The increase in the use and complexity of technological assets in the healthcare sector has been on the rise in the recent past. Healthcare practitioners have moved from recording data manually to keeping Electronic Health Records. This eases the accessibility and the availability of data to the health practitioners. Further, electronically stored data makes it possible for patients to receive high quality and error-free care, improve decision making process because medical history is available and also makes it possible to provide safer and more reliable information for medication. Despite, the numerous advantages that the use of technology in healthcare has, there is also a threat of patients data leakage that lingers around. According to a research by Garrison and Posey (2012), medical identity theft has far more consequences in comparison to the typical identity theft. In average, every medical theft case can cost $20,000, and represents a substantial privacy violation. For this reason and more, it is important for healthcare institutions to protect patient data by securing technological assets within the institution. This article will explore the different methods used to secure the technological assets, with an emphasis on mobile devices.
The first method is limiting access to the electronic health records to only a few individuals. According to Gajanayake et al.(2014) suggests that there are different models of limiting access to the records. The first step is to ask for authentication, this will prompt them to verify their identity. This could be achieved by giving the authorized individuals unique passwords for identification and also by performing biometric scans of the individuals. This step will eliminate the possibility of unauthorized access to the technological access. The second step is to limit the type of information that one is supposed to access. This could be made possible using certain access models. Examples of models that have been proposed include Discretionary Access Control (DAC),Mandatory Access Control (MAC) and Role Based Access Control (RBAC). The DAC restricts access to certain commands such as’ write’, ‘read’ and ‘execute.MAC controls access by assigning information different levels of security levels. RBAC is based on the rights and permission that depend on the roles of an individual. These models normally apply to the security of electronic data. Other assets such as the hardware could be protected physically by limiting authorization to their storage rooms and also limit the location in which they are expected to be used at. Limiting access ensures that those that are not authorized to access the information are locked out of the database.Hence, this is an important strategy in protecting patients’ data.
The second method is through carrying out regular audits on the electronic system and the individuals handling the technological assets. Audit controls record and examine the activities that involve access and use of the patients’ data. This can be integrated into the Electronic Health Record (EHR) system or used to monitor the physical movements of the individuals that have access to the records. In addition, HIPAA requires that all health institutions that use the EHR system should run audit trails and have the necessary documentation of the same (Hoofman & Podgurski,2007). Some of the information collected during audits includes the listing of the content, duration and the user. This can be recorded in form of audit logs which makes it easy to identify any inconsistencies in the system (Dekker &Etalle ,2007). Further, monitoring of the area where the hardware have been placed for used should be done. This can achieve by use of recorded video, which monitors the activities of individuals who use the system. This can also be audited regularly and any inconsistencies noted (Ozair et al., 2005) Carrying out audits of the technology assets of the healthcare institution will help to monitor the daily use of the system which will enable the identification of any abnormal activities that may endanger patients’ data.
The third method is the setting up of policies and standards that safeguard the patients’ data. These policies may vary from one institution to another. For instance, the employees should be prohibited against sharing their passwords and ID and they should always log out their accounts after accessing the system. The authorized individuals would also be properly trained about these so that they are aware of their importance. In addition, these policies should be accompanied by consequences which will impact the users. This will ensure that they follow the policies to the letter. The set of policies and standards are to ensure uniformity in the protection of patients’ data (Ozair et al., 2005).
The fourth method that could be implemented to protect patients’ information is through the application of various security measures to the software and the hardware. The software can be protected through encryption of data, using firewalls and antivirus software’s to prevent hackers from accessing the data. Intrusion detection software can also be integrated into the system. These measures will protect the data from individuals who intend on hacking into the system online and accessing information for malicious purposes. The hardware could be protected by placing security guards at different stations where patients’ data is stored so that he ensures that no unauthorized person gets access to the area or no one tampers with the system or steals it. This step will ensure that the hardware is kept safe from intruders and people with malicious intent.
Protecting patient data starts with the software systems that house the data. The databases that warehouse patient data must be limited to only those who need access and access to each record must be logged and routinely audited at a minimum. Data should only reside where necessary. This means that data should not be stored on devices, at rest. For Apple devices, device management tools such as the Casper Suite from JAMF Software both help to keep end users from moving data out of the software that provides access patient data, and in the case of inadvertent leakage of data onto unprotected parts of devices, devices should be locked or wiped in case of the device falling outside the control of a care giver. Finally, the integrity of devices must be maintained, so jailbroken devices should not be used, and devices and software on devices should always be kept up-to-date, and strong security policies should be enforced, including automatic lock of unattended devices and strong password or pin code policies applied.
