Transcript Document

cloud computing
made for healthcare
CureMD™
Practice Without Boundaries
User Conference
Ralph Reyes Jr: MT, FHIMSS:
VP of Channel Sales
KLAS , Sr Advisor AHA, Utah HIMSS Board
VC Advisor , Advisory Boards
Reduce costs, improve reliability, security,
performance, and productivity.
Make healthcare better.
2012 Confidential
2013
ClearDATA: Healthcare Only
Disaster Recovery: Cloud Data Backup
Image Archival: Secure Image Storage
Security Risk Analysis
Address HIPAA & MU regulations
Serving 300,000 providers
2012 Confidential
2
Who we are:
 Healthcare experts with over 150 years in healthcare experience
 Internet / cloud technology experts with experience in creating and operating
more than 7 different world wide IT organizations
 HPs healthcare hosting partner for the U.S.
CLOUD · COMPLIANCE · SECURITY
© 2012 Clear DATA Networks, Inc.
3
Who we are:
 Healthcare experts with over 150 years in healthcare experience
 Internet / cloud technology experts with experience in creating and operating
more than 7 different world wide IT organizations
 HPs healthcare hosting partner for the U.S.
What we do:
 100% healthcare focused cloud services
 Provide secure 100% HIPAA-Compliant cloud computing and information
security services for healthcare providers.
 Serve our clients by fully automating and securely managing healthcare
applications, IT Infrastructure and digital storage.
 Services includes: Server/application & data center hosting, Offsite Backup & DR,
Image Archiving & VNA, VDI and SRA (security risk analysis) consulting
CLOUD · COMPLIANCE · SECURITY
© 2012 Clear DATA Networks, Inc.
4
Deep Healthcare Experience (examples)
St. Joseph's Foundation
Digital Healthcare Services
Marcella Bonnicci MD
Osborn Family Healthcare
Eagle Summit Foot & Ankle
Southwest Spine and Sports
AZ Institute of Urology
CHW Pasadena
Greater Sierra Health Organization
American Optical Services
MU Medical & SW Spine & Sport
CHW - East Valley
Mercy General Regional System
Sacramento Regional
Habersham Family MD Colorado Rural Health Center
LA Center for Women’s Health
North Jackson Family MD
Advanced Arthritis Care
Me and My Care Givers
Talus Medical
Brookings Health
Dr. Lewis Surgery & Sports
CA Hospital & MC
Mercy Medical Group
St. Mary's Reno
Barrow Neurological Institute
St. Mary's San Francisco
Glendale Memorial Hospital Mercy Gilbert Medical Center
St. Joseph's Medical Center Chandler Regional Medical Center
Northridge Medical Center Sierra Nevada Memorial Hospital
Dignity Health
St. Joseph's Stockton
Mercy San Juan MC
Stamford Medical Center
Mercy Merced Hospital
Mercy MC Ventura
Dominican Medical Center
Mercy Redding Hospital
St. John's Regional MC
Sunrise Mesa Health Ctr
St. Rose Dominican MC
Mark Twain St. Joseph's Hosp
Bakersfield Memorial Hosp
Barrow and Congenital Heart
Foundations
St. Mary Medical Center
Kingsbrook Jewish MC
CLOUD · COMPLIANCE · SECURITY
© 2012 Clear DATA Networks, Inc.
Proprietary and Confidential
ClearDATA Key HIPAA HITECH Requirements
•
•
•
•
•
•
•
•
•
•
•
Encryption of data at rest and in transit
Multi-tier authentication, identification
Dedicated firewall management
Intrusion detections systems
Virus scanning
Constant vulnerability scanning (review over 10,000 elements)
Physical environment protection - multiple physical security requirements (video
surveillance, keyed entry, etc.)
Secure data Access Controls, policies and procedures to restrict, track and monitor
who is accessing what data, where, when and for how long
Audit logging, utilize procedural audit mechanisms through every component of the
application and data storage solutions installed
Inventorying all PHI created, received, maintained or transmitted for auditability in
the “chain of custody”
Disaster recovery data plan
• ClearDATA has never failed to deliver
CLOUD · COMPLIANCE · SECURITY
6
Healthcare IT is exploding
“ the largest and fastest industry transformation in US history”
Healthcare is Digitizing
Key Drivers
24%/yr
• Basic cost and efficiency
benefits from technology
adoption (catch-up)
• Must go digital by 2014 HITECH ACT
• New devices – tablets,
mobile, wireless
Health IT
$87B
Health IT $35B
online ads
$40B
Conservative!
videoCloud
B
$1.3B
$3B
2012
Cloud
$4B
2017
CLOUD · COMPLIANCE · SECURITY
Source: Markets and Markets 2012
7
Bad Days
2012 Confidential
8
What are the Problems and Challenges?
>
Healthcare Customer/Provider Challenges
• Lack IT knowledge and infrastructure
• Internal hosting is costly and requires IT
expertise
• Security mandates HIPAA HITECH compliance
• Growing data storage requirements
• Lack backup, offsite and recovery
• Complex critical environments require 24x7
uptime
• Security breaches, penalties
• Revenue loss
It is an “Unnatural act” for Providers/ISVs to host, manage, and maintain their own IT infrastructure (mini-datacenters onsite)
CLOUD · COMPLIANCE · SECURITY
9
Reality!
CLOUD · COMPLIANCE · SECURITY
Lack of IT Security Fuels Breach Volume
• 77% of lost records in recent major breaches are
associated with lack of IT security; of those
–
–
–
–
85% of Healthcare Organizations experienced data breaches in the past two years..
