Blog Archives

Lose my data? LOL. Not a chance!

Data is everywhere. And for many users, their data is everything. Documents, photos, videos, and other files cover years of life lived, experiences shared, and work completed. But recent research shows that the cost of lost or stolen data is on the rise. For businesses, the average cost per record rose $158 last year. For personal users, meanwhile, it’s easy to make the case that real “data loss” only happens to large companies and enterprises. After all, you’re careful with your data—always super cautious about saving information and even duplicating on to a USB stick or external hard drive. There’s no chance you could ever lose your data, right?

Right?

Data dangers

Let’s suppose you’re really careful. Like really careful with your data; you never shut down your laptop or desktop without making sure that files are properly saved, stored in the right directory, and time-stamped within the last few minutes. Plus, you’re regularly backing up everything to a USB stick or hard drive. What’s the worst that could happen? For starters:

Lost or stolen: You get distracted at the coffee shop and someone runs off with your laptop, or it gets lost in the shuffle when you move to a new apartment. Sure, you’ve got that memory stick, but when was the last time you backed it up?

Hard drive failure: Hard drives aren’t perfect, and a recent study found that some have failure rates pushing 10 percent. If your hard drive stops spinning, your data goes kaput.

Ransomware: Maybe you opened that email attachment marked “URGENT” or visited a shady website. And maybe your PC is infected with ransomware, locking you out of your files. Every. Single. File.

It’s funny, right?

And those are just the “ordinary” ways to lose all your data. We’ve all had days where Murphy’s Law seems out to get us. What about:

Pool party: Don’t laugh. It happens. You’re on vacation, bring the laptop for work or play and after a day of too much sun and fun someone bumps your device and…splash!

Scary spills: You’re up late or starting early, barely hanging on. Your cup of coffee somehow misses the mark or your kids burst in and…hisssssss. Computers and caffeine don’t mix.

E-rage: We’ve all thought about it: Tossing that laptop off a balcony or breaking it in two when it won’t cooperate. If you’re tired enough, stressed enough, or had the worst day, your device may not make it through the night.

Of course, none of these scenarios could happen to you. Right? But just to be on the safe side, it’s worth considering another line of defense: Cloud-based storage from Mozy that automatically replicates your data and can restore lost or stolen files if laptops go missing or physical drives bite the dust. Plus, it’s one less thing for you to worry about. Use your device, live your life, and let Mozy take care of the rest.

Cloud Computing and Healthcare: Understanding the HIPAA Omnibus Rule

Note: This is blog 2 of 4 in our HIPAA series.

Now that you’re equipped with a basic understanding of HIPAA provisions, and how they apply to Covered Entities (CEs) and Business Associates (BAs), it’s time to dig deeper and look at some of the most important changes to this legislation during the last few years. The Omnibus Rule is the most relevant to health care because it governs, at least in part, the way health agencies leverage and interact with cloud computing services.

HIPAA highlights

Before diving into HIPAA changes and cloud compliance highlights, here’s a refresh: The Health Insurance Portability and Accountability Act (HIPAA) was adopted in 1996 and lays out specific regulations for companies that handle electronic protected health information (ePHI). Critically, these companies are responsible for keeping records of all disclosures of PHI, encrypting all PHI, and meeting other HIPAA security standards. Failure to comply—even through ignorance—can result in a $50,000 fine for the first offense and $1.5 million for the same offense in a calendar year.

Changing conditions

Think of HIPAA like a living piece of legislation that is constantly being assessed and modified to fit current needs. As a result, changes have emerged in recent years which impact both first-party health agencies and third-party providers.

According to HIPAA Journal, the Security Rule as revised in 2013 lays out specific administrative, physical, and technical safeguards that must be in place to ensure data security. These include Business Associate Agreements (BAAs) with third parties who access PHI, controls for devices and media used to store ePHI, and limits on who can remotely access ePHI. In addition, the impermissible use or disclosure of protected health information (that is, a violation of the HIPAA Privacy Rule) is presumed to be a breach unless the CE or BA, as applicable, demonstrates that there is a low probability that the protected health information has been compromised, such as through the use of strong encryption.

The new rules that became effective in 2013 also included changes such as:

   •     Expanded patient rights to request copies of their ePHI in electronic form.
   •     Prohibited the sale of health information for marketing or fundraising without patient permission.
   •     Introduced risk assessment methodology to determine the probability of ePHI compromise.

More recently, The U.S. Department of Health and Human Services released guidance on the applicability of HIPAA to cloud service providers (CSP). As noted by Becker Hospital Review, any CSP engaged by a CE to host ePHI becomes a BA by default, meaning they need to sign a BAA to comply with HIPAA’s requirements for BAs. CSPs must comply with certain breach notification requirements if their network is breached and results in unauthorized access to unencrypted ePHI, which includes prompt warning to the CE that their information may have been compromised.

