Archive for the ‘Healthcare’ Category

Accellion and MobileIron Announce Partnership

Wednesday, September 28th, 2011

Most IT organizations have minimal visibility into what’s on an employee’s phone and how it’s being used, and even less control or insight into information being accessed and shared.

MobileIronand Accellion announced a partnership today to provide our customers with secure mobile device and content management. Together, MobileIron and Accellion help an IT organization to regain control over mobile devices and how employees collaborate and share information from them.

As part of the partnership, Accellion will be one of only seven applications chosen to participate in MobileIron’s AppConnect program.  The goal of AppConnect is to secure MobileIron-developed apps as well as third-party apps on the App Store, Android Market and other mobile app services.

The benefit of the Accellion and MobileIron partnership was summed up by Jason Otani, Director, IT Infrastructure, Curtiss-Wright Corporation, a mutual customer:

Using Accellion Secure Collaboration’s native mobile apps, our teams really appreciate being able to securely collaborate on contracts and engineering plans with internal and external business partners.  MobileIron’s ability to wipe the device clean remotely any time a device is lost or stolen adds another level of security protection against a possible data breach.

For the most up-to-date news and information about this partnership, follow us on Twitter, Facebook, and LinkedIn.

Tags: , , , ,
Posted in Accellion, Collaboration, Data Breach, Data Security, Government, Healthcare, Mobile, Product, Virtualization | No Comments »

What’s next? Constant Reinvention.

Thursday, July 28th, 2011

What’s next?  I was inspired to consider this question today after reading John D. Halamka’s blog entry on Life as a Heathcare CIO.

If you’re not familiar with his work, John Halamka is, an MD, MS, and is Chief Information Officer of Beth Israel Deaconess Medical Center, Chief Information Officer at Harvard Medical School, Chairman of the New England Healthcare Exchange Network (NEHEN), Co-Chair of the HIT Standards Committee, a full Professor at Harvard Medical School, and a practicing Emergency Physician.  He is also a long time Accellion customer and has implemented Accellion’s secure file sharing at both BIDMC and Harvard Medical School.  You can read more about his implementation of Accellion in this eWeek article.

Given the scope of his career, it seems like he must ask himself the “What’s Next?” question a lot.  On his blog he answers it.  What’s next?  Constant Reinvention.  He recently announced he is going to step down as CIO of Harvard Medical School, help them find a fulltime replacement for the role and embrace the next reinvention of his career.  About the next phase of his career he states:

It’s July of 2011… and I feel powerful forces are aligning to create a quantum leap forward in electronic health records and health information exchange technology.

We think he’s right.  Healthcare organizations are struggling with the growing use of mobile devices and unmanaged Dropbox-type of solutions in their enterprise and need to secure, manage and audit the mobile sharing of electronic health records, research and other Protected Health Information (PHI).  They know this problem puts the organization at risk for non-compliance with HIPAA and Hitech. The organization could also run the risk of a serious data breach, making news headlines, and incurring hefty regulatory fines.

Accellion’s healthcare customers tend to be more savvy than most and care about offering their staff easy to use file sharing and collaboration applications while still securing and managing sensitive patient and research data.

Accellion is constantly introducing new products and features, and the market continues to have new problems to solve – unmanaged Dropbox-type of solutions in the enterprise, proliferation of new mobile devices.  Asking “What’s Next?” helps us all to thrive and innovate.

So, thanks John for providing today’s inspiration and we wish you luck for your next reinvention.

Posted in Accellion, Collaboration, Data Breach, Data Security, Healthcare, HIPAA, Mobile | No Comments »

Accellion in Action: Seattle Children’s Hospital

Tuesday, July 19th, 2011

A recent issue of Research Practitioner Magazine includes the article, “Collaboration Moves Research, Clinical Knowledge” and talks about the importance of medical researchers reaching out to potential collaborators, nearby and globally, as they work on ground-breaking medical research.

For more than 100 years, one such facility, Seattle Children’s Hospital, has provided inpatient, outpatient, diagnostic, surgical, rehabilitative, behavioral, emergency and outreach services to children from infancy through young adulthood.  Part of Seattle Children’s Hospital, Seattle Children’s Research Institute, has nine major centers, and is internationally recognized for its work in cancer, genetics, immunology, pathology, infectious disease, injury prevention and bioethics.

Accellion customer Wes Wright, Chief Technology Officer at Seattle Children’s, weighed in on how Seattle Children’s uses file transfer and collaboration technology from Accellion to facilitate their research.

Seattle Children’s Hospital in Washington struggled sending secure files through a difficult-to-use secure file transfer protocol server and using email encryption. Less than a year ago, however, the hospital and foundation switched to a Web-based program, one that offers encryption, user tracking, and transfer of large data files. The program is offered by Accellion, headquartered in Palo Alto, Calif.