In summary, the protection of patients’ data in this technological era should be given a priority. In consideration of the frequency and losses that are experienced due to leakage or loss of private patients’ information, more should be invested in maintaining privacy and confidentiality of data. This can be achieved through controlling access to the electronic data and the gadgets that hold it, carrying out regular audits on the access of the system, creating policies and procedures that ensure that data is secures and finally through, putting in security measures that guard against loss and leakage of the information. All these measures will aid in alleviating the risk of patients’ data and maintaining their privacy and confidentiality which is the main agenda.
Dekker, M. A. C., & Etalle, S. (2007). Audit-based access control for electronic health records.Electronic Notes in Theoretical Computer Science,168, 221-236.
Hoffman, S., & Podgurski, A. (2007). Securing the HIPAA security rule. Journal of Internet Law, Spring, 06-26.
Garrison, C. P., & Guy Posey, O. (2012). MEDICAL IDENTITY THEFT: CONSEQUENCES, FREQUENCY, AND THE IMPLICATION OF ELECTRONIC HEALTH RECORDS AND DATA BREACHES. International Journal of Social Health Information Management, 5(11).
Gajanayake, R., Iannella, R., & Sahama, T. (2014). Privacy oriented access control for electronic health records. electronic Journal of Health Informatics, 8(2), 15.
Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: A general overview. Perspectives in clinical research, 6(2), 73.
krypted June 29th, 2016
Had the idea for this one during a yoga class the other day. It starts out like this:
This may sound a little surprising, but yoga and business have a lot in common. Yoga teaches us about depth and focus. But as I’ve learned, yoga can also provide valuable lessons about how to successfully run a business. And not just in regards to emotional IQ. Here are some of the top lessons that I’ve brought to how I do business from my yoga practice.
Anything I missed?
krypted June 26th, 2016
An hour into my first Reddit AMA with some super-excellent JAMFs!
krypted June 24th, 2016
My next Huffington Post piece is up. This one is on Soft Skills. The original was about twice as long, so eventually I’ll post the rest here. But for now, hope you enjoy.
I often hear entrepreneurs say that they hire based on soft skills, because they can’t be taught. I’ve been hiring and guiding people for 20 years, and I vehemently disagree. In some cases, people don’t want the social graces. In others, people (especially really smart people) rarely have the patience. But, provided you are willing, you can train yourself how to work well with others. Just ask Zig Ziglar, one of the best sales people and a famous motivational speaker. He made a career out of training people how to develop soft skills.
krypted March 10th, 2016
Posted In: Business
I started playing Dungeons and Dragons in about the 5th or 6th grade. I didn’t get good at it for awhile. And once I got good at it, I didn’t play much longer (insert reference to “The Best Days of My Life” here). Along the way, I learned a few lessons that until I got older, I didn’t realize were great life lessons. I also learned a lot that helped me later in life in the business world. Here’s a few you may or may not agree with (and yes, the image is of a box sitting on my table at home:).
krypted January 26th, 2016
Posted In: Business
I started working at JAMF a little over a year and a half ago. And one of my favorite things about the on boarding process here is the emphasis on continuing education that was handed down to me. I was given two books to read on my first day. Then, during my get-the-cool-aid on boarding (aka Zero Month), I had a couple of pretty rad JAMFs go through a list of books they felt were essential and review the books from my first day. Theeeen, I had meetings with Co-Founder and CEO at the time Chip Pearson, where he would stop meetings and order me books. It was a book nerd’s heaven I tell ya’.
And like other heavenly nerd things, I thought I’d share it with you here. So here’s 25 good business books that I either read or re-read since I’ve been here (in no specific order):
The Blue Ocean Strategy. This book outlines a specific market condition they call a “red ocean”, which is when a market is so saturated that the players in that market start to drop prices and engage in cut-throat tactics. The premise is that rather than entering a market with the same product that everyone else has, you might as well look for a different market. I’ll expand this and say a different market segment as well. It’s a delightful and quick read. Very interesting little book, and much more business than you’d think given the tone (which makes the prose easy to get through).
The Idea Factory: When I was in college, I wanted to lead R&D at Bell Labs. Or Xerox. This is the story of Bell and all the breakthroughs and ideas they came up with. It’s a fantastic little book. And a must-read for those who want to play the innovation game.
