Monthly Archives: March 2016

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Despite the push towards data security and information governance, data breaches can occur where you least expect them. Though encryption software and more secure firewalls have shown success at preventing internal data breaches, another threat is looming on the data security landscape: “visual hacking.”

Low-Tech Hacking

Visual hacking involves capturing confidential information from digital screens by using smartphones, discrete cameras, or plain sight. Compared to complex coding backdoors and malware infection, visual hacking is relatively low-tech, but that doesn’t mean it isn’t a concern for healthcare organizations tasked with controlling sensitive data.

Imagine the opportunities for visual hacking present in locations as basic as healthcare clinics. Offenders can snap photos of your information as you fill out your medical record, eavesdrop on your conversation with staff, and once they enter the actual clinic, use silent, high-powered zoom cameras to discretely record any instances of unsecured patient data. With just a few clicks of a button, healthcare organizations can suffer data breaches that may cost them millions.

Visual Hacking

Though protecting confidential data from prying eyes has always been a concern in the healthcare field, new mobile camera technology is giving offenders more tools than ever before. A 3M sponsored hacking experiment with the Ponemon Institute found that a white hat hacker could visually hack sensitive information in 88 percent of attempts.

3M’s campaign against data loss helps IT and security professionals better address their security vulnerabilities. According to Gartner, IT security spend reached $75.4 billion in 2015, but this increase in security funding will do little to prevent the rise of low-tech hacking methods.

Preventing Visual Hacking

Healthcare providers must try to prevent data loss from visual hacking:

  • Using applications to mask high-risk data, particularly when accessing data from mobile and public locations.
  • Creating a corporate culture of security that prioritizes visual security—all staff must know of the growth of visual hacking and why all data must be stored behind authentication or privacy filters.
  • Limiting logins to necessary locations will help prevent the number of access points where data breaches may occur.

There’s no simple strategy to fight visual hacking, but healthcare organizations that understand the risks and challenges associated with visually securing private data are one step ahead in the game. Data security across all channels is an ongoing struggle that healthcare providers must be prepared to face.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

Protecting the Enterprise with Cybersecure IT Architecture

Protecting the Enterprise with Cybersecure IT Architecture

Digitization of data, products, and processes is the direction in which the world is moving.

Protecting the Enterprise with Cybersecure IT Architecture

Unfortunately, the digital revolution of our IT security is occurring more slowly. Digitizing information creates new challenges for legal firms that may not know of the system vulnerabilities that digital data creates.

Security Challenges

Complicated IT architecture creates system vulnerabilities for hackers to exploit, and makes malware harder to detect. With digital data becoming the new standard for information governance, security protocols must be in place to prevent unauthorized access.

A joint study by Mckinsey and the World Economic Forum in 2014 showed that 71 percent of global banking IT executives believe that attackers are quicker than banks when adapting to changes in security protocols, including modifying skill sets and identifying vulnerabilities. The report also revealed that 80 percent of respondents believed that the risk of cyber-attacks and data loss will play a large role in their businesses’ security strategy over the next several years.

Given the traditionally slow response of organizations to data breaches, companies must invest more heavily in their security programs. This includes designing processes, security platforms, and overall IT infrastructure with security as a priority.

Creating Secure Architecture

A secure IT framework doesn’t rely on individual security protocols. The best security approaches incorporate multiple layers of defense throughout its implementation:

  • Threat analysis: Potential threats must be segregated based on the value at risk, letting businesses give the most valuable data the highest levels of security.
  • Multi-level restriction: Access and security must be increasingly restricted with each security layer to ensure that the inner layers are tightly regulated and controlled by employees.
  • Service integration: Security must be integrated with service architecture. This allows communication and data flow to be better monitored across the enterprise, as various service capabilities can also function as security checkpoints that provide additional levels of data protection.
  • Communication hub: Routing communication through a single application service hub provides a clear view of information flow. Aggregating data into a single point of contact allows broad assessments of suspicious data patterns and provides a secure approach to communication between applications.
  • Prioritize simplicity: With the growing complexity of data security infrastructure, companies must build their security network to function optimally with transparent and simplified processes. Reducing the number of applications that handle messaging and communication improves efficiency and makes it less likely that suspicious activities will go unnoticed.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