The switch to the new file transfer system was spurred primarily by research needs, says Wes Wright, vice president and chief technology officer at Seattle Children’s. “We put the solution in to help us transfer data files for research, but it has since spread out among the whole organization.” After the purchase, the system took only took about three weeks to implement.

About 4,800 employees use the system now… the reason is the simplicity of the plug-in, Wright says. If a user wants to transfer a file, he opens Microsoft Outlook and chooses new mail. In the right-hand corner of the new mail is a plug-in that says “Accellion.” “You hit that button and it opens a file browse window. You browse to the file you want and attach it.”

…The system also tracks who has downloaded and looked at each file. “Whenever anyone accesses a particular file, we keep a log of it,” he says. Sometimes researchers send the file to themselves and download it on their home systems so they can work at home. “We know that user X sent it to himself and then downloaded it when he got home. We can keep track of that file and where it went.”

Such technology is “the wave of the future with HIPAA and high-tech regulations and rules,” Wright says. “The easier we can make it to securely share and collaborate among researchers, it’s going to be a research differentiator.”

We’re so proud Seattle Children’s Hospital staff and research team use Accellion to help move such important work forward.

Posted in Accellion, Collaboration, Data Security, Email Attachments, Healthcare, HIPAA, Mobile | No Comments »

Data Breach Disease Strikes NHS – Again

Tuesday, August 24th, 2010

Yet again, an NHS trust is hit by a data breach, as reported in SC magazine today.  This time a CD of patient data was found at a bus stop. This is not to be confused with the data breach from the USB stick containing medical records that was found in a UK car park.

It is barely a month since we blogged on this topic, NHS Trusts Failing to Protect Information, and the Information Commissioner’s Office (ICO) issued a press release with the ominous title Poor Data Security in the NHS.  Earlier in June, Mick Gorrill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information. We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so.”

Looks like Mike and the ICO have their work cut out for them. Here is a checklist of to-don’ts that the ICO might find helpful in their data protection enforcement efforts with the NHS trusts.

• Don’t use USB sticks for transferring confidential patient data
• Don’t use CDs for transferring confidential patient data
• Don’t post confidential patient data on unsecure FTP sites
• Don’t allow use of P2P file sharing on NHS computers

Also our earlier blog posting Top 3 File Transfer Security Mistakes should be required reading for all NHS trusts.

Posted in Accellion, Data Breach, Data Security, FTP, Healthcare, P2P, UK | No Comments »

Healthcare CIO Puts USB Ports on the Disabled List

Thursday, July 29th, 2010

Finally a story about a CIO who takes on the data security threat from USB sticks and thumb drives. Earlier this week, in Health Data Management News, appeared a short article entitled “Data Security is The CIO’s Constant Challenge”.  This is the story of Chuck Christian, CIO at Good Samaritan Hospital, Vincennes, Indiana and his IT department, and their efforts to protect private healthcare information and ensure HIPAA compliance.

Chuck explained “Earlier this year, Good Samaritan went well beyond its laptop policies, disabling USB ports across the computers connecting to its network.  It was a pre-emptive move to preclude inappropriate data transfers to easily lost devices.”

Chuck Christian explained that disabling the USB ports definitely resulted in changes in behavior.  Not least being the purchasing manager from the hospital who wanted to purchase thumb drives in bulk.  Chuck’s response – “I said no.” To the credit of Chuck and his IT department they implemented a number of secure alternatives to enable staff at the hospital to get their jobs done.

It’s as simple as that.  If you are in charge of data security “Just say no” when someone even suggests using a USB stick or bringing it into the workplace, and give them a secure alternative, such as Accellion secure file transfer.

Chuck Christian you are our Accellion Hero of the week.

Posted in Accellion, Data Breach, Healthcare, HIPAA | No Comments »

NHS Trusts Failing to Protect Information

Thursday, July 15th, 2010

National Health System (NHS) organizations in the UK have accounted for more than once quarter of the data security breaches reported to the Information Commissioner’s Office (ICO). If this keeps up the ICO could become a profit center with their new powers, approved in April, to impose penalties up to £500,000 on offending organizations.

The ICO issued a press release on June 15 announcing Poor Data Security in the NHS.  NHS Stock-on-Trent and Basingstoke and North Hampshire NHS Foundation Trusts were the latest NHS bodies found in breach of the Data Protection Act (DPA). Mick Gorrill, Head of Enforcement at the ICO was quoted “Everyone makes mistakes, but regrettably there are far too many within the NHS.”  He went on to add “We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law.”

But wait a sec, just yesterday, July 14, there was another press release announcing Birmingham Children’s Hospital NHS Foundation Trust found in breach of the Data Protection Act (DPA).  Did the folks at Birmingham Hospital NHS Trust not get the message from the ICO?

