Through its “Resonate” solution, echoBase provides a single mobile interface to electronic medical record, practice management, clinical and financial systems that allows clinicians to interact with electronic patient data in real-time, with or without an Internet connection. The solution currently works on both Apple iPads and iPhones/iPod Touches.

Gazzang’s solution, dubbed “ezNcrypt,” provides high performance, transparent data encryption for Linux, MySQL and other open source applications and services without requiring changes to the existing database or application code. It also ensures critical compliance with regulatory mandates including HIPAA, HITECH and Meaningful Use guidelines. Working together, both echoBase and Gazzang provide an end-to-end, secure solution for clinicians to access and manipulate sensitive data from internal systems, without the worry of costly regulatory violations or fear of data breaches — which has become a major issue lately.

“Security of patient information is an absolute requirement for our customers. You can’t handle this information ‘casually’ when people’s health and medical care is at stake,” said Brent Miller, President of echoBase. “That’s why we turned to Gazzang to provide an impeded layer of infrastructure for all of our mobile interface offerings. Gazzang’s ezNcrypt solution was easy to implement and integrate as the critical security fabric for our Resonate solution.”

From article on 12/29/11: http://mhealthwatch.com/echobase-debuts-secure-mobile-interface-for-healthcare-systems-using-gazzang-encryption-18480/

Listen HERE

About 4.9 million patients treated in San Antonio area military treatment facilities since 1992 have been affected by a health information breach involving the theft of backup tapes for electronic health records, federal officials say. If the numbers hold up, this would be the largest breach reported since the HIPAA breach notification rule, mandated under the HITECH Act, took effect in September 2009.

The Defense Department’s TRICARE healthcare program, which serves active-duty troops and their dependents, as well as military retirees, says one of its business associates, Science Applications International Corp., reported the breach Sept. 14. The tapes were stolen from the car of an SAIC employee who was responsible for transporting the tapes between federal facilities in San Antonio “pursuant to contract requirements,” an SAIC spokesman says.

“There is no indication that the data has been accessed by unauthorized persons,” the SAIC spokesman says. SAIC is working with the local police department, Defense Criminal Investigative Services and a private investigator to attempt to recover the tapes, the spokesman adds.

Information on the breached tapes may have included Social Security numbers, names, addresses, phone numbers and some personal health data, such as clinical notes, lab tests and prescriptions, according to a TRICARE statement. The tapes did not contain any financial data.

“Some personal information was encrypted prior to being backed up on the tapes,” the SAIC spokesman says. “However, the operating system used by the government facility to perform the backup onto the tape was not capable of encrypting data in a manner that was compliant with a particular federal standard. The government facility was seeking a compliant encryption solution that would work with the operating system when the backup tapes were taken.”

TRICARE “does not have a policy” on encryption of backup tapes, a TRICARE spokesman says.

Under the HIPAA breach notification rule, breaches of information encrypted in compliance with a federal standard do not have to be reported.

“The risk of harm from loss of the tapes is judged to be low since retrieving the data on the tapes requires knowledge of and access to specific hardware and software, and knowledge of the system and data structure,” according to SAIC.

Reviewing Data Protection

Both SAIC and TRICARE are “reviewing current data protection security policies and procedures to prevent similar breaches in the future,” according to the TRICARE statement.

TRICARE and SAIC also are working together to identify all beneficiaries whose information may have been involved. “Individual notifications have not begun,” a TRICARE spokesman says. “That determination will be made based on the results of the ongoing investigation.”

SAIC and TRICARE have not yet determined whether any patients affected by the breach will be offered free credit protection services, the TRICARE spokesman says. “That will be determined based on the results of the ongoing investigation, when a more accurate estimation of the risk to our beneficiares will be possible,” he adds.

Those affected by the breach, according to the TRICARE statement, were patients who received care (including the filling of pharmacy prescriptions) from 1992 through Sept. 7, 2011, at San Antonio area military treatment facilities, and others whose laboratory workups were processed in these facilities even though the patients were receiving treatment elsewhere.

A brief statement on the SAIC website acknowledges that the company has set up an “incident response call center,” but provides no further details beyond a link to TRICARE’s statement.

TRICARE hired SAIC to handle “the storage of some TRICARE health information,” the TRICARE spokesman says. “That contract continues.”

