Healthcare and Technology news
48.6K views | +3 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

How to integrate HubSpot with CTI through your Phone System?

How to integrate HubSpot with CTI through your Phone System? | Healthcare and Technology news | Scoop.it

For sales reps or call center managers looking to combine the power of a CRM with a phone system, Computer telephony integration (CTI) is the answer. For many, that integration involves HubSpot. HubSpot CRM integrations apply the full depth of business intelligence to every consumer interaction, turning raw data into bottom-line ROI.

 

Why bother with computer telephony integration (CTI)?

 

Whether or not consumers realize it, call center representatives tend to know a fair amount about them by the time they say: “Hello”. That’s the power of CTI—pushing high-value, real-time data to employees engaged in human-to-human interactions with customers. That knowledge can solve problems more efficiently and offer subtle customer relationship support to retain more clients.

 

CTI can even aid call center representatives before the conversation begins. Pre-routing data gathering gleans information from consumers that sends calls to the most qualified representative. For consumers, this means an overall smoother experience. It lowers the chances of pogo-sticking from representative to representative while searching for the right person or department.

Want to increase your customer experience right now?

Boost your CX with tips from our industry leading whitepaper, How Fortune 500 Companies Manage Their Contact Centers

 

For employees, pre-routing saves time. With entry-level questions already asked and answered, representatives can dive into the core issue immediately. (Consumers are grateful for quicker solutions as well.) Lowering the amount of live call time frees representatives to handle more consumers each day. The benefit to employers? Less call center staff.

 

While customers and call-center representatives may never interact more than once, CTI avoids the perception of communicating with a stranger. On a personal level, CRM data may contain notes that help representatives navigate a heated conversation with a demanding client. On a professional level, notes from previous calls—from contact history to technical solutions—can get representatives up to speed immediately.

 

Unique advantages of HubSpot CTI

 

HubSpot’s CRM tackles the so-called “tasks salespeople hate.” HubSpot’s promise is less time on spreadsheets and in Microsoft Outlook and more time interacting with customers. It’s about streamlined, centralized communication to support disparate teams of sales and customer service representatives working with clients. It’s also free in its basic format.

 

Combining HubSpot’s CRM with its automated inbound marketing tools—a prime source of HubSpot revenue—reflects the power of HubSpot integrations, even within their walled garden. The potential to transition internal HubSpot connections into a system-wide HubSpot CTI integration offers a glimpse at the potential of a start-to-finish sales and marketing platform.

 

For call center representatives, HubSpot phone integration empowers staff with more than basic consumer data. It can include notes and history related to sales staff interactions, or even knowledge about which marketing materials potential consumers have received or opened.

 

HubSpot reports that every phone call costs a company up to $15. This frequently puts companies in a bind: They want to satisfy consumers’ need to reach out quickly but avoid an inundation of calls that offer little sales potential. The knee-jerk reaction, according to HubSpot, is often to make phone numbers harder to find. But that solution serves company, not consumer, goals.

 

This is where data plays a critical role. HubSpot CTI can help prioritize and route calls according to various rules defined by CRM data. Avoiding the all-or-nothing approach when it comes to calls can make ROI more predictable for call centers and prioritize the time and energy of sales staff.

 

Post-call analysis can help refine an initial set of inputs from HubSpot CTI integration to develop an ongoing process of refinement. Because marketing and sales data live in the same location, call centers can also become a source of data for other agents at a company by pushing call analysis out to sales teams or marketing departments. Does a marketing department exist that wouldn’t want to learn about the correlation between specific marketing materials and sales?

 

How to Integrate HubSpot with a phone system

 

The process varies dependent on the phone system involved. These examples reflect the capacity and process for HubSpot CTI with major phone systems:

How CTI works with HubSpot

 

Identifying a caller’s number allows an integrated system to connect the phone number to a record in the HubSpot CRM. Once the CRM record and phone number are connected, HubSpot can deliver various datasets to the call center representative before the conversation even starts.

 

This data can include everything from the caller’s title to the history of interaction. For large call centers with divided responsibilities, this ensures the caller reaches the right representative first time round. That may mean reaching the person with the right technical skill set, or the ideal employee to manage a critical relationship with a high-value client.

 

Because representatives don’t need to seek out any of this information, they can maintain their focus on solving the consumer problem—or completing the sale.

 

What to Integrate for HubSpot-linked phone systems

 

There are several HubSpot integrations available. Some, like Auto-Dialer and Power Dialer, build efficiencies into standard call center activity (and useful efficiencies for sales staff making periodic follow-up calls). For example, HubSpot CTI integration allows employees to place a call by clicking a number directly in the CRM—no wasted time dialing, misdialing, or redialing numbers.

