New regulations being imposed by HIPAA on health care entities have created a new compliance burden, because all record keeping must be converted to electronic filing by Oct 2015. This means that these entities, small and large, must invest significant additional resources on equipment, software and IT-trained personnel. With the arrival of completely digital records comes new, more complex security worries. In particular, healthcare entities have a couple of choices to support these requirements and they have to determine which choice is the best. The first option is completely in-house data storage. That would involve having on-site servers supported either by an in-house IT staff or a managed service provider. The alternative is the use of off-site cloud storage. That means the elimination of internal hardware requirements as well as the need to maintain security firewalls around the data storage.
The concerns of health care entities: Health care providers have many worries related to this mass conversion of documentation to digital format. Some of these concerns have been focused on data security and the liabilities created by HIPAA.
Security and the Cloud: The idea of transferring private data to an off-site cloud can, at first, seem risky. Healthcare providers may worry that this transfer represents a greater security risk. It can seem scary moving data. Can offsite cloud service providers (CSPs) offer as much data security as in-house storage? This can be a significant factor to consider since HIPAA now enforces stiff penalties and fines for the breach of Protected Health Information or PHI. That liability provision may make health care providers reluctant to outsource their data storage.
NOTE: Changes in the law – An additional concern about the cloud has disappeared, but it is important to understand how this has been addressed. The issue was whether CSPs were considered Business Associates (a category that would hold them equally responsible for maintaining data security.) If not, then they were considered potentially not responsible for data security under HIPPA regulations.
In the past, CSP’s had argued they were not health entities since they were only storing private data. If they agreed to be classified as such they would have had to sign a HIPAA mandated Business Associate Agreement (BAA) making them equally liable for a breach of PHI. They argued against this because they believed the CSP’s primary role was to provide storage of data which would be accessed by the HIPAA covered entity’s staff. They didn’t believe they were liable if a Business Associate of the health care giver subcontracted a cloud service provider. Also, if HIPAA mandated that all data should be encrypted and CSPs didn’t hold the key for encryption, CSPs argued that they shouldn’t be held liable for data breach.
Now, health care providers can take comfort in the fact that this compliance issue is all in the past. Cloud storage services will have to sign a Business Associate Agreement thus making them responsible for a breach of Electronic Health Record or EHR. This means that CSPs are required by law to report any breach in PHI and uphold their obligation to protect and secure patient information. The Department of Health and Human Services will hold BAs accountable for required privacy and security to protect PHI data. HIPAA has further clarified that BAs and subcontractors of BAs are directly liable for compliance with privacy and security requirements.
Still thinking about In-house IT management or worried about cloud security?
You shouldn’t be. In the past you had patient files on papers that were locked away securely until someone decided to reach out physically and access them. Now you have this massive amount of data stored somewhere on an on-site server that will be very difficult to safeguard. Cloud computing is very secure. Your data will be much safer especially due to the fact that your cloud service provider is required by law to protect that data. It is very important to know that when your clients, your staff, and many other medical service providers such as hospitals can access that data, your on-site storage is secure. Now that HIPAA has sided with you on this issue, why not take advantage of the service that is legally bound to protect your data privacy and far more economical than in-house IT management.
More importantly, cloud service providers are in the business of maintaining vast amounts of data at secured sites, with complete utility backups, mirrored servers, and security protections that just aren’t possible at an on-site health care site.
Summary Here are some key points to note. A very significant transformation in the U.S. health care system has taken place, and that includes the complete overhaul of data keeping and data storage. Another important change, which is extremely beneficial to health care providers, is that they have an outsourced partner whose business is data storage and security. Health care regulators have mandated that anyone who handles the data in any manner will be held responsible for the breach of that data, so CSPs can’t shrug off their serious responsibility. This should be a big relief for health care providers who can use the latest technology at affordable prices without having to worry about data security. Also, that renders the in-house IT management less desirable because of its high cost and lack of dependability.
8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity
The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.”
Everybody things bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work.
So no matter how many times the owner or CIO of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action.
Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes.
If you fall into this category, here are eight cold hard truths to consider
It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81% of these incidents have led to downtime that has lasted anywhere from one to three days.
According to data compiled by the Hughes Marketing Group, 90% of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
80% of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40% of businesses impacted by critical IT failure cease operations within one year. 44% of businesses ravaged by a fire fail to ever reopen, and only 33% of those that do reopen survive any longer than three years.
