Healthcare and Technology news
51.5K views | +3 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

What You Need to Know About Secure Mobile Messaging in Healthcare

What You Need to Know About Secure Mobile Messaging in Healthcare | Healthcare and Technology news | Scoop.it

Digital Health Communication and Messaging

Digital information is everywhere, including medical institutions where it is now common practice to utilize electronic medical records. This can be a good thing, making patient care more efficient and effective. However, it can also be an easy doorway for data thieves to access private information.

 

Many doctors and nurses utilize mobile data to aid in their daily tasks from accessing clinical data to communicating with other staff members.

 

Many primary care providers also regularly use text messaging as a way to communicate with patients for appointment bookings and cancellations. Text messaging is a quick and easy way to do this.

HIPAA

The U.S.’s Health Insurance Portability and Accountability Act (HIPAA) of 1996 exists, in part, to protect personally identifiable information when being used by the healthcare industry, through regulating how it can be used and communicated. Specifically, the HIPAA Security Rule stipulates that numerous safeguards be employed by administrative and medical staff to protect personal information, including the use of encryption in digital communication where possible.

 

If medical staff and institutions follow the safeguards required by HIPAA, there shouldn’t be cause for concern. However, HIPAA doesn’t require encryption non-discriminately across the board, and there is always the possibility of human error and negligence. In particular, smaller clinics which previously had minimal security procedures in place have found it particularly challenging to comply with the requirements of HIPAA.

Safeguarding Medical Information

So, what can be done to safeguard medical communications? Secure text messaging is a viable option, though it is challenging to implement on a whole-scale level and depends a great deal on employee participation. One study found that only 31 percent of medical staff were encrypting information as standard practice before sending it to the cloud. Apps exist that will encrypt text messages, but every single device sending and receiving these texts has to be using the same system.

 

However, medical staff also need to consider the chance that someone other than their intended recipient may view their messages, making it imperative that personally identifiable information be communicated in a way that maintains patient privacy.

 

Ideally, a medical facility’s IT department will spearhead the efforts to get everyone on board. But this becomes increasingly difficult with nationwide coverage of medical care. It is one thing to secure one system.

 

It is quite another to secure two systems or hundreds of systems, as is the case with many of the larger institutions.

 

If it is deemed too daunting a task for the whole company to establish an all-encompassing encryption service. At the bare minimum, each employee’s device should use its own encryption app, and the use of encryption should be monitored with employees being held responsible for failure to comply. In addition to encryption, a passcode should be made mandatory on every device.

 

Finally, medical staff should never assume that having access to a patient’s mobile number means that they have given their consent to be contacted via text message.

 

Consent should be gained by each patient before any text-based communication occurs, and the patient should be informed that any messages sent or received may become part of their medical record.

 

Since there is no way to cease the use of smart devices or text messaging in this day and age, establishing secure mobile messaging in healthcare is a must.

 

Medical information is among the most sensitive and expensive information out there and when, or if, it gets into the wrong hands. The consequences could be far-reaching and devastating. A patient seeking medical help should not have to be concerned for the security of their personal information.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

How Does HIPAA Enforcement Work?

How Does HIPAA Enforcement Work? | Healthcare and Technology news | Scoop.it

HIPAA enforcement takes place on both the federal government and state government levels.

 

The Department of Health and Human Services’ Office for Civil Rights receives and investigates complaints, and issues penalties and fines.

 

Enforcement action can be taken with respect to any of the HIPAA Rules. These rules include the HIPAA Privacy Rule, the Security Rule, the Breach Notification Rule, and the HIPAA Omnibus Rule. 

 

When an individual reports a violation, files a complaint or discloses a breach, OCR reviews the complaint, report, or disclosure.

 

OCR may then pursue enforcement in the form of investigations or audits. Audits are randomly conducted. Thus far, HHS has publicly announced, with respect to each audit it has conducted, when the audit was to take place, and what the audit consisted of.  

 

Investigations, in contrast, are made in response to a specific complaint. Upon receiving a complaint, OCR seeks information from the entity against whom the complaint is filed, about the extent of its HIPAA compliance.

 

Investigation sometimes results in the entity that is the subject of the complaint taking voluntary steps to improve its compliance. In addition, after an investigation starts, HIPAA enforcement can take the form of OCR providing technical assistance to an entity to resolve the matter. Technical assistance consists of OCR’s advising the entity as to what is expected of it in terms of HIPAA compliance.

 

Typically, an entity agrees to make specified changes. 

In addition, state attorneys general can enforce HIPAA. The ability to do so was given to states in the 2009 amendment to HIPAA that appears in the Health Information Technology for Economic and Clinical Health (HITECH) Act. 

 

States were reluctant to take enforcement actions in the initial years after the amendment; however, recently, states have not only engaged in more vigorous HIPAA enforcement activity but have joined together with other states in multistate litigation. 

 

There are significant consequences for breaking the HIPAA laws in new ways as well: The first multistate litigation was brought in December of 2018. Arizona and 15 other states filed suit, asserting claims under HIPAA as well as various applicable state data protection laws.

 

The suit was filed as a result of a data breach in which hackers infiltrated WebChart, and stole the electronically protected health information (ePHI) of approximately 4 million individuals. 

 

As shown above, consequences for breaking the HIPAA law can be severe. Covered entities can address their obligations under HIPAA by working with Compliancy Group.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Challenges and methods for securing Picture Archiving and Communication Systems (PACS)

Challenges and methods for securing Picture Archiving and Communication Systems (PACS) | Healthcare and Technology news | Scoop.it

Medical data is a valuable commodity for identity theft. Despite HIPAA privacy rules being in effect for more than two decades, millions of health records, including images, have been stored on unsecured servers by healthcare provider officers across the United States. 

 

A ProPublica investigation revealed that 187 servers in the U.S. with medical records such as X-rays, MRIs, CT scans, for instance, are findable with a simple online search. One imaging system had open internet access to patients’ echocardiograms, which were minimally secured. 

 

While securing Picture Archiving and Communication Systems (PACS) can be challenging, in part, because of the need for multiple providers to access the same data, the images stored in PACS are Protected Health Information (PHI) and must be kept private in accordance to HIPAA rules. 

 

To address this issue, in September 2019 the National Institute of Standards and Technology (NIST) released new draft guidelines to secure PACS, Special Publication 1800-24C - Securing Picture Archiving and Communication Systems (PACS). 

The Challenges of Securing PACS

Over the past decade, healthcare images have shifted from hard copy to mostly digital. These digital images are easier to share, speeding up the diagnosis time.

 

Of course, the fact that healthcare images can now be uploaded, shared on personal mobile devices, such as smartphones and tablets, and stored digitally, also makes them a target for cybercriminals. 

 

PACS also interact with multiple other systems: electronic health records, regulatory registries hospital information systems, and even government, academic, and commercial archives. This creates plenty of potential security gaps for cybercriminals to lurk and steal this data. 

 

Here are the most common challenges in securing PACS:

  • Monitoring and controlling internal user accounts and identifying outliers in behavior (e.g., large number of downloads in a small period of time)
  • Controlling and monitoring access by external users
  • Enforcing least privilege and separation-of-duties policies for internal and external users
  • Ensuring data integrity of the images
  • Securing and monitoring connections to the system
  • Securing and monitoring connections to and from systems outside of the in-house system
  • Providing security, data protection, and access management without affecting productivity and system performance

 

As you can see, these are common cybersecurity challenges. The draft PACS security guidelines are adapted from the NIST Cybersecurity Framework. While the challenge of securing medical images is real, this is a framework that any HIPAA-covered entity can use to help secure their PACS.

A Security Architecture for PACS

Using commercially available products, NIST created a reference network architecture. It provides an example for healthcare providers to separate their networks into zones to decrease cross-network access and, thus, risk. 

 

The NIST SP 1800-24C guidelines are just that: guidelines. Information technology professionals need to adapt the architecture and framework guidance to their particular organization’s IT stack and security goals. 

 

To mitigate risks, the NIST practice guide’s reference architecture includes technical and process controls to implement. They are:

  • A defense-in-depth solution, including network zoning that allows for more granular control of network traffic flows and limits communications capabilities to the minimum necessary to support business function
  • Access control mechanisms that include multi-factor authentication for care providers, certificate-based authentication for imaging devices and clinical systems, and mechanisms that limit vendor remote support to medical imaging components  
  • A holistic risk management approach that includes medical device asset management, augmenting enterprise security controls and leveraging behavioral analytic tools for near real-time threat and vulnerability management in conjunction with managed security solution providers

 

NIST Cybersecurity Guidance also recommends a thorough cybersecurity risk assessment to identify areas of weakness and to help determine how to optimize your network for cybersecurity.

 

Recommended capabilities for a secure PACS environment include:

  • Role-based access control
  • Authentication
  • Network access control
  • Endpoint protection
  • Network and communication protection
  • Micro-segmentation
  • Behavioral analytics
  • Tools that use cyber threat intelligence
  • Anti-malware
  • Data security
  • Segregation of duties
  • Restoration and recoverability
  • Cloud storage

The Importance of User Training

While not included in this particular NIST publication, it is always good to remember that user training is critical to the success of any cybersecurity initiative. Many Digital Imaging and Communications in Medicine (DICOM) images are shared via mobile devices. 

 

Password protections are also important, as is understanding HIPAA compliance involving social media and basic HIPAA security procedures.

 

PACS do enable better patient outcomes, but they are a potential target for cybercriminals. Following the guidance from NIST, healthcare organizations can help ensure the continued privacy of their patients’ protected health information. 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

HIPAA and Medical Record Copy Fees

HIPAA and Medical Record Copy Fees | Healthcare and Technology news | Scoop.it

Patients often request copies of their medical records. Traditionally, state law governed the subject of medical record copy fees.

 

State laws typically permit providers to charge a per-page copy fee, of up to a certain dollar value, or to charge a flat fee of up to a certain amount for the entire medical record. Many covered entities simply charge the maximum amount that state law allows. 

Such state laws (and the healthcare providers acting in accordance with them), however, cannot do an end-run around the HIPAA right of access rules, the latter of which provide that medical record copy fees must be reasonable.

 

Medical record copy fees that are flat fees, untethered to the actual costs of reproduction, may be considered excessive under the HIPAA Privacy Rule’s right of access provisions. When the two laws are in conflict, HIPAA, the federal law, prevails.    

The HIPAA Privacy Rule’s Right of Access and Medical Record Copy Fees

This point – that HIPAA preempts contrary state law – has been reiterated under guidance provided by the Department of Health and Human Services’ (HHS) Office of Civil Rights. This guidance specifies that HIPAA, through its right of access provisions, limits the amounts that a covered entity may charge a patient requesting access to his or her medical records.

Under the HIPAA Privacy Rule Right of Access, medical record copy fees must be reasonable and cost-based.

This means that providers may only charge for the following:

  • Labor for copying the PHI requested by the individual, whether in paper or electronic form.  

           i)Labor for copying includes only labor for creating and delivering the electronic or paper copy in the form and format requested or agreed upon by the individual, once the PHI that is responsive to the request has been identified, retrieved or collected, compiled and/or collated, and is ready to be copied.

 

Labor for copying does not include:

  • Costs associated with reviewing the request for access; 
  • Searching for and retrieving the PHI, which includes locating and reviewing the PHI in the medical or other records, 
  • Segregating or otherwise preparing the PHI that is responsive to the request for copying.
  • Supplies for creating the paper copy (e.g.,  paper, toner) or electronic media (e.g., CD or USB drive) if the individual requests that the electronic copy is provided on portable media.  
    • However, a covered entity may not require an individual to purchase portable media; individuals have the right to have their  PHI e-mailed or mailed to them upon request.
    • Labor to prepare an explanation or summary of the PHI, if the individual in advance both chooses to receive an explanation or summary and agrees to the fee that may be charged

 

In sum, costs associated with updates to or maintenance of systems and data, capital for data storage and maintenance, and labor associated with ensuring compliance with HIPAA (and other applicable law) in fulfilling an access request (e.g., verification, ensuring only information about the correct individual is included, etc.) and other costs not included above, even if authorized by State law, are not permitted for purposes of calculating the fees that can be charged to individuals.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

6 Communication Tips to Regain Patient Trust After a Medical Record Breach

6 Communication Tips to Regain Patient Trust After a Medical Record Breach | Healthcare and Technology news | Scoop.it

Even with a perfect cybersecurity strategy and implementation, including performing all required steps to be HIPAA compliant, your medical practice could still be hacked by cybercriminals. 