 

For new callers, HubSpot integrations allow the creation of new accounts, contacts, and leads. Inevitably, consumers change numbers and add or change points of contact. The ability to create or update accounts means none of this information is lost, and system-wide data stays consistent. For needs that go beyond the work of call center staff, HubSpot provides the ability to create a task for other team members quickly and easily.

 

Recording calls, call tracking, and call analytics offer a valuable post-mortem on client interactions that can help refine processes and reallocate resources.

 

Technical components of HubSpot CTI

 

While the exact nature of the applicable technical setup varies from provider to provider, all organizations must answer questions that affect implementation:

  1. Is the phone system managed in-house? In-house managed systems, common at large organizations, shift the technical burden to internal IT teams. A managed, cloud-based system migrates the bulk of the technical implementation to the phone system provider.
  2. Is the current phone system capable of HubSpot integration? The key integration feature is a VoIP system (rather than a traditional PBX landline system). VoIP is essential to connect CRM data with a phone system. Confirming the capability for HubSpot integration with the service manager or in-house technical team is an appropriate starting point.
  3. Which numbers will be included? Not every company phone will need HubSpot CTI. Identifying the subset of numbers that can extract value from CTI limits technical implementation to core components of the marketing and sales process.
  4. Who will have access to what? CTI integrations connect many data points, but not everyone needs access to all the data. (Certainly, not everyone needs editing access to all data.) Establishing a hierarchy of access that gets the right data to the right people at the right time is a fundamental step toward extracting value from a CTI investment. This should also include who has access to reports and the responsibility for implementing improvements based on call data.
  5. Where will calls be routed? Small call centers may receive all inquiries; large centers may develop specialties to handle certain clients or issues. Mapping a routing framework before implementation can avoid later headaches due to haphazard routing.
  6. Who will train and support call center staff? Every new system or integration has a learning curve. HubSpot CTI is no different. Even if staff are already familiar with a phone system and HubSpot as separate technologies, training to highlight the virtues of the integrated system will get more value from the linked platforms.

 

Ready, Set, Integrate

 

Acquiring consumer data is no longer a business challenge. If anything, the primary focus has become managing vast troves of data. Siloed information fails to take advantage of key integrations that can arm employees with the data they need to serve consumers more efficiently and close more sales.

CTI provides an opportunity to connect call center data with a CRM. For the many companies that rely on HubSpot, this integration can connect every dot throughout the customer journey. Understanding the technical capabilities and process for implementation provides a framework for connecting HubSpot with an existing or upgraded VoIP phone system.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

What are the HIPAA Administrative Simplification Rules?

What are the HIPAA Administrative Simplification Rules? | Healthcare and Technology news | Scoop.it

What are the HIPAA Administrative Simplification Rules?

 

The HIPAA Administrative Simplification Rules establish national standards for electronic transactions and code sets to maintain the privacy and security of protected health information (PHI). These standards are often referred to as electronic data interchange or EDI standards.

The regulations, detailed in 45 CFR 160, 45 CFR 162, and 45 CFR 164, aim to make health care systems more efficient and effective by streamlining paperwork associated with billing, verifying patient eligibility, and payment transactions.

HIPAA Administrative Simplification Standards

HIPAA regulation includes four standards covering transactions, identifiers, code sets, and operating rules. The HIPAA Administrative Simplification Rules illustrate how switching from paper to electronic transactions reduces paperwork burden and increases payment speed for health care organizations. Additionally, information can be exchanged faster and claim statuses can be checked more easily.

HIPAA covered entities (which include health care providers, health plans, health care clearinghouses) and HIPAA business associates must adopt these standards for transactions that involve the electronic exchange of health care data. Such transactions may include claims and checking claim status. Other such transactions may involve encounter information, eligibility, enrollment and disenrollment, referrals, authorizations, premium payments, coordination of benefits, and payment and remittance advice.

Unique identifiers, such as a Health Plan Identifier, Employer Identification Number, or National Provider Identifier, are required for all HIPAA transactions.

Code sets are standard codes that all HIPAA covered entities must adopt. These codes have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. HIPAA details several code sets including NDC national drug codes; CDT codes for dental procedures; CPT codes for procedures; the HCPCS health care common procedure coding system; and the code set for the international classification of diseases (ICD-10).

Updates to the HIPAA Administrative Simplification Rules

The HIPAA Administrative Simplification Rules were updated after the Affordable Care Act was passed in 2010 to include new operating rules specifying the information that must be included for all HIPAA transactions.

