Monthly Archives: May 2015

Cybersecurity and Banking Priorities

Cybersecurity and Banking Priorities

The increasing reliance on IT systems in our world creates opportunities for innovation and enhanced productivity, but has the drawback of creating new structural weaknesses that can be exploited.

Banking industries we entrust our financial livelihoods with have shown a surprising lack of initiative in staying ahead of this trend. Cybersecurity practices have been well-established in the banking infrastructure, but the directors of these practices have been lax about maintaining and updating these standards.

Despite this, and the fact that IT security isn’t a top priority for banking organizations, the data reflects a growing awareness of the importance of cybersecurity practices.

Banking Security

Image Courtesy of njaj at freedigitalphotos.net

Security Assessment

According to Bank Director’s 2015 Risk Practices Survey, there was a 32 percent increase in the past year of banking professionals who cited cybersecurity as their top concern. Additionally, 79 percent claimed to have increased their cybersecurity budget for 2015 over what they paid the previous year.

However, less than 20 percent of respondents claimed to review their security plans during board meetings, with over half of banking risk committees not regularly reviewing their cybersecurity plans. A lack of security culture may be to blame for this trend, as bank-wide risk assessment is difficult to manage and disseminate across employees. Creating this culture was noted as a particular challenge by 43 percent of respondents, though the nature of cyber crime indicates this should be a primary consideration for banks wanting to maintain quality security standards.

Cybersecurity threats can come from sources external to the organization, such as hacking or use of programs that brute-force passwords. However, information leaks more commonly occur from inside the organization itself, in the form of misappropriation of privileged information or phishing scams that use deceit to manipulate employees with access to data.

Necessary Training for Success

Despite the lack of priority IT receives, more banks are working against this trend with the survey reporting that 62 percent of respondents provide regular board training on risk; 73 percent admit that they think their board needs additional training on emergent risk issues.

These statistics indicate that, while banking organizations may have a long way to go to address the concerns of cybersecurity, awareness is increasing. Awareness will translate into priority, turning into better infrastructure that is cost-efficient and effective for all parties involved.

Sofia

Ms. Johnson, an expert in Project and Resource Management, is the Software Development Manager at iBridge. She brings 11 plus years of IT work experience and business intelligence to provide successful customer engagement of software development. Prior to working at iBridge, Johnson worked as a Senior Engineer for Hewlett Packard and Oracle, and a Hyperion Consultant for IBM and Google.

She is a product expert in enterprise contract management software solutions – diCarta/IBM Emptoris. As part of her previous engagements as a Hyperion Consultant, she made significant contributions to optimize and enhance a BI/Analytic solution for a major food, health and home retailer, LoBlaw, in Canada. She introduced performance tuning and optimization principles to the existing solution by leveraging Essbase cube partitioning techniques and re-writing some of the calculation logic to bring in significant performance improvements. Another significant engagement included automation and enhancement deliveries of a Hyperion analytical solution for a South African multinational brewing and beverage company (SABMiller) headquartered in London, England.

Ms. Johnson is a certified Essbase developer with a Master’s degree Computer Applications from Bangalore University. She has immense passion for travel, reading and working for social causes.

Newsletter-CTA1-1024x129Underground-eBook-CTA-1024x445

Privacy Management: Why IT Security Training Is Essential for All Personnel

Privacy Management: Why IT Security Training Is Essential for All Personnel

The lack of effective IT security in the healthcare field is the primary cause of unauthorized leaks of patient data. The “TrustScore” of healthcare providers ranks lower than any other industry, indicating a lack of faith in the reputation of healthcare-related communications. And with the number of IT-related security leaks growing constantly, the distrust is understandable.

Partners Healthcare recently announced a breach of information involving 3,300 patients that occurred in November. A phishing scam was responsible for the release of privileged patient data by trusted employees within the Partners network.

This breach highlights the weaknesses of IT and email communication in the healthcare field. Health industries have traditionally valued infrastructure that protects physical copies of patient information, but have lagged behind in electronic security practices. Though external forced breaches account for some data leaks, a more pressing concern is the internal mishandling of confidential information.Employee Training

Information Training to Prevent Self-Sabotage

Two recent breaches of patient data, including Seton Healthcare’s inadvertent data breach of nearly 39,000 patients and the aforementioned Partners Healthcare breach, both came from internal mishandling of information via email.

