Healthcare is one of the biggest hacking targets for two major reasons: legacy technology and the need to access data to ensure operations..

Categories: Articles

Healthcare is a hacking target

In the article below, the Department of Homeland Security issued an alert to help medical organizations about all CPUs with Intel hardware, who may have potential security flaws. They go on to emphasize the need to one, perform a Security Risk Analysis, and two, place protocols within your organization that will help monitor any suspicious activity. Most practices utilize a third party IT firm to help manage and monitor their networks, and work with them to learn how to mitigate risks. Additionally, a third party privacy & security expert can help create information security policies to help a practice follow “best practices.”

Read Full Article

Submitted by
Bill Steuer
GSG Capital, LLC
GSG Compliance, LLC
877-270-8306 ext. 133
678-209-2021 x133 (local)

Five reasons why your practice should implement a SIEM

Categories: Articles

A Security Information & Event Management (SIEM) system combines analyzing system events and device logs in real time to safeguard against unauthorized access to protected information. By utilizing a SIEM, it highlights the actionable events to proactively prevent a security incident while filtering out the noise found in traditional log data.

To best protect systems and ePHI, Healthcare practices should implement a multi-layered cybersecurity program to help protect their sensitive data and ultimately protect the practice. One way to improve any cybersecurity program is by utilizing SIEM.

Five reasons why your practice should implement a SIEM:
1. Respond to Incidents In Real Time
2. Reporting – Ability to Prove it
3. HIPAA Security Compliance
4. Dedicated Cybersecurity Team
5. A Single Security Breach Could Put Your Practice at Risk

How SIEM Works

SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and wireless access points.

The software identifies and categorizes incidents and events, as well as analyzes them so practices can address issues that matter before the security incident occurs. The software sifts through thousands and thousands of security-related events, such as successful and failed logins, malware activity, and other possibly malicious activities to find the needle in the haystack.

Quote from Paul Musich, EMA

Why Your Practice Needs Managed Cybersecurity Services

The list of vulnerabilities to protect and monitor for is growing at a rate that IT support teams cannot keep up with and as a result, many businesses are choosing to outsource network security and monitoring to companies dedicated to providing expert security service 24/7.

If you are wondering how SIEM can benefit your practice and why you should consider implementing a SIEM solution as part of your cybersecurity program, then read the five reasons below.

1. Respond to Incidents In Real Time

Hackers, bots, viruses, malware, and, ransomware attacks are occurring daily in healthcare. A SIEM solution logs, reports, and alerts on known items or events out of the ordinary. Our Security Operations Center (SOC) team reviews flagged items and address items which need attention, such as a brute force attack or continued unauthorized access attempts to systems.

2. Reporting – Ability to Prove It

Reporting covers anything security-related such as successful and failed logins, malware activity, and other malicious activities attempting to hack into your network. Having this information helps not only to show compliance with the practice’s required HIPAA Policies & Procedures (P&P’s), but also can help prove whether a cybersecurity incident has occurred or not. When a cybersecurity incident occurs, it is up to the practice to prove that ePHI is not compromised. A SIEM can help in many cases to show what was accessed and even how much data was transferred, which alone could save hundreds of thousands of dollars.

3. HIPAA Security Compliance

Most medical practices don’t have the in-house security expertise necessary to perform the event monitoring and security reporting required to maintain HIPAA compliance, which is where SIEM comes into play. Reports generated by a SIEM allow your practice to demonstrate to the OCR auditor that you have reasonable means for protecting ePHI. Having reports and documentation on such cyber activity is required, according to HIPAA guidelines, to pass an audit by the OCR.

4. Dedicated Cybersecurity Team

Most practices think that SIEM is something that they can implement on their own without realizing the amount of information the software spits out. Also, many who try to analyze the data themselves without using a cybersecurity expert could potentially miss some tell-tale signs of a severe security issue. A qualified team managing your practice’s cybersecurity program will not only give you peace of mind but also ensure that you receive notification of security incidents that need to be addressed.

5. A Single Security Breach Could Put Your Practice at Risk

One single security breach could cost your practice thousands, if not millions in damages, attorney fees, fines and penalties, data forensics, crisis management, patient notification costs, and credit monitoring. Not to mention the damage to the reputation of the practice should you ever have to report to the media about your security breach. The above is reason alone for you to think about your practice’s current security program and what you can do to make it better.

By: Medicus IT
www.MedicusIT.com
678-495-5900

20 Things We Should Never Say to a Graphic Designer – But We’re Often Asked to by Customers

Categories: Articles

a 4 part series…

Graphic designers can be hard to communicate with. That’s the reason we communicate with them on our customer’s behalf.

