Monthly Archives: March 2015

What’s the Best Balance for Mobile Security?

What’s the Best Balance for Mobile Security?

With a large amount of work now taking place away from the office via mobile devices, IT departments must look closely at their mobile security policies. Cell phones and tablets, once strictly for personal use, function like satellite extensions of the home base office IT infrastructure. This means they are equally vulnerable to security breaches, and require an equal level of protection. Yet, many businesses stall out for developing and enforcing mobile security. What’s the holdup?

OGLUHZAPGF

The Mobile Security Threat

Not only are vulnerabilities in mobile security a reality, they’re on the rise. Infection levels for mobile devices increased by 17 percent in the first half of 2014, according to a malware report from Alcatel-Lucent’s Kindsight Security Labs.

Mobile security comes with a unique set of challenges. With the constant influx of new apps, new devices and operating system upgrades, keeping up with the evolution of mobile technology requires a high level of agile response.

The largest challenge in mobile security, however, may land at the feet of the users themselves.

Too Strict or Not Strict Enough?

By definition, a security policy must be stringent enough to offer protection against possible data breaches, including that which results from an inadvertent loss or misplacement of that mobile device.

A policy that’s too strict could discourage smartphone and tablet use, which reduces productivity. This is true for bring-your-own-device (BYOD) arrangements, removing the advantages of added productivity those mobile devices should offer. Unreasonable or non-user-friendly security mandates can motivate employees to avoid using protective measures rather than practice compliance.

Recent research from the Ponemon Institute indicates that employee resistance is the largest barrier to adopting an effective mobile security strategy. The next biggest obstacle is having the ability to implement and enforce a mobile device policy. In looking at these two challenges, one must weigh user resistance against the daily, practical benefits that mobile devices have on productivity.

Developing a Successful Mobile Security Strategy

The answer is to establish a mobile security policy that is innovative enough to prevent against malicious attacks, yet is not so stringent that employees end up discouraged from mobile device use (and the increased productivity they represent).

An effective mobile security strategy must go beyond sticking to a set of guidelines; this mindset did not protect Target from its massive 2013 data breach, even though the company was within compliance of PCI security standards. Instead, mobile device security must balance protection and control, providing a secure, remote operating environment that does not come at the expense of diminished employee productivity.

Sofia

Written by Sofia Johnson, Manager, Software Development

Ms. Johnson, an expert in Project and Resource Management, is the Software Development Manager at iBridge. She brings 11 plus years of IT work experience and business intelligence to provide successful customer engagement of software development. Prior to working at iBridge, Johnson worked as a Senior Engineer for Hewlett Packard and Oracle, and a Hyperion Consultant for IBM and Google.

She is a product expert in enterprise contract management software solutions – diCarta/IBM Emptoris. As part of her previous engagements as a Hyperion Consultant, she made significant contributions to optimize and enhance a BI/Analytic solution for a major food, health and home retailer, LoBlaw, in Canada. She introduced performance tuning and optimization principles to the existing solution by leveraging Essbase cube partitioning techniques and re-writing some of the calculation logic to bring in significant performance improvements. Another significant engagement included automation and enhancement deliveries of a Hyperion analytical solution for a South African multinational brewing and beverage company (SABMiller) headquartered in London, England.

Ms. Johnson is a certified Essbase developer with a Master’s degree Computer Applications from Bangalore University. She has immense passion for travel, reading and working for social causes.

Newsletter CTAForensic eBook CTA

Navigating International eDiscovery

Navigating International eDiscovery

Conducting eDiscovery in foreign countries is often a dicey proposition. Privacy laws, cultural differences and language barriers can all frustrate an eDiscovery effort. With the right approach, however, it is possible to get custodians to cooperate. Here are ideas that can help:

Get local help. Local counsel will be familiar with the country’s privacy laws, which differ from U.S. laws regarding what types of data can be shared, how it can be shared and under what circumstances. Local counsel will also know more about expected cultural norms and how to approach custodians to get maximum cooperation and compliance. Engaging with local counsel early will ensure they know exactly what is needed and reduce the chances of misunderstanding.

