Monthly Archives: July 2015

ISO 27001: The Advancement of Cybersecurity Regulation

ISO 27001: The Advancement of Cybersecurity Regulation

The legal world’s reliance on technology increases, and with it comes greater and more varied risks to the sensitive information entrusted to legal counsel. To stay ahead of this trend, law firms attempt to obtain new certifications in pursuit of satisfying clients concerned about inadequate cybersecurity.

New Security Standards

This increased focus on cybersecurity compliance comes in the ISO 27001 certification, which can be acquired by any business that meets the required international security standards. While certain firms like JP Morgan Chase and Goldman Sachs require more stringent cybersecurity standards, ISO 27001 has been adopted by dozens of firms, becoming the baseline for data security in the legal world.

ISO 27001: The Advancement of Cybersecurity Regulation

Image courtesy of sheelamohan at FreeDigitalPhotos.net

Despite the necessity of increased regulation of information security for both small and large firms, ISO 27001 compliance is difficult to meet. Businesses that wish to obtain this certification must undergo a lengthy auditing process that entails an assessment of which policies are in place, what level of control businesses have over their cybersecurity, past incidents of data breaches, how employees are trained, and general knowledge of government regulations.

Part of the certification process involves increased accountability by legal firms. Documentation is key for certification renewal, as companies must prove that they have complied with necessary regulations. The cost is significant for smaller firms concerned about their bottom line— Kathryn Hume, a primary consultant at an ISO-certification firm, estimates the cost of a three-year certification to exceed $30,000 for larger firms. While established and profitable businesses have no issue with these types of fees, smaller firms find the cost of certification prohibitive.

Despite the costs, the strict requirements speak to the greater need for organization and responsibility by firms upgrading their security standards.

Understanding Security

ISO 27001 compliance is not a mandatory certification, but many banks and businesses are turning a sharper eye toward cybersecurity adherence for the clients they partner with.

Investing more heavily in cybersecurity is a decision that firms must weigh. While cost is a factor, cybersecurity compliance is about more than paying for a certification. Good data security involves a deeper understanding of the technology-related risks that legal firms face and knowing how to implement the infrastructure to safeguard themselves.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterLaw Firms and Cyber Attacks iBridge LLC

The Challenges of Maintaining Privacy in a Vulnerable World

The Challenges of Maintaining Privacy in a Vulnerable World

The recent information leaks by U.S.-based whistleblower Edward Snowden have brought the debate of information privacy to life, specifically focusing on data seizure and the risks clients face from noncompliance of multinational policies. Renato Pontello in Canadian Laywer Magazine notes the increased liability that in-house counsel faces as their responsibilities increase:

“In the last 15 years there has been an increase in the number of lawsuits brought against in-house counsel… All of a sudden activist shareholders, securities regulators and the courts seemed ready to place in-house counsel under closer scrutiny.”

The increased willingness to place blame on in-house counsel for privacy breaches and the threat of data seizure creates the need for a larger focus on regulatory compliance and policy management for all legal departments.

Data Seizure

The United States Patriot Act allows the U.S. government to seize any data owned or housed by a U.S.-based entity, regardless of its location. This creates unique challenges for firms that maintain standards of confidentiality of client information.

The Challenges of Maintaining Privacy in a Vulnerable World

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

One method to fight unregulated data seizure is to encrypt information stored in servers. Encryption prevents any user from reading data except for the encryption key holder, preventing unauthorized users from accessing it. While data encryption can be costly, it remains one of the few ways to ensure confidentiality if a breach occurs.

Multinational Policy Management

Aside from data seizure protection, legal firms must ensure that their privacy compliance standards are up to date. However, this can be trickier that it seems when dealing with varying standards across multiple governmental bodies.

Regulations on private information vary between the U.S. and E.U., creating a stark contrast between how each organization handles privacy. The United States follows a standard of data usage that allows personal data to be used for data mining or marketing without the user’s consent. The E.U. handles the use of personal data in a “minimum and necessary” fashion, where companies must justify the disclosure of any data.

The variance in the laws and compliance policies of each country creates a difficult landscape for legal firms to keep up with. While in-house counsel may never be free of the risk of data seizure and scrutiny from outside firms, effective management of data encryption and compliance standards are the only ways to prevent unnecessary litigation costs and losses to their bottom line.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterLaw Firms and Cyber Attacks iBridge LLC

Healthcare IT and the Dangers of Cloud-Based Computing

Healthcare IT and the Dangers of Cloud-Based Computing

Employees in the healthcare industry are increasingly using cloud applications to boost their productivity, but cloud-based services can create security vulnerabilities that IT support is ill-equipped to handle.