Having worked with designers for about 25 years, it helps that we know the right kind of questions that will move the project along and create a final product that everyone will be happy with. They expend time and energy to come up with ideas, concept and designs to achieve their goals. Sometimes our customers will ask us to ask our designers questions that bring the project to a crashing halt, with incorrect assumptions about the design process.

1. “We haven’t finished writing the copy, but can you design a draft?”

You’ll often hear marketing experts say that “Content is king.” A design should be built around the content, not vice versa. Presenting content to its best advantage will always look better and get better results than trying to squeeze all the content into an existing design. Plus, going back and trying to re-arrange the design to fit the copy can be time-consuming for a designer and increases the turn-around time for you or your company. Get the copy as close to its final version as you can before asking to get the designer to get started — it’s better for everyone.

2. “Can I get you to do something really quick?”

Are you sure it will be quick? Do you know what’s involved? The designer is more than likely happy to accommodate an extra task or an adjustment here and there, but will definitely appreciate my asking how much time it will take (rather than if you just assume it’s a quick fix). Designers are good at giving estimates and will let you know how much time they need if you ask.

3. “Can you put it in a format that we can edit?”

We’ve been asked if we can furnish an editable source file. To edit a print file would take specialized graphic design software to open the file. Then, if you can even open the file, you run the risk that making edits to your carefully crafted project will compromise the design if you don’t have any design knowledge yourself. If we need to fix the file, that will incur extra fees. A better option when you want a professional-quality design but will need to make edits regularly, consider a DIY online option, where you can have access to templates created by designers that you can customize or tweak at any time without compromising design quality (they say that, but not sure that’s really true). The files must be saved and/or output in the proper format for printing, and without that knowledge of how to do that, you might not like the printed results.

4. “Can you do lots of different versions? I think I’ll know what I want when I see it.”

We get asked this quite often and our response to the customer is usually not well received. It tends to be something like, “sure, if you are willing to pay for it.” A great analogy goes something like this: “Let’s say you’re buying an expensive, tailor-made suit or a fancy, custom dress. Would you say to the seamstress, “Can you make me six versions of the outfit? When I see them, I’ll choose the one I like best and pay for just that one.” Of course not. Just because graphic design is a digital rather than physical/tangible product doesn’t mean that the designer puts any less time and care into the work. I’ve seen it written, “The design process will go more smoothly for all parties involved if we first spend some time developing a detailed creative brief. The brief helps the designer understand exactly what you’re looking for and are trying to achieve with the design — including information like your intended audience, preferred tone or aesthetic, budget, etc.”

After 25 years in business, we live in the real world. We suggest to customers and prospects that they get online and look around at logos, business cards, brochures, postcards…whatever products we are working on. Whether they see something they like or hate, we suggest they copy/cut/paste into a Word document, noting what they like, love, hate and why.

5. Don’t ask: “Can you Photoshop a photo…?”

Yes, Photoshop and other advanced design software can do some amazing things. But it can’t do everything; sometimes we receive requests that really are technically impossible for a designer to do. And just because you can do something doesn’t necessarily mean you should. Some of the more extreme or outlandish effects and treatments that are possible are not necessarily the best choice from a design perspective — plus, we’ve all seen Photoshop choices backfire, such as a model with an oddly angled arm or leg or impossibly thin proportions. Instead, we can ask designer to give some feedback and constructive criticism; she/he will usually have a pretty good idea of what will or won’t work for your design.

Submitted by Sheila Fox-Lovell from Shandy Creative Solutions
sheila@shandycreative.com
770.951.0305

Why Do A Security Risk Assessment?

Categories: Articles

Doing a “gap analysis” each year does not replace a Security Risk Assessment.

In a recent article from OCR, a clear distinction is made between what a gap analysis should be used for and why the need for a full Security Risk Assessment. They point out that practices and providers need to consider all potential risks regarding ePHI, not just previous years’ concerns.

See the rest of the article HERE.

Should you have any questions about your Risk assessment and corrective action plan, we are glad to see if we can help. If you are not sure what the differences are or if and when you need to perform them, please call on us for help.

WWW.GSGCOMPLIANCE.COM

Todd Greenberg and Bill Steuer

GSG COMPLIANCE

877-270-8306 ext. 133

678-209-2021 x133 (local)

877-828-8809 (fax)

404-643-4276 Cell

How to Prevent and Respond to Security Incidents

Categories: Articles

prevent and respond to security incidentsMedical practices are quickly getting a dose of reality on how critical it has become to protect information systems in the wake of the city of Atlanta ransomware attack this past month. An attack that caused courthouse documents and services like payment processing to become inaccessible for consumers.

