Archive for the 'Security News' Category

Visit Layered Tech at HIMSS14

On September 23, 2013 the HIPAA Omnibus Rule went into effect. This rule provides further clarification to a complex set of requirements. It also defines some potentially catastrophic penalties associated with a Protected Health Information (PHI) or Electronic Protected Health Information (ePHI) breach.

Whether your company is a Business Associate, or a Covered Entity, the HIPAA Omnibus Rule has a significant impact on the policies and security measures in place for your hosting environments.

Continue reading ‘Visit Layered Tech at HIMSS14′

Top 10 HIPAA Data Breaches of 2013

With 2013 in the books, it’s time to look back at some of the biggest health information privacy blunders of the year. The list below represents the ten largest HIPAA data breaches as tracked by the U.S. Department of Health & Human Services (HHS), based on the total numbers of affected individuals.

While penalties haven’t been handed down and lawsuits settled, each of the below likely represent millions of dollars in fines and settlements. For example, during 2013 HHS handed out penalties ranging from $150,000 to $1.7 million. Potential class action lawsuits and the cost of providing fraud protection for those affected can quickly propel those costs into the tens of millions or even billions.

So on that happy note, let’s dive in!

Continue reading ‘Top 10 HIPAA Data Breaches of 2013′

10 Reasons Why Migrating to the Cloud Makes Sense

I had the opportunity to attend and speak at recent KANAConnect events in the US and Europe. I was surprised and delighted at the breadth of discussion and focus placed on cloud computing and the forward-thinking direction of many of the attendees.

One thing that was quite clear and different from what I’d experienced at past KANA events was the overall mindset towards the cloud playing a larger role in the future growth plans of the majority of the companies in attendance.

Continue reading ’10 Reasons Why Migrating to the Cloud Makes Sense’

Startups That Fly – Layered Tech’s Role

As Director of Compliance and Security services at Layered Tech since 2008, I have seen our Compliant Services business grow significantly during that time. With that growth, there has been a noticeable phenomenon related to our startup clients who have reached an attractiveness level high enough to become acquisition targets.

We are in a unique position to see this happen from start to finish. It is a behind-the-scenes supporting role where our economy of scale and simplified audit-service goals lend upward momentum. I have seen this happen several times, including with Layered Tech itself. It is a topic that deserves some background, so let me lay out an example of what I mean.

Continue reading ‘Startups That Fly – Layered Tech’s Role’

Hooray for HITRUST

It can be difficult to prove whether a cloud or managed hosting provider is certified HIPAA compliant because today no formal process or status exists to verify that claim. The HIPAA Security Rule allows the use of any security measures that reasonably and appropriately implement its standards and implementation specifications. For health care innovators, this wiggle room can cause some uncertainty about whether their IT infrastructure is compliant and secure, or in danger of a costly HIPAA violation.

Continue reading ‘Hooray for HITRUST’

Q4 Update From Layered Tech CEO Jack Finlayson

I’m excited to update you on the progress and status of Layered Technologies (LT) Inc. as we begin the fourth quarter of 2013.

Continue reading ‘Q4 Update From Layered Tech CEO Jack Finlayson’

Preparing for New Payment Card Industry Data Security Standards

The PCI DSS (Payment Card Industry Data Security Standard) is in a release cycle this year, meaning version 3.0 will be released shortly. At this year’s recent Community Meeting of the PCI Security Standards Council, much discussion centered on the new version of the standard, which is why both me and our Chief Risk Officer, Jeff Reich, attended.

Continue reading ‘Preparing for New Payment Card Industry Data Security Standards’

What You Need To Know About Application Performance Management

I have seen a shift in responsibility for overseeing and managing applications. Application monitoring and management is increasingly moving from application architects and developers and into IT operations. Our clients’ IT management folks are expected to be responsible for ensuring application health and performance and therefore are increasingly relying upon Layered Tech to provide management information and dashboard.

Continue reading ‘What You Need To Know About Application Performance Management’

Is It Safe?

Some of you might remember the movie Marathon Man starring Dustin Hoffman as Babe.  In it, he is repeatedly questioned by the former Nazi SS dentist, Dr. Christian Szell and asked, “Is it safe?”

Christian Szell: Is it safe? Is it safe?

Babe: You’re talking to me?

Continue reading ‘Is It Safe?’

HIPAA Security Rule Controls: Do You Have Them?

HIPAA security rules and HIPAA compliance requirementsRecent changes to the HIPAA Rules through the HIPAA Omnibus Final Rule, may affect the way healthcare professionals do business. The changes, which became effective March 26, 2013, now apply the Security Rule not only to covered entities but also to business associates of covered entities and subcontractors of business associates. This means that any organization involved with electronic protected health information (EPHI) must have and follow a well-written information security policy with established practices and guidelines that protect this EPHI from falling into the wrong hands. Failure to comply with the HIPAA Rules could result in fines up to $1.5 million for all violations of an identical provision in a calendar year.
Continue reading ‘HIPAA Security Rule Controls: Do You Have Them?’