Archive for category: Articles

OSHA Postings are due the First day of February

Categories: Articles

Employers have to post OSHA Form 300A for 2018 by the first day of February and leave it up through April 30. This form displays illnesses and injuries that occurred during the previous year and serves as a log of work-related injuries and illnesses recorded. The form must be posted in an area where it is visible to all employees. Records must be kept at the worksite for a minimum of five years and available to not only current employees, but to former employees (or their representatives if need be) as well.

The United States Department of Labor requires employers with 10 or more employees to keep records of work-related illnesses and injuries that are considered serious (if an injury only required first-aid, it need not be recorded). Severe injuries regarding loss of an eye, amputation or hospitalization must be reported within 24 hours; any fatality must be reported within 8 hours. Businesses that employ 10 or less employees who work in low-hazard conditions are considered exempt from the above requirements.

Note: OSHA Form 300A (Summary of Work-Related Injuries and Illnesses) is the only form needed for electronic submission for establishments in excess of 250 employees as of July 30, 2018 due to issuance of a Notice of Proposed Rulemaking (NPRM). In addition to form 300A, OSHA also requires the employers submit their (EIN) Employer Identification Number.

Ensure Your Workers Are Safe:

Employers are responsible for providing a safe work environment and by law are required to provide training and information to employees in a manner of communication that the employee/s understands. They must be made aware of certain hazards in the workplace and instructed on how to avoid them or prevent them from happening according to OSHA standards. This can include labeling hazardous materials or chemicals and providing Fact Sheets; posting signs, color-coding; safety training and written instructions clearly defined in an Employee Manual and the implementation of OSHA’s Illness and Injury Prevention Program at your place of business.

Fines Are Steep for Violations:

Congress enacted legislation that required federal agencies adjust civil penalties to account for inflation as of November 2015. OSHA’s maximum penalties have not been adjusted since 1990 and are going to increase by 78 percent. Moving forward, this will adjust each year for inflation based on the Consumer Price Index beginning after August 1, 2016 when they went into effect.

  • Serious or Other-than-Serious Violations are currently $7000 per violation and the new penalty will be $12,471 per violation.
  • Failure to Abate is currently $7,000 per day beyond the abatement date and the new penalty will rise to $12,471 per day beyond the abatement date.
  • A Willful or Repeated violation is currently $70,000 per violation and the new rate will become $124,709 per violation.

In the course of a citation being issued, it must remain posted and visible until it has been corrected, or for a length of three days, whichever comes first. Smaller businesses may see a reduction in OSHA penalties based on deciding factors and number of employees/sizes of business. OSHA’s Field Operations Manual has been revised and is now available to field staff to address recent changes.

This may all sound a bit complicated, but it doesn’t need to be. If your business does not have a designated HR department, try reaching out to a local HR agency such as Stellaris Group in Marietta, Georgia.  Stellaris Group offers OSHA and Safety Programs, Government Compliance, Internal Investigations and everything you need for complete Human Resource Management for your business.

Article by: Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co

5 Signs You’re Reading a Spear Phishing Email

Categories: Articles

Since the early 2000s, spear phishing scams have been a problem. These scamming emails occur when someone attempts to lure sensitive information from an unsuspecting recipient by posing as a legitimate company or entity (i.e. ‘please provide your credit card info for a free trial,’ or, ‘your account has been hacked, please reply with your password and username to reclaim control’).

Falling victim to a phishing scam can be detrimental to the individual or company who is preyed upon. And unfortunately, phishing scammers have been getting better and better, therefore making it more difficult to detect when an email is legitimate vs. when it is a fake.

To help you decipher between what’s real and what’s not, look for these 5 signs that you’re reading a spear phishing email.

Nosy and Suspicious Requests

Your bank, or any other company, will not ask you for your social security number, bank account information, PIN numbers, or any other highly sensitive material over email. Whenever you receive an email that is requesting any type of info from you, always remain suspicious. When in doubt, call the bank or company directly to ensure that the email is in fact legitimate.