Security Weaknesses

Healthcare IT and the Dangers of Cloud-Based Computing

Image courtesy of SweetCrisis at FreeDigitalPhotos.net

A recent study by cloud security vendor Skyhigh Networks showed that cloud-based computing is on the rise, with the average company now utilizing 923 distinct cloud services. This creates a unique challenge for IT security, as Skyhigh’s team reported that only 9.3 percent of cloud services met security standards for data protection, identity verification and service security. The report also found that while only eight percent of companies were considered high-risk for cyber-security breaches, high-risk partners received 29 percent of all shared data.

The research gathered on cloud security highlights a worrying trend—even when IT knows of employee usage of cloud applications, their presence creates significant loopholes in a healthcare security infrastructure that relies on keeping patient information confidential.

Cloud-Based Threats

According to a report by The Cloud Security Alliance that identified the biggest threats to cloud computing, data breaches, and stolen information were the primary concern, followed closely by improper data handling by industry insiders along with a fundamental lack of understanding of what cloud security entails.

With nearly a third of shared data being transferred through companies with poor cybersecurity compliance, many healthcare organizations hoping to achieve increased efficiency through the cloud may instead find themselves at risk for data breaches and mishandling of privileged information.

Rajiv Gupta, CEO of Skyhigh Networks, admitted that the value of stolen medical information put health organizations at high risk for breaches: “…Healthcare companies [are] prime targets for criminal attackers, and the stakes will only increase as more medical records move to the cloud.”

A Culture of Security

To fight the growing trend of data vulnerability in the cloud, healthcare organizations must implement more comprehensive evaluations of risk assessment against employee behaviors.

Better security standards rely on data protection rather than network security that can be bypassed through the hundreds of cloud-based applications that healthcare organizations use. To facilitate this goal, Gupta recommends eliminating redundant cloud applications now in use and implementing stronger sanctions for authentication.

Though security breaches occur though employee mishandling of information as readily as data leaks, healthcare organizations must make a concentrated effort toward coaching their employees on cloud application use alongside updating their corporate security policies.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterWhat Healthcare Execs Need to Know about ICD-9 to 10 Conversion

Taking Steps Toward ICD-10 Compliance

Taking Steps Toward ICD-10 Compliance

Despite the specificity that ICD-10 promises to provide, political pundits and medical professionals claim that the ICD-10 transition will create a coding structure overly complex and unnecessary. Many clinicians have yet to fully commit themselves to the structural and policy changes that come with ICD-10.

While debates on pushing back the deadline are still alive across the political spectrum, more medical organizations are biting the bullet and instituting cooperation-based programs designed to get physicians ready for the transition.

Perceived Upgrading Costs

Given the large infrastructure and software modifications that accompany transitions like ICD-10, it’s natural that hospitals and other healthcare clinics would resist the change. When focusing on the bottom line, the last thing clinics want to worry about is adapting coding practices to reflect minuscule changes in classifications that don’t affect day-to-day operations.

Taking Steps Toward ICD-10 Compliance

Organizations struggling to keep up with the changing procedures of the medical industry will always decry compliance dates as being too early to be realistic, but procrastinating on updating their policies won’t change the equation.

Collaboration

With how fast the deadline is approaching, not all medical associations see value in fighting the change. The Centers for Medicare and Medicaid Services (CMS) and the AMA recently announced a joint effort to get physicians ready for the transition. This will happen with the help of education through webinars, articles, on-site training and a system of provider calls that will help physicians and health care providers prepare to update their codes and change their infrastructure.

This collaboration comes at a critical time, as attempts so far to delay the October 1st deadline have been unsuccessful. CMS has acknowledged the importance of meeting the new regulations and will offer several initiatives designed to move easier:

  • The appointment of a ICD-10 public advocate to handle provider issues
  • Medicare will not deny claims based on a lack of ICD-10 specificity, provided that the physician uses a valid code
  • Meaningful Use and other quality assurance programs will not assess penalties for lack of specificity

CMS initiatives on their own won’t be enough to ease the transition for all providers, but they indicate an improvement in cooperation and communication between departments. Policy changes on a national scale require cooperation from organizations, and getting associations like the AMA and CMS on the same page is a necessary first step.

Dean Van Dyke iBridge LLC
Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterWhat Healthcare Execs Need to Know About ICD-9 to ICD-10 iBridge LLC

Tailored Contract Management Solutions That Fit Your Legal Process

Tailored Contract Management Solutions That Fit Your Legal Process

The following post was originally published by iBridge partner Advanced Software Concepts (ASC).

