Cut Cost
Cut Cost
Save Time
Save Time
Reduce Risk
Reduce Risk
Go Paperless
Go Paperless

Categories Archives: Privacy and Security

Is Cloud Computing for You?

Posted on by Frank 1 Comment

Cloud computing is a hot topic these days, but many don’t understand what cloud computing really is. Very simply, cloud computing involves the use of computer services accessed via the Internet. If you’ve ever bought a book from Amazon or paid a bill via your bank’s website, you’ve been computing in the cloud.

Is it safe?

When considering cloud computing, you might wonder if it’s safe. While the safety of public clouds can be debated, private clouds are considered more trustworthy to keep your data secure. That’s because private services utilize firewalls and other data security techniques to create a safe environment.

All business people care about keeping data secure, but it’s not usually cloud computing that puts your information at risk. Most data security failures have resulted from internal hardware and software failures or accidental deletions.

Cloud computing actually helps protect against such problems. By outsourcing your computing operations to companies that specialize in these services, your business has access to state-of-the-art hardware, software, and data security processes.

Leave IT to the pros

Most of us are in business to do something other than provide computer service. IT operations are not our strategic focus. So turning to cloud computing for data processing or IT applications for most of us is an improvement in how we handle our automated processes.

The fact of the matter is, more IT operations are moving into the cloud. Like it or not, we’ll all soon be doing most of our computing there, too.

Recent HIPAA Fine Is Reminder: Protect Health Records

Posted on by Frank Leave a comment

Does $865,000 seem like a lot of money to you?

That’s how much the UCLA Health System recently agreed to pay in order to settle potential violations of the HIPAA Privacy and Security Rules. UCLA will also have to come up with an action plan to put their system in compliance with those rules, as part of the settlement.

The original complaints stemmed from unauthorized employee access to electronic protected health information of patients. An investigation found that records were repeatedly accessed improperly, leading to the $865,000 settlement in early July.

OCR, the federal office overseeing HIPAA, has been cracking down on organizations that violate HIPAA rules, including another recent $1 million settlement with Massachusetts General Hospital.

Every business with employees is likely to manage records that are subject to HIPAA rules. If you know what you have and are properly protecting those files according to HIPAA, you should feel fairly confident that you’re safe from such litigation. If not, let this hard lesson for UCLA Health Systems be a reminder to get your health records in check–before your business faces a hefty fine from OCR.

My company, BIS, manages HIPAA-protected records for numerous health care organizations in the greater Cincinnati area. If you have questions or concerns about your business’ health care records management, please contact me. We’re happy to help ease your HIPAA worries.

Spring Cleaning for Your Business

Posted on by Frank J. Albi Leave a comment

Just as the fresh air and warmer temperatures of spring inspire us to give our homes a thorough cleaning, I think it’s also the perfect time to do a little spring cleaning in the office, too.

I’m not talking about dust bunnies under your desk or leftovers in the office fridge (but by all means, take care of those, too!) I’m talking about spring cleaning your records to ensure you save only what you need and safely dispose of the rest.

A good spring clean will reduce your risk and liability. Start by understanding the business records retention schedule regulations for your business records–personnel files and other HR records in particular. Once you know what you’re required to keep, you can create policies and procedures to be sure records are purged as soon as the applicable disposal period has been satisfied. Timely records purges not only reduce the cost of maintaining inactive files, they also keep possibly damaging records from being used by plaintiff’s attorneys.

Get organized and store the “keepers” to save time and maintain good records. How much time does it take for a file retrieval from your records storage area? Do you have a list of everything you have in file storage? Can you quickly find what documents you need? Time is money, but unlike money, once spent time can never be replaced. Every document you deposit at our Cincinnati document storage facility is barcoded and tracked by business records management software so that you won’t waste time when you need to retrieve records. You can also use tracking to tell you when it’s time to dispose of records so that you can painlessly purge your expired files to achieve compliance with your business records retention schedule. It’s like an automatic cleaning crew for your records.

Safely get rid of records you no longer need. After you fill all those bins with unwanted files (both printed and digital), what are you going to do with them? You can’t simply put them out with the garbage like household trash. Make sure you securely shred the paper and destroy the electronic data. Once the excess clutter is out of your office, you can really enjoy all the extra space and efficiency that comes from a good spring cleaning.

Doing Business Up in the Clouds

Posted on by Frank J. Albi Leave a comment

Have you heard the term “cloud computing” or simply “the cloud” and wondered what the heck it’s referring to? I know a lot of business executives have probably come across this concept and scratched their heads, and maybe even worried about how this cloud could affect their companies.

Essentially, cloud computing means computer processing that’s done via Internet. Take Gmail, for example. Google provides you with free email service, using data centers located in different cities. If you have a Gmail account, you’re already in the cloud.

If you really want to get a good overview of cloud computing and what it means to you, read this recent Infoworld article. It outlines the various types of cloud computing, including software as a service (SaaS) such as Salesforce.com, web-based services like ADP payroll processing, and managed service providers (MSP). After running through the various cloud concepts, the author concludes:

Today … cloud computing might be more accurately described as “sky computing,” with many isolated clouds of services which IT customers must plug into individually.

So should you tether yourself to the “grounded” computing you’re used to, or float up into the cloud? Well, think of it this way: What if you had stubbornly clung to keeping all your business data on floppy disks, even as they shrank in size and eventually disappeared altogether? Or forced your employees to keep clacking away on typewriters when competitors moved to PCs?

Similarly, technology continues to evolve, and the practice of computing  in our own data centers will disappear. Business today–and increasingly, tomorrow–will be done in “the cloud.”

Worried about what happens to the data you store in these cloud-based systems and programs? Don’t be. The cloud is actually much safer than your own computer. Due to economy of scale, the cloud can provide higher levels of data security and backup than any individual user can by mirroring data on redundant computers in different locations.

The privacy of your data is another matter. My only advice is to read service providers’ privacy policies and decide if you trust them to comply with their own policies.

New Red Flag Rule: Are You Ready?

Posted on by Frank J. Albi Leave a comment

Just when you think your business complies with the major privacy and security rules–HIPAA and Sarbanes-Oxley immediately come to mind–another piece of legislation throws you for a loop.

So it happened with the Federal Trade Commission‘s new Red Flag Rule, which requires financial institutions and creditors to develop and implement written identity theft prevention programs. A lot of business people I’ve talked to are confused about what the Red Flag Rule will mean for their companies when enforcement begins Dec. 31, 2010 (though this has been delayed numerous times in the past three years).

If you’re unsure about the Red Flag Rule, take a look at this FTC Business Alert to get a good overview of the legislation. I also like this free downloadable guide from the FTC called Protecting Personal Information. The 15-page guide outlines five key principles that a sound data security plan is built on:

  1. Take stock. Know what personal information you have in your files and on your computers.
  2. Scale down. Keep only what you need for your business.
  3. Lock it. Protect the information that you keep.
  4. Pitch it. Properly dispose of what you no longer need.
  5. Plan ahead. Create a plan to respond to security incidents.

After reading up on the Red Flag Rule, if you still have questions or concerns about compliance, please get in touch with us. We’d love to talk with you about how BIS can help your company get a handle on this important issue.