The TRICARE incident is one of five affecting more than 1 million individuals that have been reported since the HIPAA breach notification rule took effect (see: Healthcare Breaches: A New Top 5).

Reaction to the Incident

Security consultant Kate Borten, president of The Marblehead Group, says: “What’s particularly distressing about this news is that TRICARE should be encrypting. The organization should have had reasonable controls in place.”

Borten also questions whether the risk of someone accessing the data on the stolen backup tapes is, indeed, low. “The potential gain from almost 5 million records to data mine and sell might be motive enough” for someone to take all the necessary steps to access the data, she says.

Borten notes that more healthcare organizations are dropping the use of tapes and other physical media for backup purposes, shifting to an Internet-based, or cloud computing, backup storage model. “Of course, there are security risks either way,” she notes. But by using the Internet, “there are no more tapes to get lost or stolen.”

All healthcare organizations that use backup tapes must take adequate steps to protect the tapes, says Adam Greene, a former official at the Department of Health and Human Services’ Office for Civil Rights, which enforces the breach notification rule. “In general, it’s important for HIPAA covered entities to ensure that backup tapes are included in their risk analysis and risk management plan,” says Greene, a partner at the law firm Davis Wright Tremaine LLP. “If encryption is not feasible, covered entities should focus on strong administrative and physical safeguards, such as clear procedures that ensure that backup tapes are locked up at all times.”

Greene notes that when business associates maintain backup tapes, healthcare organizations need to thoroughly investigate how the tapes are safeguarded to help avert large potential breaches.

http://www.healthcareinfosecurity.com/articles.php?art_id=4105&opg=1

As a managed IT services provider, it’s important for your team to have strategic consulting skills and effective processes, which ultimately lift sales. Think about the following words: Proficiency. Expertise. Talent. Skill. Art. Knowledge is power. Working with the most knowledgeable and talented people on the planet is a great way to relieve stress, move your business forward, and sleep well at night.  As a business owner, working with experts whose expertise and integrity you trust is a truly magical experience. Check the box, move on to the next problem.  These guys have my back.

As a buyer, the experience is manna from heaven.  As an MSP, delivering that experience consistently is the difference between success and failure. The good news is that the ability to deliver that kind of experience is completely achievable.  In fact, it is easier to be consistent here than it is with availability and backup.  Here are a few things you need to think about.

Develop expertise.  I work with Intronis partners Josh Smith and Chris Johnson from Untangled Solutions in California.  Several years ago, as the result of some lessons learned from taking part in the MSP Simulator hosted by CompTIA, these guys decided to get strategic and focused about their business.  They evaluated their customer base and their own expertise with one goal in mind – to figure out which customers they were helping the most.  After quite a bit of research and thought, they focused their business on getting better at delivering healthcare value.  Two years later, and these guys are making a killing and are working exclusively in the healthcare space.  They deliver more value. They win more jobs and get more referrals.  The customers are happier. Not hard to do, just smart.

Study hard.  If you choose to find out what you are good at, like my friends at Untangled, the next job is to become the best around at what you do. Assuming you chose to do something that you already enjoy some level of expertise with, spend time figuring out what you don’t know and what problems you cannot solve for your customers and go get that core competency. Certification, vendor training, hands on effort, hiring the right resources and whatever else it takes to establish that level of competency. Make a plan and go do it.  Get better than everyone else and enjoy the view from above.

Build effective process. Recently I was on the phone with a Canadian Master MSP who is growing like a weed and signing up resellers on an almost daily basis.  As a result of an inability to scale to the mid-market effectively, in addition to razor thin margins, the Master MSP model has been suffering over the last few years. So, I asked him what he was doing that was different – here was his answer.  “We are entirely process driven.  In fact, process is our primary focus.  As a result, we deliver a level of consistency that our predecessors were unable to achieve.  Our MSP customers know what to expect from us every time.  It makes a huge difference.”

Do what you are good at, invest in getting better at it, and make it reliable and repeatable.  I hope that sounds somewhat familiar to everyone.  It is really at the core of what most coaches are telling their MSP customers to do.  The only thing I would add is to be deliberate about it.  Make the way you do these things the focus, not the things themselves.  Then, you can pick almost anything and be successful with it.

From article: http://www.mspmentor.net/2011/09/19/how-to-master-consultative-value-based-selling/

PALO ALTO, CA – Patient data lost while in the hands of a business associate becomes “extraordinarily” difficult to track, says one expert, who identified data-centric protection as a way to safeguard information like that recently exposed at Stanford Hospital and Clinics.