Grammatical Errors

While we can all be guilty of a typo here or there, some phishing emails are often plagued by spelling, grammatical, and format errors. While in some instances, the grammatical errors are caused by the sender not being a strong English speaker, many theorize that these errors are prevalent in scam emails because they save time.

Because it usually takes multiple emails back and forth between the phisher and the victim for them to successfully extract the information, the scammers need to weed out between those who will fall for it and those who won’t. In other words, people who look past grammatical errors and ignore spelling mistakes are more likely to actually provide the information than those who don’t. Therefore, they can save time by sending low-quality emails to more people, faster, and cast a wider net around potential victims.

Pretty evil, we know. So always be mindful of too many grammatical errors!

Missing a Name for Who it is Addressed to

An email that begins with ‘Dear customer’ or a similarly generic introduction is more likely to be a spear phishing email than those that actually include your own name. For reasons described in the previous tip, it is more advantageous for these criminals to not take the time to figure out the names of the recipients, but rather to just send out as many as they can.

Email From a Public Internet Account

If you believe you’re receiving an email from a bank or business, the sender’s email should not have a public internet account attached to it. Email from @ Gmail, Yahoo!, Hotmail, or Outlook should be a red flag that the sender is not who they say they are. Many phishing emails will use the name of the bank or entity in the email to try and trick you.

(Example: NorthBranchBank@gmail.com)

Non-Accurate URL

Phishing scammers will often use fraudulent websites to try and steal your information. If you are provided a link, check carefully to make sure that the URL is correct. You can easily do this by opening a new tab and googling the website yourself and checking to make sure that it is the same as the one provided in the email. Scammers will try and make the website look as close to the original as possible, but you can spot slight differences, such as alternative spelling or added punctuation.

Use Medicus IT For Your Cybersecurity Needs

At Medicus IT, we offer phishing and security awareness solutions for our clients to help you prepare for a phishing email attack on your business. We’ll work with you to implement a phishing scam simulation, which will allow us to identify which employees fell for the scam. Therefore, we can pinpoint which employees need to be trained in how to spot these scams. It’s also a great reality check, as it shows just how easy it is for businesses and their employees to be tricked into giving up personal information.

These simulations are extremely important for healthcare providers, whose patient’s information and records should be confidential at all times.

Article by:

Oct 1 Safe Harbor Deadline

Categories: Articles

Are you a business owner who needs to reduce their current year taxable income and save for retirement? Now is the ideal time to evaluate retirement plan options for 2018 and beyond.

The deadline to establish a safe harbor 401(k) plan fpr 2018 is October 1st, 2018. These plans provide significant benefits to business owners and their key staff members:

  • Business owners to make the maximum 401(k) contribution this year ($18,500 or $24,500 if age 50+);
  • Safe harbor company contributions can be either a flat 3% contribution to eligible employees, or a matching contribution of up to 4% of pay;
  • The plan may allow for additional profit sharing or matching contributions;
  • These plans can be paired with cash balance/defined benefit plans for even larger tax-deductible contributions.

Please contact us ASAP so we can start designing a solution for your needs. We look forward to working with you!

Joshua C. Harper, CFP®, CLU®, ChFC®

 Office (404) 926-1303

Cell (404) 277-1604

Fax (470) 777-2470

 

Three Alliance Center

3550 Lenox Road NE, Suite 1100

Atlanta, GA 30326

Article provided by Joshua C. Harper , CFP®, CLU®, ChFC®, for Capstone Financial. For questions, please contact here.

The Story Of Windows 7 & Server 2008 End Of Life Has Just Gone Viral!

Categories: Articles

Microsoft’s most loved computing operating systems are ending sooner than we think. Support for Windows 7, Windows Server 2008 and Windows Server 2008 R2 end on January 14th, 2020. This means that they will discontinue all support, including paid support; and all updates, including security updates. At this time your systems will no longer receive regular security updates, it is because of this that your older systems will no longer be considered compliant. Additionally, your computers, servers, medical modalities running these older systems will be prone to new unpatched exploits, potentially leaving your systems open to further attacks.

