Tag: business risk

Posted on

HIPAA Privacy and Security and the Cloud

jmbunnyfeet

HIPAA Privacy and Security and the Cloud

Is your cloud solution or hosting service HIPAA compliant?  This is among the most frequently asked questions from professionals shopping for cloud hosting service.  Unfortunately, it is also among the questions most frequently answered with ambiguity, or with naiveté.  The problem is that many businesses dealing with HIPAA compliance responsibilities as it relates to protection and security of personal health information may not fully understand their responsibilities as they extend to outsource IT and other service providers.  In the case of HIPAA compliance, many providers suggest their compliance without truly understanding what it means, and are introducing significant risk to their business and subscribing customers because of it.  With recent changes in rules relating to protection and control of personal health information, it is not just the health care provider, the health plan, 3rd party administrator or others that process health insurance claim information which must agree to provide adequate controls – the requirement may fully extend to business associates of these entities… possibly including their cloud service or hosting solution providers.

Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS. http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HIPAA guidelines and rules exist to protect and secure personal health information, a requirement growing in importance with advancements in technology, electronic health records, e-billing solutions, and cloud computing adoption.  Where the regulations were once focused on the entity directly involved in generating or processing the information, the view is now extended not only to 3rd party administrators, but also to the technology solutions and providers involved.  When a “covered entity” (an entity with a responsibility to protect and secure personal health information [PHI]) makes a decision to move this information to the cloud, a number of important and complicated issues must be addressed in the agreements with the service or solution provider.  These issues include security and privacy of information (including providing individuals the right to access and request changes to the stored information), tools which may be provided to allow the customer additional security protection, encryption of data at rest and in transmission (and who holds the keys), data location, return of data, disaster recovery, and service levels.

Cloud provider contracts and business associate agreements with cloud providers are not one-size-fits-all and should be negotiated carefully to protect PHI in a manner that accurately reflects the capabilities of the parties http://www.americanbar.org/content/newsletter/groups/labor_law/ebc_newsletter/12_winter_ebc_news/ebc12winter_cloud.html

The provider delivering cloud hosting services to the business may now be considered to be a “business associate” under HIPAA, meaning that the responsibilities of the Customer (the “covered entity”) also extend to their service provider. For any business operating under a HIPAA compliance requirement, moving to the cloud must necessarily involve a detailed discussion and set of agreements that spell out the “business associate” relationship as well as the details of the service delivery and accepted performance levels.

Joanie Mann Bunny FeetMake Sense?

J

Posted on

Are the security requirements for accounting and finance professionals using cloud services any less stringent than those governing lawyers?

jmbunnyfeet

As accounting and finance professionals look to the cloud and Internet technologies to address collaboration, mobility, and improvements in service delivery, they should also be looking at ways to ensure the protection and security of client financial information.  Professional services organizations of all types are embracing cloud products and services, sometimes without properly considering how it might impact information security and business risk.  The security requirements for accounting and finance professionals using cloud services are no less stringent than those governing lawyers.

In her articleNC Bar Council issues final opinion on the cloud, author Nicole Black points out some of the essential considerations for using cloud computing services in a professional legal practice.  Accounting and finance professionals should recognize this guidance as being applicable to their businesses, too.

The main question stems from the ethical issues faced by “lawyers who intend to store confidential client information on servers owned and operated by third parties”.  An opinion issued by the North Carolina State Bar Council addressed two primary questions in this area:

1.     Is it OK for a law firm to use Software as a Service or cloud computing products?

2.     Are there any special vendor assessments or other measures which should be taken by lawyers who wish to minimize the security risks of implementing this type of solution?

Read the entire article by Nicole here (PDF format)

Nicole Black is a Rochester, New York attorney and the Vice President of Business Development and Community Relations at MyCase, a powerful and intuitive cloud-based law practice management platform. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at nblack@nicoleblackesq.com.

Joanie Mann Bunny FeetJ

original post April 5, 2012
Posted on

Moving Your Systems to the Cloud

The IT industry is promoting Software as a Service and online applications as the new normal for computing, and unless you’ve been living under a rock for the past few years you have heard how it is supposed to make our computing lives ever so much better.  Hiding under that rock might also have spared you from reading about the various failures and outages which impact users, forcing them to make do without the online applications and data they have become so reliant upon.  It’s surprising, but not unimaginable, that businesses rely so heavily on applications and services that didn’t even exist a few short years ago.

The potential benefits of a SaaS model are many, but the risks are equally significant and should not be minimized.  This assessment should center on a review of the application software in use, considering whether or not it is meeting the needs of the business.  Where and how the software runs is much less of an issue than the functionality and process support it provides – most “legacy” applications can be run in a cloud server environment, making remote access and managed service part of the service model.

