It can be difficult to prove whether a cloud or managed hosting provider is certified HIPAA compliant because today no formal process or status exists to verify that claim. The HIPAA Security Rule allows the use of any security measures that reasonably and appropriately implement its standards and implementation specifications. For health care innovators, this wiggle room can cause some uncertainty about whether their IT infrastructure is compliant and secure, or in danger of a costly HIPAA violation.
Archive for the 'Layered Technologies' Category
Page 2 of 11
The PCI DSS (Payment Card Industry Data Security Standard) is in a release cycle this year, meaning version 3.0 will be released shortly. At this year’s recent Community Meeting of the PCI Security Standards Council, much discussion centered on the new version of the standard, which is why both me and our Chief Risk Officer, Jeff Reich, attended.
I have seen a shift in responsibility for overseeing and managing applications. Application monitoring and management is increasingly moving from application architects and developers and into IT operations. Our clients’ IT management folks are expected to be responsible for ensuring application health and performance and therefore are increasingly relying upon Layered Tech to provide management information and dashboard.
Christian Szell: Is it safe? Is it safe?
Babe: You’re talking to me?
You’ve made the decision to move to the cloud, but as with anything, all products aren’t created equal. And like with any complex decision, you need a roadmap.
But let’s start with something important – you need to start to Think Vertical. Many organizations have the responsibility for the compute, storage, data center and network split across manager. Of course, when you only have a few servers in a closet and you’re running a local area network to connect your PCs, it might have been OK. But today it doesn’t make sense. The optimal decisions are totally connected. Let’s say you acquire a new business in Japan. Should you get a high-speed network back to your servers in California? Should you buy a data center cloud service in Japan and put your own servers in there? Or should you connect to a compute & storage cloud service in Singapore?
The next time your IT staff comes to you with a server or storage purchase order and says, “And the price is $1 million,” put on your Jack Nicholson mask, do your best “A Few Good Men” impersonation,” and growl, “Is that the truth? I don’t think so because, you can’t handle the truth.”
The truth is the cost of that hardware is not $1 million. Oh, sure, it’s the one time purchase price, but just like application software, that’s just the beginning of the cost.
Recent changes to the HIPAA Rules through the HIPAA Omnibus Final Rule, may affect the way healthcare professionals do business. The changes, which became effective March 26, 2013, now apply the Security Rule not only to covered entities but also to business associates of covered entities and subcontractors of business associates. This means that any organization involved with electronic protected health information (EPHI) must have and follow a well-written information security policy with established practices and guidelines that protect this EPHI from falling into the wrong hands. Failure to comply with the HIPAA Rules could result in fines up to $1.5 million for all violations of an identical provision in a calendar year.
Continue reading ‘HIPAA Security Rule Controls: Do You Have Them?’
The First Annual Big Cloud Event took place in Minneapolis, MN in June. Layered Tech was a sponsor of this event, and I delivered a presentation on Big Cloud Adoption. This event was billed as the first annual; the second event is already scheduled for March of 2014 in Las Vegas, NV. Although many cloud-related topics were discussed at the event, many discussions focused on cloud adoption, or the lack thereof, for Fortune 1000 companies.
Continue reading ‘Are Security Fears Keeping You Out of the Cloud?’
Every customer running revenue-critical business applications should consider adding application performance monitoring and management. For this reason, we have taken our experience deploying application performance monitoring tools for our customers and released a standard managed solution. Our new Application Performance Management (APM) service, powered by AppDynamics, offers a “managed with” model in which we integrate APM with our customers’ managed hosting and cloud service. We handle the deployment, configuration, monitoring and assist clients with utilizing the APM solution.