Magnifying Glass With Earth Globe

Image courtesy of Phanlop88 at
Freedigitalphotos.net

Be transparent. By being clear and specific with both the local counsel and custodians about what data is needed, why it is needed and how it will be used, they will be more comfortable and helpful. Arrogance, threats or perceived half-truths or untruths will derail the discovery process. And, because foreign custodians are not under the jurisdiction of U.S. courts, there is little that can be done about it.

Ask only for what you need. U.S. attorneys gather more data than they need for fear of missing something important by gathering too little. This approach will not go over well in foreign countries, especially those that have strict data privacy laws. In keeping with the transparency theme, it pays to be specific about what data is needed and not overreach.

Work to overcome cultural misperceptions. Some custodians and local counsel are biased by misunderstanding of the U.S. legal system based on popular culture, such as American movies and television. Take pains to make them understand how the process really works and how it benefits both sides in litigation. Provide opportunities for them to ask questions and make time to answer them honestly and completely.

The main ingredient in obtaining cooperation from custodians and having untainted data for discovery is trust. Building trust across national, cultural and language boundaries is difficult enough outside the context of litigation; having litigation as the starting point for a relationship makes earning that trust all the harder. By following these tips, barriers will be lowered and you stand a better chance of getting usable data for discovery.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

Newsletter CTAContract Management eBook CTA

Increase Your Firm’s Productivity with a Legal Administrator

Increase Your Firm’s Productivity with a Legal Administrator

Law firms and company legal departments are increasingly handing off administrative duties to non-attorneys. These hires go by various job titles, but can be loosely categorized as “legal administrators” who manage budgets and purchasing, handle HR functions and perform number-crunching analyses for the attorneys, among other duties. Firms and departments of all sizes have discovered that hiring a specialist frees the attorneys and paralegals to do what they do best, resulting in greater efficiency, productivity and cost savings.

Attorneys prefer to do lawyerly things. The typical lawyer has little interest or expertise in running a business—the day-to-day administrative tasks that make businesses run smoothly, control their costs and turn a profit. Many such administrative tasks can be handed off to executive secretaries, office managers and administrative assistants. There are other tasks, however, such as in-depth data analysis, that require special skills not typically found in administrative assistants yet that do not specifically need to be performed by attorneys or paralegals.Macbook Pro

Enter the legal administrator, a new profession that has sprung up in recent years. Legal administrators have different job titles, such as chief operating officer, chief of staff, business operations manager and others. Both law firms and company legal departments large and small have reaped the benefits of having these specialists on their staffs.

What skills does a legal administrator bring to the table? Again, this varies from one situation to the next, but many have these in common:

  • An understanding of how businesses operate and the day-to-day tasks that keep them running smoothly
  • Some knowledge of basic accounting: accounts payable, accounts receivable and financial statements
  • A head for numbers, the patience to manage and track budgets and the smarts to cut costs and drive efficiencies
  • At least some understanding of the legal profession and some particular specialty, such as litigation, real estate or intellectual property law

With these skills, a legal administrator can handle personnel issues, purchasing, vendor relations, financial analysis and more. Sometimes, they even manage outside counsel, although many firms prefer this task be left to the attorneys.

Someone with this skillset will naturally command a salary higher than the typical administrative assistant or office manager, but the gains in productivity and efficiency can more than make up for the extra salary. The expense of an extra non-attorney headcount can be a tough sell, however. The knee-jerk reaction for many partners and general counsel is to do more with more; that is, when there is more work than the current lawyer staff can handle, hire more lawyers. What partners and general counsel must understand, though, is that they are part of a business, and the business world has changed from “do more with more” to “do more with less.” If the current lawyer staff can offload their non-lawyer duties to a legal administrator (who typically will cost less than an additional attorney), those attorneys can focus on what they do best, so of increased productivity without hiring an additional attorney.