Doctor’s offices and other businesses who collect private customer information (payment information, addresses, personal health details, and more) to deliver services are regularly targeted by cybercriminals.

 

In the third quarter of 2018, the Protenus Breach Barometer reported 117 health data breaches with 4.4 million patient records compromised.

 

It’s important to note that doctors and other healthcare providers aren’t the only businesses that need to comply with HIPAA regulations. Other businesses that work with protected health information (PHI) must also comply with HIPAA privacy requirements. These include businesses such as billing companies, lawyers, and financial consultation services to mention a few.  Such companies are usually contracted by covered entities and are known as business associates.

 

A critical and often overlooked aspect of a cybersecurity strategy is knowing what to do if you do experience a data breach and, secondly, what you can do to regain the trust of your patients. It is best to be prepared and have a strategy for how you will address the incident. An incident response plan provides the steps a business will take if a hacker successfully penetrates their defense, resulting in a medical records breach. 

 

Beyond the legally required steps that covered entities must take, taking the necessary steps to rebuild trust with customers is an equally important component of recovering from a data breach. 

Trust: A Key Component for Any Successful Business

People do business with companies they trust. A successful data breach of PHI can cause patients to lose trust in your practice. Once trust is lost, customers often will take their business elsewhere. 

A survey by SAP found that “abuse of customer data could cause 80% of consumers to abandon your brand.”

A HIPAA data security breach is a serious matter than can seriously impact any covered entity’s bottom line and longevity.

Report the Breach to Authorities and Explain What Happened to Your Patients

For any covered entity this step is mandatory because it is legally required. For an overview of notification procedures, read How do I report an unsecured Protected Health Information (PHI) Breach?

Any company that experiences a security breach should explain to their customers what happened. This is near-universal advice given for how to handle a breach. Covered entities need to contact affected individuals via First Class Mail or email (if they have permission). 

 

Email is faster and will give affected individuals a better chance to protect themselves from identity theft and other financial harm in a timely manner. 

 

Beyond simply alerting individuals, explaining what happened helps to rebuild trust. Research indicates that honesty and openness is good business. In a study on brand recalls and the effect on customer loyalty by The Relational Capital Group, a link between honesty and continued loyalty was evidenced in two noteworthy findings:

 

  • 91% of consumers agreed that companies make mistakes that lead to product recalls.
    • 87% agreed with the statement that they are “more likely to purchase and remain loyal to a company or brand that handles a product recall honorably and responsibly, even though they clearly made mistakes that led to a safety or quality problem.

Have Your Facts Correct

While it is important to contact your patients quickly, a mistake many companies make is to respond too quickly. Move quickly, but thoroughly to investigate the facts of the matter so that you do not over or under-report the number of affected individuals or other details. 

Communicate in Plain Language

The healthcare industry uses a lot of jargon and acronyms. Minimize jargon when explaining the data breach to your patients. All communications must be simple, clear, and concise. 

Your patients have had their personal information stolen. Now is not the time to use language to “obfuscate” (or in other words, “hide”) what happened and what they should do next. 

Empathize

Healthcare communication often lacks personality and is clinical. When delivering post-op instructions to a patient, it is important to impart the information in a direct, non-emotional manner. 

In a data breach, that is typically not the right approach. Tailor your message for your audience and be sympathetic to the additional aggravation the breach of their personal data has caused in their lives. 

Share Security Tips and Advice

For covered entities, this is required. For any other business, it is good advice. In your notification to affected individuals, include suggested steps to help them secure their information, such as paying extra attention to fraudulent charges on credit cards, changing passwords, etc. 

Get Your Employees Involved

Providing thorough, ongoing information security training for employees is essential. Not all PHI breaches are via cybercriminal hacking attacks. Human error and carelessness can also result in costly HIPAA violations. 

Cybersecurity should be an evolving program, requiring continuous tweaking and updating which includes regularly reminding employees of how important a security culture is and training them on the correct procedures.

Medical Record Data Breaches: A Matter of When, Not If

Many companies and cybersecurity professionals believe that hacks are inevitable. Whether because of ingenious hackers, employee errors, a missed patch, or any of a multitude of other reasons, a PHI data breach could happen to you.

Creating a cybersecurity plan in accordance with HIPAA compliance regulations will keep your office as secure as possible. Following the steps and suggested tips in this post will help you keep or regain your patients’ trust if your network is hacked and a PHI breach occurs. 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

HIPAA Cyber Security Practices

HIPAA Cyber Security Practices | Healthcare and Technology news | Scoop.it

The Health Insurance Portability and Accountability Act (HIPAA) mandates safeguards to be in place to secure protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, financial information, and medical history.

 

The incidents of healthcare organization hacks has increased exponentially over the last few years. As the most targeted sector of the U.S. economy, implementing HIPAA cyber security practices is essential to protecting PHI.   

Server Hack Lasting 9 Years Compromised PHI of 2.9 Million 

Virginia based, Dominion National, was the victim of a server hack that took 9 years to detect.

 

Dominion National is an insurer, health plan administrator, and administrator of dental and health benefits. 2.9 million patients were affected by the breach, with exposed information including names, dates of birth, Social Security numbers, addresses, email addresses, taxpayer ID numbers, bank account information, group numbers, subscriber numbers, and member ID numbers. However, exposed information varied by person. 

 

As required by law, affected individuals received breach notification letters and two years of free credit monitoring and identity theft protection. To prevent future incidents Dominion National has implemented enhanced alerting and monitoring software. 

 

Mike Davis, Dominion National President, stated “we recognize the frustration and concern that this news may cause, and rest assured we are doing everything we can to protect your information moving forward. We are committed to making sure you get the tools and assistance you need to help protect your information.”

How to Prevent a Server Hack

Healthcare servers hold a wealth of patient information and are continually targets for hackers. To ensure that the data held in a server is protected, there must be systems in place to prevent access from unauthorized individuals. 

 

The Department of Health and Human Services (HHS) identifies ten practices organizations should implement to increase their cybersecurity:

  1. Email protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cyber security policies

 

An organization that incorporates these ten practices into their security practices will limit their risk of exposure.

Need Help with HIPAA Cyber Security?

Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.

 

To address HIPAA cyber security requirements, Compliancy Group works with IT and MSP security partners from across the country, who can be contracted to handle your HIPAA cyber security protection.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

How Relevant CTI Can Be

How Relevant CTI Can Be | Healthcare and Technology news | Scoop.it

CTI stands for Computer Telephony Integration and it refers to any type of technology that allows computer and phone central functionalities to be interconnected resulting in an added value service portfolio.

 

In the beginning of the telephony era, you were not given the chance of dialing; you would simply “signal” a call center and a human operator would ask you what you required. Then once you stated you wanted to call someone, that human operator would establish a point-to-point connection between your terminal equipment (phone) and the destinations.

 

The funny thing is that nowadays, when you ask your smartphone’s personal assistant to call someone, the process as perceived by us humans is, in fact, the same, and we like it better than having to dial the number or look for the contact.

 

Phone Centrals have become Computers instead of the long-gone PBX backbones, nevertheless the integration of such computers (which perform the role of phone centers) with terminal equipment’s which are in fact computers (like smartphones) and computer software like CRM and ERP Servers or Cloud-based App Services has made the CTI concept more relevant by the day.

 
Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Net Benefits of Telemedicine for Urgent Care Centers

Net Benefits of Telemedicine for Urgent Care Centers | Healthcare and Technology news | Scoop.it

Practice EHR discusses net benefits of telemedicine for Urgent Care Centers.

 

Telemedicine is becoming the new norm for giving and receiving care. Today’s patients are more connected than ever before and 64 percent of Americans report they would seek care via telemedicine, according to an American Well telehealth survey.

 

In its early stages, telemedicine seemed like another on-demand solution taking patients away from urgent care centers (UCCs). Today, urgent cares are realizing the benefits of integrating telemedicine into their operations, such as better flexibility, accessibility and in some cases, better patient satisfaction and outcomes.

 

Fortunately, telemedicine also has financial advantages. Telemedicine empowers UCCs to provide a convenient and cost-effective service for patients, while at the same time improving revenue. Have you considered telemedicine for your urgent care? Read on to learn more about the financial benefits of telemedicine:

Net-Benefits of Telemedicine

1. Increase the number of patients you see each day.

Telemedicine helps you work more efficiently and see more patients in less time. A virtual visit takes less time than an in-person visit, allowing your urgent care to increase the number of patients seen in a day, without having to extend office hours. For example, a clinic with three providers that completes two virtual visits per day, at an average reimbursement of $50, will earn $109,500 in additional revenue in just one year.

 

For UCCs who do feel the need to provide extended office hours, telemedicine is a feasible and cost-effective solution when you have a cloud-based electronic health record (EHR) with integrated telemedicine capabilities. Consider virtual extended hours, where a patient can be seen via a virtual visit conducted by a remote on-call physician. This idea eliminates in-person visits during extended hours, which keeps costs low, drives revenue for your clinic and at the same time provides better accessibility for patients who may be in need during those off-hours

.

2. Better allocate your resources.

Today, consumers have more options than ever before when it comes to their care. Long wait times can result in low patient satisfaction and fewer patients. If your clinic is experiencing long wait times, consider how you can incorporate telemedicine for services that don’t require an in-person visit, like for the flu or an emergency medication refill. Providing virtual visits for these scenarios is a much more efficient and cost-effective way for your patients and your clinic.

 

Telemedicine can also help multi-location UCCs balance their patient volumes and wait times, without having to spend money on additional resources. The Journal of Urgent Care Medicine cited an example of an urgent care that decreased patient wait times and increased patient satisfaction by equipping facilities with telemedicine capabilities in two locations. In other words, UCCs can leverage providers in lower-traffic locations to conduct virtual visits immediately and remotely for patients who are waiting to be seen at the busier location.

 

3. Reach more patients.

In addition to load balancing, telemedicine can easily enable UCCs to reach a larger pool of patients to generate more revenue. Urgent cares who use telemedicine can expand their services to reach patients across one state or multiple, instead of being limited to patients who only live within a 3-5 mile radius.

 

4. Achieve competitive advantage.

Research from Accenture indicates patients want a better healthcare experience and they are leveraging technology, such as telemedicine, to do so. However, the same research also suggests patient demands for virtual care options are outpacing what’s currently available. This provides a significant opportunity for urgent cares. UCCs were the catalysts for convenient, on-demand healthcare; those who continue to evolve with their patients will successfully differentiate themselves in today’s competitive healthcare market.

 

To continue to lead in the on-demand market, urgent care centers will need to adopt technology, like telemedicine to meet patient expectations. The good news is telemedicine is a smart investment that can result in improved efficiency, patient care, cost-savings, revenue and more. Incorporating telemedicine into your UCC isn’t difficult, and there are affordable, telemedicine solutions on the market today. UCCs that incorporate telemedicine, have a lot to gain and very little to lose.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

How to integrate your Phone System with Google Apps through CTI?

How to integrate your Phone System with Google Apps through CTI? | Healthcare and Technology news | Scoop.it

With VoIP (voice over internet protocol), companies are now able to access cheaper, more accessible phone systems all over the world. While VoIP phones have become common, particularly in North America and Europe, there is still a broad growth trend in Asian, African, and Latin American markets. Asian Pacific Markets expect an estimated 14% growth over the next five years, a significant increase considering the dense technological saturation in the area, caused primarily by escalating high-speed communications networks.

 

In markets where there isn’t such an extreme jump in internet infrastructure, there are also significant gains in the adoption of IP phone technology. In Africa, VoIP growth is stunning (80% in South Africa, for example). Because governments own traditional phone infrastructure in Africa, and also because of the challenges expanding utilities to less urban or more isolated areas, mobile VoIP has been replacing traditional phone systems for emerging and growing businesses.

 

Given contemporary global markets and the push toward global expansion, even companies that have long-established traditional phone infrastructure are adopting VoIP systems for their call centers and sales teams. Global calls are more than just person-to-person voice; they now include video, conferencing, and text, whether in Asia, Europe, or North America.

