Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reducing Shadow IT in healthcare by embracing “good enough for HIPAA” business-friendly SaaS tools

Shahid N. Shah
May 02, 2013

Reducing Shadow IT in healthcare by embracing “good enough for HIPAA” business-friendly SaaS tools

I was invited by the Box.com healthcare team to discuss Shadow IT in Healthcare for their "Secure Cloud Collaboration in Healthcare" webinar. The recorded webinar is available at https://www.brighttalk.com/webcast/8843/67115

Shahid N. Shah

May 02, 2013


  1. Reducing Shadow IT by embracing “good enough for HIPAA” business-

    friendly SaaS tools Box.com Healthcare Webinar Shahid N. Shah, CEO
  2. NETSPECTIVE www.netspective.com 2 Who is Shahid? • 20+ years of

    software engineering and multi- site healthcare system deployment experience • 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com) • 15+ years of technology management experience (government, non-profit, commercial) • 10+ years as architect, engineer, and implementation manager on various EMR and EHR initiatives (commercial and non- profit) Author of Chapter 13, “You’re the CIO of your Own Office”
  3. NETSPECTIVE www.netspective.com 3 Clinical tech users are resourceful Clinical professionals

    that are counted on to save lives do not always wait around for solutions, they create them.
  4. NETSPECTIVE www.netspective.com 4 Shadow IT is prevalent & growing •

    When they only had access to MS Office, “Shadow EHRs” were created using Word, Excel, and Access. • In the cloud era, they pick consumer-grade and least-secure options when you don’t give them reasonably secure options instead.
  5. NETSPECTIVE www.netspective.com 5 What does HIPAA compliance mean? The rules:

    – http://www.hhs.gov/ocr/privacy/hipaa/administrative /omnibus/ Read the rules, don’t take anyone else’s informal legal opinion (these are federal regulations).
  6. NETSPECTIVE www.netspective.com 6 Most important HIPAA considerations Participants (Specific) •

    Covered Entities [CE] (plans, providers, clearinghouses) • Business Associates [BA] (needs data to help a CE) Safeguards (Guidance) • Administrative • Physical • Technical get a business associate agreement (BAA)
  7. NETSPECTIVE www.netspective.com 7 Most important cloud considerations • Business-grade functionality

    • Consumer-grade ease of use • Auditable with easy to use notifications (reduce permissions requirement) • Workflow-independent • Platform-independent • Device-independent
  8. NETSPECTIVE www.netspective.com 8 Healthcare Industry Fallacies • Healthcare folks are

    neither technically challenged nor simple techno-phobes (they’re busy saving lives) • Most technology product decisions are no longer made by the CIOs • Complex, full-featured, products are not better than stand alone tools that have the capability of interoperating with other solutions • Hospitals will not buy unless one proves value.