Between now and January 2020, Microsoft is offering “extended support” for Windows 7. Which means, Microsoft is still offering paid support and continues to provide security updates. No new features will be released.

As for Windows Server 2008, everyone will need to migrate to Windows Server 2012 or higher. Microsoft will no longer accept warranty claims, or provide non-security hot fixes. Microsoft will continue to offer bug fixes and security updates through extended support. Be mindful though, that we must validate what systems are being supported by your line of business and your applications before proposing an upgrade solution, it is not uncommon for software vendors (including many EMRs) to not support the most recent Server operating systems.

In the table below you can see the current dates that Microsoft will be ending support for various operating systems:

What Do You Do Now?

Now, its time to upgrade your operating systems. The whole process takes time and careful planning, especially if you have a lot of machines and systems to assess in the process. Here are the steps to take to make sure your transition is successful:

1. Identify devices that need to be upgraded or replaced that meet essential (HIPAA) security compliance.

2. Develop a budget for upgrades, replacements and a timeline of when this will occur.

3. If your systems needing upgrades aren’t powerful enough for the latest Microsoft upgrades, we recommend backing up valuable data and then shredding the hard drive, recycling the old PC, and replacing it with a new computer running Windows 8 Professional or Windows 10.

4. Have security controls in place to separate difficult systems from Windows 7 and Server 2008 machines that cannot be upgraded or removed.

5. Training employees on the new upcoming operating systems that are going to be implemented in your practice/business.

What is Windows 10 and how do I upgrade From Windows 7?

If you don’t have a product key or a digital license, you can buy Windows 10 Pro from the Microsoft Store. Select the Start button, select Settings > Update & security > Activation, and then select Go to Microsoft Store.

The great thing about Windows 10 is that it supports apps that are used across multiple devices, including PCs, tablets, and smartphones. It supports face login, touchscreen, and keyboard/mouse input methods and is faster than Windows 7.

It has a lot of useful benefits like interface, security, speed, compatibility, and software tools that are a massive improvement over Windows 7. The goal of Windows 10 is familiarity and a much simpler learning curve. It gives you the best of both worlds.

Is your practice/business still using Windows 7 and Server 2008? Do you need help upgrading your operating system, replacing your computers with Windows 10 and Server 2012, hard drive shredding and recycling?

Then, Contact Us.

We’re always here to help with all of your IT needs.

Article provided by Mike Jann , for Medicus IT  mjann@medicusit.com.

Don’t Get Put on the SHAME LIST! ; Contribute to a Safer Web by Switching to HTTPS

Categories: Articles

Google has given us all a final push to defend our sensitive information since July (2018) with the release of Chrome 68, a new version of their free internet browser. This, of course, includes prospective patients that may be searching for a healthcare provider. The new version will mark all HTTP sites as “Not Secure,” according to a blog post published by Emily Schechter, Chrome security product manager. In a gradually increasing effort to ensure visitor safety and security throughout the web, Google started to mark more and more HTTP websites as “Not Secure” last January, including those asking for credit card information and passwords. Outside entities even published “Shame Lists” of websites that had not yet made the switch!

Just since last year, more than 68% of Google Chrome users on Android and Windows and more than 78% on Chrome OS and Mac now have protection through HTTPS encryption.  Of course, Google aims for 100% of traffic to be protected by HTTPS encryption by default. What does this mean for you? It means that your website needs a certificate for use with SSL or TLS if it does not have one yet.

Lost in a cloud of abbreviations? Here’s what you need to know:

HTTPS (HyperText Transfer Protocol Secure) is an extension of HTTP and a certain code that two computers use to scramble the messages they send to each other so that hackers can’t intercept those messages (i.e. your CC info, passwords, etc.) and read them. An SSL is a Secure Sockets Layer and TSL means Transport Layer Security. These layers are where HTTPS uses this “crime-fighting” code. They allow private and secure transfer of data to a browser from a server. Therefore, since July, anyone without an SSL or TLS will be deemed “Not Secure.”

