Practice Without Boundaries
Ralph Reyes Jr: MT, FHIMSS:
VP of Channel Sales
KLAS , Sr Advisor AHA, Utah HIMSS Board
VC Advisor , Advisory Boards
Reduce costs, improve reliability, security, performance, and productivity.
2012 Confidential
Make healthcare better.
2013
2012 Confidential 2
Healthcare experts with over 150 years in healthcare experience
Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations
HPs healthcare hosting partner for the U.S.
© 2012 Clear DATA Networks, Inc.
C L O U D · C O M P L I A N C E · S E C U R I T Y
3
Healthcare experts with over 150 years in healthcare experience
Internet / cloud technology experts with experience in creating and operating more than 7 different world wide IT organizations
HPs healthcare hosting partner for the U.S.
100% healthcare focused cloud services
Provide secure 100% HIPAA-Compliant cloud computing and information security services for healthcare providers.
Serve our clients by fully automating and securely managing healthcare applications, IT Infrastructure and digital storage.
Services includes: Server/application & data center hosting, Offsite Backup & DR,
Image Archiving & VNA, VDI and SRA (security risk analysis) consulting
C L O U D · C O M P L I A N C E · S E C U R I T Y
© 2012 Clear DATA Networks, Inc.
4
(examples)
St. Joseph's Foundation
Digital Healthcare Services
Marcella Bonnicci MD
Osborn Family Healthcare
Eagle Summit Foot & Ankle
Southwest Spine and Sports
AZ Institute of Urology
Habersham Family MD
North Jackson Family MD
Me and My Care Givers
Brookings Health
CA Hospital & MC
St. Mary's Reno
St. Mary's San Francisco
Glendale Memorial Hospital
St. Joseph's Medical Center
Northridge Medical Center
CHW Pasadena
Greater Sierra Health Organization
American Optical Services
MU Medical & SW Spine & Sport
CHW - East Valley
Mercy General Regional System
Sacramento Regional
Colorado Rural Health Center
LA Center for Women’s Health
Advanced Arthritis Care
Talus Medical
Dr. Lewis Surgery & Sports
Mercy Medical Group
Barrow Neurological Institute
Mercy Gilbert Medical Center
Chandler Regional Medical Center
Sierra Nevada Memorial Hospital
Dignity Health
St. Joseph's Stockton
Mercy San Juan MC
Stamford Medical Center
Mercy Merced Hospital
Mercy MC Ventura
Dominican Medical Center
Mercy Redding Hospital
St. John's Regional MC
Sunrise Mesa Health Ctr
St. Rose Dominican MC
Mark Twain St. Joseph's Hosp
Bakersfield Memorial Hosp
Barrow and Congenital Heart
Foundations
St. Mary Medical Center
Kingsbrook Jewish MC
C L O U D · C O M P L I A N C E · S E C U R I T Y
© 2012 Clear DATA Networks, Inc.
Proprietary and Confidential
• Encryption of data at rest and in transit
• Multi-tier authentication, identification
• Dedicated firewall management
• Intrusion detections systems
• Virus scanning
• Constant vulnerability scanning (review over 10,000 elements)
• Physical environment protection - multiple physical security requirements (video surveillance, keyed entry, etc.)
• Secure data Access Controls, policies and procedures to restrict, track and monitor who is accessing what data, where, when and for how long
• Audit logging, utilize procedural audit mechanisms through every component of the application and data storage solutions installed
• Inventorying all PHI created, received, maintained or transmitted for auditability in the “chain of custody”
• Disaster recovery data plan
• ClearDATA has never failed to deliver
C L O U D · C O M P L I A N C E · S E C U R I T Y
6
•
•
•
online ads
$35B
$3B
B
$1.3B
2012
Conservative!
Cloud
2017
C L O U D · C O M P L I A N C E · S E C U R I T Y
Source: Markets and Markets 2012
7
2012 Confidential 8
>
Healthcare Customer/Provider Challenges
•
Lack IT knowledge and infrastructure
•
Internal hosting is costly and requires IT expertise
•
Security mandates HIPAA HITECH compliance
•
Growing data storage requirements
•
Lack backup, offsite and recovery
•
Complex critical environments require 24x7 uptime
•
Security breaches, penalties
•
Revenue loss
It is an “Unnatural act” for Providers/ISVs to host, manage, and maintain their own IT infrastructure (mini-datacenters onsite)
C L O U D · C O M P L I A N C E · S E C U R I T Y
9
C L O U D · C O M P L I A N C E · S E C U R I T Y
•
– 85% of Healthcare Organizations experienced data breaches in the past two years..
