Archive for the 'HIPAA Compliance' Category

Up and to the Right: Layered Tech advances in Gartner Magic Quadrant

Published on May 15, 2013 in Cloud Computing, Compliant Hosting, Dedicated Server Hosting, FISMA Compliance, HIPAA Compliance, Hosting Industry, Industry Expert, Layered Technologies and PCI Compliance. 0 Comments
Posted by

Gartner Research logoGartner recently published the 2013 edition of the Magic Quadrant for Managed Hosting which included Layered Tech. Since our first inclusion in 2010, Layered Tech has significantly increased our ranking and position with respect to completeness of vision and ability to execute. We have consistently moved up and to the right.

To be considered for the Gartner Magic Quadrant for Managed Hosting, providers must deliver on-demand, enterprise-class managed hosting services, have a presence in multiple North American metropolitan areas, and be among the top 15 North American providers by market share. Gartner’s quadrant-based categories rate providers by “vision” – the ability to anticipate and meet customer needs – and by service-delivery excellence, based on customers’ experiences.

I have worked closely with Gartner over the past few years to help them gain deeper insight to our business, our clients, the workloads we serve and our significant differentiators. I have introduced Gartner to many of our staff and clients, to help them understand our unique abilities. As a result, the latest Gartner ratings show rapid ascension for Layered Tech along both the vision scale and the service-execution scale.

Simplifying Complexity and Reducing Risk

As one of the more focused and intimate managed hosting service providers in the Magic Quadrant, Layered Tech is recognized for its ability to manage complex hosting needs with stringent security and compliance requirements, as demonstrated with our strong SLA and compliance guarantee. Managing complex web applications and helping to achieve and maintain security or compliance objectives is a key focus of the Layered Tech business. Our ability to help clients reduce the risk to security threats and to completely achieve compliance with respect to the IT controls is a significant differentiator.

Gartner also recognized our strength and commitment to automate service delivery and change within the ITIL-based change-management framework. This is core to our ability to deliver a high quality of service to our clients.  The Layered Tech automated workflow introduces check points to mitigate change risks, automates operations and improves communications.

Compliance Expertise Recognized

Last year’s Gartner report noted that Layered Tech is one of the only providers capable of delivering comprehensive PCI and HIPAA-compliant hosting services for the electronic payment and healthcare markets. This year’s report cites Layered Tech’s expansion into the federal government FISMA compliance market as a new company strength. I would add that we also perform extremely well with SaaS/ISVs, eCommerce and Media.

We think Gartner has done a great job of highlighting some critical strengths and key target markets for Layered Tech. We will continue to drive upward momentum as we work to find new ways to serve customers and anticipate their cloud hosting and compliance needs.

Kevin Van Mondfrans, VP of Product ManagementAbout the Author: As Vice President of Product Management at Layered Tech, Kevin Van Mondfrans (@VANMONDFRANS | +Kevin Van Mondfrans) is responsible for driving the Layered Tech portfolio of infrastructure as a service (IaaS) and managed service offerings. With more than 20 years of experience product development and marketing, Kevin has been delivering innovative computing, storage, cloud and service offering with companies such as HP, Dell, and Savvis.

Mixing Clients in the Cloud

Published on October 17, 2012 in Cloud Computing, HIPAA Compliance and PCI Compliance. Closed
Posted by

The recently announced Layered Tech Cloud Data Center platform extends our experience in delivering secure and compliance solutions to the cloud, without sacrificing business agility. We have operated secure multi-tenant virtualized platforms for many years including our virtual private server (VPS) platform (since 2007) and our Matrix community cloud (since 2009). Now we offer a completely virtualized cloud data centers environment with optional PCI and HIPAA compliance service and guarantee.

We operate our Cloud Data Center platform in “mixed mode” which means we enable clients with internal or regulatory compliance requirements like PCI-DSS, HIPAA or ISO27001 as well as clients that do not have this requirement. What “mixed mode” means is that we manage the entire environment to meet our highest level of compliance, but enable our customers to select services for each workload based upon their desire for additional preventative services, reporting and audit assistance. Clients do this with a drop down menu selection when ordering their environment or virtual machine. It pretty simple for clients to add and we automate over 200 steps to build that environment in just minutes.

Figure 1: Selecting Compliance Management when configuring your Cloud Data Center.

The benefit of running in a secure cloud platform is a higher degree of isolation between clients and workloads along with greater protection from external and internal threats of a hack or data breach.