Right now, HTTPS sites show a green lock and the word “Secure” in the far left of the URL bar. While previous versions of Chrome would only alert the visitor that the site was not secure when entering data into certain fields, anyone that does not switch to HTTPS will surely turn off visitors by showing a red “i” in a circle and the words, “Not Secure.”

If this switch has already impacted your website, don’t worry; there is a path to recovery. It may cause damage (turning patients away from your site), but it can be reversed. There are new automatic auditing tools that make migrating to HTTPS very simple, such as the audit in Lighthouse. Developers can use Lighthouse to determine which parts of your site are ready to update to HTTPS. Moving to HTTPS will also allow for new features and performance enhancements that HTTP cannot support.

In February 2018, Google reported that HTTPS was already the default for 81% of the top 100 sites. Ask NicheLabs to help you obtain your SSL today by calling 888-978-9254 or click here to send a message.

Article provided by Christina O’Brien, Marketing Manager, NicheLabs. For questions, please contact here.

Let the Patient Inside Before Their Visit; The Benefits of Virtual Tours

Categories: Articles

It’s safe to say that most people do not stroll around town to look for healthcare practices when they need a check-up or to see the doctor for a sore throat. Besides word-of-mouth (no pun intended), how do they find the right doctor’s office? Google tells us that consumers use mapping tools (like Google Maps) 44% of the time when they are searching for businesses. After they find you, they need a reason to learn more and book an appointment. The longer they engage with your site, the more likely they are to make an appointment. A Google Street View Virtual Tour is an easy, low maintenance, one-time investment that lasts forever and can increase both web traffic and in-office visits.

We’ve all sat in the waiting room for what feels like forever, anxiously waiting for our doctor to provide us some relief or at least some answers. When someone searches for “doctor’s office near me,” they want to find a place that looks comfortable and clean. This is where Google Street View Virtual Tours come in. The 3D tours are an addition to the Google Maps platform. Anyone with a physical location listed with Google My Business can integrate a tour into their listing. As one of the most high-impact marketing tools available, a virtual tour literally gives a potential patient the ability to move around inside your business, choosing what they want to see.

Meet Medicus IT, a leading Healthcare IT Support Provider serving the Southeast. Nichelabs gave Medicus IT the power to leverage Google Virtual Tour Technology and showcase their beautiful new office in Alpharetta, GA.

What does the 3D tour tell us about Medicus IT?

Benefits of Google Virtual Tour, Medicus IT - Image 1

The vibrancy of their office exudes the energy of their brand. Polished and professional, the space gives the correct impression that they are a successful business. Any website can go on boasting for paragraphs about how fantastic their patient services are and how great their practice’s reputation is because of it. Why not just SHOW the prospective patient the fruits of your labor and instill the confidence that you are an established, active healthcare practice of integrity. The most powerful copywriting imaginable still could never produce the impact that we get from this virtual tour.

Benefits of Google Virtual Tour, Medicus IT - Image 2

In order to take care of your patients, you must first take care of your medical and administrative staff. We are able to see the office lounge area, complete with comfy couch, pool table, and even a foosball table. Notice how it is right next to a mass of spacious cubicles; In fact, the whole office has an openness to it. This Virtual Tour allows us to SEE that they promote an atmosphere of open communication and idea sharing, which for a doctor’s office would leave less room for patient cases, inquiries, and test results getting lost in translation.

Benefits of Google Virtual Tour, Medicus IT - Image 3

Notice the adorable “DADDY” drawing from an employee’s son or daughter. Clearly, you will not be dealing with “robots” if you call Medicus IT.

Benefits of Google Virtual Tour, Medicus IT - Image 4

“Take a walk” down the hall and you will see the impressive lunch area. They clearly care about employee experience.
There are so many positive mental notes that the visitor can infer as they navigate through this 3D tour. The interest it creates quickly turns to interaction to see and know more. Click, Click, Click!