Business is built on contracts and agreements — intricate, complex tools that have a life of their own. While many digital contract management solutions exist to help manage contracts and agreements, most take a one-size-fits-all approach.

Fitting these solutions to the way your business works is inefficient and frustrating and managing performance and information flow can be overwhelming. The resulting longer legal approval cycles, reliance on manual data entry and extra administrative overhead can result in wasted organizational time, increased operational cost (e.g., resourcing, paper management and storage, etc.) and unnecessary corporate risks (e.g., data entry, validation errors, lack of compliance, etc.), and can even lead to lost revenue opportunities (e.g., fewer billable hours, lower customer satisfaction, customer retention issues, etc.).

What contract administrators, attorneys, law firms, corporate counsel and other legal stakeholders really need is a simple yet secure contract lifecycle management (CLM) solution — tailored to fit their unique business requirements — to easily manage any type of contract and legally binding agreements, legal documents and other client matters.

Tailored Contract Management Solutions That Fit Your Legal Process iBridge LLC

Image courtesy of phasinphoto at FreeDigitalPhotos.net

A tailored best practice solution would help reduce legal administrative time while increasing productivity (e.g., less manual data entry, automated approvals routing, centralized and secure access, etc.) and subsequent billable hours, reducing costs (e.g., resourcing, paper, storage, etc.), reducing manual data reconciliation and validation requirements and improving overall data accuracy and mitigation of non-compliance and other corporate risks.

ASC’s web-based solutions for contract management, document generation, client management and other business process lifecycle management requirements help address these key business issues and can be tailored to fit your exact legal needs. The solution can truly be configured for your terms, your templates, your nomenclature, your workflow, and your contract and agreement types. It’s your solution and ASC ensures it’s a successful fit.

The ASC Contracts solution can also be configured with advanced barcode technology which enables one-touch capture and storage (e.g., intelligent and dynamic automation of document sorting, filing and workflows), helps lock and track contract and document revisions to ensure document integrity and security, enables proof of tampering and ensures document authenticity.

ASC solutions are also zero-footprint (nothing to download or install), future ready and accessible at any time, from anywhere and on any device. ASC solutions make it easier to automate, optimize and streamline your legal business operations by eliminating manual processes and workflows and providing actionable business intelligence and improved data insight (client, business and compliance), including exportable detailed or executive-ready reports, for proactive account management and corporate transparency.

Whether your contract lifecycle management needs are simple or complex and no matter your industry or business size, this video touches on these relevant business issues — resource efficiency, cost control, risk mitigation and revenue generation — and how ASC solutions can help ensure your business is optimized to deliver.

It’s your solution — ensures it fits! Find out more.

iBridge NewsletterContract Management iBridge LLC

First, Do No Harm: How Traditions in the Healthcare Field Prevent Progress

First, Do No Harm: How Traditions in the Healthcare Field Prevent Progress

Practices in the healthcare field have typically been directed by tradition. The medical industry is slow to change due to the inherent risks associated with breaking from the status quo. When patient lives are on the line, arguing for new procedures can be a hard sell.

This can be a positive trait when you compare the stability of traditional infrastructure against the chaos that change can cause. Additionally, it also creates one of the biggest challenges for those hoping to move the healthcare industry into the technological world.

A Technological Afterthought

The rigid routines clinicians cling to creates a false sense of security in healthcare organizations. Most clinics have strong structure in place to prevent mishandling of physical copies of information, but are ill-equipped to handle the challenges that digital records present.

How Traditions in the Healthcare Field Prevent Progress

Image Courtesy of Digitalart at FreeDigitalPhotos.net

Information technology is notoriously overlooked and undervalued in the healthcare environment. Hospitals are more focused on continuing practices that have worked in the past than adapting to the latest trends. Despite the resistance, IT in the medical world is slowly becoming the new norm.

While this trend has been accepted as a move in the right direction, traditional methodologies of patient care don’t consider the infrastructure and security that reliable IT systems need. Clinics unprepared to adapt to these new requirements face costs greater than a comparatively simple technological overhaul.

The Human Factor

With the inherent vulnerabilities of electronic systems, employees who manage patient information are unprepared for the unique challenge that electronic record-keeping poses. Phishing scams that prey on untrained staff members are one of the biggest internal threats to confidentiality; two recent events involving significant leaks of patient data at Seton Health and Partners HealthCare resulted from employees inappropriately responding to outside requests for information.