DeshWritten by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.Newsletter CTAContract Management eBook CTA

Why is eDiscovery a Mystery to Attorneys?

Why is eDiscovery a Mystery to Attorneys?

One of the legal profession’s most powerful tools, eDiscovery, is also among the most poorly understood by attorneys. Surveys show that many attorneys are not knowledgeable about the proper use of eDiscovery tools and technology-assisted review (TAR). With electronic documents becoming ever more prevalent in business and government, attorneys who do not know how to properly use eDiscovery tools are doing their clients a disservice. At worst, they are being negligent in their duties.

Electronic documents are not going away; we may yet see the day when most businesses and government agencies are truly paperless, with the entire lifecycle of every document stored in electronic form. Traditional discovery tools (printing everything out using regular office software and reviewing each document by hand) will be woefully inadequate for reviewing these documents, especially compared with software tools that can automatically catalog, index and flag documents, separating the irrelevant ones from those that deserve closer human inspection.E71C920079

The other advantage that eDiscovery and TAR have over traditional review methods is that the software tools prevent spoliation. Reading an email in a standard email client such as Microsoft Outlook changes the metadata, or information about that email, such as the date accessed. Such metadata could be important evidence in a trial. By not using a robust eDiscovery tool, the attorney has compromised the integrity of the document, potentially making it useless in a trial.

Attorneys not up to speed on eDiscovery tools and practices may damage their own clients’ cases, especially if their opponents are knowledgeable and can show a jury that the evidence has been tainted. Such attorneys are risking their practices to claims of incompetence or worse.

Why are so many attorneys so slow on the uptake? Opinions vary, but they mostly boil down to institutional inertia and a lack of education regarding the tools and techniques. The subject is not frequently taught in law schools, and schools that teach it have done so only recently. Attorneys not making the effort to educate themselves, and who expect the techniques they learned in law school to continue to serve them well, will be left behind.

The solution? There are amendments being considered for the Federal Rules of Civil Procedure to address eDiscovery, but continuing education of attorneys is necessary. Every litigation attorney has a duty to his or her clients to provide competent representation. Those who fail to do so by not keeping themselves up to date will find themselves on the losing side of too many cases, and will find clients taking their business elsewhere.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

Newsletter CTAContract Management eBook CTA

Four Ways Technology Will Improve Healthcare Collections

Four Ways Technology Will Improve Healthcare Collections

Healthcare billing has long been a one-trick pony: services are rendered, a paper bill is printed and mailed, the patient mails a check back. (Or not.) Technology has advanced to where hospitals and other providers have options to make patient payments easier and more convenient, and tools to improve the bill collection success rate. Here are four ways that technology will help healthcare providers and their patients with billing.

Mobile Payment Options

The same demographic that’s becoming more financially responsible for healthcare is younger and accustomed to using mobile devices for everything, including paying for things. Well-designed mobile apps that help patients comply with medication schedules, keep track of exercise and food intake and make it easy to pay healthcare bills will have a positive impact on the collection success rate and patient health.

Female Doctor Holding Phone

Image courtesy of Naypong at FreeDigitalPhotos.net

Patient Web Portals

Imagine a personalized website where a patient can go to view health history, make appointments, learn about procedures and treatments and pay bills all at the same time. Think Amazon, but for a hospital. Such a portal could inform the patient about the price of each procedure, the likely cost of ancillary items (such as medicines and supplies), how much is covered by insurance and what the patient must pay out of pocket.

Nontraditional Payment Options

Taking a cue from other industries, technology will help providers give their patients more options for paying their bills. Payment plans, discounts for paying up front or within a certain period and more will help increase collection success. There may come a day when healthcare providers will accept alternative payments, such as cryptocurrency like Bitcoin. All should be clarified to patients (on their mobile devices and web portals ) so they can choose the option that works the best for them.