Google Virtual Street Tours Enhance Your Online Visibility

Benefits of Google Virtual Tour: Enhance visibility

When it comes to online presence, it pays to look good, but it is important to understand that you are also aiming to impress Google’s algorithms. There are certain factors that Google looks at to determine whether your business is relevant to a community, including distance. What better way to show Google that you are a real and credible practice than visual proof that you are where you say you are?

Beyond instant credibility, virtual tours help to boost your Local SEO, search engine rankings, and website traffic. The point of local SEO is to increase your visibility in your community.

After searching, “doctor’s office near me,” or “IT company near me,” the user may see a box on the right side with information about a local company (in the respective industry) such as hours of operation, phone number, address, and reviews. This box is called the Knowledge Panel. One of the sources that “influences” the Knowledge Panel is Google My Business. Google Street View Tours are a great way to optimize your Google My Business Page, improving your Local SEO. Google’s research indicated that 41% of the searches through mapping tools (mentioned earlier) resulted in site visits, and business listings with photos and virtual tours were twice as likely to generate interest.

More Interaction = Enhanced SEO

Click-through rate is another factor that tells Google whether you are important or not. It is a measurement of how successful an ad, post, campaign, or link is at capturing interest. It is calculated by dividing the number of clicks (interactions) by the number of impressions (views). Increase click-through rate by getting your users to interact! It only matters that you are found if users visit your site and stay there long enough to complete a desired action. If your content is boring, why would they stay? If you fail to give them a reason to look any further than your landing page or homepage, you will have a high bounce rate and a low click-through rate.

To improve click-through rate, you can embed video, photos, text, and links in the tour that, when clicked, will redirect the user to another landing page or part of your website that calls for an action. Ex. When the user views the reception desk, they see a “Book an Appointment” button that takes them straight to a reservation system or contact page.
Besides your My Google Business Page, how can you use your virtual tour?

  • Embed it in your website or feature it on a dedicated landing page.
    Imagine a tab in your website menu titled “See Inside.” The user sees a large, vivid, 3D tour pop up. There is a slim chance of them not clicking one of the arrows to move around and explore. Congratulations, you’ve just engaged your potential client by providing an interactive experience. Visitors will stay on your site longer and are more likely to hop from page to page.
  • Integrate into your Facebook page, Facebook ads, and feature in your social media posts
    Think of how many times you have clicked on a picture on Social Media to enlarge and get a better view. Posts are more enticing when they include a virtual tour that users can interact with to view from different perspectives.
  • Add audio, video, links, and info…
    …to get even more clicks and redirect to more pages. Remember that click-through rate!

A Google Virtual Street Tour is a real “set it and forget it.” No campaign necessary. If you would like to invite your future patients in before they even leave home, contact NicheLabs to create your Google Virtual Street Tour today.

Healthcare is one of the biggest hacking targets for two major reasons: legacy technology and the need to access data to ensure operations..

Categories: Articles

Healthcare is a hacking target

In the article below, the Department of Homeland Security issued an alert to help medical organizations about all CPUs with Intel hardware, who may have potential security flaws. They go on to emphasize the need to one, perform a Security Risk Analysis, and two, place protocols within your organization that will help monitor any suspicious activity. Most practices utilize a third party IT firm to help manage and monitor their networks, and work with them to learn how to mitigate risks. Additionally, a third party privacy & security expert can help create information security policies to help a practice follow “best practices.”

Read Full Article

Submitted by
Bill Steuer
GSG Capital, LLC
GSG Compliance, LLC
877-270-8306 ext. 133
678-209-2021 x133 (local)

Five reasons why your practice should implement a SIEM

Categories: Articles

A Security Information & Event Management (SIEM) system combines analyzing system events and device logs in real time to safeguard against unauthorized access to protected information. By utilizing a SIEM, it highlights the actionable events to proactively prevent a security incident while filtering out the noise found in traditional log data.

