Presentation is loading. Please wait.

Presentation is loading. Please wait.

2012 Confidential cloud computing made for healthcare Reduce costs, improve reliability, security, performance, and productivity. Make healthcare better.

Similar presentations


Presentation on theme: "2012 Confidential cloud computing made for healthcare Reduce costs, improve reliability, security, performance, and productivity. Make healthcare better."— Presentation transcript:

1 2012 Confidential cloud computing made for healthcare Reduce costs, improve reliability, security, performance, and productivity. Make healthcare better Ralph Reyes Jr: MT, FHIMSS: VP of Channel Sales KLAS, Sr Advisor AHA, Utah HIMSS Board VC Advisor, Advisory Boards CureMD™ Practice Without Boundaries User Conference

2 2012 Confidential ClearDATA: Healthcare Only 2 Disaster Recovery: Cloud Data Backup Image Archival: Secure Image Storage Security Risk Analysis Address HIPAA & MU regulations Serving 300,000 providers

3 CLOUD · COMPLIANCE · SECURITY Who we are:  Healthcare experts with over 150 years in healthcare experience  Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations  HPs healthcare hosting partner for the U.S. © 2012 Clear DATA Networks, Inc. 3

4 CLOUD · COMPLIANCE · SECURITY Who we are:  Healthcare experts with over 150 years in healthcare experience  Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations  HPs healthcare hosting partner for the U.S. What we do:  100% healthcare focused cloud services  Provide secure 100% HIPAA-Compliant cloud computing and information security services for healthcare providers.  Serve our clients by fully automating and securely managing healthcare applications, IT Infrastructure and digital storage.  Services includes: Server/application & data center hosting, Offsite Backup & DR, Image Archiving & VNA, VDI and SRA (security risk analysis) consulting © 2012 Clear DATA Networks, Inc. 4

5 CLOUD · COMPLIANCE · SECURITY Deep Healthcare Experience (examples) © 2012 Clear DATA Networks, Inc. Proprietary and Confidential St. Joseph's Foundation Digital Healthcare Services Marcella Bonnicci MD Osborn Family Healthcare Eagle Summit Foot & Ankle Southwest Spine and Sports AZ Institute of Urology Habersham Family MD North Jackson Family MD Me and My Care Givers Brookings Health CA Hospital & MC St. Mary's Reno St. Mary's San Francisco Glendale Memorial Hospital St. Joseph's Medical Center Northridge Medical Center CHW Pasadena Greater Sierra Health Organization American Optical Services MU Medical & SW Spine & Sport CHW - East Valley Mercy General Regional System Sacramento Regional Colorado Rural Health Center LA Center for Women’s Health Advanced Arthritis Care Talus Medical Dr. Lewis Surgery & Sports Mercy Medical Group Barrow Neurological Institute Mercy Gilbert Medical Center Chandler Regional Medical Center Sierra Nevada Memorial Hospital Dignity Health St. Joseph's Stockton Mercy San Juan MC Stamford Medical Center Mercy Merced Hospital Mercy MC Ventura Dominican Medical Center Mercy Redding Hospital St. John's Regional MC Sunrise Mesa Health Ctr St. Rose Dominican MC Mark Twain St. Joseph's Hosp Bakersfield Memorial Hosp Barrow and Congenital Heart Foundations St. Mary Medical Center Kingsbrook Jewish MC

6 CLOUD · COMPLIANCE · SECURITY ClearDATA Key HIPAA HITECH Requirements Encryption of data at rest and in transit Multi-tier authentication, identification Dedicated firewall management Intrusion detections systems Virus scanning Constant vulnerability scanning (review over 10,000 elements) Physical environment protection - multiple physical security requirements (video surveillance, keyed entry, etc.) Secure data Access Controls, policies and procedures to restrict, track and monitor who is accessing what data, where, when and for how long Audit logging, utilize procedural audit mechanisms through every component of the application and data storage solutions installed Inventorying all PHI created, received, maintained or transmitted for auditability in the “chain of custody” Disaster recovery data plan ClearDATA has never failed to deliver 6

7 CLOUD · COMPLIANCE · SECURITY 7 Healthcare IT is exploding “ the largest and fastest industry transformation in US history” Basic cost and efficiency benefits from technology adoption (catch-up) Must go digital by HITECH ACT New devices – tablets, mobile, wireless %/yr online ads $40B video B $3B Cloud $4B Cloud $4B Health IT $35B Cloud $1.3B Health IT $87B Key Drivers Healthcare is Digitizing Source: Markets and Markets 2012 Conservative! 2017

8 2012 Confidential Bad Days 8

9 CLOUD · COMPLIANCE · SECURITY > Healthcare Customer/Provider Challenges Lack IT knowledge and infrastructure Internal hosting is costly and requires IT expertise Security mandates HIPAA HITECH compliance Growing data storage requirements Lack backup, offsite and recovery Complex critical environments require 24x7 uptime Security breaches, penalties Revenue loss It is an “Unnatural act” for Providers/ISVs to host, manage, and maintain their own IT infrastructure (mini-datacenters onsite) What are the Problems and Challenges? 9