 

With VoIP phone systems, businesses can integrate their phones to their computers and smoothly connect all aspects of sales and service. SMEs and larger enterprises can all benefit from merging data and communications functions; with IP phones, users gain key communication features, all the while letting their VoIP service providers handle IT, updates, and data hosting. Businesses, regardless of size, can benefit from efficiently merging voice and data functions and gaining innovative communication features, while their VoIP service provider takes care of the technology.

 

CTI (computer telephony integration) software lets users integrate their phones with their CRM or ERP platforms to provide more efficient, cheaper, and easier customer communications.

 

With sales, agents can contact more potential clients, improve customer/agent interaction, and create a more collaborative sales team performance. With service, CTI software gives customers options of self-service or live agents, gives automatic call routing, reduces handle times, and gives management the opportunity to review call center performance.

 

It follows by implication that it’s important for businesses to find the best VoIP phone system and CRM for their needs. Some companies need a comprehensive system that works seamlessly across a host of different silos, whereas other businesses need customizable specifics for one element (IT, for example). Businesses must understand their budgets, dominant departments, as well as the need for scalability, and make decisions accordingly.

 
Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

HIPAA Physical Security is Just as Important as Cyber-Security

HIPAA Physical Security is Just as Important as Cyber-Security | Healthcare and Technology news | Scoop.it
HIPAA Physical Security is Just as Important as Cyber-Security

There are many misconceptions when it comes to HIPAA and security controls for covered entities. While security is related to technical measures such as encryption, firewalls, and security risk assessments, it also addresses physical and administrative safeguards that must be in place to protect patient information. In order to comply with HIPAA regulation, healthcare organizations must address each standard and safeguard outlined in the HIPAA Security Rule.

 

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has now released new information further emphasizing the importance of physical safeguards for healthcare organizations across the country. HIPAA not only requires technical controls to protect the confidentiality, integrity, and availability of protected health information (PHI) but also proper physical security controls.

 

Physical safeguards are generally seen as the simplest and cheapest forms of protecting PHI, yet many organizations tend to overlook this important element of security. There are even some physical security controls that cost nothing- such as simply locking up portable electronic devices when they are not in use (laptops, portable storage devices, and pen drives).

 

Although this may seem like a very basic form of security, it is one of the most effective ways of preventing theft. To illustrate the importance of HIPAA physical security safeguards, OCR focuses on a 2015 HIPAA settlement with Lahey Hospital and Medical Center that affected 599 patients. This breach and subsequent HIPAA fine were triggered by the theft of an unencrypted laptop from the Tufts Medical School-affiliated teaching hospital.

 

The laptop was stolen from an unlocked treatment room off an inner corridor of the radiology department and contained ePHI. Lahey Hospital was fined $850,000 for failing to implement physical controls–a high price to pay for something that could have been avoided if some simple physical security safeguards were in place.

 

Prior to the Lahey Hospital settlement, QCA Health Plan paid $250,000 to OCR in 2014 for potential HIPAA violations. QCA Health Plan neglected to implement physical safeguards for all workstations to restrict access to ePHI to authorized users only. In this case, an unencrypted laptop was stolen from an employee’s vehicle.

 

Massachusetts Eye and Ear Infirmary (MEEI) also settled a HIPAA violation with OCR in 2012 for $1.5 million. Again, this incident was related to the theft of an unencrypted laptop, resulting in the exposure of patients’ ePHI.

 

In 2016, Feinstein Institute for Medical Research settled potential HIPAA violations with OCR for $3.9 million. Feinstein Institute failed to physically secure a laptop that was stolen from an employee’s vehicle containing the ePHI of 13,000 patients.

 

In July 2016, the University of Mississippi Medical Center was fined $2,750,000 for a failure to implement HIPAA physical security safeguards. An unencrypted laptop that contained ePHI of approximately 10,000 patients was stolen from its Medical Intensive Care Unit.

Preventing HIPAA Physical Security Breaches

It is up to covered entities and their business associates to decide on the most appropriate physical security safeguards that will protect their patients’ ePHI. One way organizations can implement these physical security controls is by adopting an effective compliance program.

 

Compliance Group gives health care organizations confidence in their HIPAA compliance with The Guard. The Guard is our HIPAA compliance web-app that covers every element of HIPAA compliance.

 

Our Compliance Coaches will guide users through every step of their compliance program with the help of our HIPAA compliance web-app. The Guard is built to address the full extent of HIPAA regulation, including everything needed to implement an effective HIPAA compliance program that will help safeguard your practice from violations and fines.

 

With The Guard, health care professionals will not only address their physical security safeguards but the technical and administrative safeguards as well, along with the other HIPAA requirements.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

Inforadiologia's curator insight, June 30, 2019 10:18 AM
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

Scoop.it!

Why Cyber Security is Key to Enterprise Risk Management for all Organizations?

Why Cyber Security is Key to Enterprise Risk Management for all Organizations? | Healthcare and Technology news | Scoop.it

Large organizations have always focused on managing risk, but the technological breakthroughs that have enhanced our world in countless ways have also transformed how leading executives engage in enterprise risk management (ERM). The pervasive and ever-expanding threat of cybercrime means that comprehensive strategies for cybersecurity are now absolutely essential for all organizations.

 

After all, a report by Cybersecurity Ventures estimates that cybercrime across the globe will cost more than $6 trillion annually by 2021.

 

The sheer magnitude and pervasiveness of the crisis represent a cybersecurity call to arms, and seemingly no one is immune. By now, the list of data breach victims reads like a who’s who of major corporations, governmental agencies, retailers, restaurant chains, universities, social media sites and more:

 

  • The Department of Homeland Security, IRS, FBI, NSA, DoD
  • Macy’s, Saks Fifth Avenue, Lord & Taylor, Bloomingdale’s
  • Facebook, Reddit, Yahoo, eBay, LinkedIn
  • Panera, Arby’s, Whole Foods, Wendy’s
  • Target, CVS, Home Depot, Best Buy
  • Delta, British Airways, Orbitz
  • Equifax, Citigroup, J.P. Morgan Chase
  • The Democratic National Committee
  • Adidas, Columbia Sportswear, Under Armour
  • UC Berkeley, Penn State, Johns Hopkins

 

If you need another reason to drop everything and prioritize cybersecurity risk management in your organization’s overall ERM strategies and systems, consider the recent NotPetya malware attack. Described by Wired as “The Most Devastating Cyberattack in History,” it disrupted global shipping operations for several weeks and caused more than $10 billion in total damages while temporarily crippling such multinational companies as shipping giant Maersk and FedEx’s European subsidiary, TNT Express. All because hackers were able to infiltrate a networked but unsecured server in the Ukraine that was running software that made it more vulnerable to attack.

 

Despite these and countless other costly incidents and attacks, many organizations have not yet fully incorporated cybersecurity risks into their overall enterprise risk management frameworks.

3 Chief Obstacles to Cyber Security and ERM Preparedness

The ever-expanding list of high-profile attacks and victims could be seen as evidence that, in many instances, “the adversaries are winning,” according to Richard Spires, a former chief information officer at both the IRS and the Department of Homeland Security. Or at least that there is much work to be done to combat the ongoing threat.

 

In a piece titled “The Enterprise Risk Management Approach to Cybersecurity,” Spires poses the question: “In an era of ever more sophisticated cybersecurity tools, how is it that we are actually backsliding as a community?” And he offers three key answers:

 

  1. Complexity: IT (and cybersecurity) systems are by their nature extremely complex and in many cases far-flung, so creating airtight security is incredibly challenging.
  2. Highly Skilled Adversaries: The hackers’ tactics and methods continue to grow more sophisticated. Plus, their risk is low because they are hard to catch. They are smart and, with billions of dollars on the line, more highly motivated than ever.
  3. Lack of IT professionals: Cisco reports that 1 million cybersecurity jobs are currently unfilled on a worldwide basis and that “most large organizations struggle to find, develop and then retain such talent.” The shortage of qualified cybersecurity professionals with the right skills, knowledge, and experience is an ongoing “crisis,” according to Forbes.

 

One of the leading efforts to develop protocols that organizations can use to safeguard themselves is sponsored by the U.S. Government — the National Institute of Standards and Technology’s Cybersecurity Framework.

 

According to Gartner, more than 50 percent of U.S.-based organizations will use the NIST Cybersecurity Framework as a central component of their enterprise risk management strategy by 2020, up from 30 percent in 2015. This voluntary framework consists of “standards, guidelines, and best practices to manage cybersecurity-related risk,” according to NIST, which reports that version 1.1 of the Cybersecurity Framework has been downloaded over 205,000 times since April 2018.

 

Also, the Center for Internet Security (CIS) has produced “a prioritized set of (20) actions to defend against pervasive cyber threats.” CIS says its protocols are intended to provide “a roadmap for conducting rigorous and regular cybersecurity enterprise risk management processes that will significantly lower an organization’s risk of catastrophic loss.”

 

CIS, which claims its best practices could have prevented attacks like the data breach that hit the consumer credit reporting agency Equifax, also offers guidelines for the seemingly “overwhelming” challenge of how to build a cybersecurity compliance plan.

5 Helpful Tips for Cyber Security and Enterprise Risk Management

OK, how about some actionable tips for organizations looking to beef up their cybersecurity defenses and risk management profile? Chris Yule, a senior principal consultant for SecureWorks, breaks it down in laymen’s terms in a quick video. Yule’s five tips include:

 

  • Cultivate support of senior management — It is essential for organizations to have strong support for cybersecurity risk management on the senior management team and to tie it to their overall business strategy.

 

  • Limit your attack surface — Often referred to as “hardening” your potential targets and vulnerabilities, this refers to coordinating with IT in reducing your exposure and “locking things down.”

 

  • Increasing visibility/awareness — In addition to building up defenses to reduce risk, organizations must also “tear things down.” This means working to better understand the potential spectrum of risk by conducting comprehensive internal vulnerability scanning, penetration testing and “monitoring your infrastructure for the bad stuff.”

 

  • Build a culture of security among employees — Employees must be committed to cybersecurity and clearly understand their specific responsibilities. “Make sure that everybody’s trained, everybody knows what their role is within the organization to keep things secure,” said Yule.

 

  • Prepare an incident response plan — “You need to be prepared for when things go wrong,” warned Yule. Notice that he says when and not if. “Everybody will get breached at some point regardless of what you do,” said Yule, so it is essential that everybody knows “what the plan is to contain and eradicate that threat when it happens.”

 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Healthcare Providers & Vendors Need HIPAA Cloud Solution!

Healthcare Providers & Vendors Need HIPAA Cloud Solution! | Healthcare and Technology news | Scoop.it

Cloud solutions are quickly becoming the new norm for the way businesses operate today. Many companies are moving from legacy software systems to online “hosted” alternatives, such as SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service) or IaaS (Infrastructure-as-a-Service). The benefits of cloud-based solutions over desktop software are wide-ranging, affecting everything from productivity to data security. Healthcare organizations also need to take the appropriate precautions to ensure that they have a HIPAA compliance cloud.

 

It makes sense to see why so many organizations are adopting cloud-based solutions–improved efficiency, flexibility, cost reduction, mobility, as well as around the clock support are all driving forces behind the growth of cloud services.

 

Yet, HIPAA compliance cloud services also raise some concerns in regards to security and compliance, which go hand-in-hand to help organizations keep their sensitive healthcare data safe. For businesses operating in the healthcare industry, which accounts for approximately one-fifth of the US economy, these concerns escalate due to HIPAA regulatory requirements that mandate the privacy and security of patients’ protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include names, dates of birth, Social Security numbers, phone numbers, medical records, and full facial photos, to name a few.

 

HIPAA applies to covered entities, such as providers and insurance plans, as well as business associates who perform certain functions for, or on behalf of another health care organization that involves receiving, maintaining, or transmitting PHI.

 

For example, a cloud service provider (CSP) who are involved in handling PHI for a covered entity whether it is data storage or a complete software solution such as a hosted electronic medical record system, are still considered a business associate and need to implement a HIPAA compliance cloud.