Costs quickly add up to respond, correct and recover from a security breach. According to a recent article, written by Engadget, “The ransom demand was approximately $51,000, but according to the city’s Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation.” The city of Atlanta is reportedly facing a $2.7 million price tag to fix the issue.

The purpose of the HIPAA Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity, and availability of ePHI; protecting the practice and its patients. Practices must diligently prepare to protect itself from a security breach. It is imperative and a requirement for all practices to implement systems, policies, and procedures to protect electronic protected health information (ePHI).

To help prepare practices for such instances, we put together nine simple tips that every practice should know to help prevent and respond to security incidents.

1. Conduct a Security Risk Assessment
Understand potential security threats (e.g., downtime and costs associated with ransomware) and the impact they may have on your practice (risk and lost revenue). Use this information to shape your overall security strategy while understanding the risk and likelihood of each scenario occurring.

2. Train Your Employees
Because cybersecurity threats are continually evolving, an ongoing training plan for employees must be implemented. The training should include examples of security risks, as well as instruction on security best practices (e.g., lock laptops when away from your desk). Train your employees and then hold them accountable to follow the practice’s policies diligently.

3. Protect Your Network and Devices
Implement a password policy that requires strong passwords that expire every 90 days. Deploy firewall, VPN and antivirus technologies to ensure your network and endpoints are not vulnerable to attacks. Consider implementing multi-factor authentication and encryption for hard drives. Constant network monitoring is vital especially if you work in healthcare where ransomware attacks are a daily occurrence.

4. Update Your Software
It is essential to use current software products and be vigilant about patch management. Cybercriminals exploit software vulnerabilities utilizing a variety of tactics to gain access to computers and data.

5. Create Straightforward Cybersecurity Policies
Write and distribute a clear set of rules and instructions on cybersecurity and distribute to all employees of the practice. These policies may include policies on social media use, personal device use, authentication requirements, and even what employees can and can’t do on the company computers and network.

6. Back Up Your Data
Regular backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a modern data protection tool that takes incremental backups of data periodically throughout the day to prevent data loss.

7. Enable Uptime
Choose a modern data protection solution that enables “instant recovery” of data and applications. Application downtime can significantly impact your business’ ability to generate revenue.

8. Know Where Your Data Resides
Maintaining oversight of business data is an essential piece of the security puzzle. The more places data exists, the more likely it is that unauthorized individuals can gain access to it. Avoid “shadow IT,” which is information-technology tools and systems used inside practices without explicitly organizational approval. An example of this is employees using Dropbox to share data without knowledge to the practice.

9. Control Access To Computer
Use security cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for access to all systems. Remove administrative privileges from all parties who do not need them on a regular basis to reduce the risk.

Provided by Chris Jann, Founder & CEO, Medicus IT (678.495.5902 or cjann@MedicusIT.com).

How to Recruit Top Talent: Referrals

Categories: Articles

Employee Referrals - Avery PartnersWhen it comes to recruiting people who are sure to succeed in their role, Avery Partners relies foremost on Employee Referrrals.

Research shows that referral programs are many times more effective than relying on job boards to find and hire applicants. Employee referral programs have proved to improve the recruiting function’s return on investment because referred individuals typically get up to speed faster, need less onboarding, are more satisfied in their roles and stay longer at the company. Referrals have also proved to be a cost-effective way to tap into a large, qualified labor pool of passive job seekers.

The more you research it, the more it becomes clear: almost always, the first step of any hiring process should be asking your existing employees if they know someone good for the role. A great referral program allows you to turn your entire workforce into recruiters. When you only have so many recruiters and so many resources to reach out to candidates, it helps to have a great referral program to empower all of your employees to help in sourcing.

The Avery Difference

At Avery Partners, we are different in that we take all the risk. We meet each of our candidates face to face for the interview to make sure they are the best fit for the job. These candidates are also OUR employees. We manage all their paperwork, applications, check references, federal verification and tax forms, background checks, drug screenings, pay-records, taxes, etc. This takes the hassle off your company and staff so that you can do what you do best.