The New York Times is reporting that the Stanford breach involved the medical records of 20,000 emergency patients, containing information such as names, diagnosis codes, account numbers, admission and discharge dates and billing charges for patients seen during a six-month period in 2009.

The sensitive information was residing on a website called “Student of Fortune” for almost a year before it was discovered by a patient. Hospital officials are unsure how this data, in the form of a spreadsheet, got on the site, as it was in the care of its billing contractor – identified as Multi-Specialty Collection Services, according to the New York Times.

When sensitive data like this is shared with a business associate, a provider is “essentially buying their capacity to protect that information,” says Geoff Webb, director of product marketing at Credant Technologies in Addison, Texas.

Webb says he would expect that if the billing company was handling this type of sensitive data it would have technical controls in place such as real-time monitoring capabilities, data loss prevention, encryption and post breach analysis and monitoring. (How would anyone know without a Risk Analysis?)

But when data is taken outside an organization’s network, he says it’s critical that there’s data-centric protection as well, which would serve to protect the data even if an employee moved it around.

Webb says healthcare organizations need to “nail” these data control issues now – especially as cloud adoption becomes more prevalent. Indeed, these breaches will look modest compared to what could happen in the future, given the amount of data that can be stored in the cloud, he warns.

http://www.healthcareitnews.com/news/stanford-hospital-breach-shows-danger-losing-data-control?topic=06,08,17,29,18,19

Los Angeles-based IT managed service provider Untangled Solutions announces the election of main principal Chris Johnson as Chairperson of the Healthcare IT Community for CompTIA, a non-profit association and recognized global leader in IT workforce development.

CompTIA representatives stated, “The CompTIA Healthcare IT Community addresses the challenges and opportunities in the creation, delivery and service of healthcare-related technologies. This community is focused on creating standards, best practices and educational resources for IT businesses developing a healthcare solutions practice. EMR (electronic medical records), HIPAA (Health Insurance Portability and Accountability Act), and public policy initiatives are key focus areas for this group.”

Chris Johnson responded to the selection by saying, “I am passionate about seeing the healthcare IT community grow. My aim will be to reach out to the partners and vendors that we have built relationships with to help create educational content and participate in our goals of a vendor-neutral community. This is what drives our business successes and gives the healthcare industry a beacon they can set their sights on. Our goal is to create a resource for healthcare providers looking for IT support that will meet or exceed the requirements and regulations in the healthcare community.”

For additional information, contact Joshua Smith at Joshua@UntangledSolutions.com, call 909-563-8575 x102, or visit www.UntangledSolutions.com.

About Company: Untangled Solutions LLC is a Los Angeles-based IT Managed Service Provider (MSP) offering consulting and solutions for business/technology needs in the healthcare sector.

From the article: Untangled Solutions, Los Angeles’ leading IT consultancy for healthcare, has been testing a CloudCommand-powered wireless network, and Joshua M. Smith, one of Untangled’s leading strategists, says: “I’m beyond happy with the performance and really appreciate the SMS alert feature. When there is a network issue, the access point immediately texts our engineer’s cell phone, and he fixes the problem from his desk before the customer even knows something’s wrong.”

Untangled Solutions began implementing this network management service several months ago as part of our full managed services offering. The service allows us to maintain our clients’ networks seamlessly and proactively eliminating downtime.

Press Release:http://www.prnewswire.com/news-releases/cloudcommand-powered-d-link-access-point-earning-raves-from-channel-112236249.html

Learn more about Untangled Solutions’ Managed Services: http://www.untangledsolutions.com/services/

eGestalt’s SecureGRC SB is specifically designed for smaller Covered Entity’s (CE), which includes single practitioners and small medical groups in the Healthcare field. This includes Doctors, Dentists, Chiropractors, and Psychologists, Nursing care or any small practice that deals with patient health information (PHI). This service allows simplified HIPAA/HITECH compliance for the private medical practice.

Chris Johnson (CEO, Untangled Solutions) stated, “Healthcare IT solution providers need a tool to help their medical practice clients with conforming to HIPAA and other compliance standards. eGestalt takes the mystery out of the compliance process. eGestalt allows us to automate the audit process and provide tangible evidence of what needs to be addressed and how to address it within a medical practice.”

Download PDF for additional details.