There is risk in changing business applications – risk of data loss, changed or broken data relationships, lost productivity, and more.  Many businesses would benefit by running their applications in a cloud model while continuing to utilize the software solutions their operation relies on.

Application hosting models where desktop applications are delivered on cloud servers is  often overlooked when businesses go looking for cloud software because they are shopping for software and not the platform.

With Software as a Service (SaaS), the software and the platform are combined and together represent the solution. With application hosting on a cloud server, the software is the same software a business would traditionally run on PCs and servers, but the they are installed and managed on the cloud server rather than the local computers.

The big benefit is the agility of the platform and the user mobility it allows.  The unspoken benefit is that you can still “take your ball and go home” if the service doesn’t work out.

Removing the barriers for adopting an online working model allows the business to experience the benefits attached to cloud computing without introducing unnecessary risk through unneeded changes in software and applications.

Make sense?

J

 

Posted on

Lean and Mean – Improving Sales and Distribution Performance

Lean and Mean – Improving Sales and Distribution Performance

It is surprising that, even in this world of Internet marketing and online commerce, many businesses are operating at levels far below their potential.  Reliant upon people rather than information and process, these businesses are weighted down by their legacy approach to getting things done.  They throw money and personnel at the problem, adding more “fat” to the business and making sustainability just that much harder to achieve.  The right approach, and the mantra of all manufacturers and distributors, should be to work “lean and mean”, applying technology and business principles which support agility and improved process efficiency.

The center of lean business is in operations, and includes all aspects of the “order” processing and support systems.  From the point where an order is sought, to the point of order entry, and through to delivery and service – all aspects of the operation must be addressed for the business to achieve maximum success.  Innovating in operational areas, such as in order management and distribution, can help the business rise above others in the market and create a significant competitive advantage.

What becomes challenging for many businesses is the fact that years of working in established “silos” often makes it difficult to introduce the cross-functionality necessary to support lean operations.  It is not sufficient to simply suggest that the organization work collaboratively to streamline processes from order through to service and support.  Work groups and team members must work together and adapt to delivering process improvements, following through with the actions necessary to turn the philosophy into bottom line results.  Good support is required to keep customers, and a good product is necessary to support increased sales.  No aspect of the operation stands alone, so each is necessary to participate in making end-to-end improvement.  Additionally, back-office processes must be aligned to work collaboratively where required, supporting efficient operations rather than creating unnecessary bottlenecks or delays.

The key to developing a lean and mean, high performance operation is applying the technology and principles which translate into improved profitability and customer retention.  In many cases, the same solutions which create customer “self-help” capabilities are also solutions which can address similar needs for internal business users. Ultimately, the goals are elimination of redundant or error-prone processes, establishing the sharing and secure collaboration of information throughout the organization, implementing integrated systems which allow users to efficiently perform their particular tasks, and working cooperatively with others in the supply chain to maximize the real-time capability and efficiency.

Rather than continuing to utilize basic record keeping solutions, or accounting products which aren’t prepared to address the specific operational aspects of the business, owners and managers should be looking to the tools and solutions which will help them develop the framework to support improving operational performance, turning people knowledge into sustainable business profitability.

Make Sense?

J

Accountants and Small Manufacturers: Getting in Front of the Ball

There’s a lot more to accountability in a manufacturing or inventory-based business than simply keeping track of money in and money out.  Particularly in an economy when nobody can afford to build or stock products too far ahead of demand, it is essential that these businesses have a means to not only track and manage purchasing, manufacturing, distribution and stocking activities, but to understand conditions or trends which impact the flow of materials and cash through the business.  Read more…

Posted on

Virtual CFO Services and Partnering with Bookkeepers

Virtual CFO Services and Partnering with Bookkeepers

Many accounting professionals seek to become more involved with their business clients, helping to institute the controls and establish the processes which support sustainability and higher levels of business performance and value.  Acting as the Virtual CFO to the business, these professionals use historical financial information and detailed operational data to guide their clients towards stated goals.

While this move to engage clients are deeper operational levels is a worthy effort, there is often a disconnection in the supply chain for these services.  In too many cases, there is discord or a lack of understanding and trust between the CPA and the bookkeeper supporting the daily processing of the business information.

The business bookkeeper is the person “in the trenches”, getting daily information organized and processed, reconciling accounts, and generally tasked with recording transactions resulting from business activities.  Because the bookkeeper operates very closely with the business, they are perhaps in the best position to provide insight into how operational tasks and various business functions are performed and “accounted” for.  While the bookkeeper may not have the skill or experience to design change in these systems, they are a particularly powerful source of current process information and, in some cases, represent the barrier to change.