The bloated traditions of the medical industry have created a culture where physical information is highly secure, while digital information is an afterthought. As technology progresses, healthcare organizations must update their practices to reflect the changing needs of the industry. And while security problems create significant distress to any clinic, adversity creates the best opportunities for growth. By addressing the weak points of your healthcare infrastructure, a stronger practice is built.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterWhat Healthcare Execs Need to Know About ICD-9 to ICD-10 iBridge LLC

Criminal Cyberattacks: The #1 Threat to Healthcare

Criminal Cyberattacks: The #1 Threat to Healthcare

In the last five years, cyberattacks on healthcare organizations have skyrocketed by 125 percent and 45 percent of healthcare organizations report they have been victims of deliberate cyberattacks, according to a new survey from the Ponemon Institute and ID Experts. The survey also showed that 90 percent of healthcare organizations and 60 percent of claims processors and third-party billers experienced a breach in the past two years.

The Value of Black Market Healthcare Data

Cyber Criminal iBridge LLC

Image courtesy of Chanpipat at FreeDigitalPhotos.net

Hackers can make up to $70 each for every medical file stolen and resold on the black market, which explains the high motivation behind these attacks. A vast network of online criminal sites makes trading these commodities quick and easy for those who will pay the asking price for stolen digital goods.

Medical records can net a higher profit for cybercriminals than either credit card or bank account numbers, since they include a large amount of sensitive information (like mother’s maiden name or Social Security numbers) that can then be leveraged into bigger payouts.

The cost to healthcare organizations resulting from medical record theft totals $2.1 million on average, which adds up to $6 billion annually throughout the industry. Damages to those consumers directly affected are also significant, and healthcare data breaches can lead to secondary issues that are just as costly, such as insurance fraud.

Protecting Digital Data

These risks have increased in direct correlation with medical providers moving to electronic medical records. The healthcare industry falls far behind other organizations in the private sector in terms of digital record-keeping, citing security concerns as a reason to continue using paper records instead.

This is the modern-day equivalent of insisting on using only a landline or a typewriter despite the many advantages and technological advances of smartphones and laptops. The inherent concern lies not with the technology itself, but rather with the lack of prioritization given to sufficient security measures within the healthcare industry.

Previously, the leading cause of data breaches was lost hardware, but employee negligence is still named as a top concern for 70 percent of organizations polled. This alone points to the reality that the healthcare industry must look inward foremost, and stop dismissing cyberattacks as a statistical improbability.

Dean

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterUnderground eBook CTA

External Counsel Failing to Meet the Needs of Their Clients

External Counsel Failing to Meet the Needs of Their Clients

The legal industry is filled with high-risk concerns for ethics and compliance of government regulations. When the responsibility of maintaining compliance falls to lawyers, it becomes necessary for legal teams to know of all issues related to risk assessment and governmental regulations to guarantee that the needs of their clients are being met. However, for ethics and compliance, outside counsel is falling short.

The Necessity of Compliance

The value of outside counsel is to provide their expertise to clients, including improving their risk-assessment capabilities by identifying obstacles related to non-compliance. But when outside counsel cannot manage something as basic as a compliance program, it is hard to argue that external counsel can meet client needs.

IMG_1024

Royal Dutch Shell’s chief ethics and compliance officer Leanne Geale expressed her surprise at how uninformed outside counsel was on compliance-related initiatives: “This is an easy opportunity to add value to a client,” she said in a recent interview. “External counsel can identify and raise such risks with a client who might not even be aware of them.”

Meeting Client Needs

It is a burdensome task for compliance professionals to augment existing corporate structures, but risk-reduction is an essential part of the services that outside counsel can offer. To best manage this, external counsel must understand their clients if they hope to comply goals.

How can outside firms improve their knowledge and application of compliance practices to better meet their clients’ needs?

“They should know the compliance basics, understand the framework of the company and the risks to the sector,” says Geale.

Outside firms should also try to understand each client with whom they partner. Awareness of each firm’s code of conduct, ethics and business values is essential to knowing how to regulate compliance in each situation. Outside counsel “…can form a view based on experience from multiple jurisdictions and industry sectors and their experience with different issues and regulators can help to inform one how to manage certain risks,” Geale explains.

Outside counsel can provide value over in-house counsel, but only when their legal teams know of the industry-specific challenges that their clients face. Outside counsel must try to increase their understanding of compliance practices to better meet the requirements of those with whom they work.

Desh

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

Newsletter-CTA1-1024x129Contract Management eBook CTA