Startup CEO: There are so many things that a lot of books on how to start a business, or write a business plan, or go get VC don’t cover. This is really a tacticians look at starting a company or business unit. It’s concise and easy to read, with real life examples and tons of things that I’ve seen first hand. I’m not sure you can truly appreciate it until you’ve been there a couple of times, but if you have it’s great to know you’re not the only one!
Who Says Elephants Can’t Dance: Before IBM was a juggernaut, it was a juggernaut. But between those two stages, IBM was in serious peril. Then Louis Gerstner came and changed what IBM was, how IBM operated, and helped to turn them into a new kind of awesome. When he retired, he wrote this book. While it’s part euphoric recall, anyone who wonders WTF in big companies should read this book. I think it helped me better understand why some of the things that used to frustrate me happen, and understand more about what it takes to run a truly global organization.
Getting Naked: This was a pretty weird business book. Because it was written like a piece of fiction. I appreciated the change-up after a year of reading so many books on business. The thesis is really that you should be in touch with yourself and your clients in a very Jerry Maguire way. It’s simple, but an easy read with a few really good points to take away (such as not to scoff at the competition when they do seemingly hippy things).
Guerilla Marketing Weapons: 100 tips on getting more out of marketing. ‘Cause who doesn’t want that? If you read this, keep a notepad handy. It’s got a lot of basic, easy things. But it’s got a lot of ideas that you’ll want to capture while they’re fresh as well.
Notes to a Software Team Leader: This book is about self organizing teams. ‘Cause developers don’t need managers as much as we seem to think. But they do need structure, like all teams.
Trust Me, I’m Lying: PR gone wrong. There’s a lot of great tips in this book from a “don’t do this” standpoint. Euphoric recall as a teaching mechanism. The dark side of PR.
Crossing the Chasm: This book is about how some tech companies go mainstream (and uber-profitable) and how some just don’t. There is a chasm between early adoption and mainstream. Why? How do you keep from getting caught in it? Great items this book does a great job covering. If you’re in the startup/innovation/tech scene, you simply have to read this book; it’s a classic.
The Art of the Start: Another classic (one I wish I’d of read years earlier), Guy Kawasaki takes aim at startups, looking to secure VC or bootstrap. Lots of great tips. Lots of good stories. From a veteran of the startup community, just without the grizzled aspects many of the veterans can get.
Enchantment: I’m just gonna’ throw in another book. This one tells the story of how Kawasaki got his start at Apple and has some parallels drawn between his time in the jewelry industry and marketing. It’s a good book. If you only have time for one of his books, read Art of the Start. If you have time for two, get Enchantment.
Ideas Are Free: This book caused me to setup meetings with people who would never think of tag lines and other creative items. I had mixed results, but it was abso-frickin’-lutely worth it. Not only do non-creatives have lots of good ideas, they also have lots of great responses to being included.
Delivering Happiness: How does Zappos end up with such a fanatical fan base? Support. If you’ve ever returned something to Zappos, you know what I mean. Everything about shopping there is a great experience. Not everyone can expend the resources they do, as support isn’t as integral a part of their strategy as it is at Zappos. But there are lots of
The Innovator’s Dilemma: The thesis: there are waves of innovation and you have to keep releasing disruptive tech to stay on those waves. If you listen to customers too much, you might miss out. If you don’t go downmarket eventually someone else will. If you don’t read this book, you won’t get all these fantastic tips.
The Lean Startup: Fail fast. It’s a good thesis to a book. Don’t fail too fast. I think they forgot to tell you when the breaking point is. But there are lots of stories and tips in this book that can help any fledgling product or business. And it’s well worth the time and money. Probably my second favorite book on the list.
Rework: Why schedule a 60 minute meeting when a 15 minute meeting (er, spike) will do? Lots of great little tips in this book from the people behind 37 Signals and Ruby.
Rookie Smarts: Liz Wiseman loves putting newbies into roles and seeing how they do. And she’s had success at it. In this book, there’s a bit of a simplistic approach to that (not everyone can sit in every chair in a growing company). But the most important aspect of this book is that she defined a few types of people or places in life that “rookies” are and how you can engage those specific groups best. this was probably my favorite part of the whole book.