HIPAA covered entities must follow national standards, which were set to protect patients’ privacy (HIPAA Privacy Rule) and improve PHI security (HIPAA Security Rule), in addition to the HIPAA Administrative Simplification Rules. The Final Omnibus Rule, which was enacted in 2013, now includes HITECH Act standards in its HIPAA regulations; the standards added new requirements for breach notifications in the HIPAA Breach Notification Rule.

The Centers for Medicare & Medicaid Services both administers and enforces the HIPAA Administrative Simplification, whereas the Department of Health and Human Services’ Office for Civil Rights typically enforces the HIPAA Privacy, Security, and Breach Notifications Rules.

The HIPAA Administrative Simplification Regulations apply to all HIPAA covered entities and HIPAA business associates, not only those that work with Medicare or Medicaid.

Addressing the HIPAA Administrative Simplification Rules with Compliancy Group

Compliancy Group allows health care professionals and vendors across the industry to address the full extent of their HIPAA regulatory requirements, including HIPAA Administrative Simplification Rules, with our HIPAA compliance solution, The Guard. The Guard is a web-based HIPAA compliance app that allows users to confidently address their HIPAA compliance so they can get back to running their business.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

Healthcare Providers & Vendors Need HIPAA Cloud Solution!

Healthcare Providers & Vendors Need HIPAA Cloud Solution! | Healthcare and Technology news | Scoop.it

Cloud solutions are quickly becoming the new norm for the way businesses operate today. Many companies are moving from legacy software systems to online “hosted” alternatives, such as SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) or IaaS (Infrastructure-as-a-Service). The benefits of cloud-based solutions over desktop software are wide-ranging, affecting everything from productivity to data security. Healthcare organizations also need to take the appropriate precautions to ensure that they have a HIPAA compliance cloud.

 

It makes sense to see why so many organizations are adopting cloud-based solutions–improved efficiency, flexibility, cost reduction, mobility, as well as around the clock support are all driving forces behind the growth of cloud services.

 

Yet, HIPAA compliance cloud services also raise some concerns in regards to security and compliance, which go hand-in-hand to help organizations keep their sensitive healthcare data safe. For businesses operating in the healthcare industry, which accounts for approximately one-fifth of the US economy, these concerns escalate due to HIPAA regulatory requirements that mandate the privacy and security of patients’ protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, Social Security numbers, phone numbers, medical records, and full facial photos, to name a few.

 

HIPAA applies to covered entities, such as providers and insurance plans, as well as business associates who perform certain functions for, or on behalf of another health care organization that involves receiving, maintaining, or transmitting PHI.

 

For example, a cloud service provider (CSP) who are involved in handling PHI for a covered entity whether it is data storage or a complete software solution such as a hosted electronic medical record system, are still considered a business associate and need to implement a HIPAA compliance cloud.

HIPAA Compliance in the Cloud

In a nutshell, both covered entities and business associates need a HIPAA compliance cloud that allows for the creation of an effective compliance programThe Department of Health and Human Services (HHS) released detailed, five-step guidance on cloud computing that parties must adhere to in order to maintain HIPAA compliant relationships. This HHS guidance on HIPAA compliance cloud services includes:

 

  1. Execute a Business Associate Agreement– A business associate agreement outlines what business associates can and cannot do with the PHI they access, how they will protect that PHI, how they will prevent PHI disclosure, and the appropriate method for reporting a breach of PHI  if one would occur. It also defines liability in the event of a data breach.
  2. Conduct a HIPAA Security Risk Assessment– The covered entity or business associate that works with a cloud service provider must document the cloud computing environment and security solutions put in place by the cloud service provider as part of their risk management policies.
  3. Abide by the HIPAA Privacy Rule– A covered entity must enforce proper safeguards in order to keep PHI safe and information can only be disclosed to a business associate after a business associate agreement has been executed.
  4. Implement HIPAA Security Safeguards– A business associate must comply with all three key security safeguards outlined in the HIPAA Security Rule: Physical, Technical and Administrative.
  5. Adhere to the HIPAA Breach Notification Rule- In the event of a data breach, covered entities and business associates are required to document and investigate the incident. All breaches must be reported to HHS OCR. All affected parties must be notified as well.

 

The only exception to the Breach Notification Rule is if the data was properly encrypted. If, for example, a properly encrypted device containing PHI goes missing, then there is a low probability that the data will be accessible by an unauthorized user. In this case, a breach will not have to be reported under the provisions of the Breach Notification Rule.

 

However, it is crucial that all HIPAA covered entities and business associates read the standards outlined in the regulation to determine the proper level of HIPAA encryption for different modes of data storage and transmission.

 

If a covered entity does not execute a Business Associate Agreement with a third party vendor with whom they share PHI, both organizations are leaving themselves exposed to a significant risk of HIPAA violations.