Predictive Analytics

Healthcare providers must collect a great deal of personal data from their customers. With the proper analytical algorithms, data analysis can size up new patients and evaluate how likely (and how promptly) they will pay their bills just as accurately as a credit score. Knowing this in advance can help a provider steer patients to payment options that are more likely to succeed.

The healthcare industry is not known for being an early adopter of new technologies; tried and true has been the general rule, whether for new therapies and devices, health records or billing. But as younger patients pay bills, it behooves the industry to innovate and seek new ways to serve its patients. Doing so will improve the results not only for the patients, but for the providers’ bottom lines.

Dean Van Dyke

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter Sign UpCTA ICD-10 eBook

Hospital IT – Adapt or Perish

Hospital IT – Adapt or Perish

As hospitals and other medical facilities become dependent on computers, networks and software, the role of the IT department becomes more critical to the facility’s mission. IT departments and their leaders thus must become more proactive and insist on a seat and a voice in the facility’s leadership team, and the resources to fulfill their role.Startup Stock Photos

Integrative IT

Medical science continues to proceed at a blinding pace, and procedures, therapies and devices are increasingly reliant on IT systems and software. At one time, a hospital’s IT department was indistinguishable from that of a bank or a manufacturing facility; its marching orders were to keep the computers on and the network running. Now, however, IT is integrated with the hospital’s mission, and its staff must be more knowledgeable in how hospitals are run, the regulatory environment in which they operate and the specific needs of doctors, nurses and other hospital staff.

At many facilities, either hospital management, the IT department or both fail to realize this, causing system inadequacies or failures, low morale among the IT staff and endless finger-pointing. Particularly as electronic health records (EHRs) come into common use and as hospitals and other facilities must meet “meaningful use” standards, the time has come for hospital IT departments and hospital leadership to recognize this shift in IT’s role and to support it with the resources it needs to succeed.

Hospitals, particularly the larger institutions, suffer from a fair amount of bureaucratic inertia, so it is often up to the IT department to get what they need. Here are things hospital IT departments can do:

Become partners in the business. The hospital CIO must become familiar both with the way the hospital is operated today and how it could in the future, and bring this knowledge to the leadership team. By knowing—and communicating—how IT can help the hospital cut costs, operate more efficiently and realize better patient outcomes, IT becomes a respected part of the leadership team and less of a “cost of doing business.”

Serve the needs of the business—but make sure they’re the right ones. The CIO must clarify that the IT department, usually understaffed and underfunded, cannot handle every request that comes along, and that priorities cannot be determined by whoever screams the loudest. Each hospital should have an IT governance board, composed of representatives of the various departments, that can evaluate the requests from a business standpoint and determine where the priorities lie.

Don’t be an afterthought. Too often, in major initiatives and construction projects, consideration for IT is left to the last minute, if at all, and IT departments must scramble to install or move network cabling, order and deploy computers, expand network capacity or perform hardware or software upgrades. There is a lack of transparency regarding what IT departments do and how much work it takes. CIOs should insist on being in the loop on all major hospital initiatives, and should have veto power if the demands on IT resources are unrealistic. This evaluation should be written into the hospital’s standard operating procedures.

The IT organization must take the lead in changing the organizational culture to recognize the critical role IT plays. Without it, IT will continue to suffer from marginalization, staff burnout and turnover and suffer all the blame when things go wrong.

Dean Van Dyke
Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter Sign Up

CTA ICD-10 eBook

Wearable Devices: The Next Revolution in Healthcare

Wearable Devices: The Next Revolution in Healthcare

Wearable technologies are poised to revolutionize healthcare from continuous monitoring of vital signs to telemedicine. These advances hold the promise for enhancements in monitoring and sharing of health data, automatic alerts and remote physician collaboration on complex surgeries in real time. Here are examples of how wearable technologies will improve healthcare over the next few years.