 

Safe haven?

It’s important to note that cloud computing is not a “safe haven” from HIPAA compliance. If CEs permit CSPs to host or back up ePHI data without the proper agreements and precautions in place, both the CE and CSP could face Office for Civil Rights audits and fines for failing to comply with HIPAA regulations.

HIPAA continues to evolve as technology advances and new cybersecurity threats emerge. Although cloud computing is now a viable way to store and transmit ePHI, CEs and CSPs must take precautions to ensure HIPAA compliance. As required by HIPAA, Mozy by Dell offers appropriate safeguards—including those for encryption, password restrictions, and data storage—to help you protect and secure the electronic health information you work with and store.

Up next: Key causes of a health data breach. Find out how your CE can both detect new threats and safeguard patient information.

HIPAA and You: What It Is and Why It Matters

Adopted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was designed in part to facilitate the transfer of health insurance for citizens after leaving an employer, and to address the growing need for regulation and oversight of electronic protected health information (ePHI), also called individually identifiable health information, via the Privacy Rule. HIPAA is a substantive and often confusing piece of legislation, leading many companies to wonder if it applies to their business, what’s expected of them and how regulatory standards are enforced. Here’s a rundown of key HIPAA expectations and why they matter to your organization.

Who’s affected

First step? Determine if you’re subject to HIPAA regulations. As noted by the CDC, there are two key groups defined by the law: covered entities and business associates. Covered entities (CEs) consist of health plans, health-care clearinghouses and health-care providers. These CEs are responsible for appropriately handling ePHI by ensuring that an accurate record of all use and transmission exists, that all data is properly encrypted and that access is restricted to specific individuals such as patients, doctors or insurance providers.

The second group, business associates (BAs), are third-parties that work with CEs and occasionally handle health data. These may include lawyers, accountants, billing companies or IT developers, and are required to sign a written agreement with CEs stating that they will properly handle health data, use the information only for stated purposes and help the CE comply with certain aspects of the Privacy Rule.

Provisions

If your company is considered a CE or BA, how do you ensure HIPAA standards are being met? The Privacy Rule lays out several obligations, including:

   •     Notification of patients regarding their privacy rights and the specific use or disclosure of their ePHI.
   •     Adoption of internal privacy policies and procedures to prevent misuse.
   •     Training of employees to ensure they understand their role in using and transmitting ePHI.
   •     Creating contracts with BAs which specify their use and responsibility in safeguarding information.
   •     Establishing administrative, technical and physical safeguards—such as data access policies, data encryption and          long-term storage in secure facilities—to ensure information privacy.

Worth noting is that willful ignorance of the rule does not constitute an acceptable reason for compliance failure. For example, this means BAs using unencrypted data cannot claim that the relevant CE did not mandate this procedure—companies are expected to know and follow the rules if they handle health data.

Enforcement

HIPAA requirements are now being enforced with greater regularity and rigor by the Office of Civil Rights (OCR). Through 2016 and into 2017 the agency’s focus has centered around audits, both to evaluate the use of health documents and ensure companies can produce the necessary records to demonstrate the transmission and encryption of relevant data. Expect more in-depth audits to continue over the next few years.

The OCR has also been levying more fines for non-compliance. For example, a “Did Not Know” violation can cost between $100 and $50,000 for the first offense, while “Willful Neglect” (subsequently corrected) starts at $10,000. More worrisome are identical violations in the same calendar year: For any subsequent offense, the fine is set at $1.5 million.

Why does HIPAA matter to your business? If you’re a CE or BA under the law, you’re responsible for the security, storage and use of personal health information as described by Privacy Rule stipulations. Audits are becoming more common, and steep fines are the outcome if compliance standards are not met. Best bet? Leverage the expertise of trusted HIPAA security partners who can help you meet obligations and adapt to evolving HIPAA regulations.

Top Five Tech Gadgets for 2017…and Why I Want Them

2017 is here, and with the new year comes a new set of must-have tech gadgets that will make my life easier—or at least a lot more fun. Here’s a look at five of the most innovative and intriguing, and why I want them all.

Snapchat Spectacles

Sure, I’m just jumping on the bandwagon here, but why not—it’s nice to finally see a smart glass option that doesn’t make users look like “glassholes.” The Spectacles nail retro without feeling dated and solve the problem of “secret recording” with a light-up white circle that lets everyone around know that you’re taking video. Better still, they make it easy to send Snaps and give Snap recipients the ability to tilt the video for maximum effect. Bottom line? I already Snap. This makes it even easier.

