Document

advertisement

cloud computing made for healthcare

CureMD™

Practice Without Boundaries

User Conference

Ralph Reyes Jr: MT, FHIMSS:

VP of Channel Sales

KLAS , Sr Advisor AHA, Utah HIMSS Board

VC Advisor , Advisory Boards

Reduce costs, improve reliability, security, performance, and productivity.

2012 Confidential

Make healthcare better.

2013

ClearDATA: Healthcare Only

Disaster Recovery: Cloud Data Backup

Image Archival: Secure Image Storage

Security Risk Analysis

Address HIPAA & MU regulations

Serving 300,000 providers

2012 Confidential 2

Who we are:

 Healthcare experts with over 150 years in healthcare experience

 Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations

 HPs healthcare hosting partner for the U.S.

© 2012 Clear DATA Networks, Inc.

C L O U D · C O M P L I A N C E · S E C U R I T Y

3

Who we are:

 Healthcare experts with over 150 years in healthcare experience

 Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations

 HPs healthcare hosting partner for the U.S.

What we do:

 100% healthcare focused cloud services

 Provide secure 100% HIPAA-Compliant cloud computing and information security services for healthcare providers.

 Serve our clients by fully automating and securely managing healthcare applications, IT Infrastructure and digital storage.

 Services includes: Server/application & data center hosting, Offsite Backup & DR,

Image Archiving & VNA, VDI and SRA (security risk analysis) consulting

C L O U D · C O M P L I A N C E · S E C U R I T Y

© 2012 Clear DATA Networks, Inc.

4

Deep Healthcare Experience

(examples)

St. Joseph's Foundation

Digital Healthcare Services

Marcella Bonnicci MD

Osborn Family Healthcare

Eagle Summit Foot & Ankle

Southwest Spine and Sports

AZ Institute of Urology

Habersham Family MD

North Jackson Family MD

Me and My Care Givers

Brookings Health

CA Hospital & MC

St. Mary's Reno

St. Mary's San Francisco

Glendale Memorial Hospital

St. Joseph's Medical Center

Northridge Medical Center

CHW Pasadena

Greater Sierra Health Organization

American Optical Services

MU Medical & SW Spine & Sport

CHW - East Valley

Mercy General Regional System

Sacramento Regional

Colorado Rural Health Center

LA Center for Women’s Health

Advanced Arthritis Care

Talus Medical

Dr. Lewis Surgery & Sports

Mercy Medical Group

Barrow Neurological Institute

Mercy Gilbert Medical Center

Chandler Regional Medical Center

Sierra Nevada Memorial Hospital

Dignity Health

St. Joseph's Stockton

Mercy San Juan MC

Stamford Medical Center

Mercy Merced Hospital

Mercy MC Ventura

Dominican Medical Center

Mercy Redding Hospital

St. John's Regional MC

Sunrise Mesa Health Ctr

St. Rose Dominican MC

Mark Twain St. Joseph's Hosp

Bakersfield Memorial Hosp

Barrow and Congenital Heart

Foundations

St. Mary Medical Center

Kingsbrook Jewish MC

C L O U D · C O M P L I A N C E · S E C U R I T Y

© 2012 Clear DATA Networks, Inc.

Proprietary and Confidential

ClearDATA Key HIPAA HITECH Requirements

• Encryption of data at rest and in transit

• Multi-tier authentication, identification

• Dedicated firewall management

• Intrusion detections systems

• Virus scanning

• Constant vulnerability scanning (review over 10,000 elements)

• Physical environment protection - multiple physical security requirements (video surveillance, keyed entry, etc.)

• Secure data Access Controls, policies and procedures to restrict, track and monitor who is accessing what data, where, when and for how long

• Audit logging, utilize procedural audit mechanisms through every component of the application and data storage solutions installed

• Inventorying all PHI created, received, maintained or transmitted for auditability in the “chain of custody”

• Disaster recovery data plan

• ClearDATA has never failed to deliver

C L O U D · C O M P L I A N C E · S E C U R I T Y

6

Healthcare IT is exploding

“ the largest and fastest industry transformation in US history”

Key Drivers Healthcare is Digitizing

24%/yr

Basic cost and efficiency benefits from technology adoption (catch-up)

Health IT

$87B

Must go digital by 2014 -

HITECH ACT

New devices – tablets, mobile, wireless

online ads

$35B

$3B

B

$1.3B

2012

Conservative!

Cloud

$4B

2017

C L O U D · C O M P L I A N C E · S E C U R I T Y

Source: Markets and Markets 2012

7

Bad Days

2012 Confidential 8

What are the Problems and Challenges?

>

Healthcare Customer/Provider Challenges

Lack IT knowledge and infrastructure

Internal hosting is costly and requires IT expertise

Security mandates HIPAA HITECH compliance

Growing data storage requirements

Lack backup, offsite and recovery

Complex critical environments require 24x7 uptime

Security breaches, penalties

Revenue loss

It is an “Unnatural act” for Providers/ISVs to host, manage, and maintain their own IT infrastructure (mini-datacenters onsite)

C L O U D · C O M P L I A N C E · S E C U R I T Y

9

Reality!

C L O U D · C O M P L I A N C E · S E C U R I T Y

Lack of IT Security Fuels Breach Volume

77% of lost records in recent major breaches are associated with lack of IT security; of those

– 85% of Healthcare Organizations experienced data breaches in the past two years..

