Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reducing Shadow IT in healthcare by embracing “...

Avatar for Shahid N. Shah Shahid N. Shah
May 02, 2013
1.7k

Reducing Shadow IT in healthcare by embracing “good enough for HIPAA” business-friendly SaaS tools

I was invited by the Box.com healthcare team to discuss Shadow IT in Healthcare for their "Secure Cloud Collaboration in Healthcare" webinar. The recorded webinar is available at https://www.brighttalk.com/webcast/8843/67115

Avatar for Shahid N. Shah

Shahid N. Shah

May 02, 2013
Tweet

Transcript

  1. Reducing Shadow IT by embracing “good enough for HIPAA” business-

    friendly SaaS tools Box.com Healthcare Webinar Shahid N. Shah, CEO
  2. NETSPECTIVE www.netspective.com 2 Who is Shahid? • 20+ years of

    software engineering and multi- site healthcare system deployment experience • 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com) • 15+ years of technology management experience (government, non-profit, commercial) • 10+ years as architect, engineer, and implementation manager on various EMR and EHR initiatives (commercial and non- profit) Author of Chapter 13, “You’re the CIO of your Own Office”
  3. NETSPECTIVE www.netspective.com 3 Clinical tech users are resourceful Clinical professionals

    that are counted on to save lives do not always wait around for solutions, they create them.
  4. NETSPECTIVE www.netspective.com 4 Shadow IT is prevalent & growing •

    When they only had access to MS Office, “Shadow EHRs” were created using Word, Excel, and Access. • In the cloud era, they pick consumer-grade and least-secure options when you don’t give them reasonably secure options instead.
  5. NETSPECTIVE www.netspective.com 5 What does HIPAA compliance mean? The rules:

    – http://www.hhs.gov/ocr/privacy/hipaa/administrative /omnibus/ Read the rules, don’t take anyone else’s informal legal opinion (these are federal regulations).
  6. NETSPECTIVE www.netspective.com 6 Most important HIPAA considerations Participants (Specific) •

    Covered Entities [CE] (plans, providers, clearinghouses) • Business Associates [BA] (needs data to help a CE) Safeguards (Guidance) • Administrative • Physical • Technical get a business associate agreement (BAA)
  7. NETSPECTIVE www.netspective.com 7 Most important cloud considerations • Business-grade functionality

    • Consumer-grade ease of use • Auditable with easy to use notifications (reduce permissions requirement) • Workflow-independent • Platform-independent • Device-independent
  8. NETSPECTIVE www.netspective.com 8 Healthcare Industry Fallacies • Healthcare folks are

    neither technically challenged nor simple techno-phobes (they’re busy saving lives) • Most technology product decisions are no longer made by the CIOs • Complex, full-featured, products are not better than stand alone tools that have the capability of interoperating with other solutions • Hospitals will not buy unless one proves value.