Woman with Wearable Device

Health monitoring: Systems are already available for individuals who want to record, monitor, and track many personal health-related data. Numerous mobile apps on the market record the number of footsteps the user takes, making it easy to record the calories, carbs and fat grams they consume. Wearable health monitors have sensors that attach to the user’s body to sense vital signs, such as temperature, heart rate, breathing rate and quantity and quality of sleep. These devices send the data to a cellphone or tablet computer and from there to cloud-based services that can help identify trends and suggest ways to improve the user’s health.

Soon, these types of devices will be able to recognize when the user is in various types of distress, such as falls, heart attacks, seizures and strokes, and will be able to automatically contact emergency responders with the user’s name, location, and condition.

Data sharing: The ability to monitor one’s own health makes users more engaged and proactive in their healthcare, but also will enable users to share data with their doctors and other healthcare providers. With proper security in place, users will be able to feed their wearable-monitor data to cloud-based databases accessible by their doctors, hospitals, insurers and other providers, either supplementing or being an integrated part of each user’s electronic health record. With this sharing capability, users can get healthcare and accurate, complete medical history even when they are far from home, leading to more accurate diagnoses and better patient outcomes.

Telemedicine: Head-mounted wearables such as Google Glass incorporate tiny video cameras that “see” exactly what the wearer sees, and can record these images on a local computer or transmit them across the Internet. For surgeons, this technology represents a major step forward in collaborative procedures. A surgeon wearing such a device could be guided by another surgeon—perhaps with more experience or expertise in the procedure—who might be in an office thousands of miles away, monitoring what the local surgeon is seeing and providing real-time feedback. When the details are worked out, such as what to do if the connection is lost during the procedure, this technology promises to provide lifesaving surgeries to more patients in more places.

These are just some of the healthcare advances driven by wearable technologies. There are many more that are just reaching the drawing board or haven’t been dreamed of yet. The next few years will be an exciting time for healthcare.

Dean Van Dyke

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter Sign Up

Gaining Consumer Trust in EHR Security

Gaining Consumer Trust in EHR Security

Doctors, hospitals, patients, insurers, and everyone in between agree that electronic health records (EHRs) are a great idea. But not everyone trusts their security. A recent survey of healthcare consumers found that a majority are concerned about the security and privacy of their EHRs, and some even withhold information from their providers for fear of having it compromised.

The value of EHRs (and the return on the investment in EHR systems) increases as more patients participate. What can healthcare providers do to gain the trust of their customers and increase their willingness to participate? Here are some ideas:Watch, computer keyboard, computer mouse
Have outside experts conduct a security audit. Provider IT teams, where they exist, are often stretched thin and lack the expertise to conduct a comprehensive security audit. Having an outside consultant audit your security stance can be invaluable in two ways: they will find vulnerabilities of which you would never be aware, and their independence makes your security claims more credible. Customers are more likely to trust you if you have an expert’s stamp of approval to show them.

Teach and enforce good security practices. Data security is not just the responsibility of the IT department. Everyone who has access to provider data systems has a role to play in keeping EHRs secure. When staff are trained on the importance of EHR security and on how to incorporate security best practices in their everyday work, patients will notice. Staff should not be trained only once—it’s an ongoing process that must be reinforced regularly.

Consider an investment in additional security technology. Another way to gain the trust of your customers is to show you have put automatic technical safeguards in place to keep insiders from compromising data. These tools can monitor a network and its computers, recognize sensitive data and prevent employees from inadvertently or deliberately distributing it to the outside world.

Don’t rely on compliance alone. Hacking tools and techniques evolve much faster than compliance standards can keep up. Complying with last year’s security standard could mean you are vulnerable to an attack today. If you can show customers you have gone above and beyond what a security standard requires, you will gain their trust much more easily than if you show you only meet the bare minimum.

The recent upswing in medical record data breaches shows that customer skepticism over providers’ data security is not unfounded. To ensure the success of EHRs, providers must prove to customers that the security of patient information is a top priority.

Newsletter Sign UpCTA ICD-10 eBook