To best protect systems and ePHI, Healthcare practices should implement a multi-layered cybersecurity program to help protect their sensitive data and ultimately protect the practice. One way to improve any cybersecurity program is by utilizing SIEM.

Five reasons why your practice should implement a SIEM:
1. Respond to Incidents In Real Time
2. Reporting – Ability to Prove it
3. HIPAA Security Compliance
4. Dedicated Cybersecurity Team
5. A Single Security Breach Could Put Your Practice at Risk

How SIEM Works

SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and wireless access points.

The software identifies and categorizes incidents and events, as well as analyzes them so practices can address issues that matter before the security incident occurs. The software sifts through thousands and thousands of security-related events, such as successful and failed logins, malware activity, and other possibly malicious activities to find the needle in the haystack.

Quote from Paul Musich, EMA

Why Your Practice Needs Managed Cybersecurity Services

The list of vulnerabilities to protect and monitor for is growing at a rate that IT support teams cannot keep up with and as a result, many businesses are choosing to outsource network security and monitoring to companies dedicated to providing expert security service 24/7.

If you are wondering how SIEM can benefit your practice and why you should consider implementing a SIEM solution as part of your cybersecurity program, then read the five reasons below.

1. Respond to Incidents In Real Time

Hackers, bots, viruses, malware, and, ransomware attacks are occurring daily in healthcare. A SIEM solution logs, reports, and alerts on known items or events out of the ordinary. Our Security Operations Center (SOC) team reviews flagged items and address items which need attention, such as a brute force attack or continued unauthorized access attempts to systems.

2. Reporting – Ability to Prove It

Reporting covers anything security-related such as successful and failed logins, malware activity, and other malicious activities attempting to hack into your network. Having this information helps not only to show compliance with the practice’s required HIPAA Policies & Procedures (P&P’s), but also can help prove whether a cybersecurity incident has occurred or not. When a cybersecurity incident occurs, it is up to the practice to prove that ePHI is not compromised. A SIEM can help in many cases to show what was accessed and even how much data was transferred, which alone could save hundreds of thousands of dollars.

3. HIPAA Security Compliance

Most medical practices don’t have the in-house security expertise necessary to perform the event monitoring and security reporting required to maintain HIPAA compliance, which is where SIEM comes into play. Reports generated by a SIEM allow your practice to demonstrate to the OCR auditor that you have reasonable means for protecting ePHI. Having reports and documentation on such cyber activity is required, according to HIPAA guidelines, to pass an audit by the OCR.

4. Dedicated Cybersecurity Team

Most practices think that SIEM is something that they can implement on their own without realizing the amount of information the software spits out. Also, many who try to analyze the data themselves without using a cybersecurity expert could potentially miss some tell-tale signs of a severe security issue. A qualified team managing your practice’s cybersecurity program will not only give you peace of mind but also ensure that you receive notification of security incidents that need to be addressed.

5. A Single Security Breach Could Put Your Practice at Risk

One single security breach could cost your practice thousands, if not millions in damages, attorney fees, fines and penalties, data forensics, crisis management, patient notification costs, and credit monitoring. Not to mention the damage to the reputation of the practice should you ever have to report to the media about your security breach. The above is reason alone for you to think about your practice’s current security program and what you can do to make it better.

By: Medicus IT
www.MedicusIT.com
678-495-5900

20 Things We Should Never Say to a Graphic Designer – But We’re Often Asked to by Customers

Categories: Articles

a 4 part series…

Graphic designers can be hard to communicate with. That’s the reason we communicate with them on our customer’s behalf.

Having worked with designers for about 25 years, it helps that we know the right kind of questions that will move the project along and create a final product that everyone will be happy with. They expend time and energy to come up with ideas, concept and designs to achieve their goals. Sometimes our customers will ask us to ask our designers questions that bring the project to a crashing halt, with incorrect assumptions about the design process.

1. “We haven’t finished writing the copy, but can you design a draft?”