Both firms fell victim to phishing scams designed to gather privileged information though exploiting the employees of healthcare administrations. Without receiving the proper training of IT security practices, in-house personnel become a major liability for keeping confidential information safe. Training staff members to handle potential security leaks (such as phishing scams) is a necessary part of keeping information secure.

Security Strategies

Having IT security personnel on staff can help reduce the frequency of breaches. While proper security training is essential for all staff, IT security experts can identify potential threats to confidentiality and provide infrastructure for continual monitoring of security systems. They can also train non-IT staff in safety protocols that can prevent the loss of privileged information from internal sources.

While online security is difficult to manage for practices unfamiliar with the weaknesses of online technology, the bigger threat comes from within the organizations themselves. There is no security system in place to monitor the flow of information between healthcare employees, and a lack of staff education creates numerous opportunities for data loss. To prevent the exploitation of employees within the system, healthcare organizations must be prepared to train all staff effectively in IT security practices.

Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter-CTA1-1024x129Medical-ID-Theft-eBook-CTA-1024x444

Integrating Business Practices into Your Security Infrastructure

Integrating Business Practices into Your Security Infrastructure

Good security practices and risk assessments are an uncommon find in the business world. While businesses have security protocols rooted in their infrastructure, their implementation falls short.

Threats to security are not given priority until it is too late, and by then the damage is done. This is caused by a fundamental lack of understanding about how business practices integrate with security specifications to meet the goals of the organization.

Data security logistics should be considered from the beginning when businesses decide where to allot their available resources. And while giving priority to data management should be placed in regard higher than it is, excessive spending without a strategy is inefficient and an unnecessary burden.

Infrastructure

To best manage spending and integrating data security, CIOs should familiarize themselves with the IT management systems that house security services with business-based regulations within the organization. This will create the end result of managing security software most efficiently and allocating resources to where they are most needed.

The Burden of Technology

Technology presents more challenges to security management than businesses manage. IT inefficiencies, security backdoors and disjointed allocation of resources all contribute toward a technology-based system of data management exposed to external threats and internal mishandling of information.

The vulnerabilities inherent with increased technology use require security management personnel to understand not only their own network, but every avenue through which outsiders could interact. By understanding how the business utilizes every aspect of its network, CIOs determine where potential security weaknesses lie and how to focus their available resources for maximum efficiency.

Risk Assessment

Constant risk analysis is an effective tool for management personnel to stay informed on the constantly changing situations present in security management. Automated tracking systems ease the burden on employees by gathering metrics with no operators, and provide concrete data that personnel leverage toward adapting their network to meet new demands.

Necessity of Integration

While there has been a disjointed relationship between business practices and security management in the past, the best way to decrease systemic vulnerabilities is to reconcile this gap. When CIOs and IT personnel are acquainted with the technology and algorithms employed by their business, security management switches from an afterthought into a self-sustaining process.

Sofia

Ms. Johnson, an expert in Project and Resource Management, is the Software Development Manager at iBridge. She brings 11 plus years of IT work experience and business intelligence to provide successful customer engagement of software development. Prior to working at iBridge, Johnson worked as a Senior Engineer for Hewlett Packard and Oracle, and a Hyperion Consultant for IBM and Google.

She is a product expert in enterprise contract management software solutions – diCarta/IBM Emptoris. As part of her previous engagements as a Hyperion Consultant, she made significant contributions to optimize and enhance a BI/Analytic solution for a major food, health and home retailer, LoBlaw, in Canada. She introduced performance tuning and optimization principles to the existing solution by leveraging Essbase cube partitioning techniques and re-writing some of the calculation logic to bring in significant performance improvements. Another significant engagement included automation and enhancement deliveries of a Hyperion analytical solution for a South African multinational brewing and beverage company (SABMiller) headquartered in London, England.

Ms. Johnson is a certified Essbase developer with a Master’s degree Computer Applications from Bangalore University. She has immense passion for travel, reading and working for social causes.

