avail partners in Seattle. We’re a technology business and consulting practice that specializes in helping clients and business leaders achieve their strategic objectives. We leverage the technologies that are available to us in this new cloud age to do that.

What we’re going to be talking about today is compliance in the cloud world; some of the challenges and some of the opportunities that are presented with the advent of utility computing and the cloud economic model. We’re going to be talking about how compliance is different than security, and we’ll also be talking about how to think about and leverage compliance as a competitive advantage and as a strategic objective as opposed to a burdensome program that you are susceptible to.

The cloud presents new challenges with respect to compliance. However, it also presents certain very strategic opportunities. One of the most difficult things to deal with when faced with regulatory compliance is establish that, one, I am compliant at a point in time, and that’s easily facilitated with an audit, typically, and two, which is more challenging, how do I maintain a state of compliance for an ongoing period, and how am I assured that compliance is in fact in place? In other words, how to I ensure that I’m compliant with the law without having some defined audit period and going back and proving that, at certain snapshots, whether that is annually or biannually or semiannually, that I am compliant at that juncture, or have been compliant over an audit period.

In terms of risk mitigation and data protection, you really do want to ensure that you are consistently compliant. In other words, the first time you fail to be compliant with a datum, you know about, can remediate it quickly, and prove that you’ve restored your compliance. So the cloud presents challenges in that regard because some of the traditional quick and dirty methods for ensuring compliance of data and data protection is simply by saying, “Hey, I secured the entire storage subsystem because it’s all under my control, or the entire server is under my control.” Those paradigms do not translate directly into a computing utility environment or a cloud environment.

That’s the challenge. How do I ensure compliance in something that is not under my direct control? The opportunity, however, is a lot more satisfying. One, you have to realize that fact that it is rare to find enterprises, especially in the mid market, that have the expertise in-house and the wherewithal and resources to continually ensure that data is protected, that permissions are enforced, that policies are enforced. It is a full time job. It can be very daunting, and it can be very expensive. So I guess the first part of the opportunity is realizing that, even if I do have all of the assets under my direct control, I’m not necessarily in the best position to ensure ongoing or continuing compliance because I don’t have the expertise, the resources, or it may not be in my financial best interests. That may be a deal killer. Upon that realization, opportunities present themselves with cloud providers and utility computing providers, where there are individuals that are dedicated to just that function.

Along with that, because they are service providers in that regard and not enterprises where they’re running this as part of a cost center, there are economies of scale that can be garnered from leveraging that kind of service. They have streamlined and optimized their service particularly, for one set of compliance regulations or another. There are specific data protection practices and rules that they can set up and enforce. And they have the capability to hire, retain, and provide training for human capital resources to be dedicated to that work. And so, when you share that burden across multiple organizations, it does represent an economy of scale, especially in the mid market to be able to facilitate an ongoing if not complete information security and protection program. That is a rare opportunity that has only surfaced since we’ve been in this cloud environment.

That’s a little bit about the challenge and the opportunities that’s available to us by leveraging some of these third parties that are dedicated specifically to security compliance.

Any organization can take steps to onboard a third party or organization that can help them ensure compliance. Some of those steps involve understanding what compliance regulations they are susceptible to. Many organizations are not immediately aware of the fact that they have a compliance issue or may have miscategorized the compliance that they fall under. Step one is understanding what rules, what compliance you’re striving for. Two, which is equally as important, is understanding the value of such compliance. Often, in regulated industries, it is highly competitive. Because it is so daunting to effectively manage a compliance program, being able to onboard one quickly and effectively can be a strategic advantage. So, to what extent are you advantaged by having an information security compliance program instituted very quickly and with complete professionalism. Understanding that is the second step.

The third step is going through a market intelligence process and a reevaluating process to determine which of the many third parties that are out there can help you accomplish your mission most directly. Often, there are several good candidates, and the differentiation between those parties with respect to any given organization, is really more about the cultural fit, how to work together. Compliance is largely a human, capital-driven exercise so you do have to work well with that third party. That has everything to do with one, your corporate objective, and two, your corporate culture. That third step in terms of really evaluating the different providers and the different options there can be daunting, but it does go back to having a singular focus on your objective, your mission, and what provides a strategic advantage in your industry and how it helps you drive your corporate objective, whether that’s revenue attainment or improving patient outcomes or public policy, etc. So those are three solid steps.