– 58% (45% of total) are linked to PCs, hard drives, portable electronic devices

– 27% (20% of total) are linked to EMR/ EHR

– Since 2009, >250 major breaches (500+ records); 10.8M total records lost

77% are IT-related

24%

10%

11%

Desktops or laptops

Hard drives Portable electronic device

20%

EMR

20%

12%

3%

0%

Email Other IT Paper, mailings Other

C L O U D · C O M P L I A N C E · S E C U R I T Y

11

The Truth about HIPAA‐HITECH and Data Backup

Standard: § 164.308 Administrative Safeguards for Offsite Backup and Disaster Recovery

(i) Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

(ii) Implementation specifications:

(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.

(C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.

(D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.

(E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.

C L O U D · C O M P L I A N C E · S E C U R I T Y

12

The Truth about HIPAA‐SRA’s

1.

SRA are required for HIPAA- HITECH compliance at least every other year.

• Real SRA is to address a 400 page security assessment study

BUT

2.

If Meaningful Use dollars are involved then : Annually

3.

Penalty for violation = $1,500,000 per violation

Versus a $2500 investment , CureMD clients 30% discount* (remote)

* first 30 clients of 1-2 providers : SRA to be completed by March 30, 2014

C L O U D · C O M P L I A N C E · S E C U R I T Y

13

ALI

Avoid This Moment

C L O U D · C O M P L I A N C E · S E C U R I T Y

14

The Truth About Data Backup

1. It’s not optional ‐‐ all CEs, including medical practices, and BAs must securely backup

retrievable exact copies of electronic protected health information.” (CFR 164.308(7)(ii) (A))

2. Your data must be recoverable –You must be able to fully “to restore any loss of data.”

(CFR 164.308(7)(ii) (B))

3. You must get your data offsite – call it common sense or risk management, as required by

the HIPAA Security Final Rule (CFR 164.308(a)(1)), how could one defend a data backup / disaster recovery plan that stored backup copies of ePHI in the same location as the original data store?

4. You must back up your data frequently – again, call it common sense or risk management, as required by the HIPAA Security Final Rule (CFR 164.308(a)(1)), in today’s real time transactional world, a server crash, database corruption or erasure of data by a disgruntled employee at 4:40pm would result in a significant data loss event if one had to recover from yesterday’s data backup.

5. Safeguards must continue in recovery mode ‐‐ the same set of security requirements that apply under normal business operations must also apply during emergency mode – CEs and

BA’s cannot let their guard down. (CFR 164.308(7)(ii) (C))

C L O U D · C O M P L I A N C E · S E C U R I T Y

15

HIPAA Ominbus 2013 Rule

Business Associate Changes

Many changes are in effect regarding business associates including new definitions of business associates as well as clarification of who may be a business associate. The new entities that are specifically described as a business associate are:

• Patient Safety Organizations

• Health Information Exchanges

• ePrescribing Gateways

Data storage providers are a business associate!

• An entity that maintains protected health information on behalf of a covered entity is a business associate

• A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate.

The Final Rule modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits”

(emphasis added) protected health information on behalf of a covered entity. The emphasis is now on "maintains" which is the case for document storage companies.

C L O U D · C O M P L I A N C E · S E C U R I T Y

16

How do you benefit with ClearDATA?

– 100% healthcare focused team

– Data centers built and designed for healthcare 100% HIPAA compliant

– Reduced costs pay for what you use-vCPUs , RAM & Storage added as needed

– 100 % Network Uptime Guarantee.

• Including 100% availability of our routers, switches, cabling, and Internet connectivity. A guaranteed server uptime of 99.999%.

– 24x7x365 Live Support.

– Monitoring Services:

• Servers performance- per server for service availability.

• Fault Monitoring - status events on servers and network devices including network availability, process status, file system capacity, and backup success/failure.

• Monitor core OS and application log files :for critical/warning application and system events.

• Performance Monitoring - monitor key performance metrics for the operating system (i.e. CPU, RAM, and Disk) and select applications (i.e. process statistics, users, throughput) and databases (i.e. caching, performance, transaction success).

– 100% successful with vendor hosting

· C O M P L I A N C E · S E C U R I T Y

© 2012 Clear DATA Networks, Inc.

17

Thank you &

Sales Contact Info

General Sales:

Sales Phone Number: 602-635-4020

Sales Fax Number: 602-926-8822

Sales Email: sales@cleardata.net

Partner Sales Contacts:

Primary POC:

Ralph Reyes – VP Channel Sales

Email: ralph.reyes@cleardata.net

Mobile: 801-380-0334

Secondary POC:

David Albanese – Inside Sales Manager

Phone: 602-635-4015

Email: david.albanese@cleardata.ne

t

Hours of Operation:

Customer Support 24x7

Sales support is Monday through Friday from

8:30 AM to 5:00 PM PT

Headquarters:

ClearDATA Networks, Inc.

1600 West Broadway

Suite 300

Tempe, AZ 85282

Phone Number: 602-635-4000

Fax Number: 602-926-8822

Web Site: www.Cleardata.net

Twitter: www.twitter.com/cleardatanet

Facebook: www.facebook.com/cleardata

C L O U D · C O M P L I A N C E · S E C U R I T Y

18

Download