Newsletter-CTA1-1024x129Underground-eBook-CTA-1024x445

How Big Data Complexity Is Redefining Legal Tech

How Big Data Complexity Is Redefining Legal Tech

The volume of data accumulated daily in any law practice is massive, and continues growing annually. This, combined with the increase in technological evolution seen in the legal industry, are together reshaping the face of daily business within a law firm. But is technology changing the legal space, or is the legal industry affecting the development of legal technology instead?2M1AXEU9Q2

The Chicken or Egg Argument

The age-old question over which came first for the chicken and the egg has a lot in common with technology vs. legal industry debate. Unlike chickens, though, technology and transformation within the legal industry take place simultaneously, with each mutually informing the other.

New tech entrants into the marketplace focus on legal disruption, responding to the drive from clients. Changing the way resources are structured takes priority. This not only involves concerns over the sheer volume of data accumulating, but also the increased complexity in keeping up with regulations and compliance mandates.

Data does not exist in a vacuum. For law firms particularly, data must be filtered in a usable way, converting raw information to knowledge. This is just as true for gap analysis during contract management as it is for fact development for a case. A greater understanding must be reached about the best way to collect and manage data within an organization, adopting an approach that works for the daily needs of the business.

One Size Does Not Fit All

None of this should imply there is a “one-size-fits-all” solution for big data management. Instead, the solution lies in implementing various tools and platforms that are flexible enough to work for a range of different client needs. Applying the tactics to the concept, document or data at hand accomplishes clients’ goals, as disparate as they may be.

The traditional legal model is cumbersome and time-consuming, qualities that do not lend themselves well to today’s fast-paced working environment. Clients, boards and shareholders want more comprehensive results, and want those results faster. To do this, start by understanding client risks, then draft a solution designed to meet those specific needs.

The legal industry can no longer claim that technology capable of this level of flexibility does not exist. Instead, legal departments must adopt a culture of technology that lends itself to better process management regarding today’s reality of handling big data.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

Newsletter-CTA1-1024x129Law-Firms-and-Cyber-Attacks-eBook-CTA-1024x444

Cybersecurity and the Weaknesses of Online Data Management

Cybersecurity and the Weaknesses of Online Data Management

The vulnerabilities of health care information have recently come into focus from a phishing attack on Seton Healthcare Family that released the personal information of nearly 39,000 patients. Anthem Inc., a U.S. based health insurance company, was also the victim of a security breach revealing confidential information in February of this year.

Both attacks point to infrastructure vulnerabilities related to employee access to information, creating a dilemma for healthcare providers who rely on employee communication for patient interaction. With patient portals and online communications becoming the norm, clinics face new challenges to their infrastructure they have not prepared for.Seton

The Nature of Digital Vulnerability

These breaches highlight a weakness in the healthcare IT industry: security of email communications and privacy of privileged information. The Seton attack was aimed at gaining access to employee email addresses and passwords, which would reveal classified information including patient names, medical record information, insurance records and social security numbers.

Phishing uses deceptive strategies to gain access to electronic systems, and is a primary reason that health companies score the lowest “TrustScore” rankings regarding security of online information.

The Seton Healthcare breach has not yet been determined, but since HIPAA regulations prevent sharing any patient information to unauthorized parties, even mild security leaks can cost healthcare clinics millions in legal fees. Large corporate healthcare facilities can bear the costs of potential legal action from security leaks, but smaller clinics often cannot afford the damages from compromised systems.

The problem is severe enough that President Barack Obama cited increased cybersecurity as one of the primary concerns for national improvement in the 2015 State of the Union address. Healthcare lags behind other industries in advancement of digital security practices; the health industry is slow to change and clings to traditional methods of data management despite the shift towards electronic use.