A HIPAA Compliant Cloud Will Save You Money

Data breaches are very costly–not only due to monetary penalties but also because of the long-lasting reputational damage a breach can have on an organization.

 

HIPAA breach fines can range anywhere from $100 to $50,000 per violation or record, with up to a maximum of $1.5 million per violation. When multiple violations or a large scale data breach occurs, these fines can compound and lead to millions of dollars in HIPAA fines. As if that isn’t bad enough, breaches are publicly listed on the “Wall of Shame,” maintained and enforced by HHS OCR. This list shows all HIPAA breaches affecting 500 or more individuals. Even worse, some HIPAA violations can lead to criminal charges, carrying the potential for jail time.

 

In order to avoid violations and fines, healthcare providers and business associates must comply with HIPAA regulations which means protecting the security and privacy of their patients.

Compliance Group Can Help!

Compliance Group helps healthcare professionals and business associates effectively address their HIPAA compliance with our cloud-based app, The Guard. The Guard allows users to achieve, illustrate, and maintain compliance, addressing everything that the law requires.

 

Users are paired with one of our expert Compliance Coaches. They will guide you through every step of the process and answer any questions you may have along the way. Compliance Group simplifies compliance so you can get back to confidently running your business.

 

And in the event of a data breach or HIPAA audit, our Audit Response Team works with users through the entire documentation and reporting process. At Compliance Group, we go above and beyond to help demonstrate your good faith effort toward HIPAA compliance.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Healthcare Technology trends to watch out 

Healthcare Technology trends to watch out  | Healthcare and Technology news | Scoop.it

The healthcare industry is on the cusp of a digital revolution. People are empowered with health information, thanks to technological innovations in digital health. It’s vitally important that healthcare professionals continue to stay up to date on advances in technology that will improve not only their internal systems but also patient treatment and care.

 

In this article, we’ll focus on top healthcare technology trends for 2018 in three main areas, namely Patient Engagement, Hospital Workflow, and Treatment.

 

Patient Engagement


2018 will witness more developments in the arena of patient-centric care. Mobile health is gaining prominence, pointing us to the fact that individuals are taking a more active role in their own health. Wearables and fitness trackers are gaining mass adoption by people of varying demographics. About 50% of healthcare consumers are expected to be active digital health tech adopters in 2018. Now, more than ever, patients will begin to have a say in their choice of treatment and expect transparency of information exchange from healthcare providers.

 

Telemedicine is another model of healthcare that is gaining traction in this hyper connected world. Get ready to see a rise in demand by consumers for health advice and information in the coming months. Adoption of telemedicine will connect patients and doctors like never before. The digital health empowered individual will pose a challenge to traditional healthcare services that are slow in adapting to the digital transformation happening around. The quality of service from healthcare providers will be measured by the ease of access to information by patients.

 

Hospital Workflow


Technology continues to advance as people become more and more accustomed and able to access information in seconds rather than hours or even days. Because of this, slow-paced administrative processes in hospitals are becoming increasingly frustrating to patients. This includes things as simple as difficulties of scheduling an appointment, to accessing medical reports, or even trouble in exchanging information between providers.

 

Hospitals are expected to make use of digital platforms and cloud computing services as part of their patient engagement measures. The motto of 2018 will be data access, anywhere, anytime.

 

Mobile health, telemedicine, and Electronic Health Records (EHR) will produce a plethora of data that healthcare providers can utilize to improve patient care. One of the challenges that many providers will face is the issue of storing and securely transmitting sensitive patient health information (PHI). Many organizations still depend on legacy fax equipment to securely transmit documents despite the criticism of relying on this ancient technology. Thankfully, 2018 will be the year hospitals decide to choose alternative technologies like online faxing that is secure, cost-effective, and environmentally friendly.

 

Other exciting news awaiting us as we talk about secure transmission of data is the blockchain. Utilization of the blockchain will disrupt the way data has been handled until now. IDC Health Insights predicts that 20% of healthcare organizations will actively develop systems utilizing the blockchain to keep data secure and enable easy exchange of information between trusted partners.

 

Treatment


Robots are coming - Not Terminators, but life savers.

 

Experts suggest that practitioners will make use of Artificial Intelligence (AI) for better diagnosis, surgeries, assistants, and more. Virtual Reality and Augmented Reality will become common tools at the hands of doctors for educating patients. AI bots will slice and dice data to help doctors make more accurate clinical decisions. The combined force of blockchain and AI will open a new realm in healthcare which will ultimately help provide better patient care. Use of AI will increase the efficiency and productivity of doctors as well. For those who fear a robotic conquer of the world, be assured that AI in healthcare is not going to replace doctors, but empower them.