HIPAA Compliance in the Cloud

In a nutshell, both covered entities and business associates need a HIPAA compliance cloud that allows for the creation of an effective compliance programThe Department of Health and Human Services (HHS) released detailed, five-step guidance on cloud computing that parties must adhere to in order to maintain HIPAA compliant relationships. This HHS guidance on HIPAA compliance cloud services includes:

 

  1. Execute a Business Associate Agreement– A business associate agreement outlines what business associates can and cannot do with the PHI they access, how they will protect that PHI, how they will prevent PHI disclosure, and the appropriate method for reporting a breach of PHI  if one would occur. It also defines liability in the event of a data breach.
  2. Conduct a HIPAA Security Risk Assessment– The covered entity or business associate that works with a cloud service provider must document the cloud computing environment and security solutions put in place by the cloud service provider as part of their risk management policies.
  3. Abide by the HIPAA Privacy Rule– A covered entity must enforce proper safeguards in order to keep PHI safe and information can only be disclosed to a business associate after a business associate agreement has been executed.
  4. Implement HIPAA Security Safeguards– A business associate must comply with all three key security safeguards outlined in the HIPAA Security Rule: Physical, Technical and Administrative.
  5. Adhere to the HIPAA Breach Notification Rule- In the event of a data breach, covered entities and business associates are required to document and investigate the incident. All breaches must be reported to HHS OCR. All affected parties must be notified as well.

 

The only exception to the Breach Notification Rule is if the data was properly encrypted. If, for example, a properly encrypted device containing PHI goes missing, then there is a low probability that the data will be accessible by an unauthorized user. In this case, a breach will not have to be reported under the provisions of the Breach Notification Rule.

 

However, it is crucial that all HIPAA covered entities and business associates read the standards outlined in the regulation to determine the proper level of HIPAA encryption for different modes of data storage and transmission.

 

If a covered entity does not execute a Business Associate Agreement with a third party vendor with whom they share PHI, both organizations are leaving themselves exposed to a significant risk of HIPAA violations.

A HIPAA Compliant Cloud Will Save You Money

Data breaches are very costly–not only due to monetary penalties but also because of the long-lasting reputational damage a breach can have on an organization.

 

HIPAA breach fines can range anywhere from $100 to $50,000 per violation or record, with up to a maximum of $1.5 million per violation. When multiple violations or a large scale data breach occurs, these fines can compound and lead to millions of dollars in HIPAA fines. As if that isn’t bad enough, breaches are publicly listed on the “Wall of Shame,” maintained and enforced by HHS OCR. This list shows all HIPAA breaches affecting 500 or more individuals. Even worse, some HIPAA violations can lead to criminal charges, carrying the potential for jail time.

 

In order to avoid violations and fines, healthcare providers and business associates must comply with HIPAA regulations which means protecting the security and privacy of their patients.

Compliance Group Can Help!

Compliance Group helps healthcare professionals and business associates effectively address their HIPAA compliance with our cloud-based app, The Guard. The Guard allows users to achieve, illustrate, and maintain compliance, addressing everything that the law requires.

 

Users are paired with one of our expert Compliance Coaches. They will guide you through every step of the process and answer any questions you may have along the way. Compliance Group simplifies compliance so you can get back to confidently running your business.

 

And in the event of a data breach or HIPAA audit, our Audit Response Team works with users through the entire documentation and reporting process. At Compliance Group, we go above and beyond to help demonstrate your good faith effort toward HIPAA compliance.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Telemedicine’s Pivotal Role in Improving Mental Health

Telemedicine’s Pivotal Role in Improving Mental Health | Healthcare and Technology news | Scoop.it

Living with a mental illness can be isolating and difficult. The long-standing stigma connected with mental illness, along with limited treatment accessibility, patients’ fear of the potential repercussions of family, friends, and employers finding out about their condition, have kept many individuals from seeking the support they need. Fortunately, these trends are starting to shift in a more positive direction.

 

Although some stigma and shame still surround such illnesses as depression, anxiety, OCD, and bipolar disorder, people are beginning to feel more comfortable about sharing their own strugglesand finding support from others online. Telehealth and an interconnected world are coming together to end stigma, and help people manage their mental health in a more effective way.

 

Perspectives About Behavioral Health Problems Are Improving

Technology has helped us to connect with one another in many positive ways, but this interconnectivity has been a double-edged sword for mental health. Social media and smartphones have led to a 24/7 lifestyle that can exacerbate or even create mental health issues. With that said, technology has also opened up a dialogue that is beginning to change the conversation and do away with the stigma surrounding mental illness.

 

Thanks to those who have shared their experiences online, more people are beginning to realize that mental illness is quite common. Ultimately, this change should mean that more people feel comfortable seeking treatment so they can live a healthy, more productive life.

Services Are Becoming More Accessible

Limited access to treatment has always been an obstacle for people seeking mental health services. Finding a therapist locally can be a challenge, because many mental health professionals may not accept some forms of insurance, or do not treat a patient’s needs. A 2017 Milliman report illustrated the shortage of mental health professionals nationwide, with only 8.9 psychiatrists for every 100,000 people, which leads to many people seeking treatment while waiting months to get help.

 

The American Psychiatric Association fully supports telepsychiatry, now that telehealth has shown it can improve accessibility and enable patients to get the help they need without the struggle. Patients and professionals have found that therapy sessions via video chat and other remote services are as good as “face to face” sessions. Telehealth support is also key for patients with  mental health needs; they can consult with a specialist without having to travel.

 

Telehealth is increasingly being utilized in emergency situations. Patients who are experiencing a mental health emergency can reach out to professionals 24/7 and receive remote monitoring when necessary. This helps to allow patients to maintain their independence while ensuring they have the support they need.

 

More Specialists Are Needed to Pave the Way Toward Change

Now that more people are opening up about their mental health challenges, many others are becoming inspired to take charge of their own mental health. That’s creating an unprecedented demand for behavioral health services in both traditional models and telemedicine. While this signals a positive cultural shift, the healthcare system is not prepared for this growing influx of new patients.

 

There are many mental health resources available to help people cope with common mental illnesses, but what is needed long-term is more mental health specialists. To ensure that every American has access to high-quality behavioral healthcare, we need more people to enter this growing field. According to some estimates, 70,000 mental health specialists in several disciplines will be necessary to meet demand by 2025.

 

The good news? Healthcare organizations are increasingly adapting to new trends to meet patients’ needs. Thanks to new same-day programs and mental health professionals at primary care facilities, patients can now get help in as little as 30 minutes.

 

Should You Pursue a Career in Behavioral Health?

A career in mental health is a great option for people who are committed to helping others.  While becoming a behavioral health professional takes time and extensive education, it can be a satisfying career, and specializing in telemedicine is a great way to help solve the shortage of qualified professionals.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Healthcare Organizations Mature their Cybersecurity Practices

Healthcare Organizations Mature their Cybersecurity Practices | Healthcare and Technology news | Scoop.it

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents.

 

Among those was the American Medical Collection Agency (AMCA) breach, an event which affected 24 million patient records when an unauthorized user accessed systems that contained sensitive information.

 

The breach ultimately led AMCA to file for bankruptcy, and it affected over 20 AMCA customers like Quest and LabCorp.

 

Despite the growth in cyberattacks in the healthcare industry, healthcare organizations continue to underinvest in cybersecurity. Compared to other industries like the financial industry, which invests 15% of revenue on cybersecurity initiatives, the healthcare industry invests only 4-7% of revenue.

 

Healthcare organizations under-invest in cybersecurity, even though the industry incurs the highest per capita cost of a breach. According to the IBM 2019 Cost of a Data Breach Report, the average cost per breached record in healthcare is $429.

 

Although the financial industry has the second-highest average cost per breached record at $210 per breached record, healthcare incurs more than double the cost than finance.

 

To mitigate breaches to confidential patient information, HIPAA was instituted to ensure the confidentiality, integrity and availability of protected health information, so it came with attendant fines for non-compliance.

 

To improve their cybersecurity posture and avoid fines, many healthcare organizations have taken steps to ensure that they comply with HIPAA and that they pass the HIPAA audits.

 

Recognizing the need to improve their security posture, many mature healthcare organizations have adopted industry-standard frameworks like NIST and CIS. Also, many healthcare organizations recognize their need to achieve compliance with other regulatory standards like PCI and SOX.

 

Yet the spate of breaches in healthcare demonstrates that achieving compliance does not guarantee a secure environment, especially when healthcare organizations focus on passing audits at a point in time.

 

While healthcare organizations marshal resources to ensure they pass audits, the organization returns to business as usual, leading to a less secure posture over time.

 

As a result, mere compliance with security standards has had a limited impact on the security posture of healthcare organizations.

 

Achieving and maintaining compliance with these various, complex, ever-changing standards and regulations can be burdensome for healthcare organizations.

 

This challenge is only exacerbated by the technical skills gap. Organizations, especially healthcare organizations, continue to be challenged with hiring, retaining and training cybersecurity professionals. Recent statistics show that there will be 3.5 million unfilled cybersecurity positions globally by 2021.

 

The HITRUST Common Security Framework (CSF) was introduced to ameliorate the challenges healthcare organizations face in trying to achieve compliance with the various, complex and evolving standards and frameworks.

 

HITRUST CSF incorporates existing standards and regulatory policies like HIPAA, PCI, NIST, ISO into an overarching comprehensive framework that remains sufficiently prescriptive in how control requirements can be scaled and tailored for healthcare organizations of varying types and sizes.

 

However, attempting to attest to the HITRUST CSF using manual methods negates the benefits of the HITRUST CSF, as this greatly increases the chances of error.

 

In addition to the extra time and effort that is required to track compliance manually, which is only compounded around audit time, information that is manually collated into a report is hard for an auditor to verify.

 

As a result, Tripwire partnered with HITRUST to help healthcare organizations automate HITRUST CSF compliance. Tripwire is one of only two cybersecurity providers to have partnered with HITRUST for the automated reinforcement of CSF compliance.

 

Tripwire has the industry’s largest platform and policy coverage, including legacy systems.

 

It has a proven track record of helping organizations achieve and maintain compliance with HIPAA, PCI and SOX as well as adhere to security frameworks like NIST and CIS.

 

Now, Tripwire can help organizations automatically achieve and maintain compliance with HITRUST CSF as well as prove compliance with out-of-box, HITRUST-certified reports. This helps them:

  • Quickly achieve and maintain compliance, including audit-ready proof of compliance
  • Accurately align with the HITRUST CSF with Tripwire’s HITRUST-certified mapping
  • Keep up with new HITRUST CSF versions while strengthening your cybersecurity posture
Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Bedside Manners Via Telehealth – Understanding How Your Screenside Manners Matter

Bedside Manners Via Telehealth – Understanding How Your Screenside Manners Matter | Healthcare and Technology news | Scoop.it

Using telehealth technology still requires good bedside manners - just call it your screen side or website manners. So what do providers need to know that is different between an in-person encounter compared to a telehealth encounter? 

 

The space involved with making that first impression via telehealth is significantly smaller than meeting in-person in a clinical setting.  Besides being two-dimensional, your space is limited to the size and quality of the monitor projecting your image on the other end of the connection. 

 

You only get one chance to make a first impression – so make it good.

 

Important factors to consider to help develop and maintain a positive patient-provider relationship:

 

Prior to encounter – being prepared is always the best practice.

  • Equipment – understand how to use and test; know who to contact to troubleshoot; ensure good placement of the camera, microphone, and speakers
  • Physical space – clear of distractions; good lighting; private and secure (HIPAA)
  • Provider Appearance – professional; solid, non-distracting (preferably light blue) colors
  • Preparation – review patient history chart/file

 

During the encounter – a little extra explanation can go a long way to foster relationships.

 

  • Confirm connection quality (hear/see) and security of space (HIPAA)
  • Introduce self (and others), organization/location
  • Have patient introduce self and any others in the room
  • Explain the process of taking notes, and only briefly looking away from the camera as necessary, otherwise maintain eye contact
  • Periodically ask the patient if he/she has any questions or anything to say
  • Reiterate any instructions or follow-up procedures for a patient prior to disconnecting

 

Developing your screen-side manners in today’s telehealth world is just as essential as developing good bedside manners. 

 

Patients still need to feel they are being heard and understood by their provider whether in-person or via video connection. The tasks that happen during an in-person visit, (e.g., jotting down notes, or looking at an image), are seen directly by the patient.

 

These same actions may not be as visible via video, and require some explanation to keep the patient engaged. The patient still needs your full attention.

 

Empathy is no less important in telemedicine. Being prepared, clearly communicating, and focusing on your patient will help foster a positive patient-provider relationship.

 

 You can still make meaningful eye contact via telehealth, but the trick is looking directly at the actual camera, and not the projected image of the patient on your screen.