What differentiates a compliant cloud platform from other clouds is our ability to ensure that our clients’ environments are isolated, secure, and protected. But it does not stop there; achieving compliance involves a higher degree of planning, management and transparency. Not only do we collect and share data, we analyze the data and proactively involve the client when potential issues are discovered.

The term ‘compliant cloud’ has actually been circulating for some time. Unfortunately, many cloud providers that claim to offer a compliant cloud are just making log data available but requiring that the client do the analysis. Layered Tech actively manages compliance and offers a 100% compliance guarantee to pass every IT audit for PCI DSS compliant hosting or HIPAA/HITECH compliant hosting.

Learn more about compliant clouds by reading our white paper, “Reducing Risk and Increasing Marketability with PCI-Compliant Community Clouds”.

Kevin Van Mondfrans, VP of Product ManagementAbout the Author: As Vice President of Product Management at Layered Tech, Kevin Van Mondfrans (@VANMONDFRANS | +Kevin Van Mondfrans) is responsible for driving the Layered Tech portfolio of infrastructure as a service (IaaS) and managed service offerings. With more than 20 years of experience product development and marketing, Kevin has been delivering innovative computing, storage, cloud and service offering with companies such as HP, Dell, and Savvis.



cta-whitepaper-2



Verizon Enters HIPAA Compliance Market

Published on October 4, 2012 in HIPAA Compliance. Closed
Posted by

Layered Tech was excited to see Verizon’s October 1 announcement highlighting their new cloud portfolio supporting the Healthcare security requirements, because it provides further validation that the Healthcare industry is rapidly growing and truly needs solutions to meet the stringent HIPAA compliance regulations.

We welcome them to the market, and wanted to highlight some critical advantages Layered Tech offers over Verizon and other major service providers that are new entrants. Layered Tech has gained a unique understanding and reputation as the “service provider to the service provider,” becoming highly valued partners to software developers (ISV’s) that are building SAAS or hosted solutions to support the healthcare providers. In addition, we continue to provide secure and compliant solutions directly to the broader Healthcare ecosystem, such as Accountable Care Organizations and Payer Networks.   Further, most of these solutions are delivered in secure and compliant cloud environments, for which we are the leader.

Layered Tech has been supporting secure and compliant cloud and hosting solutions for the Healthcare (HIPAA Compliance), Payment Card Industry (PCI Compliance), and Federal (FISMA Compliance) markets for many years. This means that we not only provide all of the key infrastructure, security and compliance capabilities, but we have actually passed hundreds of audits allowing our customers to be fully compliant.

Despite all of the hype around their announcement, Verizon actually said in the press release that “each client remains responsible for ensuring that it complies with HIPAA and regulations.”  At Layered Tech, we fully manage the compliance requirements of our customers to the extent of actually providing a Compliance Guarantee.  We do not leave it up to our clients to manage their own compliance needs.

Our leadership was recently reinforced with the launch of our next generation Cloud Data Center platform that has automated all of the security and compliant tools required to meet the industry and federal regulations for HIPAA and PCI.  The new Layered Tech Cloud Data Center platform also comes with the same Compliance Guarantee, so you can trust Layered Tech to manage this for you.

Great to see some bigger players like Verizon entering the HIPAA compliant hosting market, but we encourage healthcare companies to look to the true security and compliance experts at Layered Tech to solve their needs.

Brad Hokamp, Layered Tech PresidentAbout the Author: As President of Layered Tech, Brad Hokamp (@bradhokamp) brings over 26 years experience working in the IT and networking industry to his role.  His responsibilities include leading our sales and marketing efforts, as well as product management, customer service and business development initiatives.

Where Are You on HIPAA Compliance?

Published on September 13, 2012 in HIPAA Compliance. Closed
Posted by

Electronic Health Records for HIPAAHealthcare information and the push to adopt Electronic Health Records by 2014 can be very intimidating.  The Medicare and Medicaid programs provide incentives to eligible professionals, hospitals and critical access hospitals as they adopt, implement, upgrade or demonstrate meaningful use of certified Electronic Health Record (EHR) technology.  For many healthcare professionals, this is a daunting and scary proposal.  Firstly, it can change the way a practice is conducted.  Secondly, the cloud or internet can be a very confusing place.  The prevailing notion of the cloud is that is it an unsafe place over which you, as a user, have no control.