 

These technological developments will help to fuel a positive change in the healthcare industry in 2018. It’s impossible to predict the pace of these implementations in hospitals, as these require not only capital and training but also an open-minded and forward thinking CIO that’s willing to adopt new and innovative technologies. The pertinent question is, are you ready to embrace the change?

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Will Wearable Devices Change Patient Outcomes? | Blog

Will Wearable Devices Change Patient Outcomes? | Blog | Healthcare and Technology news | Scoop.it

Nine months ago, I started wearing an activity tracker, and it’s completely changed the way I approach health and fitness. And I’m part of a major trend. Whether you want to measure heart rate, activity level or caloric burn, there’s an ever-growing number of devices that do the job. Both non medical and medical companies are trying to get in the game, from theNike Fuelband to Fitbit to Apple’s new iOS Healthbook.

 

In a perfect world, a single tracker would do everything, à la the Star Trek Tricorder. But in real life it doesn’t work that way. The resultant explosive growth — a potential multibillion-dollar market — has left us with fragmented solutions that aren’t engaging the patients who account for the greatest share of healthcare spend.

Nine months ago, I started wearing an activity tracker, and it’s completely changed the way I approach health and fitness. And I’m part of a major trend. Whether you want to measure heart rate, activity level or caloric burn, there’s an ever-growing number of devices that do the job. Both non medical and medical companies are trying to get in the game, from theNike Fuelband to Fitbit to Apple’s new iOS Healthbook.

 

In a perfect world, a single tracker would do everything, à la the Star Trek Tricorder. But in real life it doesn’t work that way. The resultant explosive growth — a potential multibillion-dollar market — has left us with fragmented solutions that aren’t engaging the patients who account for the greatest share of healthcare spend.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

How Relevant CTI Can Be

How Relevant CTI Can Be | Healthcare and Technology news | Scoop.it

CTI stands for Computer Telephony Integration and it refers to any type of technology that allows computer and phone central functionalities to be interconnected resulting in an added value service portfolio.

 

In the beginning of the telephony era, you were not given the chance of dialing; you would simply “signal” a call center and a human operator would ask you what you required. Then once you stated you wanted to call someone, that human operator would establish a point-to-point connection between your terminal equipment (phone) and the destinations.

 

The funny thing is that nowadays, when you ask your smartphone’s personal assistant to call someone, the process as perceived by us humans is, in fact, the same, and we like it better than having to dial the number or look for the contact.

 

Phone Centrals have become Computers instead of the long-gone PBX backbones, nevertheless the integration of such computers (which perform the role of phone centers) with terminal equipment’s which are in fact computers (like smartphones) and computer software like CRM and ERP Servers or Cloud-based App Services has made the CTI concept more relevant by the day.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

How to integrate your Phone System with Google Apps through CTI?

How to integrate your Phone System with Google Apps through CTI? | Healthcare and Technology news | Scoop.it

With VoIP (voice over internet protocol), companies are now able to access cheaper, more accessible phone systems all over the world. While VoIP phones have become common, particularly in North America and Europe, there is still a broad growth trend in Asian, African, and Latin American markets. Asian Pacific Markets expect an estimated 14% growth over the next five years, a significant increase considering the dense technological saturation in the area, caused primarily by escalating high-speed communications networks.

 

In markets where there isn’t such an extreme jump in internet infrastructure, there are also significant gains in the adoption of IP phone technology. In Africa, VoIP growth is stunning (80% in South Africa, for example). Because governments own traditional phone infrastructure in Africa, and also because of the challenges expanding utilities to less urban or more isolated areas, mobile VoIP has been replacing traditional phone systems for emerging and growing businesses.

 

Given contemporary global markets and the push toward global expansion, even companies that have long-established traditional phone infrastructure are adopting VoIP systems for their call centers and sales teams. Global calls are more than just person-to-person voice; they now include video, conferencing, and text, whether in Asia, Europe, or North America.

 

With VoIP phone systems, businesses can integrate their phones to their computers and smoothly connect all aspects of sales and service. SMEs and larger enterprises can all benefit from merging data and communications functions; with IP phones, users gain key communication features, all the while letting their VoIP service providers handle IT, updates, and data hosting. Businesses, regardless of size, can benefit from efficiently merging voice and data functions and gaining innovative communication features, while their VoIP service provider takes care of the technology.

 

CTI (computer telephony integration) software lets users integrate their phones with their CRM or ERP platforms to provide more efficient, cheaper, and easier customer communications.

