Reducing Shadow IT in healthcare by embracing “good enough for HIPAA” business-friendly SaaS tools

3962189473d062fdc76ce9a07cbe89fd?s=47 Shahid N. Shah
May 02, 2013

Reducing Shadow IT in healthcare by embracing “good enough for HIPAA” business-friendly SaaS tools

I was invited by the healthcare team to discuss Shadow IT in Healthcare for their "Secure Cloud Collaboration in Healthcare" webinar. The recorded webinar is available at


Shahid N. Shah

May 02, 2013


  1. Reducing Shadow IT by embracing “good enough for HIPAA” business-

    friendly SaaS tools Healthcare Webinar Shahid N. Shah, CEO
  2. NETSPECTIVE 2 Who is Shahid? • 20+ years of

    software engineering and multi- site healthcare system deployment experience • 12+ years of healthcare IT and medical devices experience (blog at • 15+ years of technology management experience (government, non-profit, commercial) • 10+ years as architect, engineer, and implementation manager on various EMR and EHR initiatives (commercial and non- profit) Author of Chapter 13, “You’re the CIO of your Own Office”
  3. NETSPECTIVE 3 Clinical tech users are resourceful Clinical professionals

    that are counted on to save lives do not always wait around for solutions, they create them.
  4. NETSPECTIVE 4 Shadow IT is prevalent & growing •

    When they only had access to MS Office, “Shadow EHRs” were created using Word, Excel, and Access. • In the cloud era, they pick consumer-grade and least-secure options when you don’t give them reasonably secure options instead.
  5. NETSPECTIVE 5 What does HIPAA compliance mean? The rules:

    – /omnibus/ Read the rules, don’t take anyone else’s informal legal opinion (these are federal regulations).
  6. NETSPECTIVE 6 Most important HIPAA considerations Participants (Specific) •

    Covered Entities [CE] (plans, providers, clearinghouses) • Business Associates [BA] (needs data to help a CE) Safeguards (Guidance) • Administrative • Physical • Technical get a business associate agreement (BAA)
  7. NETSPECTIVE 7 Most important cloud considerations • Business-grade functionality

    • Consumer-grade ease of use • Auditable with easy to use notifications (reduce permissions requirement) • Workflow-independent • Platform-independent • Device-independent
  8. NETSPECTIVE 8 Healthcare Industry Fallacies • Healthcare folks are

    neither technically challenged nor simple techno-phobes (they’re busy saving lives) • Most technology product decisions are no longer made by the CIOs • Complex, full-featured, products are not better than stand alone tools that have the capability of interoperating with other solutions • Hospitals will not buy unless one proves value.
  9. Thank You Visit E-mail Follow @ShahidNShah Call