 

Body language can speak louder than words, but telehealth creates a situation where not all body language is actually visible. 

 

While a thoughtful hand to the chin while thinking maybe commonplace, on video the same action might communicate disinterest. 

 

Controlling reactionary movements is vital for telehealth. While standing bedside, a simple action like shifting weight from one leg to another has minimal visual impact compared to being on video and then seeming to shift out of the view of the camera.

 

Similar to developing a good bedside manner, a good screen-side manner takes practice.  Telehealth is unique in that you can record yourself and review the video before ever connecting with a patient.

 

By examining your recording, you can get a better understanding of the patient’s perspective of the telehealth connection. This process allows you to make adjustments that might not happen otherwise, creating the best patient encounter possible.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

CTI for Connectwise: How does it work on your Phone System?

CTI for Connectwise: How does it work on your Phone System? | Healthcare and Technology news | Scoop.it

SMEs and large enterprises have found that IP (internet protocol) phone systems are cheaper, easier to use, streamlined, and scalable. In other words, they give users more features and better quality while reducing the costs of traditional phone systems.

 

IP phones allow users to be mobile: users have location flexible as well as access to different modes of communication. Agents can log in to the system, talk to clients, and video-conference inside or outside of the office.

 

Given increases in IP access and reductions in cost, companies are still incorporating IP phone systems and will likely continue this expansion for the foreseeable future. According to current research, the VoIP (voice over internet protocol) service market, which was valued at 83 billion dollars in 2015, is expected to surpass 140 billion dollars by 2021.

 

A CTI (computer telephony integration) application is a crucial part of the IP phone revolution of the twenty-first century. By allowing agents and users to combine their phones with their customer support software, companies can further streamline call center processes and maximize productivity.

 

CTI integration helps businesses with high volume manage telephone calls through one system, which can lead to greater productivity and customer satisfaction. CTI software can offer a host of different features, customized to businesses’ needs, to create a more sophisticated and efficient call center process.

 

CTIs can let agents make calls directly from their desktop computers, laptops, or mobile devices, which can free agents from the office and let them go mobile. CTIs give companies features such as intelligent call routing, which automatically routes calls to where they need to go. The speed of access has been shown to increase customer satisfaction; companies using CTI in conjunction with their 800-number service make sure customers get through faster and more effectively.

 

Moreover, CTIs incorporate features that streamline call times and provide client analytics, caller identification, and data recording. Broadly, CTIs allows call centers and other phone users up-to-date technology that allows seamless integration between phone services and computer features. In customer-service oriented businesses, such value-added services allow a company’s call center to be more efficient, skilled, and customer friendly than its competitors.

 

What is ConnectWise CTI and how can its features help agents be more productive?

 

ConnectWise has been helping companies manage IT for over thirty years. Today, its current CRM helps companies manage their sales pipeline, manage client-agent interactions, and integrate sales, data, and services into one system. In addition to sales, the CRM can automate functions in service and support to streamline processes and enable much better customer interaction.

 

ConnectWise CRM focuses on the centralization of information and real-time operational visibility. ConnectWise offers a host of project management systems, as well as dashboards for numerous third-party integrations. As such, ConnectWise CRM can function as companies’ dominant software system or be an add-on that serves as a technology platform on top of businesses’ other computing programs.

 

Geared toward IT service businesses and other technology companies, ConnectWise CRM focuses on ticket management, time tracking, billing and invoicing, inventory management, technician dispatch, and project management. The software offers high levels of customization and scalability for companies of all sizes.

 

As a call center management CRM, ConnectWise offers instant chat for simultaneous customer management, customizable prioritization, and dynamic mobility. Users can integrate websites and emails with chat, while managers can analyze team performance. The CRM’s elegant dashboard allows agents to manage a high-volume flow of calls efficiently and easily. ConnectWise CTI applications link the CRM to businesses’ VoIP phone systems. By using ConnectWise CTI software, VoIP phone services can join with the CRM’s host of specific programs in IT, sales, and services technology.

 

Features and benefits for businesses that thoroughly integrate phone systems with ConnectWise CRM:

 

Advanced technological infrastructure: ConnectWise CTI integration allows for native integration from CRM to phone service, with software created specifically for the ConnectWise CRM platform. ConnectWise CRM’s cloud-based service would allow a new call center or system to be up and running in hours or days, not months. Cloud-based integration maximizes space and minimizes on-premise infrastructure. Moreover, cloud-based CTI connection makes businesses more scalable. In this way, businesses can increase their volume of agents without adding on-site infrastructure and can do so quickly and easily.

 

Integrated Dashboard: ConnectWise phone integration lets users manage all aspects of calls from the screen. At a glance, users can see call histories and addresses. They can make, receive, and transfer calls directly through the system, which speeds up calls and allows agents to reach clients more quickly.  The dashboard is intuitive and easy-to-use, while also being customizable to fit companies’ or users’ specific needs.

 

Minimized data entry: With ConnectWise CTI, businesses can minimize data entry by logging key information about the call automatically. The CRM can log the interaction and include data that can be collected automatically, such as duration, caller, related leads or contacts. The function frees agents so they only have to enter non-automatic information. It also includes space for these notes.

 

Increased call capacity: With phone integration, users are able to minimize time wasted by searching for hyperlinks or typing in numbers. With a click to dial feature, agents can dial a phone number with one click when the number is on a web page, in an inbox, or a document. Furthermore, users can add a prospective client as a contact right from the popup, again reducing repetitive data entry.

 

Caller ID and Routing: Using ConnectWise integration, calls can be routed for higher efficiency. For example, calls can be accessed and routed by caller location, previous interactions between business and client, geographical field, language used, current agent availability, or a host of other factors. These factors optimize caller-agent relationships; by putting the most appropriate agent on the call, the CRM saves time and provides a better customer experience. Additionally, caller ID gives agents instant access to client information. Instead of having to search for customer profiles, users can have automatic access to clients’ locations, previous interactions, and professional details.

 

Task follow-ups: CTI integration makes collaboration and follow-up easier between colleagues. Because the system works in real-time and connects calls to data, involved team members can see what agents have done or what they plan to do. As such, tasks can be categorized and allocated automatically. The CRM can create events and plan callbacks so that there is always a potential next step for agent/client interaction already on the schedule.

 

Call analytics: With CTI integration, data becomes instantaneously shareable across teams and automatically synced. In this way, multiple agents can have access to real-time updates and new data. Moreover, ConnectWise CRM helps manage, organize, and analyze data. It can record and store customer configuration data in a centralized, accessible location, thus allowing agents and managers immediate access to a host of useful data, including contact databases, inventories, previous sales, and other crucial elements.

 

VoIP phone systems are the most efficient and cost-effect system to use in contemporary call centers and IT service departments. A badly integrated CRM, however, can be detrimental to a company in which business thrives on creating and maximizing opportunity. Not only must a company find the right CRM for its business, but it must also effectively coordinate its desktop services with its phone system. ConnectWise CTI phone integration works to allow users to have as much information as possible, get the right calls to the right person quickly, and create the best possible customer service interaction.

 

ConnectWise CTI applications allow VoIP phone systems to be seamlessly integrated with the ConnectWise CRM. With ConnectWise CTI phone integration, users can manage timelines, dial from their computers with one click, access significant data on potential clients and repeat customers, collaborate with other agents, and create a better customer service experience. Moreover, the cloud-based CRM is cost efficient, scalable and lacks the baggy infrastructure of on-premises servers. With ConnectWise CRM integrated into businesses’ phone systems, businesses can take the focus off of managing their system and instead, focus on their products.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Telemedicine and Smart Cities

Telemedicine and Smart Cities | Healthcare and Technology news | Scoop.it

You can put the word "smart" in front of just about anything these days — including an entire city. But what does it actually mean?

 

The concept of smart cities is incredibly exciting. Cities have always been social, cultural and productive centers of society. But the city of the future will help us work and play even smarter, commute more quickly, and make use of more advanced and affordable products and public services. That includes health care.

As the world explores what smart cities are capable of, we're seeing more ways they'll impact the telemedicine industry and vice versa. Let's take a closer look.

 

A Holistic View of a City's Health 

 

Conducting a more proactive monitoring of public health is probably the most important part of a smart city's data-driven telemedicine system. Thanks to electronic health records, location technologies, and cheap and rugged remote sensors, public health officials have an easier time than ever studying disease patterns and profiles, tracking public health worries and outbreaks, communicating with the public about new issues and seasonal disease cycles, understanding and making changes to how people move about a city, and much more.

 

This brings us to one of the best features of smart cities: smart hospitals. A number of facilities across the U.S. are using more advanced devices and data-gathering systems to better understand changes, even in real-time, that concern citizens on a daily basis. These insights can cover any number of factors associated with city living, including air and water quality, the effects of weather and climate on health and even the relative stress and happiness in one city compared with another.

 

Better Access to Health Care Even in Rural Areas 

 

It's a long-running pattern, but residents of cities generally enjoy better access to health services and medical specialists. As a result, residents of rural areas, and those who live a little farther from city centers are more likely to suffer from chronic health problems and to have greater restrictions on their physical activities. Cities are known for their smog and pollution, but they offset some of the harm thanks to convenient access to health infrastructure.

 

Making cities even smarter seems at first glance like it might make health care inequality even worse. But it may actually do the opposite. Cities have more choices than rural areas when it comes to health care, but residents still face wait times and lines, often for issues that didn't require a visit in the first place.

 

To that end, we can expect that telemedicine will cut down on congestion in cities, plus make it far easier for rural residents to communicate with doctors and specialists with the same ease as rural citizens. With telemedicine and remote video consultations, distance from a metropolitan area is less likely to decide the quality of one's health care or their life.

 

More Efficient Public Institutions 

 

In the U.S. and elsewhere, it's a fact of life that countries must feed, clothe and shelter prison inmates and residents of correctional facilities. This portion of the population is frequently written off or forgotten about, but these are citizens too, and they deserve as quick and competent a response as anybody when they find themselves in poor health. 

 

Telemedicine can provide a vital function by making it easy for cities to see to inmates' health needs. New York City alone is home to around 55,000 residents of its correctional system, which means the already limited availability of specialist doctors isn't always able to answer the call. Instead, telemedicine makes it simpler for specialists to check in with patients when they can't be there in person while cutting down on the time and expense of transporting these individuals to appointments. 

 

Walkability and Self-Service Health Care 

 

Futuristic cities have long been depicted with swarms of flying cars, but that dream is still a little way off. In the meantime, we're busying ourselves rethinking our urban layouts, including making a push to install bike lanes and generally make our cities more walkable and more amenable to cleaner, healthier living. 

 

Smart technologies like internet-connected cars, plus city infrastructure that can talk to them, will make it easier than ever for pedestrians and cyclists to navigate intersections safely and quickly. Couple this with the fact that insurance companies increasingly turn to wearables to keep customers honest about -- and committed to -- healthy lifestyles. These wearables lend themselves to telehealth in a number of ways, from making remote data sharing simple, to automatically alerting emergency responders, for example, if an elderly resident falls in his or her apartment, or in a park, and can't signal for help themselves.

 

The truth is, we're only beginning to appreciate what's possible with telemedicine and smart cities. As more medical device manufacturers move into making devices for a connected world, while still maintaining the quality set in place by ISO 13485, it’s easy to see how the relationship between telemedicine and smart cities is just starting. 

 

The potential here is part of the reason why we will collectively activate some 36 billion internet-connected devices by the year 2021.  

 

By that time, we'll have even more robust industrial standards for helping public and private data systems work better together, and we'll have an even more thorough understanding of how the advancement of technology can improve how we live and how we pursue health care services. 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

Andrea Shaji's curator insight, November 18, 2019 7:18 PM
More advanced cities are the ones being benefited the most. 
Scoop.it!

Future Scope of Computer Telephone Integration - Future of CTI

Future Scope of Computer Telephone Integration - Future of CTI | Healthcare and Technology news | Scoop.it

For all intents and purposes, it does seem like the future of CTI is today. The technology has come a long way since the simple screen population technology.

 

In fact, back in 1996, an article by Guy Matthews predicted three CTI technologies that would shape how the masses communicate in the future: internet phones, faxback, and international callback. All of which are now readily available – or even basic – with today’s CTI technology.

 

So, what lies in the future of CTI? Has technology reached its peak? What should we look forward to when it comes to CTI integration?