 

With sales, agents can contact more potential clients, improve customer/agent interaction, and create a more collaborative sales team performance. With service, CTI software gives customers options of self-service or live agents, gives automatic call routing, reduces handle times, and gives management the opportunity to review call center performance.

 

It follows by implication that it’s important for businesses to find the best VoIP phone system and CRM for their needs. Some companies need a comprehensive system that works seamlessly across a host of different silos, whereas other businesses need customizable specifics for one element (IT, for example). Businesses must understand their budgets, dominant departments, as well as the need for scalability, and make decisions accordingly.

 
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Women and Nonbinary People in Information Security

Women and Nonbinary People in Information Security | Healthcare and Technology news | Scoop.it

I’ve got great news for you! My interview series continues.

Last week, I spoke with Nicola Whiting, cyber hygiene specialist, and Titania Chief Strategy Officer.

 

This time, I had the privilege of speaking with defensive security expert Liz Bell. We talked about the 90s internet, blue teaming, sexism and transphobia in tech as well as what pen testing can teach you about defensive security.

 

Kim Crawley: Please tell me a bit about yourself and what you do.

Liz Bell: I work for a cybersecurity defense company that provides network monitoring and response tools for customers in the finance, government, and energy sectors. I work on the internal monitoring team, which means I help keep our own networks safe. Before that, I worked in penetration testing punctuated with some time in academia doing research on applying machine learning techniques to attacking ciphers, and before that, I was a software engineer. I’ve been interested in security since I was little, though. Being lucky enough to have grown up with the web, I just caught the tail end of the BBS era, and so I got to see security start to become something people actually took seriously. Being curious, my general instinct was to find ways to circumvent limitations. Now I get to spot people trying to do those same things.

 

KC: It sounds like you’ve been online since the 90s. I’ve been online since 1994. Is there anything about the 90s internet that you miss these days?

LB: There are a few things that I’m kind of nostalgic about like MSN chat rooms, hearing my phone sing the internet song to the gateway, downloading Win32 viruses from Napster and Limewire, earning badges and posting angsty poetry on Bolt.com, but I think the main thing I miss is the openness and generosity of the web back then. These days, it feels like, if you’re fortunate, you have a series of walled gardens, and if you’re not, you’re facing a never-ending stream of racist/homophobic/transphobic content and intrusive adtech.

 

KC: You mentioned P2P malware, which is still a problem these days. How do you think online cybersecurity challenges are different now compared to back then?

LB: I think a major difference between then and now, if not the main difference, is money. Once we started being able to shop and bank online, users became a good target for scammers, extortionists and other organized crime groups. Not to mention the environment is now extremely different; a lot of people now have a lot of their lives stored in phones, tablets, and laptops, and some of those also end up connecting to corporate or industrial networks. For organizations, this means that just defining what your network perimeter is can sometimes be impossible.

As far as national security is concerned, the public at large has become much more aware of the scale of state-level activities on communication networks, much more than when the ECHELON disclosures happened, as far as I can tell. I think that has also led to something of a change in what people’s threat model looks like.

 

KC: Echelon! I knew someone who worked at Lawrence Livermore back in the day, apparently on that particular project.

LB: That’s awesome! I work with a lot of former IC and .mil people who I understand have probably been involved in a lot of things that would make for extremely interesting conversations, but alas, I’m not cleared.

 

KC: How has your penetration testing experience helped you with your blue teamwork?

LB: It’s a big help. Understanding the different kinds of techniques and tools used by adversaries to compromise accounts, intercept traffic or steal data means I have more of an ability to spot patterns or suspicious outliers in our sensor data. Likewise, seeing how blue teams operate makes me better at doing the offensive work or, at least, doing it in a way that’s less likely to get me caught! I’m increasingly a proponent of getting the red team and blue team members to trade sides occasionally or work together to have a better understanding of how the other side operates.

 

KC: Has sexism ever been a challenge in your career?

LB: Honestly, I don’t know. When I first started, I hadn’t transitioned yet, and so I was perceived as an (effeminate, not assertive) man, and so presumably I benefited from that when it came to getting my career started. At a previous employer, after transitioning, I was the only female penetration tester in the office, the only woman I knew of working in a technical role, and the only out queer person, and I started getting more complaints about my performance. I ultimately ended up leaving, and it definitely became harder to find work afterward, but then again, what I was looking for was pretty specific. I’m lucky enough to have been hired by a woman and be managed by a woman, in my current role, even though the team is still largely white cisgender straight men.

 

KC: Well, you’re not the first transgender woman I’ve interviewed in this series. I’m happy to see more transgender people in cybersecurity.

LB: I actually applied to the place I’m working at now because a good friend of mine, who’s also trans, worked there. It was an incredible privilege to go from this extremely homogenous environment to getting to work professionally in information security with another queer trans woman.