The lack of cybersecurity in the healthcare field is gaining more attention as cyberattacks on patient information increase. This will become a bigger priority as more clinics move toward electronic record use and meaningful use attestation. Measures to improve online security rely on transparency between clinics in the private sector and government institutions. While sharing information is a struggle for medical clinics that rely on confidentiality, it is a necessary step to protect data of both clinics and patients.Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.Newsletter-CTA1-1024x129Medical-ID-Theft-eBook-CTA-1024x444

The Role of Vendor Support in ICD Compliance

The Role of Vendor Support in ICD Compliance

The compliance date for the ICD-10 transition is October 1st, 2015, so clinicians have only a few months of preparation left before the switch to new medical coding takes effect. Clinics that have not adjusted their infrastructure to reflect these changes must rush to meet the compliance standards by the cutoff date, but including vendors in the transition can help ensure that new systems are implemented with little downtime.

Vendor Assessment

The switch to ICD-10 has implications beyond new codes for medical procedures. The shift will affect the medical equipment and systems used by hospitals and clinics, creating complications with vendors that have not accounted for the transition.

The Centers for Medicare and Medicaid Services (CMS) has provided an online Technology Vendor Assessment form created to help clinics communicate with their vendors regarding how compliant their products and services are. While the form is sent to vendors and should be returned upon completion, but clinicians have complained about the likelihood of vendor cooperation with this measure.

Source: cms.gov

Source: cms.gov

A better way to assess your vendors is to interact directly to determine how their services will be affected by the ICD-10 shift. There may be additional fees assessed by vendors for updating their products to reflect the new compatibility required by ICD-10, so it is in each clinic’s best interest to communicate with their vendors early when determining how the changing system will affect their infrastructure.

Improving Compliance

While every clinic becoming ICD-10 compliant would be ideal, the change is not practical for many clinics that cannot adapt their infrastructure due to budgetary concerns or lack of personnel. However, there are workarounds available for clinics that cannot become fully compliant in time:

  • Hire outsourced technology and billing services that are ICD-10 compliant
  • Use online software and claims filing services
  • Submit professional paper claims (CMS-1500) instead of online filing

Management of IT systems is critical in ensuring that the transition does not disrupt workflow for clinics trying to maintain their schedules. New systems and procedures must be implemented before the compliance date, which will require extensive testing for compatibility with existing software.

This can be a time-consuming process, but communication with vendors can ease the burden. With vendors adapting their services to the needs of ICD-10, the transition on the clinical side will be simpler with less downtime.

Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter-CTA1-1024x129CTA-ICD-10-eBook-1024x443

The Paradigm Shift of Patient Portal Use

The Paradigm Shift of Patient Portal Use

Patient engagement is a growing trend in the healthcare field, but the increasing use of patient portals and online medical records is forcing physicians and clinics to re-evaluate their mindsets about how they utilize online medical records.

Patient Engagement Concerns

According to the STEPS Taxonomy of the HIMSS Health IT Value Suite, the impact of engagement strategies is affecting patient and physician satisfaction rates differently. While most agreed that the patient engagement measures provided by attesting to meaningful use would increase patient satisfaction rates, the same was not true for physician satisfaction rates. Clinicians were dubious about the effects of meaningful use requirements on their clinic workflow, while acknowledging the success of the strategies in improving patients’ quality of care.

This disconnect is symptomatic of a growing concern for health care practitioners. The effectiveness of electronic patient safety and involvement measures is not being disputed, but physicians have expressed unease about the practicality of meeting the minimum requirements for meaningful use.

Doctor Using A Digital Tablet

Image Courtesy of Naypong at FreeDigitalPhotos.net

Electronic Portal Drawbacks

Physicians with primarily older patients who infrequently use computers have claimed that the necessity of email and online access creates a requirement virtually impossible to fill. Physicians also mentioned cultural issues as arguments against meaningful use measures, citing the shift from traditional phone calls to email use being a complication for patients unprepared to adapt.

Part of the problem with electronic records may come from the drawbacks associated with patient portal use, such as the tethering of patient portals to electronic health records that result in patients having multiple portal pages to keep track of for each clinic they visit. New systems are being developed that combine all patient portals into one page for patient ease of use, but for now, the user experience with patient portals is taking a back seat to helping clinics adjust to the switch.

The Future of the Patient Portal

Patient portal use has been a challenge for clinics to successfully implement. Electronic medical records have given clinics the ability to manage patient care in ways never before possible, but the concerns expressed by physicians regarding its use will likely be addressed slowly. The new infrastructure of reliance on patient portal use reflects the changing trends of the healthcare field, and requires flexibility from both physician and patient to implement effectively.