The Future of CTI in the Clouds

Cloud computing has paved the way for the mass adoption of CTI, as well as other technologies. It has made powerful systems, platforms, and applications available to practically all kinds of businesses. Through scalable service offerings, small- and medium-sized businesses can use technologies, such as CTI, to compete on the same level as companies with more technical expertise and thicker wallets.

Want to increase your customer experience right now?

That’s the beauty of cloud computing – and, in the world of IT, it is huge. Projections made by technology research company Gartner Inc. peg the worldwide market for public cloud services to be worth around $204 billion in 2016. Alongside this, the cloud application services (SaaS) industry is worth billions of dollars too, with a projected 20% yearly growth. The SaaS industry is seen to grow to $132.57 billion by 2020.
 

These numbers reflect the future of CTI. As the cloud computing industry grows, cloud-based CTI services become more accessible, at low leveled off rates. Because of this, the CTI market will lean further towards cloud-based services. You just won’t be able to deny the key selling points: cost-effectiveness, scalability, and accessibility.

CTI “Mobilization”

The future of CTI is also mobile. According to a study made by the Emergence Capital Partners (ECP), there are more than 300 mobile enterprise app companies in operation. These companies focus on key segments that include communications, task management, and events and contact management. This falls right in the turf of CTI integration and unified communications.

 

To date, there is an increased demand for a better communications platform, one that consolidates your interactions with your contacts, clients or prospects, whether it’s through voice, email, chat or SMS. This platform makes such information available across your desktop and mobile devices.

 

A future where mobile access is already a requisite part of CTI integration is a future where business booms. According to research firm Forrester, companies that encourage the use of mobile applications grow faster than those that don’t. After all, agents and employees who are not tied down to one place tend to become more accessible, reliable and productive.

Social Media Integration

Social media is part of the future of CTI too. Through CTI integration with business applications, such as CRM, communications on social media can be accessed through a singular platform. There is no need to switch platforms to respond to social media interactions.

 

What should be noted, however, is the increasing use of social media to interact with businesses. Companies miss out if they neglect interactions within this channel.

 

There is still a need to make social media communications easier and simpler for your agents and sales team. The future of CTI – where businesses get the full advantages of optimizing their marketing, sales and support processes – demands social media integration that is unified and efficient across all devices, regardless of agent location.

Improved Security

As with all technological advancements, communications technology deals with attempts to exploit its vulnerabilities on a regular basis. This is ‘business as usual’ in technology. However, with the massive amount of data that comes with CTI integration, the future of CTI has to be more secure. In fact, according to a 2016 survey by Society for Information Management (SIM), 36% of IT heads rank security as their number one concern

 

Improved security when it comes to CTI integration has to cover all the bases, from cloud-based data to on-site and third-party hosted information. Ultimately, this impacts how you do business and how you are perceived by your target market.

Better User Experience

Applications integrated with your CTI system upgrade fast and regularly. This improves the scope of technology. In many cases, upgrades also introduce new ways for you and your team to accomplish tasks and goals. This increased efficiency requires that you adapt to upgraded technology fast.

 

Improving the user experience through simplified and intuitive interfaces is a way to hasten your team’s learning curve. Improved interfaces are actually crucial since your CTI system is integral to your business’ day-to-day. The faster the learning, the quicker you can get back to efficient work.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

How to integrate HubSpot with CTI through your Phone System?

How to integrate HubSpot with CTI through your Phone System? | Healthcare and Technology news | Scoop.it

For sales reps or call center managers looking to combine the power of a CRM with a phone system, Computer telephony integration (CTI) is the answer. For many, that integration involves HubSpot. HubSpot CRM integrations apply the full depth of business intelligence to every consumer interaction, turning raw data into bottom-line ROI.

 

Why bother with computer telephony integration (CTI)?

 

Whether or not consumers realize it, call center representatives tend to know a fair amount about them by the time they say: “Hello”. That’s the power of CTI—pushing high-value, real-time data to employees engaged in human-to-human interactions with customers. That knowledge can solve problems more efficiently and offer subtle customer relationship support to retain more clients.

 

CTI can even aid call center representatives before the conversation begins. Pre-routing data gathering gleans information from consumers that sends calls to the most qualified representative. For consumers, this means an overall smoother experience. It lowers the chances of pogo-sticking from representative to representative while searching for the right person or department.

Want to increase your customer experience right now?

Boost your CX with tips from our industry leading whitepaper, How Fortune 500 Companies Manage Their Contact Centers

 

For employees, pre-routing saves time. With entry-level questions already asked and answered, representatives can dive into the core issue immediately. (Consumers are grateful for quicker solutions as well.) Lowering the amount of live call time frees representatives to handle more consumers each day. The benefit to employers? Less call center staff.

 

While customers and call-center representatives may never interact more than once, CTI avoids the perception of communicating with a stranger. On a personal level, CRM data may contain notes that help representatives navigate a heated conversation with a demanding client. On a professional level, notes from previous calls—from contact history to technical solutions—can get representatives up to speed immediately.

 

Unique advantages of HubSpot CTI

 

HubSpot’s CRM tackles the so-called “tasks salespeople hate.” HubSpot’s promise is less time on spreadsheets and in Microsoft Outlook and more time interacting with customers. It’s about streamlined, centralized communication to support disparate teams of sales and customer service representatives working with clients. It’s also free in its basic format.

 

Combining HubSpot’s CRM with its automated inbound marketing tools—a prime source of HubSpot revenue—reflects the power of HubSpot integrations, even within their walled garden. The potential to transition internal HubSpot connections into a system-wide HubSpot CTI integration offers a glimpse at the potential of a start-to-finish sales and marketing platform.

 

For call center representatives, HubSpot phone integration empowers staff with more than basic consumer data. It can include notes and history related to sales staff interactions, or even knowledge about which marketing materials potential consumers have received or opened.

 

HubSpot reports that every phone call costs a company up to $15. This frequently puts companies in a bind: They want to satisfy consumers’ need to reach out quickly but avoid an inundation of calls that offer little sales potential. The knee-jerk reaction, according to HubSpot, is often to make phone numbers harder to find. But that solution serves company, not consumer, goals.

 

This is where data plays a critical role. HubSpot CTI can help prioritize and route calls according to various rules defined by CRM data. Avoiding the all-or-nothing approach when it comes to calls can make ROI more predictable for call centers and prioritize the time and energy of sales staff.

 

Post-call analysis can help refine an initial set of inputs from HubSpot CTI integration to develop an ongoing process of refinement. Because marketing and sales data live in the same location, call centers can also become a source of data for other agents at a company by pushing call analysis out to sales teams or marketing departments. Does a marketing department exist that wouldn’t want to learn about the correlation between specific marketing materials and sales?

 

How to Integrate HubSpot with a phone system

 

The process varies dependent on the phone system involved. These examples reflect the capacity and process for HubSpot CTI with major phone systems:

How CTI works with HubSpot

 

Identifying a caller’s number allows an integrated system to connect the phone number to a record in the HubSpot CRM. Once the CRM record and phone number are connected, HubSpot can deliver various datasets to the call center representative before the conversation even starts.

 

This data can include everything from the caller’s title to the history of interaction. For large call centers with divided responsibilities, this ensures the caller reaches the right representative first time round. That may mean reaching the person with the right technical skill set, or the ideal employee to manage a critical relationship with a high-value client.

 

Because representatives don’t need to seek out any of this information, they can maintain their focus on solving the consumer problem—or completing the sale.

 

What to Integrate for HubSpot-linked phone systems

 

There are several HubSpot integrations available. Some, like Auto-Dialer and Power Dialer, build efficiencies into standard call center activity (and useful efficiencies for sales staff making periodic follow-up calls). For example, HubSpot CTI integration allows employees to place a call by clicking a number directly in the CRM—no wasted time dialing, misdialing, or redialing numbers.

 

For new callers, HubSpot integrations allow the creation of new accounts, contacts, and leads. Inevitably, consumers change numbers and add or change points of contact. The ability to create or update accounts means none of this information is lost, and system-wide data stays consistent. For needs that go beyond the work of call center staff, HubSpot provides the ability to create a task for other team members quickly and easily.

 

Recording calls, call tracking, and call analytics offer a valuable post-mortem on client interactions that can help refine processes and reallocate resources.

 

Technical components of HubSpot CTI

 

While the exact nature of the applicable technical setup varies from provider to provider, all organizations must answer questions that affect implementation:

  1. Is the phone system managed in-house? In-house managed systems, common at large organizations, shift the technical burden to internal IT teams. A managed, cloud-based system migrates the bulk of the technical implementation to the phone system provider.
  2. Is the current phone system capable of HubSpot integration? The key integration feature is a VoIP system (rather than a traditional PBX landline system). VoIP is essential to connect CRM data with a phone system. Confirming the capability for HubSpot integration with the service manager or in-house technical team is an appropriate starting point.
  3. Which numbers will be included? Not every company phone will need HubSpot CTI. Identifying the subset of numbers that can extract value from CTI limits technical implementation to core components of the marketing and sales process.
  4. Who will have access to what? CTI integrations connect many data points, but not everyone needs access to all the data. (Certainly, not everyone needs editing access to all data.) Establishing a hierarchy of access that gets the right data to the right people at the right time is a fundamental step toward extracting value from a CTI investment. This should also include who has access to reports and the responsibility for implementing improvements based on call data.
  5. Where will calls be routed? Small call centers may receive all inquiries; large centers may develop specialties to handle certain clients or issues. Mapping a routing framework before implementation can avoid later headaches due to haphazard routing.
  6. Who will train and support call center staff? Every new system or integration has a learning curve. HubSpot CTI is no different. Even if staff are already familiar with a phone system and HubSpot as separate technologies, training to highlight the virtues of the integrated system will get more value from the linked platforms.

 

Ready, Set, Integrate

 

Acquiring consumer data is no longer a business challenge. If anything, the primary focus has become managing vast troves of data. Siloed information fails to take advantage of key integrations that can arm employees with the data they need to serve consumers more efficiently and close more sales.

CTI provides an opportunity to connect call center data with a CRM. For the many companies that rely on HubSpot, this integration can connect every dot throughout the customer journey. Understanding the technical capabilities and process for implementation provides a framework for connecting HubSpot with an existing or upgraded VoIP phone system.

 
Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

What are the HIPAA Administrative Simplification Rules?

What are the HIPAA Administrative Simplification Rules? | Healthcare and Technology news | Scoop.it

What are the HIPAA Administrative Simplification Rules?

 

The HIPAA Administrative Simplification Rules establish national standards for electronic transactions and code sets to maintain the privacy and security of protected health information (PHI). These standards are often referred to as electronic data interchange or EDI standards.

The regulations, detailed in 45 CFR 160, 45 CFR 162, and 45 CFR 164, aim to make health care systems more efficient and effective by streamlining paperwork associated with billing, verifying patient eligibility, and payment transactions.

HIPAA Administrative Simplification Standards

HIPAA regulation includes four standards covering transactions, identifiers, code sets, and operating rules. The HIPAA Administrative Simplification Rules illustrate how switching from paper to electronic transactions reduces paperwork burden and increases payment speed for health care organizations. Additionally, information can be exchanged faster and claim statuses can be checked more easily.

HIPAA covered entities (which include health care providers, health plans, health care clearinghouses) and HIPAA business associates must adopt these standards for transactions that involve the electronic exchange of health care data. Such transactions may include claims and checking claim status. Other such transactions may involve encounter information, eligibility, enrollment and disenrollment, referrals, authorizations, premium payments, coordination of benefits, and payment and remittance advice.

Unique identifiers, such as a Health Plan Identifier, Employer Identification Number, or National Provider Identifier, are required for all HIPAA transactions.

Code sets are standard codes that all HIPAA covered entities must adopt. These codes have been developed for diagnoses, procedures, diagnostic tests, treatments, and equipment and supplies. HIPAA details several code sets including NDC national drug codes; CDT codes for dental procedures; CPT codes for procedures; the HCPCS health care common procedure coding system; and the code set for the international classification of diseases (ICD-10).

Updates to the HIPAA Administrative Simplification Rules

The HIPAA Administrative Simplification Rules were updated after the Affordable Care Act was passed in 2010 to include new operating rules specifying the information that must be included for all HIPAA transactions.