You’ll often hear marketing experts say that “Content is king.” A design should be built around the content, not vice versa. Presenting content to its best advantage will always look better and get better results than trying to squeeze all the content into an existing design. Plus, going back and trying to re-arrange the design to fit the copy can be time-consuming for a designer and increases the turn-around time for you or your company. Get the copy as close to its final version as you can before asking to get the designer to get started — it’s better for everyone.

2. “Can I get you to do something really quick?”

Are you sure it will be quick? Do you know what’s involved? The designer is more than likely happy to accommodate an extra task or an adjustment here and there, but will definitely appreciate my asking how much time it will take (rather than if you just assume it’s a quick fix). Designers are good at giving estimates and will let you know how much time they need if you ask.

3. “Can you put it in a format that we can edit?”

We’ve been asked if we can furnish an editable source file. To edit a print file would take specialized graphic design software to open the file. Then, if you can even open the file, you run the risk that making edits to your carefully crafted project will compromise the design if you don’t have any design knowledge yourself. If we need to fix the file, that will incur extra fees. A better option when you want a professional-quality design but will need to make edits regularly, consider a DIY online option, where you can have access to templates created by designers that you can customize or tweak at any time without compromising design quality (they say that, but not sure that’s really true). The files must be saved and/or output in the proper format for printing, and without that knowledge of how to do that, you might not like the printed results.

4. “Can you do lots of different versions? I think I’ll know what I want when I see it.”

We get asked this quite often and our response to the customer is usually not well received. It tends to be something like, “sure, if you are willing to pay for it.” A great analogy goes something like this: “Let’s say you’re buying an expensive, tailor-made suit or a fancy, custom dress. Would you say to the seamstress, “Can you make me six versions of the outfit? When I see them, I’ll choose the one I like best and pay for just that one.” Of course not. Just because graphic design is a digital rather than physical/tangible product doesn’t mean that the designer puts any less time and care into the work. I’ve seen it written, “The design process will go more smoothly for all parties involved if we first spend some time developing a detailed creative brief. The brief helps the designer understand exactly what you’re looking for and are trying to achieve with the design — including information like your intended audience, preferred tone or aesthetic, budget, etc.”

After 25 years in business, we live in the real world. We suggest to customers and prospects that they get online and look around at logos, business cards, brochures, postcards…whatever products we are working on. Whether they see something they like or hate, we suggest they copy/cut/paste into a Word document, noting what they like, love, hate and why.

5. Don’t ask: “Can you Photoshop a photo…?”

Yes, Photoshop and other advanced design software can do some amazing things. But it can’t do everything; sometimes we receive requests that really are technically impossible for a designer to do. And just because you can do something doesn’t necessarily mean you should. Some of the more extreme or outlandish effects and treatments that are possible are not necessarily the best choice from a design perspective — plus, we’ve all seen Photoshop choices backfire, such as a model with an oddly angled arm or leg or impossibly thin proportions. Instead, we can ask designer to give some feedback and constructive criticism; she/he will usually have a pretty good idea of what will or won’t work for your design.

Submitted by Sheila Fox-Lovell from Shandy Creative Solutions
sheila@shandycreative.com
770.951.0305

Why Do A Security Risk Assessment?

Categories: Articles

Doing a “gap analysis” each year does not replace a Security Risk Assessment.

In a recent article from OCR, a clear distinction is made between what a gap analysis should be used for and why the need for a full Security Risk Assessment. They point out that practices and providers need to consider all potential risks regarding ePHI, not just previous years’ concerns.

See the rest of the article HERE.

Should you have any questions about your Risk assessment and corrective action plan, we are glad to see if we can help. If you are not sure what the differences are or if and when you need to perform them, please call on us for help.

WWW.GSGCOMPLIANCE.COM

Todd Greenberg and Bill Steuer

GSG COMPLIANCE

877-270-8306 ext. 133

678-209-2021 x133 (local)

877-828-8809 (fax)

404-643-4276 Cell

© Copyright - Healthcare Services