Dean Van Dyke

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter CTAMedical ID Theft eBook CTA

Legal Technology: The Shift Towards Digital Discovery and Data Analytics

Legal Technology: The Shift Towards Digital Discovery and Data Analytics

New technology and discovery practices are changing the landscape for legal professionals. Legal firms are taking a page out of the marketing research manual and exploring the value of data analytics for eDiscovery and case management.

This comes when firms are realizing that traditional methods of data management are falling by the wayside in favor of the wealth of information available through digital means. Recognizing the trends of data discovery and the importance of keeping up with these patterns is causing more firms to devote a larger share of their financial resources towards IT development and the associated practices for digital discovery. To best utilize technology for managing client cases and cost reduction, data analytics are being applied in ways never before used by legal firms.

computer-on-desk-5

The Measure of Analytics

Data analytics were seen only as a measure to improve cost management and savings, but the potential applications of these metrics goes beyond mere budget reduction. Providing more funding for technology-related purposes is part of a larger shift towards digital information governance. This shift will create better tracking of risk management, improved decision making, heightened security of privileged information and better overall contributions towards the goals of the firm.

The value of digital analytics for legal firms is becoming widely recognized, but industry standards have yet to emerge for their practice and application. These standards will establish a framework and mitigate the risks involved with their use, but are developed through a time consuming process of trial and error. Legal firms that take initiative to blaze the trail for establishing digital discovery practices may reap benefits greater than those that are slower to adapt.

The Future of Legal Technology

As eDiscovery shifts from a growing trend to the new normal, patterns emerge that dictate how metrics can be used to analyze aggregate information and provide a comprehensive view of a client case.

Legal firms must manage both the client outcome and costs associated with legal work, but data analytics have not yet been utilized to their full effect in either area. With the primary focus of analytics being on cost savings, the benefits to case work and discovery are areas that require further research before they are utilized.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

Newsletter CTALaw Firms and Cyber Attacks eBook CTA

How IT Services Can Boost Patient Engagement

How IT Services Can Boost Patient Engagement

Patient engagement is a practice that clinics have struggled with for years. Involving patients in the care process keeps them informed and leads to a higher quality experience, but relies on methods and infrastructure that many clinics are unfamiliar with. However, new meaningful use regulations may make patient engagement a necessity instead of a luxury.

Stage 2 of meaningful use requires over five percent of patients to be involved in their own care via electronic medical record or online portal for any provider. This means patients will become more aware of prevention screenings, more informed during inpatient procedures and will maintain better contact with their providers after they’ve gone home. Given the financial costs associated with disengaged patients who fall victim to preventable hospital readmissions, these regulations are understandable.

Personal Health Status On Tablet

Image Courtesy of pandpstock001 at Freedigitalphotos.net

Despite the benefits to increased patient involvement, hospitals have shown poor adherence to engagement practices in the past. A recent survey conducted by consulting firm Technology Advice indicated that 48 percent of patients reported no follow-up from their provider after they were discharged, with a mere nine percent reporting contact via online portal. Hospitals have a long road ahead of them to increase their patient engagement to acceptable levels.

Increasing Engagement

Despite the challenges associated with making patient involvement a priority, new methods in development offer multiple ways for hospitals to engage their patients, particularly in the IT field. Applications being developed allow providers to monitor patient health status after discharge by providing wellness surveys for patient responses. If the responses indicate a decrease in health or wellness, the application notifies a nurse practitioner who can help the patient address the issue.

These applications are also being utilized during hospital stays and surgical procedures, providing ways for family to stay informed with live updates on the status of the patient. These methods combine new technology with electronic health records to create a positive experience that keeps patients informed.

Response to virtual information management has been positive from patients, but patient health outcomes have yet to be improved. Using applications to track the status of patients during procedures and during post-operative care doesn’t satisfy the government mandated State 2 meaningful use requirements, but is a step in the right direction toward integrating IT services and patient engagement.

You can view the full research study at Technologyadvice.com.

Dean Van Dyke

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Newsletter CTAMedical ID Theft eBook CTA