The third one can be fairly daunting because there are a lot of providers out there, but there’s also a lot of information to help you make that evaluation quickly and succinctly. And as a final step, I think that oftentimes we are just human beings. We are reluctant to relinquish control of things that we are accustomed to controlling. So for any organization that is not either born in the cloud or willing to undertake a transformation, if you have an environment that’s been around for some period of time and has been working, and you haven’t had an exposure yet, it can be daunting to let some of those things go. But that fourth step is really evaluating those things that can be done better, faster, cheaper, more completely by a third-party organization as opposed to retaining it in house.

And with my clients, what we’ve experienced is that often, the tradeoff between relinquishing that control is the immediacy of accomplishing a goal. Many compliance regulations have an audit period that looks back. That lookback period can be six months to a year, maybe longer, and often there are multiple domains for which that period is enforced. Accomplishing that lookback period and audit for multiple domains can lead to higher levels of attestation, where you can have it attested to that you are more completely secure or compliant with a set of regulations the further back you look and the more domains you can incorporate. For an organization just starting out, they may not have been prepared for an audit period that goes back six months. They may not have been ready six months ago, or a year ago. Often, third-party organizations have environments that are prebuilt, in which they host or manage a client’s workloads, especially with the utility computing advantageous in the cloud environment.

And they can provide that lookback period, even though you may not have been a client at that time, by immediately moving your workloads, moving your data, moving that information, to a compliance-ready environment, can immediately provide a lookback period for certain for all of the domains that are compulsory for your compliance regulations. There’s definitely a distinct advantage to leveraging that very quickly and saying, “I don’t have to wait another six months or a year before I can make the attestation of compliance a competitive advantage for me. Because I’ve moved my workloads and migrated into a compliance-ready environment that already has the attestation, I can begin to use it very very quickly.” So the advantage can be realized sooner rather than later.

The future of third party organizations and their evolution as they continue to adapt to continue to serve clients as compliance changes and as the business landscape changes are multiplicative. They necessarily have to differentiate themselves within either a vertical or industry or with respect to that specific compliance or an aspect of that compliance. Oftimes, there are things that are very daunting that a third party organization has the resources to tackle with great aplomb and also for the huge benefit of their clients. The evolution of these things is better accomplished by these third party organizations because of the resources that they can bring to bear, but in no small part due to the research and development of new technology.

So, a lot of the buzzwords we hear bandied about like “artificial intelligence” or “blockchain” when it comes to encryption and security, these are things that require a lot of time, a significant amount of expertise, and they do require financial resources in order to bring them to bear. These third parties are often in a much better position to be able to do that very quickly and vet those things across a broad spectrum of clients than any given enterprise, especially in the mid market. So I think what we’ll see is early adoption by a lot of these third party organizations that are providing that compliance and providing that data protection. We’ll see that early adoption from them, and it will be more stable as they roll it out. They’ll incorporate those technologies into packaged solutions for data protection in a specific use case.

For example, in the medical field, if you’re under HIPAA regulations but would like to provide instant messaging between medical professions and have sensitive data passed through that messaging platform, that can be a huge issue. It’s such a huge issue that most enterprises in the healthcare space don’t provide instant messaging. But that is something where a product with a specific utility where a benefit can be realized very quickly; a doctor or nurse can exchange sensitive data over a secure messaging platform and ensure that that data is not being compromised. Technologies like artificial intelligence that apply fuzzy logic to know when to take out sensitive pieces of information and when to leave them in. Things like blockchain, to be able to validate that data was not compromised when in transit. Encryption technologies, to ensure that the data while it rests and in flight, was secured and not compromised, these are technologies that are difficult to research as an enterprise and develop together. When you apply it to a broad spectrum of clients and have that offered as a singular product, it becomes far more feasible.