Disaster recovery solution providers estimate that 60% to 70% of all business disruptions originate internally – most likely due to hardware or software failure or human error.
93% of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
In the United States alone, there are over 140,000 hard drive crashes each week.
34% of SMBs never test their backup and recovery solutions – of those who do, over 75% found holes and failures in their strategies.
It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.
There has been a lot of hype about cloud computing transforming the way small-to-medium sized businesses do business. Proponents of the cloud say that cloud computing has leveled the playing field, allowing SMBs to finally compete with bigger companies despite their limited financial resources and staffing.
Still, many are apprehensive to make the jump. They’re hesitant to give up control and they fear the cloud will expose them to greater security risks. Moving to the cloud definitely requires a leap of faith, but a recent ComScore study, completed on behalf of Microsoft, suggests that those who are froggy enough to take the leap (sorry) have no regrets once they do.
In fact, more than half of those surveyed wish they had adopted it earlier and feel that the benefits far outweigh their initial worries.
What are those benefits?
Enhanced Privacy and Security
According to the study, 94 percent of companies who’ve adopted cloud services believe they’re now more secure than they were before, thanks to the cloud’s spam management and up-to-date systems and antivirus protection.
Less Downtime and More Confidence
61% of those surveyed reported fewer instances of downtime since their move to the cloud. Even those who still experienced downtime events felt that they were shorter in duration and that full recovery could be achieved much quicker.
93% indicated that they were more confident in their ability to fully recover after an outage. Comparatively, 73% responded that they felt the integrity of their data in the cloud was stronger than previously, which is interesting since data integrity has often been the biggest worry about the cloud.
Any company striving to be more “green” will appreciate the environmental benefits of moving to the cloud. A recent six-month study conducted by the Berkeley Lab found that moving 86 million U.S. office workers to the cloud resulted in the use of 87% less energy, leaving enough leftover electricity annually to power a city the size of Los Angeles for twelve months.
Cost effectiveness and greater ROI (return on investment) are the most important factors in getting CEOs and major decision makers to support shifting to the cloud. A Rackspace commissioned study conducted by Vanson Bourne, found that 62% of respondents felt that adopting cloud computing strategies freed up money that could be reinvested in other operations like marketing, customer service, product development, and expansion into new markets.
While there is a competitive advantage that can be realized by moving to the cloud, those who are still apprehensive should migrate to the cloud at a pace they’re comfortable with. Once they implement cloud monitoring, and understand it a bit more, most SMBs grow more comfortable with the cloud and expand their use of it.
A recent article by The Guardian (UK) states that the cloud industry is set to see a growth of around 30% soon. But many small and medium business owners are still struggling to make sense of the cloud and how it can benefit them. If you are one of them, then here’s what’s in store for you when you migrate to the cloud:
1. Connectivity - Being on the cloud gives you unparalleled connectivity to your data—from anywhere and at any time. All you need is a device that can connect you to the web and you are set!
2. Save On Hardware Costs - Using the cloud for certain programs spares you the cost of investing in specific hardware. Even devices as simple as your smartphone or a tablet can help you access those applications so you don’t have to spend money on dedicated hardware. Studies have shown that cloud users end up enjoying as much as a 17% IT cost reduction compared to their non-cloud counterparts.
3. Cloud Enables SAAS - The cloud allows you to use software as a service. Microsoft 365 is one such example. When you use software as a service, you enjoy certain benefits such as more regular updates at a lower cost and the ability to have anyone work on the program for you by sharing the access credentials with them.
4. More Efficient Use of IT Staff - Moving to a cloud-based environment puts the burden of maintenance and downtime reduction on your service provider. That means you can use your limited IT staff more efficiently and also don’t have to worry about the costs associated with such maintenance or downtime.
5. Improved Productivity - Studies have shown that cloud users enjoy better productivity than their non-cloud counterparts. This could be because cloud service providers are better equipped to handle any IT eventualities than the average SMBs.
So, perhaps it’s time to ‘get cloudy’ and enjoy all that the cloud has to offer your SMB. And…if you need help in doing that, we are just a phone call away!
Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.
1. Human Error - Human error – by way of unintentional data deletion, modification, and overwrites – has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.
2. File Corruption - Unintended changes to data can occur during writing, reading, storage, transmission and processing – making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.
3. Hardware Failure - Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.
4. Catastrophic Events/Theft - The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business – the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.
Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.