HIPAA covered entities must follow national standards, which were set to protect patients’ privacy (HIPAA Privacy Rule) and improve PHI security (HIPAA Security Rule), in addition to the HIPAA Administrative Simplification Rules. The Final Omnibus Rule, which was enacted in 2013, now includes HITECH Act standards in its HIPAA regulations; the standards added new requirements for breach notifications in the HIPAA Breach Notification Rule.

The Centers for Medicare & Medicaid Services both administers and enforces the HIPAA Administrative Simplification, whereas the Department of Health and Human Services’ Office for Civil Rights typically enforces the HIPAA Privacy, Security, and Breach Notifications Rules.

The HIPAA Administrative Simplification Regulations apply to all HIPAA covered entities and HIPAA business associates, not only those that work with Medicare or Medicaid.

Addressing the HIPAA Administrative Simplification Rules with Compliancy Group

Compliancy Group allows health care professionals and vendors across the industry to address the full extent of their HIPAA regulatory requirements, including HIPAA Administrative Simplification Rules, with our HIPAA compliance solution, The Guard. The Guard is a web-based HIPAA compliance app that allows users to confidently address their HIPAA compliance so they can get back to running their business.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

5 Ways Attackers Are Targeting the Healthcare Industry

5 Ways Attackers Are Targeting the Healthcare Industry | Healthcare and Technology news | Scoop.it

The healthcare industry is one of the largest industries in the United States and potentially the most vulnerable. The healthcare sector is twice as likely to be the target of a cyberattack as other sectors, resulting in countless breaches and millions of compromised patients per year. Advancements in the techniques and technology of hackers and identity thieves could escalate these vulnerabilities into a major crisis if the healthcare industry doesn’t adapt.

Cybersecurity in Healthcare

In 2015, over 113 million patients in the healthcare industry were the victims of an information breach, resulting in lost patient revenue and identity theft. The high volume of cyberattacks on healthcare organizations may be an indicator; the average organization receives 32,000 cyberattacks on a daily basis, a much higher rate than other industries experience. A lack of cybersecurity infrastructure and the high value of personal information makes these organizations likely targets for cybercriminals.

The healthcare industry’s increasing reliance on electronic medical records and internet-connected medical devices means the problem of data breaches could increase in the coming years. In 2017, the estimated total losses from cyberattacks amounted to $1.2 billion, and this number is expected to grow as the attack surface of the healthcare industry increases. The same way consumers and patients have their own resources to protect against identity theft, healthcare organizations need their own systems in place to protect against cyber threats. The following list covers the biggest threats to the industry going forward.

1. DATA BREACHES

The healthcare industry has the highest rates of data breaches out of any sector. Of the 551 data breaches in 2017, 60% were in the healthcare industry. In some cases, hackers have broken into healthcare databases undetected and maintained access for weeks before they were discovered.

The most common types of data breaches are hacking and malware-based attacks. Hackers can sell healthcare data and medical records for over 100 times more than personal data from non-healthcare industries. But not all data breaches are cybersecurity-related; a data leak can also occur through an employee or a lost laptop.

To thwart data breaches, healthcare organizations should ensure that data is encrypted at every point between the patient and an organization’s data storage. Trainings for healthcare staff on data security can also help reduce the number of accidental disclosures.

2. RANSOMWARE

Ransomware attacks tripled in 2017, and the healthcare industry receives more of these attacks than any other industry. A ransomware virus disables a computer or server until a ransom is paid to the hacker. Hospitals use their IT systems for critical patient care, making ransomware potentially life-threatening if it causes a delay in critical care processes.

In 2016, a ransomware attack rendered the hospital network of Hollywood Presbyterian Medical Center inoperable until the administration paid out $17,000 to the attackers. An analysis of the attack showed that the hackers had gained access to an outdated server without using hospital staff as an entry point. Attacks like this demonstrate the importance of a two-part approach to cybersecurity that involves staff training and rigorous network security protocols.

3. SOCIAL ENGINEERING

Hackers looking to exploit a healthcare network’s security system often target hospital staff and other human victims in order to gain access. This type of attack happens through social engineering as a means of subverting even the most rigorous security systems. Phishing attacks, the most common social engineering approach, use a manipulative email to trick a victim into clicking a link or entering their password information. These emails will often download malicious software directly to the system, granting the attacker unlimited access.

Unlike other security threats, social engineering approaches can be combated only through education. Trainings for staff and administrators on identifying a phishing email and avoiding malicious links. Many organizations employ a strategy known as “red teaming,” where trained cybersecurity professionals play the role of attackers and test the organization’s preparedness.

4. DISTRIBUTED DENIAL OF SERVICE ATTACKS

Distributed denial of service (DDoS) attacks are purely disruptive and are a popular tactic for hacktivists who want to shut down a network out of protest, malice or anarchism. These attacks create a coordinated assault from several hundred to several thousand computers, which overwhelm a network or server to the point of inoperability.

In 2014, Boston Children’s Hospital was embroiled in a controversial custody case involving a 14-year-old patient. The sensitive nature of the case spurred the hacktivist group Anonymous to conduct a successful DDoS attack, which resulted in over $300,000 in damage and lost productivity over a one-week period. Healthcare is often connected closely with politics, and it’s likely that DDoS attacks could occur more frequently in the future. Protecting against these attacks requires close coordination with service providers to ensure that critical networks can remain operational under a DDoS onslaught.

5. INSIDER THREATS

A healthcare organization’s cybersecurity system is only as strong as its weakest link. Even the most rigorous cybersecurity network can be bypassed by an insider, making this type of attack one of the most difficult to prevent. Many disgruntled or criminally motivated employees have compromised healthcare organizations by installing entry points to a hospital’s network from the inside.

Insider threats aren’t necessarily malicious. The increasing number of personal devices in hospitals poses an additional insider threat to these organizations. Smartphones, tablets, and laptops are allowed at 81% of healthcare organizations, but only half of these organizations have plans in place to secure these devices. Personal devices are often unencrypted and may be carrying malicious viruses or “worms” that can compromise connected networks.

Cybersecurity is a constantly evolving field. Healthcare organizations must be ready to invest in ongoing security protocols to remain ahead of the most common attacks. Complete security might be impossible, but a reduction in service interruptions and lost data could help healthcare organizations exponentially going forward.

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Healthcare Technology Trends for 2019 and Beyond

Healthcare Technology Trends for 2019 and Beyond | Healthcare and Technology news | Scoop.it

The healthcare industry is moving from products and services to solutions. Just a few years ago, medical institutions relied on special equipment and hardware to deliver evidence-based care. Today is the time of medical platforms, big data, and healthcare analytics. Healthcare institutions are focused on real-time results. The next decade will be focused on preventive care, and here new healthcare technology trends will come into play.

Artificial intelligence

The modern healthcare industry has already introduсed AI-based technologies like robotics and machine learning to the world. For example, IBM Watson is an AI-based system that’s making a difference in several areas of healthcare. The IBM Watson Care Manager was produced to enhance care management, accelerate drug discovery, match patients with clinical trials, and fulfill other tasks. Systems like this can help medical institutions save a big deal of time and money in the future.

 

It’s likely that in 2019 and beyond, AI will become even more advanced and will be able to carry out a wider range of tasks without human monitoring. Here are some predictions of AI trends in healthcare:

Early diagnosis

This healthcare technology trend can accurately and quickly process a lot more data than the human brain. So AI tools can reduce human errors in diagnosis and treatment and allow doctors to work with more patients. For example, image recognition technology will help to diagnose some diseases that cause changes to appearance (diabetes, optical deviations, and dermatological diseases). It’s also likely that in future people will be able to diagnose themselves. DIY medical diagnosis apps will probably ask some questions, process a patient’s care history, and then show possible diagnoses based on the current symptoms. But as this technology isn’t advanced yet, patients should be careful with DIY medical apps and self-medication.

Medical research and drug discovery

The future of drug discovery and medical research lies in deep learning technology. Deep learning is a field of machine learning that’s able to model the way neurons interact with each other in the brain. This allows medical systems to process large sets of data to quickly identify drug candidates with a high probability of success. A Pharma IQ report says that about 94 percent of pharma specialists believe that AI technologies will have a noticeable impact on drug discovery over the next two years. Even today, pharmaceutical giants such as Merck, Celgene, and GSK are working on drug discovery in collaboration with AI platforms, predicting AI to be the primary drug discovery tool in the future.

Better workflow management and accounting

There are a lot of routine and tiresome tasks that medical workers have to do apart from caring for patients. AI can reduce staff overload by automating monotonous tasks such as accounting, scheduling, managing electronic health records, and paperwork.

IoMT

The Internet of Medical Things (IoMT) includes various devices connected to each other via the internet. Nowadays, this technology trend in healthcare is used for remote monitoring of patients’ well-being by means of wearables. For example, ECG monitors, mobile apps, fitness trackers, and smart sensors can measure blood pressure, pulse, heart rate, glucose level, and more and set reminders for patients. One recently introduced IoMT wearable device, the Apple Watch Series 4, is able to measure heart rate, count calories burned, and even detect a fall and call emergency numbers. The FDA has recently approved a pill with sensors called Abilify MyCite that can digitally track if a patient has taken it.

IoMT technology is still evolving and is forecasted to reach about 30 billion devices worldwide by 2021 according to Frost & Sullivan.

  • IoMT will contribute sensors and systems in the healthcare industry to capture data and deliver it accurately.
  • IoMT technology can reduce the costs of healthcare solutions by allowing doctors to examine patients remotely.
  • IoMT can help doctors gather analytics to predict health trends.

 

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Rural Health Professions Training: Teaching Medical Students the Benefits of Telemedicine

Rural Health Professions Training: Teaching Medical Students the Benefits of Telemedicine | Healthcare and Technology news | Scoop.it

For medical students with the University of Arizona College of Medicine – Tucson, weeks of suspense will end on March 15. Otherwise known as Match Day, it’s the day the students will learn where they will go for their residency training, in their chosen medical field, after they graduate from medical school in May.

 

Sarah Joy Ring, who has completed the College of Medicine – Tucson’s Rural Health Professions Program and a 16-week Rural Health Distinction Track, is hoping for a residency focused on both pediatrics and emergency medicine, potentially in a rural location.  Her “capstone” paper, an in-depth research project that all Distinction Track students are expected to complete, carries the impressive title of “A Survey of Rural Emergency Medicine and the Discrepancy of Care for Pediatric Patients that Present to Rural Emergency Departments.”

 

During her training, she had opportunities to see how important telemedicine can be in rural communities.

 

“I was at sites that had telemedicine capabilities and spent some time chatting with the physicians about them. "I can specifically remember two experiences, one while on my family medicine rotation in Tuba City (in northern Arizona, where students learn about American Indian healthcare) and one during my RHPP summer in Flagstaff” (also in northern Arizona).

“Tuba City experiences a significant shortage of mental health providers in general, and specifically for children and adolescents," Sarah says.

“As such, they found using telemedicine helpful to connect the children of that region with services that they would otherwise struggle to receive, due to having to travel large distances to receive help, which incurs financial and time burdens for families.

“Moreover, a point that I found particularly enlightening when learning about this service, was with regard to what it means to live in a small population where it is quite likely you know most people living in the region," Sarah says.

“The physicians found that because of this, many adolescents experiencing difficulties often felt uncomfortable sharing with people who lived in the region, out of fear that they may tell someone, or that they were themselves a relative or family friend, which can be a common experience. Having someone to share with who lived out of the region and was not specifically invested in the region and an integral member of the community made many of these adolescents more comfortable with disclosing their experiences.  

“I also worked on writing about how telemedicine can be used to augment pediatric services in rural emergency departments for part of my "capstone" project and found some very positive results from multiple studies. For critically ill patients, one study found that in particular, telemedicine consults improved the access to critical care specialists, resulting in a reduced frequency of physician-related medication errors. Moreover, another study found that parent satisfaction was higher with telemedicine consults than with phone consults, which is a particularly important outcome when caring for pediatric patients and their family. Many of these same findings also translated to the pre-hospital environment, where ambulances that utilized telemedicine resulted in better assessments, more interventions in the pre-hospital environment, and improved outcomes for pediatric patients in pre-hospital care. 

“Overall," Sarah says, I think that we will continue to find that telemedicine is an excellent resource for rural providers that allows patients to have clinically significant access to additional resources and care that would otherwise be difficult or unavailable to the region."