So I think that’s what we’ll see. They’ll evolve to incorporate those new technologies everyone is talking about more rapidly than the enterprises will be able to do. And they’ll do it more completely, so they’ll be able to offer a utility that is functional for the end user, as opposed to a set of technologies that then have to be rolled into a larger infrastructure or application architecture.

The last thing that I would like to say, just to round things out, is that clients and security are often conflated. That can be a huge distraction. Keeping something secure inherently means limiting access to it. Compliance is not about limiting access, it’s about ensuring the access to information is well regulated. I would be careful, for any mid market organization or any organization at all, not to conflate security and compliance. Often, we use security measures to ensure compliance, and to ensure that data is protected as it is being shared and that it’s being shared appropriately. We can validate that there is good behavior and catch bad behavior and remediate it quickly. Certainly, a lot of security tools are leveraged for that, but simply leveraging security or implementing security practices or security toolsets without a specific goal, the framework of the compliance regulations, can be a fruitless endeavor, be incredibly expensive, and ultimately, if there is no specific goal, it can lead to a lack of differentiation and competitive advantage.

I would just caution anyone who is faced with a compliance situation not to conflate compliance with security; they’re not the same thing. Pursue a compliance program as a strategic initiative, a differentiator in your industry or market, and as a competitive advantage against competitors. There’s certainly not a faster way, in my experience, to do that than to leverage the cloud environment and a team of experts that are available on demand from a third party and provide attestation sooner rather than later.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Gartner’s Guesses—Predictions for IT in 2018

Posted on by

As another year begins to draw to a close, industry experts are already looking to the future. The IT industry has been dynamic over the past few years, with innovations such as improvements in cloud computing, machine learning, and even IT management propelling it forward. At the recent Gartner Symposium/ITxpo 2017 in Orlando, FL, Gartner took a shot at the future of IT, painting a picture of the industry as being more integrated with business than ever. IT is now so central to operations that businesses can no longer afford to isolate their departments, and Gartner knows this.

Since IT is often a means of improving products/services and generating additional revenue, Gartner’s central point was that professionals in the industry will need to have a working grasp of business tactics and company goals. From there, they can set up IT departments that maximize technology usage to meet these goals. CIOs, Gartner believes, will become more integrated than ever into business operations and become important collaborators for the companies they work for.

One trend that Gartner discussed was cryptocurrency. Starting as a technological curiosity, cryptocurrencies such as Bitcoin have since attracted significant interest for their value in facilitating swift and secure transactions. While working cryptocurrency into business models has proved to be slow going, Gartner predicts that over $1 billion in business value will be derived from it by 2020. They were also optimistic about the future of IoT-enabled devices, predicting an upsurge in these products with smartphone integration.

However, there were other trends that Gartner was less bullish about. The aforementioned prediction of IoT devices came with the caveat that that billions of dollars will be necessary for companies to safely harness this technology. IoT devices are almost famously difficult to completely secure given network decentralization, and their usage would divert funds that would otherwise be spent to improve cybersecurity.

The use of AI was also the subject of controversy for Gartner, with the company citing it as a potential contributor toward a future age of digital mistrust. While they praised the ability of AI to help inform business decisions, they also believe that its use on the web will hasten the spread of false information. This has social and financial implications, with Gartner stating that a major fraud as a result of these prolific falsehoods will occur by 2020. Commercial projects to detect and halt fake news have already begun, and a tenfold increase in these projects is predicted in the coming years.

Still, IT is slated to prosper. As its role in business changes and it becomes more integral to operations, the industry is expected to grow, with a predicted 2.3 million jobs being created as opposed to 1.8 eliminated. Early adoption is, as always, important in the IT sector, and one of the latest trends, visual and voice search, may be the next big investment. Both are growing quickly, and large tech companies are expected to invest in improving their visual and voice query offering through the use of AI.

There is a lot on the horizon for IT. While these improvements will undoubtedly be a boon for the companies and individuals that harness them, a level of caution is necessary. Much of this technology is relatively untested, posing security and operational concerns for businesses. Now more than ever, a need for skilled professionals is arising to ensure that companies are able to adopt in an efficient and safe manner.