3 Advantages Of Outsourcing Your IT Management

3 Advantages Of Outsourcing Your IT Management

Technology has turned business into a do-it-yourself platform. With a small amount of research, you can find just about anything you’re looking for. A new client management system, a data storage application, marketing tools, data security software … in no time at all you can piece together an elaborate system for your business.

Yet gathering the tools needed to do a job isn’t the same as managing it effectively. Choosing resources and tools can get complicated, but figuring out how they all work best together can be daunting in the best of times. Throw in a little trouble and it can turn life into chaos in short order. And if your company doesn’t have the wherewithal to keep up to date on everything, the risk magnifies.

Some processes within your business make sense to keep in-house, keep propreatary. Others, not so much.

There are many advantages to outsourcing your IT support to an IT provider.

Get access to top-notch experts
A company’s economic resources can only be stretched so far. And depending on your budget allotment, your IT costs are often capped for basic needs. It’s expensive finding and keeping good people, training them adequately to handle all levels of tasks, researching to find the best applications for the company’s needs, and securing everything to keep the company’s data safe. By outsourcing to an IT consulting expert, you’ll have all you need to manage properly sophisticated infrastructure, security and maintenance requirements to keep your technology in top shape.

Reduce in-house costs
Organizations that attempt to do all IT services themselves have much higher costs in all areas, including research, development, maintenance and implementation. To have someone on staff who is knowledgeable in all fields, you must pay them well and keep them trained. Outsourcing allows you to have access to the most up to date information when you need it most. Have a data breach? Help is a phone call away. Need advice for upgrading your system? That same phone call provides you access to top information for quick results. Very few problems are new to an expert IT consultant. Because they work with a variety of companies on an ongoing basis, they have access to all kinds of support and training every day of the week. When a problem arises with your organization, chances are they’ve handled similar situations in the not-so-distant past.

Allocate internal resources better
Hiring is a constant battle of finding the right employee and keeping them happy and well trained. If you run a medical practice, for example, hiring the best doctor is important. She’s what brings people in. She’s what brings in the money.

Yet IT is what makes your business function. IT isn’t your business, yet you can’t operate without it. Outsourcing gives your company the ability to act “big” by giving you access to technologies used by the largest organizations in the industry. It allows you to stay on top of trends, have access to the best systems money can buy.

Your resources are best utilized when focusing them on what you do best. Outsource your IT to a knowledgeable management company and the best will be a phone call away.

Think outsourcing IT is the right next step for your growing company?

Why Hackers Want Health Care Data Most Of All

Why Hackers Want Health Care Data Most Of All

Who can forget some of the biggest cyber security breaches of our time?

During the holiday season of 2013, criminal hackers potentially gained access to 40 million Target customer credit cards.

Sony has suffered not one, but two major cybersecurity breaches where hackers erased data from systems, stole pre-release movies, and compromised people’s private information.

Even the IRS has had its share of problems with security, where stolen information was used to file fraudulent tax returns and collect more than $50 million in refunds before the problem was spotted.

Identity theft and stolen credit card information are something at the forefront of many people’s minds. It’s reported on so frequently, it’s become a natural place for worry. But increasingly there is a new focus for cybercriminals, and they can do far more damage with what they find.

Buried deep inside health records is a wealth of information. Names, date of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information, even claims information are available and waiting for potential hackers. And while financial data becomes worthless the second a customer realizes fraud has occurred and cancels a card or closes an account, health care records have a much longer life.

Social security numbers are not easily cancelled. Medical and prescription records are permanent. Which means it is growing into one of the largest markets for potential fraud. And it’s already happening.

Excellus has stated as many as 10 million records have been compromised during a recent attack. Over 80 million records were compromised by a recent Anthem security breach.

When criminals gain access to financial information, they typically want fast access to cash. With health records, they approach it in different ways. Most criminals are selling health care data to be used to access to free medical care. They use it to buy and sell addictive prescriptions. They use it to gain access to medical treatments they may not have been entitled to in other circumstances.

And what’s scariest of all is that criminals don’t have to act fast for potential rewards. Because medical data can’t be cancelled or changed, they merely wait until the most opportune moment to strike and use it to gain access to what they want most.

While retailers may have made the big news in the past for their security compromises, the coming years will be filled with headlines showing breached health care providers and the risks that brings to the general population. Health care providers and consumers as a whole simply are not prepared for the level of threats that are coming their way.

Are you?

How Mobile Devices May Be Violating HIPAA Compliance

How Mobile Devices May Be Violating HIPAA Compliance

Gadgets. We all love them. We all use them every day.

When cell phones integrated with smart technology, we jumped at the chance to bring the Internet with us anywhere. We bought phones and tablets at record speed, downloading apps and programs as fast as they could be created.

And while most of these apps and programs made our lives a little easier, gave us more functionality, or simply allowed us to have a little fun, they also brought risk into our lives in new ways.

Technology is almost always ahead of the law. We invent things. We push the limits. And when there are consequences, that’s when we ask the law to step in. Policies are set. Laws are made. And then it’s up to both providers and to consumers to make sure they comply.