10 CLOUD · COMPLIANCE · SECURITY Reality!

11 CLOUD · COMPLIANCE · SECURITY 11 Lack of IT Security Fuels Breach Volume 77% of lost records in recent major breaches are associated with lack of IT security; of those – 85% of Healthcare Organizations experienced data breaches in the past two years.. – 58% (45% of total) are linked to PCs, hard drives, portable electronic devices – 27% (20% of total) are linked to EMR/ EHR – Since 2009, >250 major breaches (500+ records); 10.8M total records lost 77% are IT-related

12 CLOUD · COMPLIANCE · SECURITY The Truth about HIPAA ‐ HITECH and Data Backup Standard: § Administrative Safeguards for Offsite Backup and Disaster Recovery (i) Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. (ii) Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. (D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans. (E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components. 12

13 CLOUD · COMPLIANCE · SECURITY The Truth about HIPAA ‐ SRA’s 1.SRA are required for HIPAA- HITECH compliance at least every other year. Real SRA is to address a 400 page security assessment study BUT 2.If Meaningful Use dollars are involved then : Annually 3.Penalty for violation = $1,500,000 per violation Versus a $2500 investment, CureMD clients 30% discount* (remote) * first 30 clients of 1-2 providers : SRA to be completed by March 30,

14 CLOUD · COMPLIANCE · SECURITY Avoid This Moment 14 ALI

15 CLOUD · COMPLIANCE · SECURITY The Truth About Data Backup 1. It’s not optional ‐‐ all CEs, including medical practices, and BAs must securely backup “retrievable exact copies of electronic protected health information.” (CFR (7)(ii) (A)) 2. Your data must be recoverable –You must be able to fully “to restore any loss of data.” (CFR (7)(ii) (B)) 3. You must get your data offsite – call it common sense or risk management, as required by the HIPAA Security Final Rule (CFR (a)(1)), how could one defend a data backup / disaster recovery plan that stored backup copies of ePHI in the same location as the original data store? 4. You must back up your data frequently – again, call it common sense or risk management, as required by the HIPAA Security Final Rule (CFR (a)(1)), in today’s real time transactional world, a server crash, database corruption or erasure of data by a disgruntled employee at 4:40pm would result in a significant data loss event if one had to recover from yesterday’s data backup. 5. Safeguards must continue in recovery mode ‐‐ the same set of security requirements that apply under normal business operations must also apply during emergency mode – CEs and BA’s cannot let their guard down. (CFR (7)(ii) (C)) 15

16 CLOUD · COMPLIANCE · SECURITY HIPAA Ominbus 2013 Rule Business Associate Changes Many changes are in effect regarding business associates including new definitions of business associates as well as clarification of who may be a business associate. The new entities that are specifically described as a business associate are: Patient Safety Organizations Health Information Exchanges ePrescribing Gateways Data storage providers are a business associate! An entity that maintains protected health information on behalf of a covered entity is a business associate A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate. The Final Rule modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits” (emphasis added) protected health information on behalf of a covered entity. The emphasis is now on "maintains" which is the case for document storage companies. 16

17 CLOUD · COMPLIANCE · SECURITY How do you benefit with ClearDATA? – 100% healthcare focused team – Data centers built and designed for healthcare 100% HIPAA compliant – Reduced costs pay for what you use-vCPUs, RAM & Storage added as needed – 100 % Network Uptime Guarantee. Including 100% availability of our routers, switches, cabling, and Internet connectivity. A guaranteed server uptime of %. – 24x7x365 Live Support. – Monitoring Services: Servers performance- per server for service availability. Fault Monitoring - status events on servers and network devices including network availability, process status, file system capacity, and backup success/failure. Monitor core OS and application log files :for critical/warning application and system events. Performance Monitoring - monitor key performance metrics for the operating system (i.e. CPU, RAM, and Disk) and select applications (i.e. process statistics, users, throughput) and databases (i.e. caching, performance, transaction success). – 100% successful with vendor hosting © 2012 Clear DATA Networks, Inc. 17

18 CLOUD · COMPLIANCE · SECURITY Thank you & Sales Contact Info General Sales: Sales Phone Number: Sales Fax Number: Sales Partner Sales Contacts: Primary POC: Ralph Reyes – VP Channel Sales Mobile: Secondary POC: David Albanese – Inside Sales Manager Phone: t 18 Hours of Operation: Customer Support 24x7 Sales support is Monday through Friday from 8:30 AM to 5:00 PM PT Headquarters: ClearDATA Networks, Inc West Broadway Suite 300 Tempe, AZ Phone Number: Fax Number: Web Site: Twitter: Facebook:


Download ppt "2012 Confidential cloud computing made for healthcare Reduce costs, improve reliability, security, performance, and productivity. Make healthcare better."

Similar presentations


Ads by Google