 

KC: Is there anything you miss about your pen testing days?

LB: I do miss the “let’s be evil” feeling, sometimes and the interaction with external clients from all kinds of different industries. My job now has maybe a little less variety, but I get to stick with projects longer, and being an investigator definitely makes up for not getting to pretend to be a criminal anymore!

 

KC: I have spoken to Defensive Security Handbook authors Ian Brotherston and Amanda Berlin, who believe that defensive security is underrated in our field. Do you agree?

LB: I think that offensive security gets a lot of the glamor, but penetration testing is really only a small piece of what keeps users safe. Blue team folks definitely don’t get nearly enough credit or support; offensive security people need to only find one problem, but defensive security practitioners can’t make a single mistake.

 

KC: Do you think a lot of organizations overlook defensive security?

LB: In my experience, a lot of organizations tend to maybe focus on the wrong things: or rather, they optimize for meeting regulatory requirements. Rules say they need a firewall and quarterly penetration tests, so they buy a firewall and contract the tests out. Security should be baked in everywhere; into the software development lifecycle, the monitoring and maintenance of the corporate network, training of new employees and continuous training of your existing staff and even how the organization interacts with suppliers. The line between ‘defensive information security’ and ‘physical security’ gets fuzzy, and I don’t know if many organizations prioritize either at sufficiently many levels of the stack.

 

KC: I’ve learned a lot from you. Do you have anything else you’d like to add before we go, Liz?

LB: I think it might be worth mentioning that machine learning is increasingly something people are exploring in both the defensive and offensive information security space, and in order to both defend against robot hackers and defeat Skynet, or build either, it helps to have that blended blue and red team exposure. Otherwise, thank you so much for your work here boosting not-male voices!

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Safe Texting In HealthCare : Do’s And  Dont’s 

Safe Texting In HealthCare : Do’s And  Dont’s  | Healthcare and Technology news | Scoop.it

Texting is the most popular feature of a smartphone and 97% of Americans sent texts to their friends and family because texting is easy, quick and an effective method to communicate. However, texting is considered as an unsafe method of communication for healthcare purposes. In the healthcare world there are many rules that govern this form of communication.

 

The privacy and security rule of HIPAA/HITECH covers communication of electronic protected health information (ePHI) that includes social media, email and text messages. For example, the nurses at a nursing facility sent patient information to the medical providers through a text message. Though there was no evidence that an unauthorized person viewed the messages, CMS chalked out a ten point remediation plan to train staff and appoint a HIPAA security officer and change the HIPAA policies and procedures of the nursing facility.

 

Immediate action was taken by CMS because texting creates a record, unlike a telephone call. In a telephone call, it is easier to know that you are communicating to the right person. While texting sensitive patient information is not at zero risk, because at least one third of people who have text their medical information to public surveys say that they have sent it to the wrong person by mistake. Further, HIPAA/HITECH privacy violation rules can charge fines up to $50,000. It is advisable to avoid the tendency to text patient information to a colleague for a quick patient consultation.

 

HIPAA Compliant Texting

 

Even though texting has many downsides, a secure mobile messaging compliant with HIPAA can be used with the following rules:

  • Secure data centers – Offsite or onsite data centers must adhere to high levels of physical security and policies. This is to control and conduct continuous risk evaluation for data exchange through texts.
  • Encryption – ePHI must be encrypted both in transit and at rest.
  • Recipient authentication – Confirmation that text communication containing ePHI goes only to the intended recipient
  • Audit controls – The ePHI message must be automatically recorded and it should be available for any type of audit such as sender, receiver, content, etc.

The volume of text messages indicates the preference for all to follow this method of communication. The number of texts sent by American in 2008 was 1 trillion and the number of text sent by Americans last year was 1.92 which is almost the double. Therefore texting cannot be abandoned fully, but the HIPAA rules mentioned above can make it safer to send and receive patient information through texting.

 

Appointment and Wellness Reminders using Text message

 

It may be a practice in your clinic to send reminder texts to patients for appointments. There are statistical evidence that text reminders reduces the rate of patient no-show. HIPAA rules does not regulate communications that are not a part of ePHI.

 

Text reminders help patients to follow medication, healthcare and recommended lifestyle. Researchers point out that text reminder help patients with chronic disease to manage diabetes. It helps African Americans to take their medication for time, especially those suffering from high blood pressure. Reminder texts help people to exercise and maintain their physical activity levels. In addition to the above advantages, more research is required to find out more best practices in texting patients.