Please contact Jennifer Hall for more information at the office (770) 642-6100 x237 or email Jennifer.Hall@AveryPartners.com

Meet the Team

Categories: Meet the Team

Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 3)

Todd Withrow, Marketing & Web Design

  1. Are you Married? I am not married. I do have a girlfriend though of 3 years.
  2. Do you have any children? If so, how many? I do not have any children. I’ve always wanted like eight though. Everyone I tell this to tells me the same thing “wait till you have one”😊
  3. Do you have any siblings? I do. I have one brother. His name is Wade Withrow. He works in security for one of the largest retail store chains in the country. He too was born and raised in Georgia—and still lives here.
  4. Do you have any pets? I have two Morkies. I didn’t know what a Morkie was until we got some. Morkies are a mix between a Yorkie and Maltese. They are two years old. Still look like puppies.
    Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 2)
  5. Where did you grow up? I was born in Decatur, GA. We moved to Norcross, GA for a few years while my Dad built our house in Duluth, GA. I lived there until college, then I moved out. My parents still live there.
  6. What part of town do you live in? I bought a house in Buford, GA after graduating college and landing my first job. I still have the house but am currently looking in the North Georgia Mountains for a new place to call home.
  7. If you could live anywhere in the world, where would you live? Why? The North Georgia Mountains appear to be a nice place to live. But if I could live anywhere, it would be somewhere east of Atlanta. Close enough to get to the city, and only a few hours away from the beach in Tybee Island. And not too far away from the mountains. So somewhere with a lot of land, and close to a city, the beach, and the mountains😉
  8. If you aren’t currently working your dream job, what would your dream job be? I love what I do. Website design and internet marketing changes daily. It keeps me on my toes. It’s a full-time job just keeping up with everything. But that’s pretty much what I do. Then educate our staff and clients and business partners so they stay up to date with everything as well.
  9. Did you go to college? If so, where? I did. The Art Institute of Atlanta. For multimedia and computer animation. Then to DeVry for a BA in Entrepreneurship.
  10. Are you working in the field of study you went to college for? Yes. There wasn’t much computer animation work in Atlanta at the time I graduated, so I relied heavily on my multimedia education. Multimedia = websites. About half of our business is website design and development. The other half is internet marketing. Then I definitely utilized my Entrepreneurship education from DeVry when I started NicheLabs about 12 years ago.
  11. What do you do for fun? I love the outdoors and traveling. I do a bit of traveling back and forth to Florida for business, as we have several hundred clients in SWFL. And my extended family, and girlfriend’s family, all live up north. So when traveling back and forth from FL to GA and up north we stop and enjoy the various sights to see. We do a lot of hiking.
  12. If you won the lottery tomorrow, in what ways would it change your life? I’d donate my time to helping start-ups be more successful. I have a ton of business and product ideas I’d love to explore. If I’m not able to have the “eight” kids I want, maybe I’d start an orphanage😊
  13. What is something we don’t know about you that we would be surprised about? I’m a big nature and animal lover. I’d love to hike the entire Appalachian Trail. When I get back, buy a bunch of land, and animals, and live off the land. Might be a bit surprising for someone so entrenched in technology and business / social networking.
  14. What’s the most embarrassing thing you ever did? When I was really young, I went to a summer camp. I had to get up in front of a ton of kids and put on a comedy show. I had all of my jokes written down and ready. But when I got up, the sheet of jokes fell out of my book, and I didn’t realize it. So I stood up in front of everyone, fumbling around for my jokes, but couldn’t find it. So I had to wing the whole skit. I had everyone laughing, but to this day, I’m still not sure if they were laughing “with” me or laughing “at” me. Hence the reason I’m still a little shy about public speaking 😐

Team Member Spotlight: Todd Withrow - Healthcare Services Team (Image 1)

The JOY of Work

Categories: Articles

The Joy of Work - Staffing firms - The Avery DifferenceEmployees are motivated to go above and beyond while having fun

Ask any staffing firm, big or small, what its top challenge is. Not surprisingly, the answers are identical: Finding people with the right skills given the scarcity of talent. Organizations – including staffing firms – are facing one of the largest talent shortages since 2007 with the US unemployment rate at 4.1% in February. Firms are all vying for the same talent. So when staffing firms find the right internal workers, what do they do? Engage them. Here’s how.

For the ninth time, Staffing Industry Analysts surveyed employees of staffing firms to see the approach these companies are taking. The winners on this year’s “Best Staffing Firms to Work For” list are committed to creating an environment that helps their workers reach their potential, professionally and personally. Gone are the days when it was just about careers and 80-hour workweeks. Staffing firms must adopt a holistic approach that extends to the home. The successful staffing firms are those that allow employees to take off early to watch their kids’ baseball games or be there for a piano recital. Of course, it’s understood that employees meet their deadlines before taking off.

The Avery Difference

At Avery Partners, we are different in that we take all the risk. We meet each of our candidates face to face for the interview to make sure they are the best fit for the job. These candidates are also OUR employees. We manage all their paperwork, applications, check references, federal verification and tax forms, background checks, drug screenings, pay-records, taxes, etc. This takes the hassle off your company and staff so that you can do what you do best.