While compliance issues may not be difficult in some industries and niches, healthcare isn’t one of them. Providers are faced with unique challenges with complying with HIPAA laws, which is exacerbated when transferring those laws for use on mobile devices. As smartphones were developed, little thought was put into HIPAA because the perception was smartphone devices were mere phones. Yet smart technology put the power of a computer into the hands of every consumer in the marketplace, and that’s where trouble began.

Because we all lead busy lives, we take our devices and our work with us everywhere. We stop for coffee in the morning. We have lunch with a friend. We take our kids to after school activities. And while we’re sitting and waiting, we do what comes naturally; we check email, connect with a client, and work on a file or two.

But unsecured mobile networks can be more than a problem. Accessing private information on an unsecured network can leave the data vulnerable. It also violates privacy. And what if you accidentally leave your phone or tablet on the table and walk away? Theft increases the problem tenfold.

People should not download an app and assume HIPAA laws are in place. Very few health related apps are. As a health care provider, it’s important to verify that an app meets all HIPAA requirements before recommending it to a patient. In general, HIPAA does not apply to apps that allow patient to track fitness goals, yet does apply to apps that deal with PHI or allow providers and/or patients to communicate with each other.

If you like an app, ask the developer if HIPAA rules are in place. You can ask them to show their credentials or certifications to make sure you are fully covered.

You should also protect yourself by keeping all mobile devices password protected and encrypted in accordance with HIPAA standards. You can also install remote wiping and disabling programs that allow a user to quickly clear and disable mobile devices when they notice they are missing.

Under HIPAA, providers can face financial penalties for breaches. If enforced, penalties range from $100 to $50,000 per violation with a cap of $1.5 million per calendar year. However, if violations occur year after year, even with the cap in place the settlement can be substantial.

It’s not only penalties that can be detrimental to a business; a provider’s reputation is also at stake. One breach can cost a business everything.

Are you fully HIPAA compliant with your mobile devices? How about the apps you recommend to your clients?

Is Open Source Software Really Safe

Is Open Source Software Really Safe?

We live in an open, share-crazy world where we expect a lot of the things we do on our computers for free. Can you imagine life without your email program, your browser window, or even Google? We put them all to good use hundreds of times per day.

The concept of open source is relatively simple. It refers to a program in which the source code is available to the general public for use and modification from its original design free of charge. Open source is almost always created as a collaborative effort in which programmers come together to continually build and modify the code to make it better. Everyone has access to it; everyone can use it; everyone can modify it.

Don’t think it matters to the way you do business? Do you use the Firefox browser? Do you use Thunderbird for your email program? Do you use WordPress for your website or blog? Do you use the productivity suite OpenOffice?

Then you use open source software. And that doesn’t even account for all the snippets of code that find their way into fully developed, proprietary software.

If it’s already a part of your life, how safe is it? Is your business at risk by using open source, or is it a benefit to have these programs in place?

Open source doesn’t always equal free

To be considered open source means the source code needs to be freely available. It does not mean the application itself must be free. There are actually a lot of companies that make money from open source projects. When companies choose to build around open source, the price tends to be attached to things like support or added features. They may offer a free, community version, with stripped down, bare bones features, while charging for improved quality and performance features.

Open source may or may not come with support

Not all open source projects have a corporate friendly 24/7 support line to access or call, but that doesn’t mean availability to help might not exist. In some cases you can find forums, mailing lists, freelancers, or even developers who created the program accessible for questions and help as you need it.

Open source means you have full access to the code

An open source program is fully accessible to all that choose to use it. It doesn’t mean only a programmer will know how to edit, read and use it. In fact, many users access and use a program long term without the need or desire to get into the coding to modify or rebuild. Yes, it gives you access. But with many programs, when they function and provide the user friendly platform you need to accomplish your tasks, you simply won’t need to get to the coding to make modifications and make it more usable.

You don’t have to be an expert to use open source

Open source has evolved in the same manner as many programs we currently use every day. Remember using DOS to boot up your system? Things have gotten considerably easier since those days. Using most open source software is similar in nature. Open source has evolved to give the average computer user access and knowledge to use what tools they need to accomplish what they need to get done. And as computers continue to get easier to operate, the ease of use of the open source programs gets easier as well.

Most open source software is as reliable as its proprietary counterpart

Open source software is everywhere. Start with Download.com, search the Linux software utility, or do a simple Google search to find websites offering open source software from around the world. Because of the nature of the way it is created and the way it is distributed, it is considered a safe option to help you create and perform whatever function you choose to do.

Bottom line: security is not dependent on whether something is free or paid, public or private, closed or open source. It depends more on its architecture, its delivery process, and ultimately its quality review.

If you are considering migration from closed to open source software, there are easy ways to make the transition seamlessly and worry free. Give me a call if you have any questions.

Are You Compliant With HIPAA Laws When You Communicate?

Are You Compliant With HIPAA Laws When You Communicate?


Running an effective business and maintaining HIPAA compliance can sometimes be challenging at best.