THIS DOES NOT HAVE TO BE TRUE!

Healthcare software companies can help professionals and hospitals through this.  Find a solution provider that can deliver the services that you need, not simply the one that they want to sell to you.  As with any industry where privacy and security are paramount, you should insist that within a cloud-based, multi-tenant service, you have all of the transparency that you want for:

  • Control of your systems and data
  • Integrity of your systems and data
  • Availability of your systems and data

This can be delivered in a variety of ways but all must be verifiable and compliant.  While the concept of compartmentalization might be new to some, the defense and government industries have been using it for years.  Simply put, this means that data are to be placed in classification buckets or compartments and people, by means of their background and job function, have access to the compartments needed by them.  As important, this concept ensures that those with no need to access a certain compartment do not have access to that.

As you determine how you are to adopt EHR, keep these values at top of mind.  When these criteria are met and your business objectives are achieved, you will be sitting pretty in the HIPAA, HITECH and EHR world.

Image credit: The National Guard

Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Additional Observations from the HIMSS12 Conference and Results from the Annual HIMSS Leadership Survey

Published on April 3, 2012 in Cloud Computing and HIPAA Compliance. Closed
Posted by

By Brian White, Director of Business Development for Layered Tech

HIMSS Health IT Conference and ExhibitionAs mentioned in the previous blog entry, Layered Tech recently attended the annual HIMSS Conference and Exhibition, the premier healthcare IT show of the year. In our last post, we recapped the main takeaways related to HIPAA, hosting and cloud computing, but there were some other aspects from the show we felt were noteworthy. Also, during the show, HIMSS released the results of its annual Leadership Survey. The findings illustrate the state of the industry, the challenges faced and the objectives that are top-of-mind for healthcare organizations.

One of the main news items from the conference was the delay in the federally mandated requirement to complete the migration to ICD-10, which has taken pressure off of healthcare providers. The final rule adopting ICD-10 as a standard was published in January 2009, and it set a compliance date of Oct. 1, 2013 – a delay of two years from the compliance date initially specified in the 2008 proposed rule. The U.S. Department of Health & Human Services has yet to announce a new compliance date. Although the delay was big news, many of the consulting services firms and the larger solution providers, such as Cerner, McKesson and Epic, are still heavily promoting their migration capabilites. In addition, HIMSS itself and other IT-related groups were telling their members and anyone who would listen to not slack off when it comes to ICD-10 preparedness.

HIMSS Leadership Survey Results

According to the Annual HIMSS Leadership Survey, for the first time in years, IT leaders at healthcare organizations did not identify a lack of financial support for IT as an obstacle to implementation; instead, concerns about staffing resources was cited as the key barrier to IT. The survey results, released on February 21, showed that one-quarter of respondents said adequate staffing resources within their organizations is the top barrier to IT implementation, and approximately two-thirds of respondents said their IT staff will increase in the next year. Leading areas of expertise in which survey respondents require staff include clinical decision support, network and architecture support, and clinical informatics.

As healthcare organizations move toward meeting their information technology priorities, key areas of focus, as reported by the survey’s technology leaders, are: achieving meaningful use and ICD-10; participating in health information exchanges (HIEs); addressing security concerns; and IT governance. Highlights include:

Nearly 90 percent of respondents expect to complete their ICD-10 conversion by the Oct. 1, 2013 deadline (survey results were captured before the ICD-10 delay was announced). Two-thirds of respondents also reported that implementing ICD-10 was the top area of focus for financial IT systems at their organization.

More than one-quarter of respondents have already attested to meaningful use. One-quarter of respondents also said that achieving meaningful use is the key business objective at their organization.

Almost half of respondents reported that their organization participates in an HIE. However, 22 percent of respondents said there is an HIE in their area in which they are not participating at this time.

Security continues to be a top concern for healthcare IT professionals. Approximately one-quarter of respondents indicated their organization has experienced a security breach in the past year.

IT is being successfully integrated into healthcare providers’ overarching business strategy. Half of respondents reported that the IT plan is part of the overall organizational strategic plan.

Key takeaway – Regulatory requirements are still driving healthcare IT spending. However, IT continues to be viewed as a strategic enabler of the overall healthcare provider’s business. This is leading to continued investment in personnel to address IT architecture and analysis. Areas not deemed to be core to the business are increasingly considered for outsourcing.



cta-whitepaper-2