Keeping Up with the Quants: Stats for marketing professionals. Unlike many of the books where there’s a thesis and then a lot of proving the thesis, this one is more of a longer collection of definitions, simple statistical formulas, etc.
Marketing In The Age Of Google: The general thesis of this thing is that content is king. Write a lot of good stuff that people want to link to and your product will get natural listings that are hard to displace. There’s other good little tips here and there, but that’s the key message. There, saved ya’ some time. 🙂
Growth Hacker Marketing: This is my favorite book on the list (like I said, no particular order). A fresh, interesting, cool, personal approach to getting your product branding in front of people. Some ideas cost a little. Some cost a lot. It’s great stuff. A must read in my humble opinion.
Traction: A bit of a slow paced book, but (pun intended) it gains traction as it goes. The Entrepreneurial Operating System is a bit much for me. But when explaining it, there are a lot of really amazing lessons that you have to learn. Some you learn the hard way, some you learn in this book.
Permission Marketing: Another Seth Godin book, this one focusing on using surveys, samples, contests, sales, and other marketing techniques to get in front of customers. The Purple Cow isn’t on this list, as I read it a long time ago. If you haven’t read it, check it out. If you have, check this out.
The 22 Immutable Laws of Marketing: Things to do and not to do when marketing. Don’t send too many emails. Don’t send things that people don’t care about. But the most important part of this book, and pretty much the central thesis is to match with forces in the market. If you don’t do that, you won’t be able to get in sync with what customers want and how to grab their attention.
Managing Humans: We were excited when Michael Lopp, who wrote this book, joined the board of JAMF Software. In part, it was because Zach (co-founder of JAMF) and I both hero worshipped his writing. This is a great book, and his blog is great as well!
krypted December 29th, 2015
But Apple says… But Microsoft says… But Google says… I hear this all the time. And the very first thing I often ask is Who at Apple, Microsoft, Google, or whatever vendor says that?
The reason I ask “who” is often because you can get conflicting responses from a vendor for a given question. Why’s that? When an organization gets bigger than 1, there are suddenly more perspectives than just one. When an organization gets bigger than 3, communication starts to get more challenging and it becomes harder and harder to have everyone on the same page. When an organization gets bigger and bigger (500, 10,000, 100,000), not everyone is actually privy to all the pertinent information. Or people don’t know what they can say externally.
Who? Developers. Sales. Systems Engineers. Professional Services. Subject Matter Experts. Managers. Executives. Resellers. Marketing. Professional Services Providers. Office Managers. Channel Managers. Product Managers. Each of these might tell you something different when presented with the same question. A developer might only see a small portion of a larger overall project, as they’re buried in the code of a specific binary, feature, or option. Someone in sales might be representing a feature or function as it’s communicated to them, not being overly technical. Someone in Systems Engineering might communicate the feature as they use it, but not how you plan to use it. Someone in Professional Services would often have exposure in the environments they’ve implemented a feature, but a feature might mean more to them.
And it goes on through the rest of the functions . Who can you trust? No one. Everyone. Yourself. I’ve always maintained that until I see a feature, I don’t trust it. And when it comes to how I plan to implement a feature, I love hearing from an organization how they’d like me to use it. Unless I get a consistent response about what something from a vendor means to me (and even if I do to some extent), I reserve the responsibility of planning what it means to me for the person responsible for the repercussions: me.
I keep saying feature. But I also mean strategy. Strategy can be equally, if not more complicated. Different people at different levels of organizations will have their own perspectives on strategy. And strategy of how you work with a vendor is more important than the tactics of how you implement a given feature. The direction you should be going is yours. Unless you hear otherwise. And then confirm that.
Anyway, what am I getting at with this article? Next time someone tells me “But Google says…” don’t be surprised when I say “who?” And you should say that as well, and judge the messaged based on the who.
krypted December 23rd, 2015
Posted In: Business
My latest Huffington Post piece is up.
Apple has long been known for providing an exceptional user experience. But many might not realize that over the past few years, they’ve been pushing the infosec envelope, by making advanced security options accessible to everyday users. While not all of these features are new in El Capitan, here are 16 features that Apple has built into OS X that every user has simple access to:
Read more on Apple’s Security Tech at: http://www.huffingtonpost.com/charles-edge/16-apple-security-advances-to-take-note-of-in-2016_b_8789456.html
And if you’d like to know more in depth information about Apple security, check out my latest book on Apple Security in the Enterprise on Amazon!
krypted December 16th, 2015
This is my 3,000th post on Krypted.com. The past 3,000 posts have primarily been about OS X Server, Mac automation, Mac deployment, scripting, iOS deployments, troubleshooting, Xsan, Windows Servers, Exchange Server, Powershell, security, and other technical things that I have done in my career. I started the site in response to a request from my first publisher. But it took on a mind of its own. And I’m happy with the way it’s turned out.
