Archive for the ‘Business Software’ Category

Security Breaches: A Lesson For All From A Small Company

December 16, 2014

security breach

News of security breaches has become so commonplace that we hardly react with surprise or outrage any longer. The scenario plays out in an almost scripted fashion. Computer hackers located in Russia or China identify a system’s vulnerability, break in, and steal sensitive customer or patient (in the case of electronic medical records) information. Defending against these outsider attacks has become a high priority for any organization which possesses confidential records. The failures which make headlines are those where data thieves have looted the systems of large entities containing millions of records and huge infrastructures. We’ve all been impacted to some degree as consumers, but as business managers and owners we may harbor a false sense of immunity to data security breaches. A recent action brought by the Department of Health and Human Services Office of Civil Rights (OCR) brings the problem closer to home for smaller entities which manage more limited amounts of information.

The case involves Anchorage Community Mental Health Services, Inc. (ACMHS), a five-facility nonprofit provider of behavioral health care services to children, adults and families in Anchorage, Alaska. As required by the Health Insurance and Portability and Accountability Act (HIPAA), ACMHS notified OCR of a breach of 2,743 patient records caused by malware on one of its desktop computers. OCR conducted an investigation of the incident and found ACMHS had failed to protect sensitive patient information. On December 10, 2014, ACMHS agreed to pay a $150,000 fine and undertake a corrective action plan to address the deficiencies which caused the breach. Here is what OCR’s investigation revealed:

1) ACMHS had adopted HIPAA security policies and procedures, but they were not followed by the organization’s employees for a seven-year period, from 2005 to 2012.

The practices at ACMHS are not unique to health care providers. All too often organizations maintain a template of written policies and procedures which are not tailored to the organization’s actual method of operation. For health care providers, simply having in place template policies and procedures is insufficient to satisfy HIPAA requirements. Organizations outside the health care industry do not face monetary penalties for security breaches but nonetheless are exposed to data security risk for failure to evaluate compliance with written data security protocols.

2) ACMHS failed to update its software.

OCR found that the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software. The settlement agreement stated, ACHMS failed to “ensure that firewalls were in place with threat identification monitoring of inbound and outbound traffic and that information technology resources were both supported and regularly updated with available patches.” Once again, all organizations, not just health care businesses, can suffer losses for delaying or neglecting software updates. It’s not always an easy task, and the cost to implement an upgrade may push it down on the company’s priority list. But the downside to avoiding the upgrade process has potential for serious consequences, not to mention the eventual value impact on the organization caused by using old software.

C3 Advisors, LLC
December 15, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or email us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Advertisements

What to Look for When Purchasing Business Software

February 19, 2013

 

PurchaseHeader

Business management software is a significant investment for any business.  The right solution can help you run your business more efficiently and effectively, reduce staff frustration, and improve customer relationships.  But with the numerous software vendors and systems to choose from, how do you narrow the search and evaluate products?   Here are the areas to investigate in selecting a suitable solution from a reputable vendor.

Reason for Purchase—Before beginning a search for a solution, be sure you know what the software should accomplish.  You will not be able to assess the capability of any software system without a clear understanding of the problems you wish to eliminate or reduce.  Your company may be experiencing one or more of these typical operational challenges:

  • Internal communications are poor.
  • A lack of centralized information is creating a duplication of staff efforts.
  • Too much time is being spent on preparing reports.
  • Manual systems have been created to address processes.
  • Customers cannot be serviced adequately due to the lack of timely information.

Your business may have problems not listed here.  The point is:  know what needs to be fixed.

Industry Knowledge—Make sure the vendor is familiar with your industry.  The vendor should understand the challenges that you face and your particular needs.  Ask if they have customers like you and how the software works for them.  Be sure they are experienced in writing, implementing and supporting software for businesses like yours.

Reputation of the Vendor—Don’t rely on the references provided by the vendor.  Ask for the names of customers who have used the system for a period of time, customers who have recently completed an implementation, and customers who are in the implementation stage.  Find out how long the vendor has been in business and the length of time customers typically stay with the vendor.  Inquire as to the vendor’s financial condition to ensure they have the resources to remain viable on a long term basis.  If the vendor goes out of business, the software will be useless without the services described below.

System Features—System functionality is critical to solving the problems that the software is intended to remedy.  Look at the major inefficiencies that can be solved with the right tools in place.  Consider what is needed now, what features can be added to benefit your business as it continues to grow, and whether it is scalable to accommodate growth.  Make a purchase based on business needs, not features that are nice add-ons but deliver little value.  Customizations are often necessary, but those which are major or numerous are a sign that perhaps you should continue shopping.

Services—Implementation, support and system updates are the services which make the difference in truly realizing the benefits of business management software.   If the system remedies the challenges it is intended to address, but the service from the vendor is inadequate, you’re replacing an old problem with a new one.

  • Implementation-Ask the vendor about typical hurdles they encounter in installations and their recommendations for reducing such problems.  The team assigned to your installation should be experienced in implementations of the software at businesses similar to yours, with a project leader who will be accountable to a timeline for completion.  Remember that the installation costs are separate from the software purchase price and are typically billed at an hourly rate.  The longer the installation drags on, the higher the true cost of the software.
  • Support-In addition to the purchase price of the software, you will purchase an annual support or maintenance package.  This is as important as the functionality of the software itself because system bugs, lack of user knowledge, etc. can seriously impede your business operations if the support function is slow or unresponsive.  Find out how quickly support requests are handled, whether communication is via phone or email, whether support personnel are dedicated to particular customers, hours of the day support services are available, and the process for escalating support problems which remain unresolved.  On-site services are normally not included in software support, but learn what the process is for scheduling such services and the hourly rates charged for the technicians who visit your location.
  • Updates/Upgrades-Equally important as system support is the frequency and adequacy of software updates and upgrades.   Updates and upgrades are necessary to correct system flaws, improve system performance, and address regulatory and other requirements.  They should be made available on a regular schedule with sufficient advance notice to minimize disruptions to your operations.  Ask for the history of upgrades and updates and the date of the last major upgrade for the version you are purchasing.  The vendor should be able to show that minor updates have been made every month or so, and that major upgrades are done approximately once per year.

Guarantee—Despite your efforts in researching the best software and vendor, you may find that the system you purchased does not work as you expected.  Once the software company has installed the software and received payment, it can be very difficult to get a refund.  An additional complication may arise if custom modifications have been included in the purchase.  Carefully review the contract terms for the time period for a full or partial refund.  Remember that the implementation costs are separate from the software purchase and will likely not be refundable, if you decide that you want to return the software.  Carefully negotiate the contract to ensure you have a guarantee of satisfaction with reasonable time frames to make that determination.

Software for your business is a major investment which is costly to purchase and maintain.  Your software vendor will be a long time business partner.  Avoid making mistakes that you will have to live with for years by researching the product and vendor before you buy.