58% (45% of total) are linked to PCs, hard drives, portable electronic devices
27% (20% of total) are linked to EMR/ EHR
Since 2009, >250 major breaches (500+ records); 10.8M total records lost
77% are IT-related
24%
20%
10%
20%
12%
11%
3%
0%
Desktops or
laptops
Hard drives
Portable
electronic
device
EMR
Email
Other IT
Paper, mailings
Other
CLOUD · COMPLIANCE · SECURITY
11
The Truth about HIPAA‐HITECH and Data Backup
Standard: § 164.308 Administrative Safeguards for Offsite Backup and Disaster Recovery
(i) Contingency plan. Establish (and implement as needed) policies and procedures for
responding to an emergency or other occurrence (for example, fire, vandalism, system
failure, and natural disaster) that damages systems that contain electronic protected health
information.
(ii) Implementation specifications:
(A) Data backup plan (Required). Establish and implement procedures to create and
maintain retrievable exact copies of electronic protected health information.
(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to
restore any loss of data.
(C) Emergency mode operation plan (Required). Establish (and implement as needed)
procedures to enable continuation of critical business processes for protection of the
security of electronic protected health information while operating in emergency mode.
(D) Testing and revision procedures (Addressable). Implement procedures for periodic
testing and revision of contingency plans.
(E) Applications and data criticality analysis (Addressable). Assess the relative criticality of
specific applications and data in support of other contingency plan components.
CLOUD · COMPLIANCE · SECURITY
12
The Truth about HIPAA‐SRA’s
1.
SRA are required for HIPAA- HITECH compliance at least every other year.
• Real SRA is to address a 400 page security assessment study
BUT
2.
If Meaningful Use dollars are involved then : Annually
3.
Penalty for violation = $1,500,000 per violation
Versus a $2500 investment , CureMD clients 30% discount* (remote)
* first 30 clients of 1-2 providers : SRA to be completed by March 30, 2014
CLOUD · COMPLIANCE · SECURITY
13
Avoid This Moment 
ALI
CLOUD · COMPLIANCE · SECURITY
14
The Truth About Data Backup
1. It’s not optional ‐‐ all CEs, including medical practices, and BAs must securely backup
“retrievable exact copies of electronic protected health information.” (CFR 164.308(7)(ii) (A))
2. Your data must be recoverable –You must be able to fully “to restore any loss of data.”
(CFR 164.308(7)(ii) (B))
3. You must get your data offsite – call it common sense or risk management, as required by
the HIPAA Security Final Rule (CFR 164.308(a)(1)), how could one defend a data backup / disaster
recovery plan that stored backup copies of ePHI in the same location as the original data store?
4. You must back up your data frequently – again, call it common sense or risk
management, as required by the HIPAA Security Final Rule (CFR 164.308(a)(1)), in today’s real
time transactional world, a server crash, database corruption or erasure of data by a disgruntled
employee at 4:40pm would result in a significant data loss event if one had to recover from
yesterday’s data backup.
5. Safeguards must continue in recovery mode ‐‐ the same set of security requirements
that apply under normal business operations must also apply during emergency mode – CEs and
BA’s cannot let their guard down. (CFR 164.308(7)(ii) (C))
CLOUD · COMPLIANCE · SECURITY
15
HIPAA Ominbus 2013 Rule
Business Associate Changes
Many changes are in effect regarding business associates including new definitions of
business associates as well as clarification of who may be a business associate. The new
entities that are specifically described as a business associate are:
• Patient Safety Organizations
• Health Information Exchanges
• ePrescribing Gateways
Data storage providers are a business associate!
• An entity that maintains protected health information on behalf of a covered entity is a
business associate
• A data storage company that has access to protected health information (whether digital or
hard copy) qualifies as a business associate.
The Final Rule modified the definition of “business associate” to generally provide that a
business associate includes a person who “creates, receives, maintains, or transmits”
(emphasis added) protected health information on behalf of a covered entity. The
emphasis is now on "maintains" which is the case for document storage companies.
CLOUD · COMPLIANCE · SECURITY
16
How do you benefit with ClearDATA?
–
–
–
–
100% healthcare focused team
Data centers built and designed for healthcare 100% HIPAA compliant
Reduced costs pay for what you use-vCPUs , RAM & Storage added as needed
100 % Network Uptime Guarantee.
• Including 100% availability of our routers, switches, cabling, and Internet
connectivity. A guaranteed server uptime of 99.999%.
– 24x7x365 Live Support.
– Monitoring Services:
• Servers performance- per server for service availability.
• Fault Monitoring - status events on servers and network devices including
network availability, process status, file system capacity, and backup
success/failure.
• Monitor core OS and application log files :for critical/warning application
and system events.
• Performance Monitoring - monitor key performance metrics for the
operating system (i.e. CPU, RAM, and Disk) and select applications (i.e.
process statistics, users, throughput) and databases (i.e. caching,
performance, transaction success).
CLOUD
– 100% successful with vendor hosting
© 2012 Clear DATA Networks, Inc.
· COMPLIANCE · SECURITY
17
Thank you &
Sales Contact Info
General Sales:
Sales Phone Number: 602-635-4020
Sales Fax Number:
602-926-8822
Sales Email: [email protected]
Partner Sales Contacts:
Primary POC:
Ralph Reyes – VP Channel Sales
Email: [email protected]
Mobile: 801-380-0334
Secondary POC:
David Albanese – Inside Sales Manager
Phone: 602-635-4015
Email: [email protected]
Hours of Operation:
Customer Support 24x7
Sales support is Monday through Friday
from
8:30 AM to 5:00 PM PT
Headquarters:
ClearDATA Networks, Inc.
1600 West Broadway
Suite 300
Tempe, AZ 85282
Phone Number: 602-635-4000
Fax Number: 602-926-8822
Web Site: www.Cleardata.net
Twitter: www.twitter.com/cleardatanet
Facebook: www.facebook.com/cleardata
CLOUD · COMPLIANCE · SECURITY
18