On one hand, technology has made it easier than ever to get things done at the office. With a quick email, a text message, and sharing a few images, you can take action and get the best response for a patient in a very fast manner.

On the other hand, are you ensuring safe practices every time you hit the send button on that text or email?

Worrying about the implications of bringing the two together can often keep you up at night. But what else can you do?

One recent study showed that nurses waste as much as 60 minutes each work day tracking down physicians for responses. And this isn’t an isolated problem. In fact, I’m willing to bet it occurs in most medical practices around the world.

So in many cases, office staff start taking matters into their own hands. It starts out innocently with a simple text; and before you know it, that one simple text turns into an office wide practice.

Therein lies one of the problems. Have you ever sent or received a text message to/from the wrong person? Up to forty percent of text users have.

Which is part of why HIPAA laws were enacted in the first place. A person’s private, personal health information must be protected from non-secure eyes. And if communication practices – email, texts, etc – aren’t secure, they shouldn’t be used to carry on conversations about individual results. A single violation for an unsecured communication can result in a fine of $50,000; repeated violations can jump that figure up to $1.5 million in fines in a year. And that doesn’t take into account the publicity and the reputational damage that will follow.

There are actually two parts of the problem that you, as a medical practice, need to contend with.

  • Client communication
  • Internal communication

On the client side, you as the medical practice must maintain full compliance regardless of how your patients choose to communicate. Email is prevalent for communication – many patients don’t understand the vulnerability of email, and will send personal information without a second thought. While you can’t control how information comes in to you from a patient, you can take full control over how its handled the moment it reaches you, how its stored, and how it is communicated back out to patients or other referral physicians or practices.

Internally, all communications must remain secure, and meet several guidelines in order to maintain compliancy. Commuications must be stored in secured data centers, must be encrypted both in transit and at rest, must be delivered only to its intended recipient, and must have the ability to create and record an audit trail of all activity that pertains to the transport of personal records.

Because this is a new and growing field, your options are growing and changing all the time. The key is to look for applications that can provide you with both security and with enough options that make communication inside your practice and as you make referrals to the rest of the medical community a snap.

Like Mediprocity. They are a web based app that works just like texting; but it has the flexibility to also be used from a desktop or laptop, giving your entire office staff ease of use. And what I like about a system like this is it offers a simple solution that you can use through Internet access, without having to download software or worry about integrating with other programs you may already use. It takes control over security and compliance, which means you don’t have to think about it; its done for you.

In today’s increasingly mobile world, technology will continue to be the key to efficiency. Used properly, it has the potential to revolutionize not only the way we communicate in the moment, but also how we think of health and wellness and communicate that with patients.

The four IT personalities: part 1, the technology administrator

This is the first of a four-part series describing the main IT personalities. The intent of this series is to assist organizations in defining and hiring the right IT staff for their needs. In categorizing the personalities I will be making generalizations. In fact, many individuals will demonstrate traits of several of the personalities I define. In many cases, a person may be shifting from one role to another. However, I think there is always a dominant personality that an IT worker innately possesses and it’s a rare instance when they completely change to a different one.

A passion for technology

The most common personality is the technology administrator. How did they get here and where did they come from? Almost all IT staff begin their career in the help desk, a typical IT entry level role. The interests of techies are generally in system or network administration (I would guess 50-60% of all IT staff). Most IT staff go into IT to play with technology, so by default they want to learn how technology works.  Once they figure out one piece, their interests shift to the next piece of equipment. From one candy bar to the next.

Ambiguity in IT titles

As they increase their breadth of knowledge amongst the tech equipment, some begin to pick up ambiguous titles from their organizations. Microsoft and Cisco (and others) create certification programs that bestow new credentials that the IT person can proudly boast. However, these certifications are not equally viewed or recognized. What accolades are there for a competent COBOL programmer?  When did I become a certified IT strategist? While there is nothing wrong with these certifications, just remember that the titles are directed at an IT person’s ability to solve technical problems, not business problems.

While there exists a variety of these ambiguous titles, the majority of IT management candidates can be described as technology administrators. It’s the natural progression after years of experience and good work. However, many organizations don’t understand this and promote IT individuals from within, or the IT person grows into higher roles as the company grows.  The problem that arises here is that many business leaders are not technology savvy, so when they go to hire or promote a new IT leader, the natural assumption is that the most technologically competent individual will be the best fit. Any business leader lacking an education in technology can be easily awed by tech speak and promote the person versed in this foreign language to a position they might not be competent to fulfill.

Understanding the limitations of the IT administrator

What is the risk with promoting an IT individual to a higher role? These individuals do not help solve business problems. They were trained to solve technical problems and there’s a place for that. However, business problems are messier, and usually don’t have a manual you can refer to. These people in IT leadership roles will always focus on infrastructure; most do not understand the difference between reporting to a CFO or COO. Almost all their initiatives will include building and controlling more IT equipment.  In many cases, they won’t take ownership for the applications that reside on the servers and their selection and support fall to the business units themselves. Their IT departments are almost always reactive and not proactive.

So, let system admins run systems; let network admins run networks. Find a technology leader that understands that technology is there to enable and change the business.