5 Questions to Ask Before Buying a New eDiscovery Platform

5 Questions to Ask Before Buying a New eDiscovery Platform

With the wealth of advancements being made to the eDiscovery world, it’s natural for legal firms to want software that promises the most efficient discovery at the lowest cost.5 Questions to Ask Before Buying a New eDiscovery Platform

Unfortunately, choosing a new discovery platform isn’t simple. Legal firms must be aware of the costs and considerations that go into implementing new software. Ask yourself these five questions before breaking the bank on new discovery tools:

1. What software is preferred by your attorneys?

Involve your attorneys in the research process when selecting a new platform. Given that your legal team will be the ones using the software, their likes, dislikes, and preferences should be considered. This will help guarantee a smooth transition when implementing the new program, and ensures that your team will be prepared for its use.

2. How will the technology be used?

The way the software will be used by your attorneys will dictate which platform will best suit your needs. Why strain your budget purchasing advancing analytic and reporting capabilities if your legal team will never use them?

3. Can the new technology be adapted to your IT system?

The eDiscovery platform of choice must be adapted to fit in your IT infrastructure.

Involving your firm’s IT department in software selection is a necessary part of the process. Your IT administrators can help determine whether the specs of eDiscovery software can integrate with your hardware and other programs. Involving IT experts in the selection will also prepare them to implement the software after purchasing.

4. Do you understand all technology costs?

The costs of a new eDiscovery platform aren’t limited to those proposed by the vendor. Before purchase, firms must understand their software’s cost. This includes cost of purchase, external costs to operate said software, and the time of the contract.

Internal costs and project management expenses eat up more of your budget than many attorneys’ realize. Variable vendor fees can also create situations where attorneys must choose where to allocate their resources. These hidden expenses make the true cost of new eDiscovery software tricky to assess.

5. Where will you store the data?

Data storage is a pressing concern for the eDiscovery landscape, particularly as data security becomes more important for legal teams and their clientele.

Some vendors offer cloud-based storage for legal client data, while other firms may prefer to store their data in-house. Each of these options presents its own set of challenges and expenses. Firms must assess their own security capabilities and determine whether third-party data storage is more secure and affordable than the measures they already have in place.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter

Personal Accountability: The Need for Patient Controlled Records

Personal Accountability: The Need for Patient Controlled Records

Though the use of clinician Electronic Health Records (EHRs) is the standard for patient data storage, researchers at Boston Children’s Hospital are pushing away from this framework in favor of giving patients more control over their data.

The Tech Myth

A common misconception in the healthcare industry is that medicine relies on complex and specialized IT systems for data storage.Personal Accountability: The Need for Patient Controlled Records The opposite may be true. Specialized software leads to extensive IT costs and strenuous physician workloads, all to aggregate data in a fragmented system that patients can’t access on their own.

This creates challenges on both the patient and provider sides: clinicians must struggle with burdensome systems and expensive IT infrastructure while patients must deal with having their information spread across as many EHR systems as providers they see. This system creates a lack of transparency for patient data and makes it difficult for both patients and providers to view the big picture for each patient’s health history.

Empowering Patients

Giving patients a centralized way to control and manage their health data offers several advantages over the current system:

  • Patients can collect data from many providers seen, providing a 360-degree view of health history and outcomes across providers
  • A comprehensive database of health encounters helps providers coordinate care across specialties
  • Data governance allows patients to supply their own information or correct errors that healthcare providers may not notice

Isaac Kohane, MD and chair of the Department of Biomedical Informatics at Harvard Medical School commented on the need for patient controlled records:

“EHRs and patient portals were plan B … We should go back to plan A, which was to create patient-controlled data stores that compile all pertinent data across a patient’s lifetime and is the patient’s to share as they see fit.”