Please contact Jennifer Hall for more information at the office (770) 642-6100 x237 or email Jennifer.Hall@AveryPartners.com

No Signature Required for Credit Card Transactions

Categories: Articles

No signature required on credit card transactionsThe card networks have agreed, starting in April 2018 MasterCard, Discover, American Express, and Visa will no longer require signatures for credit card transactions that use chip or contactless payment solutions. While the transition to EMV chip and contactless payments has not been required, those merchants who have updated their terminals to this technology can benefit by not requiring signatures from their customers. Merchants will still have the option of asking for a signature, but the requirement will no longer be in place.

The card networks have seen a decrease in fraud with the rollout of EMV-ready technology of both terminals and cards. Additionally, fraud fighting and tracking capabilities have greatly improved. These advancements and the general consensus that merchants are not actively comparing signatures on receipts to the back of the card or photo identification, have led to the removal of the signature requirement.

How will this really work?

The change may take some time for consumers and merchants to get used to. The many years of card transactions and signing the receipt is a hard habit to break, and it will take time to do so. Consumers may still feel the need to sign, and merchants may still want signatures on receipts, especially on higher sales transactions. The benefit for all is a faster checkout experience. One of the complaints about the EMV chip transactions is that they take longer to process. This process has improved, and now the removal of signing the receipt will allow transactions to be completed faster which will shorten checkout lines.

As consumers become more accustomed to not signing a receipt, the rollout of EMV chip technology will increase, as they will expect the functionality from the merchant and their card issuer. So, those merchants or card issuers who have not converted may feel pressure to complete the upgrade. Further rollout of EMV technology will further reduce fraud in the face to face environment.

Jennifer Autian is the founder of TCA Business Solutions and an independent representative of merchant services. To learn more about EMV technology or explore other payment processing options, connect with her at 678-523-8760 or by email at Jennifer@tcabiz.com.

Do I really need a 0% Abandonment Rate on my Appointment Calls?

Categories: Articles

We’ve all been there…

For me, it looks like this: I’m sitting with my phone to my ear, ready to talk about my reason for calling, eagerly waiting for someone to answer.

efficient call abandon rate

And after what seems like an entire lifetime (probably 7 minutes), while I’ve started multi-tasking a few other things, I forget why I was on the line in the first place. And with much anger or at least a little consternation, I hang up.

Its critical for us to empathize and remember that behind that (1) abandoned call added to your stats today was the pain in the neck experience (and likely Twitter rant) for that one caller today- this can become a huge issue.

Luckily, you can tackle the dilemma of callers hanging up before your agents can help them by learning about your abandon rate and queue times.

We recommend your abandon rate be anywhere between 4 – 8 %. Having a 0% abandon rate is inefficient and unnecessary, and having an abandon rate over 8% will likely affect your satisfaction rating negatively.

So, with an abandon rate between 4 – 8%, you can still have a high satisfaction rating without inefficient and costly over-staffing of your team.

By tracking and investigating your average abandon queue time you can solve just about any abandon rate issues your team might have.

It’s easier to solve an abandon rate that’s lower than 4%. Look at your abandon queue time (the time before a caller hangs up) and make sure to answer any calls right before the majority of your callers have hung up historically. In this situation, it is likely that your team is answering the line sooner before your callers are tired of waiting and hang up.

Keeping those callers on hold just a little bit longer will probably not lower your satisfaction rating. And more importantly, you will have an efficient, perfectly-staffed team.

The harder part is solving the issue of an abandon rate that’s higher than 8% where callers are hanging up before anyone is available to engage. The short answer to this is to hire (and train) more staff.
While you’re getting your new agents up to speed, you’ll likely still have callers who hang up before your team can assist or callers who end up waiting around for ages looking like this.

Sometimes a more creative route is to find ways to keep callers waiting on the line longer. You can do this by changing up what customers hear while they wait for your team to answer.

For example, some organizations will play automated messages (a health insurance line reminding callers to get vaccinated during flu season).

So, if your team is experiencing abandon rate issues and doesn’t know where to start- here’s the breakdown.

First, identify whether your abandon rate is lower than 4% or higher than 8%. Then, use your abandon queue time to decide whether you need to allow your team to work more efficiently, hire and train more staff, or making changes to what your callers hear while they’re on hold.

After these changes, you’ll be on a path for happier customers and more efficient employees.

Paul Mancini
Clear Choice Telephones, National Accounts
paul@clearchoiceinc.com
678-387-3200

© Copyright - Healthcare Services