– 58% (45% of total) are linked to PCs, hard drives, portable electronic devices
– 27% (20% of total) are linked to EMR/ EHR
– Since 2009, >250 major breaches (500+ records); 10.8M total records lost
77% are IT-related
24%
10%
11%
Desktops or laptops
Hard drives Portable electronic device
20%
EMR
20%
12%
3%
0%
Email Other IT Paper, mailings Other
C L O U D · C O M P L I A N C E · S E C U R I T Y
11
Standard: § 164.308 Administrative Safeguards for Offsite Backup and Disaster Recovery
(i) Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
(ii) Implementation specifications:
(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
(C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.
(D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.
(E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.
C L O U D · C O M P L I A N C E · S E C U R I T Y
12
1.
SRA are required for HIPAA- HITECH compliance at least every other year.
• Real SRA is to address a 400 page security assessment study
BUT
2.
If Meaningful Use dollars are involved then : Annually
3.
Penalty for violation = $1,500,000 per violation
Versus a $2500 investment , CureMD clients 30% discount* (remote)
* first 30 clients of 1-2 providers : SRA to be completed by March 30, 2014
C L O U D · C O M P L I A N C E · S E C U R I T Y
13
ALI
C L O U D · C O M P L I A N C E · S E C U R I T Y
14
1. It’s not optional ‐‐ all CEs, including medical practices, and BAs must securely backup
“retrievable exact copies of electronic protected health information.” (CFR 164.308(7)(ii) (A))
2. Your data must be recoverable –You must be able to fully “to restore any loss of data.”
(CFR 164.308(7)(ii) (B))
3. You must get your data offsite – call it common sense or risk management, as required by
the HIPAA Security Final Rule (CFR 164.308(a)(1)), how could one defend a data backup / disaster recovery plan that stored backup copies of ePHI in the same location as the original data store?
4. You must back up your data frequently – again, call it common sense or risk management, as required by the HIPAA Security Final Rule (CFR 164.308(a)(1)), in today’s real time transactional world, a server crash, database corruption or erasure of data by a disgruntled employee at 4:40pm would result in a significant data loss event if one had to recover from yesterday’s data backup.
5. Safeguards must continue in recovery mode ‐‐ the same set of security requirements that apply under normal business operations must also apply during emergency mode – CEs and
BA’s cannot let their guard down. (CFR 164.308(7)(ii) (C))
C L O U D · C O M P L I A N C E · S E C U R I T Y
15
Business Associate Changes
Many changes are in effect regarding business associates including new definitions of business associates as well as clarification of who may be a business associate. The new entities that are specifically described as a business associate are:
• Patient Safety Organizations
• Health Information Exchanges
• ePrescribing Gateways
Data storage providers are a business associate!
• An entity that maintains protected health information on behalf of a covered entity is a business associate
• A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate.
The Final Rule modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits”
(emphasis added) protected health information on behalf of a covered entity. The emphasis is now on "maintains" which is the case for document storage companies.
C L O U D · C O M P L I A N C E · S E C U R I T Y
16
– 100% healthcare focused team
– Data centers built and designed for healthcare 100% HIPAA compliant
– Reduced costs pay for what you use-vCPUs , RAM & Storage added as needed
– 100 % Network Uptime Guarantee.
• Including 100% availability of our routers, switches, cabling, and Internet connectivity. A guaranteed server uptime of 99.999%.
– 24x7x365 Live Support.
– Monitoring Services:
• Servers performance- per server for service availability.
• Fault Monitoring - status events on servers and network devices including network availability, process status, file system capacity, and backup success/failure.
• Monitor core OS and application log files :for critical/warning application and system events.
• Performance Monitoring - monitor key performance metrics for the operating system (i.e. CPU, RAM, and Disk) and select applications (i.e. process statistics, users, throughput) and databases (i.e. caching, performance, transaction success).
· C O M P L I A N C E · S E C U R I T Y
© 2012 Clear DATA Networks, Inc.
17
General Sales:
Sales Phone Number: 602-635-4020
Sales Fax Number: 602-926-8822
Sales Email: sales@cleardata.net
Partner Sales Contacts:
Primary POC:
Ralph Reyes – VP Channel Sales
Email: ralph.reyes@cleardata.net
Mobile: 801-380-0334
Secondary POC:
David Albanese – Inside Sales Manager
Phone: 602-635-4015
Email: david.albanese@cleardata.ne
t
Hours of Operation:
Customer Support 24x7
Sales support is Monday through Friday from
8:30 AM to 5:00 PM PT
Headquarters:
ClearDATA Networks, Inc.
1600 West Broadway
Suite 300
Tempe, AZ 85282
Phone Number: 602-635-4000
Fax Number: 602-926-8822
Web Site: www.Cleardata.net
Twitter: www.twitter.com/cleardatanet
Facebook: www.facebook.com/cleardata
C L O U D · C O M P L I A N C E · S E C U R I T Y
18