My life has changed a lot over these past 11 years. I got married and then I got divorced. I now have a wonderful daughter. I became a partner and the Chief Technology Officer of 318 and helped to shape it into what was the largest provider of Apple services, I left Los Angeles and moved to Minnesota, left 318 to help start up a new MDM for small businesses at JAMF Software called Bushel, and now I have become the Consulting Engineering Manager at JAMF. In these 11 years, I have made a lot of friends along the way. Friends who helped me so much. I have written 14 more books, spoken at over a hundred conferences, watched the Apple community flourish, and watched the emergence of the Post-PC era.
In these 11 years, a lot has happened. Twitter and Facebook have emerged. Microsoft has hit hard times. Apple has risen like a phoenix from those dark ashes. Unix has proved a constant. Open Source has come into the Mac world. The Linux gurus are still waiting for Linux on the desktop to take over the world. Apps. iOS. iPad. Mobility. Android. Wearables. Less certifications. More admins. And you can see these trends in the traffic for the site. For example, the top post I’ve ever written is now a list of Fitbit badges. The second top post is a list of crosh commands. My list of my favorite hacking movies is the third top post. None of these have to do with scripting, Apple, or any of the articles that I’ve spent the most time writing.
That’s the first 3,000 posts. What’s next? 3,000 more posts? Documenting the unfolding of the Post-PC era? Documenting the rise and fall of more technologies? I will keep writing, that’s for sure. I will continue doing everything I can to help build out the Apple community. And I will enjoy it. I’ve learned a lot about writing along this path. But I have a lot more to learn.
The past 3,000 posts have mostly been technical in nature. I’ve shown few of my opinions, choosing to keep things how-to oriented and very technical. Sure, there’s the occasional movie trailer when I have a “squee” moment. But pretty technical, overall. I’ve been lucky to have been honored to speak at many conferences around the world. One thing I’ve noticed over the past few years is that when people ask me to speak at conferences, they ask me to speak about broader topics. They don’t want me doing a technical deep dive. People use the term thought leader. And while I don’t necessarily agree, maybe it’s time I step up and write more of those kinds of articles here and there.
I’ve learned so much from you these 11 years. But I feel like I’ve barely scratched the surface. I look forward to learning together over the course of the next 3,000 posts! Thank you for your support. Without it, I’d have probably stopped at 10 articles!
krypted November 16th, 2015
In a Tango class recently, I had to follow. I’m much more used to leading, and I kept bumping into people. Not my best moment. But then my instructor said something that turned out to be very wise advice: “close your eyes.” All of a sudden, everything just kicked into place and I was on the other side of a Tango dance, easily imagining how legs can get kicked out and intertwined and how the whole thing just works. It also helped me lead better. I finally understood that you have to be forcefully charging ahead, or you mess up the rhythm of the follower.
The same can be true in business. I used to find that new employees at my old company always had 20 things to tell us that we should be doing better. Most of these things had been tried, or deprecated over time. Many employees came from smaller companies who didn’t need checks, balances, and documentation like we did. Many came from larger companies, who needed a lot of those same checks, balances, and documentation that we did not. Building business processes can be a fine line between not having enough process, and having so much that people can’t get anything done any more, because there aren’t dedicated people (or time for) managing those processes.
The recommendations were sometimes good. But most of the time, after a month or three on staff, the reasons we did things started to make sense and the number of recommendations went down. But those first couple of months could be a challenge, and so when I saw this trend with a new employee I’d always just say “write everything down, and we’ll review it in a couple months – just try it our way for now.”
Once I got into the rhythm of following, I was able to open my eyes. Then, I could show off. Similarly, once my employees got into the rhythm of things, then we could look at their recommendations and see what would make sense for their new job. Some of these recommendations helped to shape the way we did business moving forward, and we were so very glad to have them. But what was gone was all the time spent trying to explain why we chose to do things a certain way. Much simpler for all parties when you can close your eyes and follow, if only for a little while.
krypted November 16th, 2015
Posted In: Business