 

Secure texting for the above services are now made available by Healthcare vendors through simple apps that allow medical professionals and physicians to use texting within a HIPAA approved platform. Government agencies usually do not use these apps, so it is important to make sure that these apps are HIPAA compliant. If you wish to avail texting service using a third party secure texting platform check for the three guidelines that offer security to PHI: integrity, confidentiality and availability. Nowadays, more than 80% of medical clinics and physicians use EHRS to communication with patients. Electronic health record systems allow communication with patients through text or email over a secure patient portal that meet the Meaningful Use requirement.

Whichever method of electronic communication is used, train your staff at the medical clinic to never transfer ePHI over a non-secure mode to save yourself from being penalized.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.
Scoop.it!

A positive view of health reform, no thanks to the HITECH Act

A positive view of health reform, no thanks to the HITECH Act | Healthcare and Technology news | Scoop.it

Recently I completed the Commonwealth Fund’s 2015 International Survey of Primary Care Doctors. They wanted to know what I thought about our health system; if fundamentally it worked or needed to be better. They asked questions about my satisfaction with practicing medicine, the quality of care my patients receive, and my experiences with electronic medical records. (You can click here to read through the 2012 survey, to get an idea of what it’s all about.)


Their final question was about health care reform.

“Thinking about the health care law that was passed in 2010, also known as the Affordable Care Act (ACA) or Obamacare, would you say that you have a very favorable opinion, somewhat favorable opinion, somewhat unfavorable opinion, very unfavorable opinion, or not sure.”

And I realized, as I answered this:


That I have a somewhat favorable opinion of the Affordable Care Act. It is good for patients to have access to health insurance, even though there are ongoing and severe issues with access to care.

I have a very unfavorable opinion of the much-less-talked about HITECH Act, that rolled out about the same time as the ACA, and which has profoundly shaped physician practice and patient access. The HITECH Act pays doctors to use electronic medical records in a meaningful way in order to spur the widespread adoption of EMRs. But it didn’t provide any oversight of the EMR market to ensure that the EMRs could provide meaningful functionality in an efficient way.


When we used paper charts, I used to be able to comfortably see 24 patients and finish charting by the end of the day. Now with the suboptimal EMR adopted by our health center, I can barely see twenty, and I have to spend extra hours on evenings and weekends finishing computer charting. Sadly, the EMR hasn’t added clinical functionality beyond what paper charts did — each system is still fragmented, I can’t access records from specialists’  offices or most hospitalizations, lab results may or may not be integrated into the system, radiology reports are scanned in — only now I have to slowly click through each separate screen, rather than riffling through a chart to find what I need. A colleague described the process: “Death by a thousand clicks.”


I am not alone in taking longer with EMRs. A 2014 study in JAMA Internal Medicine showed that, nationwide, physicians average an additional 48 minutes a daycharting when using EMRs. When it take physicians longer, we take, on average 2 hours longer each day. But there are outliers — two-fifths of physicians are taking the same amount of time, or less. 2 percent even report being much more efficient! What I want to know are — what EMR products are the physicians using who find EMRs equal to or more efficient than paper charts? And can I use those too?


Not all EMRs are created equal. I have worked with three different systems since residency — one was awesome (integrating records across a county system), one was equivalent to paper (same amount of time to chart, but same challenges in accessing records from different systems adopted in the ED, inpatient, outpatient). This last EMR has been terrible. Of the hundreds of products on the market, some EMRs are more efficient than others, and deliver on the promise of improved functionality. Sadly, those are the minority. Some of the products on the market are so bad that doctors sued the companies that sold them the dysfunctional EMRs. There are health centers that have gone out of business while trying to implement inefficient EMRs. Primary care physicians have been pushed out of practice by EMRs, contributing to our primary care shortage.


So how do I feel about health care reform?


The Affordable Care Act was health insurance reform, and I like its provisions ensuring coverage.


The HITECH Act was health record reporting reform, replacing functional paper systems with what sadly, too frequently, have been dysfunctional electronic medical records.  I have a very disfavorable opinion of the impact of incentivizing the adoption of any old EMR, without requiring that EMRs meet basic functionality requirements.


Together, the ACA and HITECH Act created a destructive environment for primary care doctors, where we take longer to see fewer patients when there are more patients to be seen. The mismatch of time and need are burning us out.


But let’s not blame our health care woes on Obamacare. Let’s blame it on HITECH, and seek to improve the functionality and efficiency of our electronic health records. We don’t need to appeal the ACA. We need to improve the HITECH Act, and ensure all EMRs on the market meet minimum standards out of the package, and that all systems can talk to each other to facilitate information exchange and better clinical care. Then we’ll get a healthier America, with happier primary care doctors. And I have a very favorable opinion of that prospect.

more...
No comment yet.