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Optimize Your Sales Team's Productivity with 10 Cisco IP Phones

Optimize Your Sales Team's Productivity with 10 Cisco IP Phones | Healthcare and Technology news | Scoop.it

Ten Cisco IP Phone Options for Your Sales Team

1) The Cisco 8865. Sales organizations seeking the latest in cutting-edge HD video communications will find the 8865 to their liking. Designed to function flawlessly in shared work environments, the 8865 offers a comprehensive collection of VoIP features. Key characteristics of 8865 include the following:

  • A 5-inch widescreen VGA color display
  • High-quality 720p two-way HD video for a superb visual experience
  • Superb video and VoIP clarity
  • An optional key expansion module that facilitates dialing
  • Flexible deployment options

Additionally, the 8865 is compatible with a variety of USB headsets, including models made by third-party vendors. This advantage enables companies with offshore call centers to easily and affordably replace headsets through local suppliers.

 

2) The Cisco 8845. The 8845 was designed for optimum user productivity. In addition to offering basic calling features such as transfer, conference, and hold/resume, the 8845 allows sales reps to employ its multi-call-per-line feature to handle multiple calls for each directory number. The most pertinent features for sales and customer service agents are as follows:

  • A 5-inch high-resolution widescreen backlit color display
  • High-quality 720p two-way HD video
  • Five programmable lines
  • Outstanding audio acoustics
  • One-touch access to applications

In addition to these key features, the 8845 is known for its integrated digital camera and outstanding encryption of voice and video communications.

 

3) The Cisco 7945G. Like 8845, the Cisco 7945G possesses an adaptable, dynamic design that facilitates organizational growth. Regular, unobtrusive software updates help to ensure that sales and customer service representatives maintain a competitive edge in efficiency and productivity. Key characteristics of the 7945G include the following:

  • A 5-inch graphical TFT color display with backlight and 16-bit color depth
  • High-quality 720p two-way HD video for a superb visual experience
  • Five programmable lines
  • Wideband support, including speakerphone, handset, and headset
  • One-touch access to applications

The 7945G is also known for its integrated support for over 30 languages, making it an excellent choice for organizations with employees in multiple countries.

 

4) The Cisco SPA303G. The SPA303G IP phone was constructed with utility and affordability in mind. It is the perfect option for organizations that do not require a large color display or other sophisticated features present on recently designed IP phones. Key characteristics of the SPA303G include the following:

  • A backlit monochrome LCD screen (128 x 64 pixels)
  • Three voice lines
  • Caller ID
  • A menu-operated user interface
  • Automatic redial of the most recent number called

Two final points to consider are the SPA303G’s simple installation process and secure remote provisioning tools. Software upgrades are easy to make and do not interfere with regular business, giving sales and customer service managers peace of mind.

 

5) The Cisco SPA504G. The SPA504G IP phone possesses the same robust collection of features as the 303G. However, the SPA504G also includes an additional voice line, Power over Ethernet (PoE) support, and other upgrades that make it a more attractive option for sales professionals who field a lot of calls. Key characteristics of the SPA504G include the following:

  • A backlit monochrome LCD screen (128 x 64 pixels)
  • Four voice lines
  • Illuminated buttons to signify on/off for audio mute, headset, and speakerphone
  • A menu-operated user interface
  • Support of optional features such as Cisco XML and VoiceView Express

 

6) The Cisco SPA514G. With its dual gigabit ethernet switched ports and secure remote provisioning, the SPA514G is a logical choice for call centers with single or multiple locations. Key specifications include:

  • A backlit monochrome LCD screen (128 x 64 pixels)
  • Four voice lines
  • Supports Power over Ethernet (PoE)
  • A menu-operated user interface
  • Automatic redial of the most recent number called

Like other models in Cisco’s SPA line, the SPA514G is known for its ease of installation and simple station moves, making it a favorite among sales managers and IT staff alike.

 

7) The Cisco 7940G. Designed with the needs of transaction-type employees in mind, the Cisco 7940G is a model for call center managers to consider. Additional benefits for call center agents include categorization of incoming messages for users and customizable network configuration preferences. The 7940G boasts a robust collection of capabilities, including the following:

  • The ability for hands-free changes, facilitating moves to any new network location without system administration
  • The availability of a variety of user accessibility methods, including soft keys, buttons, or direct access
  • More than 24 unique ringer sounds and volume settings
  • A dedicated headset port that allows the handset to remain in its cradle
  • Easy access to a variety of information, including stock market updates, weather, and other web-based news

In addition to these advantages, the 7940G features an ADA-compliant dial pad and HAC handset, facilitating compliance with industry regulations. The 7940G also has a foot stand that can be adjusted up to 60 degrees for optimum viewing and comfort.

 

8) Cisco 7912G. The 7912G offers outstanding value to companies facing tight budgetary constraints. A snapshot of the basic features of the 7912G is as follows:

  • Single voice line support
  • A monochrome, pixel-based display that displays the caller’s name and number
  • Call forwarding and call waiting
  • On-hook dialing
  • Four speed-dials

Because the 7912G is an older model phone, it is no longer available for purchase directly through Cisco, but may be purchased through online resellers.

 

9) The Cisco CP-8831-K9. The CP-8831-K9 is distinct from the other Cisco phones on this list because it is designed specifically for conference calls. The CP-8831-K9 provides an acoustically pleasing experience for a large group of sales representatives and call center agents. Boasting the following five strengths, the CP-8831-K9 is particularly beneficial to companies that regularly hold audio conference calls with customer groups or vendors:

  • High-definition audio performance
  • 360-degree coverage
  • Scalability to optimize conference calls in rooms and offices of every size
  • Flexibility and convenience through a mobile control panel
  • Expandability through the use of wired or wireless extension microphones

The CP-8831-K9 also includes a number of subtly impressive features such as echo suppression, noise reduction, and silence suppression. The inclusion of these premium features makes the CP-8831-K9 an excellent choice for sales organizations that require a dependable conference phone.

 

10) The Cisco 8800 Key Module. While this module is not a telephone in and of itself, it deserves inclusion in this list because of its progressive ability to transform Cisco’s 8851, 8861, and 8865 telephones. In addition to greatly enhancing productivity for phone users, the 8800 key module offers busy sales representatives one-button access to the colleagues with whom they communicate with the greatest frequency. Notable features of the 8800 key module include the following:

  • 18 programmable LED lines per module
  • A backlit, high-resolution 4.3-inch color display for easy viewing
  • Users can choose between Power over Ethernet (PoE) or a local power cube
  • A power save plus option to help companies save money and conserve energy.
Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

Women and Nonbinary People in Information Security

Women and Nonbinary People in Information Security | Healthcare and Technology news | Scoop.it

I’ve got great news for you! My interview series continues.

Last week, I spoke with Nicola Whiting, cyber hygiene specialist, and Titania Chief Strategy Officer.

 

This time, I had the privilege of speaking with defensive security expert Liz Bell. We talked about the 90s internet, blue teaming, sexism and transphobia in tech as well as what pen testing can teach you about defensive security.

 

Kim Crawley: Please tell me a bit about yourself and what you do.

Liz Bell: I work for a cybersecurity defense company that provides network monitoring and response tools for customers in the finance, government, and energy sectors. I work on the internal monitoring team, which means I help keep our own networks safe. Before that, I worked in penetration testing punctuated with some time in academia doing research on applying machine learning techniques to attacking ciphers, and before that, I was a software engineer. I’ve been interested in security since I was little, though. Being lucky enough to have grown up with the web, I just caught the tail end of the BBS era, and so I got to see security start to become something people actually took seriously. Being curious, my general instinct was to find ways to circumvent limitations. Now I get to spot people trying to do those same things.

 

KC: It sounds like you’ve been online since the 90s. I’ve been online since 1994. Is there anything about the 90s internet that you miss these days?

LB: There are a few things that I’m kind of nostalgic about like MSN chat rooms, hearing my phone sing the internet song to the gateway, downloading Win32 viruses from Napster and Limewire, earning badges and posting angsty poetry on Bolt.com, but I think the main thing I miss is the openness and generosity of the web back then. These days, it feels like, if you’re fortunate, you have a series of walled gardens, and if you’re not, you’re facing a never-ending stream of racist/homophobic/transphobic content and intrusive adtech.

 

KC: You mentioned P2P malware, which is still a problem these days. How do you think online cybersecurity challenges are different now compared to back then?

LB: I think a major difference between then and now, if not the main difference, is money. Once we started being able to shop and bank online, users became a good target for scammers, extortionists and other organized crime groups. Not to mention the environment is now extremely different; a lot of people now have a lot of their lives stored in phones, tablets, and laptops, and some of those also end up connecting to corporate or industrial networks. For organizations, this means that just defining what your network perimeter is can sometimes be impossible.

As far as national security is concerned, the public at large has become much more aware of the scale of state-level activities on communication networks, much more than when the ECHELON disclosures happened, as far as I can tell. I think that has also led to something of a change in what people’s threat model looks like.

 

KC: Echelon! I knew someone who worked at Lawrence Livermore back in the day, apparently on that particular project.

LB: That’s awesome! I work with a lot of former IC and .mil people who I understand have probably been involved in a lot of things that would make for extremely interesting conversations, but alas, I’m not cleared.

 

KC: How has your penetration testing experience helped you with your blue teamwork?

LB: It’s a big help. Understanding the different kinds of techniques and tools used by adversaries to compromise accounts, intercept traffic or steal data means I have more of an ability to spot patterns or suspicious outliers in our sensor data. Likewise, seeing how blue teams operate makes me better at doing the offensive work or, at least, doing it in a way that’s less likely to get me caught! I’m increasingly a proponent of getting the red team and blue team members to trade sides occasionally or work together to have a better understanding of how the other side operates.

 

KC: Has sexism ever been a challenge in your career?

LB: Honestly, I don’t know. When I first started, I hadn’t transitioned yet, and so I was perceived as an (effeminate, not assertive) man, and so presumably I benefited from that when it came to getting my career started. At a previous employer, after transitioning, I was the only female penetration tester in the office, the only woman I knew of working in a technical role, and the only out queer person, and I started getting more complaints about my performance. I ultimately ended up leaving, and it definitely became harder to find work afterward, but then again, what I was looking for was pretty specific. I’m lucky enough to have been hired by a woman and be managed by a woman, in my current role, even though the team is still largely white cisgender straight men.

 

KC: Well, you’re not the first transgender woman I’ve interviewed in this series. I’m happy to see more transgender people in cybersecurity.

LB: I actually applied to the place I’m working at now because a good friend of mine, who’s also trans, worked there. It was an incredible privilege to go from this extremely homogenous environment to getting to work professionally in information security with another queer trans woman.

 

KC: Is there anything you miss about your pen testing days?

LB: I do miss the “let’s be evil” feeling, sometimes and the interaction with external clients from all kinds of different industries. My job now has maybe a little less variety, but I get to stick with projects longer, and being an investigator definitely makes up for not getting to pretend to be a criminal anymore!

 

KC: I have spoken to Defensive Security Handbook authors Ian Brotherston and Amanda Berlin, who believe that defensive security is underrated in our field. Do you agree?

LB: I think that offensive security gets a lot of the glamor, but penetration testing is really only a small piece of what keeps users safe. Blue team folks definitely don’t get nearly enough credit or support; offensive security people need to only find one problem, but defensive security practitioners can’t make a single mistake.

 

KC: Do you think a lot of organizations overlook defensive security?

LB: In my experience, a lot of organizations tend to maybe focus on the wrong things: or rather, they optimize for meeting regulatory requirements. Rules say they need a firewall and quarterly penetration tests, so they buy a firewall and contract the tests out. Security should be baked in everywhere; into the software development lifecycle, the monitoring and maintenance of the corporate network, training of new employees and continuous training of your existing staff and even how the organization interacts with suppliers. The line between ‘defensive information security’ and ‘physical security’ gets fuzzy, and I don’t know if many organizations prioritize either at sufficiently many levels of the stack.

 

KC: I’ve learned a lot from you. Do you have anything else you’d like to add before we go, Liz?

LB: I think it might be worth mentioning that machine learning is increasingly something people are exploring in both the defensive and offensive information security space, and in order to both defend against robot hackers and defeat Skynet, or build either, it helps to have that blended blue and red team exposure. Otherwise, thank you so much for your work here boosting not-male voices!

Technical Dr. Inc.s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.