Steps to Patient Controlled Records

Giving patients universal access to their health records will require a large-scale shift of industry priorities and initiatives. The current infrastructure doesn’t support cooperation between clinicians or data visibility. Kohane and the research team at Boston Children’s listed several steps that could help create a system where patient controlled data is the norm:

  • Receive stronger incentives from the Centers for Medicare and Medicaid Services, with private insurers that support giving patient’s access to data.
  • Create consistent public application programming to enable patients to access their data.
  • Establish tools to give patients governance over who can access or change their data.
  • Adopt exacting security standards and authentication protocols to ensure data protection and accountability.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

5 Ways Managed Services Can Optimize Your Legal Spend ROI

5 Ways Managed Services Can Optimize Your Legal Spend ROI

Budget reduction is an endless effort for legal firms.

This is true as technology use continues to grow, creating new positions and pitfalls that many legal firms are ill-equipped to handle.

Enter Managed Service Providers (MSPs). These professionals use their skills to help legal firms better manage their IT infrastructure and give them the spending flexibility to improve processes elsewhere:

1. Optimizing Talent

MSPs allow for optimal use of your staff’s talent.

Technology use is prevalent in nearly every industry these days, requiring those with the skill sets to manage it. Often, this task falls to a legal professional or expert whose skills could be best leveraged elsewhere. MSPs take the IT burden off of legal firms and ensure that the software is configured without the need to sacrifice valuable expertise.

2. Centralized Management

MSPs have experience with software use and understand how each piece of the system works together. This lets them apply patches, updates, or software overhauls without disrupting day to day processes. Letting MSPs act as a single point of contact for technology management ensures that software adjustments will be handled efficiently and without compromising system security.

3. Better Consistency and Risk Management

The service agreement by MSPs guaranteed consistency for document drafting and template creation.5 Ways Managed Services can Optimize Your Legal Spend ROI This integration is essential in the legal and healthcare fields, as IT spend is notorious for being mismanaged by those unfamiliar with privileged data infrastructure. Qualified MSPs can improve the ROI of IT spend by integrating security and workflow processes. Some MSPs even create cybersecurity plans built from the ground up to integrate with overall IT efforts.

4. Fewer Providers

When multiple providers are involved, firms can lose sight of which services offer the best return. Multiple providers usually mean multiple service contracts too, creating varying sets of parameters and arrangements that require extensive manpower to manage.

Reducing the number of providers optimizes buying power, ensures greater consistency of procedure, and reduces the need for extensive data management. These benefits all contribute to reduced legal spend and more available attention for high priority matters.

5. Enterprise Support

Industry MSPs can integrate legal software into a firm’s overall IT infrastructure. This expertise helps bridge the gap between legal and technology, two areas that have had difficulty integrating in the past. All legal processes must be configured to meet the organizational needs of the firm. Doing so reduces wasted spend on hardware and software integration that fails to deliver results, and also contributes to an integrated business model where IT and legal processes work together seamlessly.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Tips Document Review CTA

Incident Response Plans: Preparing Your Agency Before the Next Breach

Incident Response Plans: Preparing Your Agency Before the Next Breach

Agencies, particularly those in the fast-developing field of data governance, must not assume that they’re safe from data breaches. According to research by the U.S. Government Accountability Office, involvement in a security incident may be a matter of when rather than if: information security events involving federal agencies increased from over 5,500 in 2006 to over 67,000 in 2014. Security incidents in the healthcare and information technology fields show similar growth, and most victims are unaware of their vulnerability.Incident Response Plans: Preparing Your Agency Before the Next Breach

Creating a Response Plan

Agencies must prepare for the eventuality of a security incident by designing an incident response plan that establishes basic processes for threat management. These include protocols for threat recognition, analysis, and recovery:

  1. Respond: Responding to an issue begins with defining security “events” and security “Incidents.” According to CEB, security events involve any occurrence within a secure system, while the term “incident” is reserved for events that pose an immediate threat to acceptable-use policies or basic computer security. Delineation between these two categories is important for planning a response process—incidents must be addressed, but not every event will need intervention.
  2. Investigate: Agencies must maintain consistency when responding to incidents. Standardized labels and categorization should be used for incidents to help agencies identify trends and patterns. This allows for more efficient problem identification and a faster overall response.
  3. Recovery: After categorization, agencies should prioritize recovery processes that mitigate damage and restore its systems efficiently. The recovery process itself is broken down into several phases:
  • Preparation – Selection of a specialized team with a single point of contact for incident response. This also includes creating systems for tracking and analyzing emerging threats in the environment.
  • Detection – Appropriate channels must be monitored to alert agencies to possible incidents.
  • Removal – Workflows for various incidents must help response teams act efficiently. These processes will involve steps for the containment and eradication of recognized threats. Part of effective threat removal is to monitor each step taken and keep records for future threat analysis.
  • Post-Recovery Response – After the threat is contained, agencies must assess the incident and determine how and why the breach occurred. This response is necessary to help agencies reinforce their security and generate new protocols for threat removal.

Security incidents can devastate unprepared healthcare and technology agencies. Incident response plans help safeguard privileged information and empower agencies to react quickly to threats. They also function as reporting systems to let each agency know how to better prepare their infrastructure to prevent more damage to an already compromised system.

Desh Urs iBridge LLC
Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

3 Truths of Improving Healthcare Processes and What You can do About it

3 Truths of Improving Healthcare Processes and What You can do About it

Healthcare providers are in constant search of efficiency.

And not just healthcare providers, either. Every organization out there could stand to benefit from process optimization in one form or another. It’s this basic idea that led Dr. William Edwards Deming to create his legendary 14 point plan for process evaluation efficiency over 75 years ago. These principles still hold true today, with several having special significance for improving the healthcare industry.

1. Improvement Relies on Process Management

Healthcare is complex, with many considerations. Improving processes usually means creating a better system to deal with challenges. However, it’s difficult to know exactly which processes generate the most impact. The Pareto principle applies to healthcare processes, with 20 percent of processes likely doing 80 percent of the heavy lifting. Healthcare organizations must identify these lynchpin processes and prioritize their efficiency to see the maximum return for their effort.3 Truths of Improving Healthcare Processes and What You can do About it

2. Improvements are Data-Driven

It’s as true for healthcare as it is for any industry: quality improvements rely on data. Data powers our decision making, provides context for processes, and helps ensure improvements do as they were intended. No process improvement can exist without data.

3. Managing Care and Managing Physicians are not the Same

The Deming principle of managed care was once misunderstood. Managing processes of care doesn’t mean removing agency from clinicians. Physicians are an essential part of improving health processes—they must be engaged and included in the discussion. Deming referred to clinicians as the “smart cogs” of healthcare processes. Involving physicians in the improvement process gives them a voice and helps ensure their interests are represented during times of change.

With Deming’s principles at work, we can look at how clinics can prioritize quality improvements in their organizations.

  • Implement an Enterprise Data Warehouse: A system wide hub for data and information helps provide a framework for your processes. We’ve established the necessity of data—and a centralized network of information is the best way to track whether your improvements yield results.
  • Use Pareto’s Principle: With 20 percent of processes creating 80 percent of the results, healthcare providers must know which processes are most important. Resources are limited, and quality improvements won’t come from supporting care processes that have little actual impact. Analytic tools can help providers identify these variable and resource-intensive processes.
  • Involve Everyone: Clinical teams, nurses, and physicians must all be involved in the improvement process. More perspectives offer new insights into what can be improved, and the talents of various clinical teams can inform your improvements with understanding and expertise that can’t be found elsewhere.

Dean Van Dyke iBridge LLC
Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know