Price: $129. Availability: Currently random

AirPods

Yeah, I tossed Apple for Android a few years ago, but it’s tempting to re-up the iPhone thanks to AirPods. The promise? No cords, 24-hour battery life and the pods are supposed to automatically sync with all my Apple devices and turn on whenever they’re in my ears. Plus, there’s voice recognition and crystal-clear sound. If it’s true it’s magic and I’m on board.

Price: $159. Availability: Apple says 100+ countries starting December 2016

SensorWake

Released near the end of 2016, the SensorWake is a clock that wakes you up using smell instead of noise. Current options include toast, mint, coffee, chocolate and freshly-cut grass to name a few, which each last for 30 “awakenings.” It’s probably not the best idea if you’ve got a must-be-there-meeting at 8 a.m., but if you’d like to skip sleeping the day away and pass on the beeping alarm clock—hey, those Spectacles aren’t going to take Snaps themselves, people!—the SensorWake sounds like a solid plan.

Price: $131.95 for clock and 6 scents. Availability: Online

Amazon Echo Dot

Amazon’s second-generation voice-controlled helper device, the Echo Dot is designed to make your life easier. Seven far-field microphones let it hear you even in a noisy room and with a few simple commands you can order pizza, call an Uber, play music or get the weather. Plus, it retails for less than $50 on Amazon and you don’t need an Echo to make the Dot work. Sounds like a fantastic time waster info hub.

Price: $49.99. Availability: Amazon

YOUMO

Want to play with the coolest tech gadgets? You need power, and the Kickstarter-funded YOUMO might just do the trick. The idea here is that you pick different power “modules,” which can be linked together to create a kind of ideal electric Frankenstein to power your tech environment. From standard power outlets to USB connections, wireless charging, LAN modules, speakers and even nightlights, there’s huge potential here. It’s not on the market yet, but all indications from Kickstarter and the company’s webpage are for a quick 2017 start.

Price: Not set. Availability: Soon

Want the best tech gadgets for 2017? You can’t go wrong with these five standouts.

IaaS vs PaaS vs Saas: Tips On the Cloud Trifecta

Cloud technology is enjoying marked success as companies move from “occasional” use to mainstream adoption. Consider the rise of soft-as-a-service (SaaS) offerings; according to IT Pro Portal, more than 1,400 new SaaS companies have emerged over the last five years and this $8 billion market should reach more than $50 billion by 2026. For many businesses, however, it’s easy to get bogged down in terminology—IaaS vs PaaS vs SaaS—and miss the technology’s potential ROI. Here’s what you need to know about the cloud computing trifecta.

Software as a service

By far the most popular and straightforward type of cloud computing, SaaS offers entry-level cloud technology access for companies of any size. The easiest way to understand this service? Think in terms of applications. Almost any app currently hosted on local servers or stored on PC hard drives can be moved the cloud. Instead of taking up valuable server space and network resources, all necessary code is stored off site. More importantly, all the “heavy lifting” of computation, analysis, and data storage are also handled by cloud servers. The result? You get high-performance, high-availability applications without the need to maintain hardware or upgrade software. Typically, you’ll pay monthly for access to the cloud itself and then a per-device or per-user fee for the software. SaaS is also the easiest cloud “entry point” for employees because many already use cloud services—such as email clients or social media sites—and are comfortable with the concept.

Infrastructure as a service

At the other end of the cloud is IaaS. Here the idea is to leverage virtual machines (VMs) in place of physical servers, meaning you’re not on the hook for big CAPEX spending or regular hardware upgrading. You’re able to put anything you want on these VMs—whatever platform, software, monitoring tools, or security solutions work best for your business—but they’re ultimately housed and maintained off site. Typically, IaaS is leveraged by companies that want total control over their virtual computing environment and have enough full-time IT staff to make the most of VM environments. While it’s possible to run IaaS in a public cloud environment, many enterprises now choose a hybrid or private model to maximize data and resource security.

Platform as a service

In the middle, you’ll find PaaS. As noted by Network World, it’s not a “finished product” like SaaS offerings, nor is it the “blank slate” of IaaS. Instead, PaaS provides a way for IT teams to develop services and applications for a specific platform. Developers and IT ops professionals get all the tools they need to build apps, social sites, mobile offerings, and websites—along with the APIs and tools needed to “hook” these offerings into the larger infrastructure of your cloud provider.

It’s worth noting that with so many as-a-service options on the market—from database to analytics to security to communications—two trends have emerged. First, the maturing cloud market has created a significant shift toward the simplicity of SaaS for even mission-critical tools and services; second, the ubiquity of cloud computing has driven down the average price of entry.

Bottom line? A little knowledge of the cloud trifecta goes a long way to selecting the ideal deployment for your business.