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | No Comments »

HIPAA Hazard – Shipping CDs via FedEx

Wednesday, July 7th, 2010

This week Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach resulting from a lost FedEx shipment of CDs. More than 130,000 medical records were exposed in this breach and it is small consolation to read that “Siemens was promptly directed to suspend further transport of CDs by the carrier.”  Of particular note in this data breach is the fact that both Siemens and Lincoln Medical and Mental Health Center thought it was an okay idea to ship CDs of unencrypted healthcare data as part of a standard business process, until of course a shipment went astray.  Did the word HIPAA never come up?  Why would anyone think it is a good idea to ship CDs of unencrypted healthcare data when there are readily available secure file transfer solutions?

DataLossDB the Open Security Foundation tracks data breaches and lists 134 data breaches from Snail Mail affecting 2729 Organizations in its database. This week’s Lincoln data breach adds one more organization who has experienced the security hazards of shipping sensitive information unencrypted via the mail.

Posted in Accellion, Data Breach, Data Security, Healthcare, HIPAA | No Comments »

Health Records on USB Stick found in UK Car Park

Wednesday, May 5th, 2010

Another day, another data breach.  The BBC reported today that a memory stick containing health records from a nearby secure hospital facility was found by a 12-year old boy in a supermarket car park in the UK.  The information contained records of violent patients from the Tryst Park severe mental health unit at Bellsdyke Hospital, along with information about staff.

This is really getting silly.  As a spokesperson from the health authority NHS Forth Valley said “We have clear policies in place on the safe use of portable data devices.”  It seems that these clear policies either:

  1. weren’t clear
  2. didn’t cover the Asda Car Park
  3. were ignored

As mentioned before in the Accellion Blog the best idea with portable flash devices and USB sticks is DON’T USE THEM to transfer sensitive information - file transfer via USB stick is not a good idea.  Abstinence in this case really does seem the best idea.  Accellion secure file transfer technologies make it possible to quickly, securely and efficiently transfer sensitive information thus avoiding creating headline news such as today’s.

Another side benefit of using secure file transfer, other than securing the transfer of files, is it makes staff more conscious of the handling of confidential information. Did the person who dropped the USB stick in the car park really mean to take the records to Asda, or did they just forget the USB stick was in their pocket, which just happened to have a hole in it? In the case of information security humans are often the weakest link.

Sometimes safeguards are just that, they guard people from their own mistakes.  So next time you visit the local supermarket check your pockets beforehand.

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | No Comments »

New HIPAA Regulations Go Into Effect – Accellion to the Rescue

Thursday, February 18th, 2010

After much buildup, the new HIPAA regulations finally go into effect this week.  As of February 17, 2010, Business Associates must be in compliance with the HIPAA Security Rule.  HIPAA.com provides a good resource for all the rules and regulations related to HIPAA compliance with catchy titled articles such as “Know your 5010 from your ICD-10″.

How does Accellion help with HIPAA compliance?  Let me count the ways.

1) Test results, medical images, physical examination reports, health insurance notifications, and all forms of personal health information, all fall under the HIPAA compliance requirements.  Accellion provides the security and encryption to ensure the secure transfer of sensitive files containing personal health information.

2) Accellion provides comprehensive tracking and reporting of every file transfer to ensure that only authorized recipients may receive and access sensitive file transfers.

3) Accellion eliminates the need for unsecure FTP servers.

4) Accellion eliminates the use of unsecure USB sticks for sharing medical data.

Many hospitals and healthcare networks have already implemented Accellion managed file transfer to ensure HIPAA compliance – check out our healthcare customers here and in today’s press release.

If you are subject to HIPAA compliance – we are here to help.

Posted in Accellion, Data Security, Healthcare, HIPAA | No Comments »

New HITECH Act raising blood pressure for some

Wednesday, December 16th, 2009

The new HITECH Act that goes into effect February 2010 places new requirements on healthcare organizations for the protection of personal health information (PHI).

The Healthcare Information Management and Systems Society (HIMSS) announced its findings of a national survey of hospitals and business associates to check the state of healthcare vulnerability to data breach.  68 percent of all hospitals indicated that the HITECH Act’s expanded breach notification requirements will result in the discovery and reporting of more incidents, and 57 percent reported that they now have a greater level of awareness of data breaches and breach risk.

Organizations are just coming to terms with the implications of the new regulations with some interesting interpretations being proposed. While the regulations appear quite clear on the need to secure the transfer of confidential patient information, in particular via email, the lack of regulations regarding use of text messages is raising questions.  If sending an unsecured email with the following message  “Your blood pressure is too high” will get you into trouble with HIPAA, what will happen if you text this message?

A good rule of thumb to apply to keep on the right side of HIPAA regulations is that unsecured communication is unsecured communication whether it be via text, email or file transfer.  The new HITECT Act is intended to protect personal health information so this means secure it in transit.

Posted in Healthcare, HIPAA | No Comments »