Years ago, as CPAs removed themselves from daily bookkeeping services to focus on “higher level” work, the opportunity was created for outsourced bookkeeping services to fill the gap in providing daily book and record keeping tasks for small businesses.  Small business owners in particular need help with the management of their bookkeeping and accounting, and without the availability (or affordability) of getting this service from the accounting professional, businesses turned to the bookkeepers who stepped in to fill the gap.  Yet every year, businesses turn over their bookkeeping and documentation to CPAs who simply re-create the bookkeeping in the form of “write-up”, trusting only their own work when it comes to tax and financial statement preparation.

It would seem that there would be a naturally occurring desire of CPAs to partner with professional bookkeepers in order to provide a full service capability to business clients and eliminate the need to reinvent and write-up the information, but this is often not the case and may be partly due to the reality that CPAs are trained on accounting principles while many bookkeepers are really only trained on the use of a software product.  Too often, bookkeepers gain their education primarily based on using QuickBooks software, and “speak” the language of QuickBooks rather than “accounting” resulting with a minimized view of the bookkeeper value by the CPA.

The CPA is thinking in terms of AR and AP subledgers, while QuickBooks bookkeepers think in terms of customers, invoices, and bills to pay.  While the language of QuickBooks has been designed to be meaningful to the non-accountant user, it is this very language and presentation which has made QuickBooks both a popular small business accounting solution as well as a foundational solution for an outsourced bookkeeping offering.

Working more closely with the bookkeepers, CPAs could help their clients not only achieve a more accurate and timely accounting of activities, they could also influence areas where necessary controls should be implemented, or where inefficient processes might be improved.  Providing not just information but also direction and actionable ability, these accounting professionals are now positioned more directly to provide the CFO services businesses need.

CPAs must find a way to get past their prejudices in working with business bookkeepers, and recognize that these operators “in the trenches” could be their most useful resource – and their most powerful ally – in the supply of Virtual CFO services to the client.

Make Sense?

J

read more…

 

Posted on

Accountants and Small Manufacturers

rollingballGetting in Front of the Ball

There’s a lot more to accountability in a manufacturing or inventory-based business than simply keeping track of money in and money out.  Particularly in an economy when nobody can afford to build or stock products too far ahead of demand, it is essential that these businesses have a means to not only track and manage purchasing, manufacturing, distribution and stocking activities, but to understand conditions or trends which impact the flow of materials and cash through the business.  Further, this understanding must come in a timely manner in order for the business owner to make decisions and take action when it matters most.  Unfortunately, many business owners find themselves “behind the ball”, constantly pushing to make forward strides, and often due to not having the information they need to make business decisions that matter now, today.

Why is it so critical for these businesses to have more and better information to help them make strategic decisions and answer daily operational questions?  In a word: connectedness.  The Internet has truly made the world smaller when it comes to participation with even the smallest of local businesses.  Globalization of markets has impacted manufacturers in significant ways, and these businesses (like so many others) must now be prepared to address the realities of global supply chains, outsourcing, and a remote or mobile workforce and market.  While many of the software solutions addressing the functional business requirements of manufacturing and inventory or warehouse management are “locally implemented” solutions, extending and integrating these solutions to address the new global and mobile paradigm may represent a significant expenditure in time and resources for the small enterprise.

Application hosting and web-based solutions have emerged to help businesses address the need to “modernize” legacy applications and enable greater levels of system management and access.  Introducing the applications into a centralized and remotely accessible environment allows the business to immediately deliver the necessary support for remote work and mobile access, and positions the system to facilitate collaboration within the business and with outside participants, such as outsourced bookkeepers, accounting and finance professionals.

These professionals can be instrumental in assisting their clients manage the change to new collaborative computing paradigms.  Where accounting was previously viewed as an after-the-fact process, accountability through detailed activity tracking and reporting is now a focus which begins at the front end of the business, and accounting professionals are finding far greater value in helping structure and manage this daily activity in order to deliver greater operational information and insight.  Rather than being the last people to know what is happening in the business, accounting professionals are recognizing that their ability to positively impact business performance requires getting “in front of the ball”, initiating process structure, data control and collection which ultimately results in better and more informed decision-making through better and more timely access to more meaningful information.

Businesses at all levels are realizing that new computing paradigms can ease the burdens of collecting and sharing information, yet most small companies need help in determining exactly how to approach this “enabling” of the business and systems.  While accountants are also experiencing dramatic change in how they do business, it makes sense for them to embrace the opportunity and recognize that enabling client systems will ultimately allow the accounting professional to work more closely and to deliver more tangible value to their client on an ongoing basis.  Online accounting approaches are no longer a fad but are the new reality supporting how many bookkeepers and accountants work with their business clients.  Extending access beyond accounting and bookkeeping systems, and incorporating support for operational and line-of-business solutions, is the next step which will bring the accountant closer to the client business, and position both to benefit from deeper collaboration and useful insight.

Make Sense?

J