Category: Uncategorized

7 Cyberattack Facts

This Halloween we’re celebrating by sharing some scary cyberattack facts. Why? Because, unfortunately, cyber attacks are increasing. The cyber threat landscape is rapidly becoming more of a concern. Not only are businesses seeing an increase in the number of attacks, but these cyber attacks are continuing to evolve.

 

Here are the scary facts:

1. Cyberattacks are the third largest global threat this year behind only extreme weather events and natural disasters!
2. Around the globe, a hacker attacks someone every 39 seconds.
3. There are nearly 6,000 new viruses released every month.
4. There are more than 4,000 ransomware attacks a day.
5. Nearly 1 out of every 100 emails is a phishing attempt.
6. 43 percent of cyber attacks are aimed at small businesses.
7. The cost of all this cybercrime last year? 600 billion dollars!

Read the details below:

Fact 1. Cyber attacks are the third largest global threat this year behind only extreme weather events and natural disasters.

According to the WEF’s Global Risks Report 2018, in terms of events that are likely to cause disruption in the next five years – cyberattacks rank behind only extreme weather events and natural disasters.

The Report reveals that:

• The top five risks to global stability over the next five years are natural disasters, extreme weather, cyber attacks, data fraud, and failure to address climate change.
• Cyber attacks are growing in risk as the potential fallout from an attack on connected industrial systems, or critical infrastructure becomes a serious threat.
• Cybersecurity risks have grown both in their prevalence and in their disruptive potential.

The good news is that many of these cyber attacks aren’t succeeding. However, increases in their growth and sophistication are troubling. Plus, because nation states are performing cyber attacks, cyberwarfare becomes a real threat.

Fact 2. Around the globe, a hacker attacks someone every 39 seconds.

A study by Clark School study at the University of Maryland quantified the near-constant rate of hacking of computers with internet access to every 39 seconds on average. And for those who use non-secure usernames and passwords, there’s a greater chance that the hackers will succeed.

Michel Cukier of Clark School’s Center for Risk and Reliability and Institute for Systems Research identified these as brute force attacks where hackers use simple software-aided techniques to randomly attack a large number of computers.

The study revealed that once hackers gain access to a computer, they:

• quickly determine if it will be of use to them,
• check the software configuration,
• change the password,
• check the hardware and/or software configuration again,
• download a file,
• install the downloaded program and run it.

Fact 3. There are nearly 6,000 new viruses released every month.

A computer virus is a program or software(malware) that once in your computer multiplies in number and affects areas of the computer according to the codes it’s based on. Computer viruses are growing. With the rise in technology, we’re at increased risk of hackers using viruses to infect our networks. They continue to be a growing threat to organizations of all sizes, across all industries. And today’s free antivirus solutions (and some paid ones) are no match against sophisticated malware. Hackers are now using machine learning technology to circumvent security and infect computers with viruses. They also use AI (artificial intelligence) to launch attacks and infect computers to steal data.

Fact 4. There are more than 4,000 ransomware attacks a day.

The FBI has reported that since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). This is a 300% increase from 2015 when 1,000 attacks occurred daily. Ransomware is the fastest growing malware threat, and it can result in the temporary or permanent loss of your sensitive or proprietary data. It not only disrupts your operations, but you’ll also likely incur a financial loss to recover your data. Ransomware has the potential to ruin your business’s reputation.

Fact 5. Nearly 1 out of every 100 emails is a phishing attempt.

Researchers (from FireEye) reviewed over half-a-billion emails sent between January and June 2018. They found that one in 101 emails are malicious and sent with the goal of compromising a user or network.

When spam is discounted, only one-third of emails are considered “clean.” Highlights of the report showed that:

• There was an increase in phishing attempts during tax season (January – April).
• Impersonation attacks are commonly used for CEO fraud.
• Hackers rely more on friendly name impersonation today.

The WEF’s Global Risks Report 2018 also revealed that 64 percent of all phishing emails sent during 2017 contained file-encrypting malware.

Fact 6. 43 percent of cyber attacks are aimed at small businesses.

This was reported in Symantec Corporation’s Internet Security Threat Report. They also revealed that 1 in 40 small businesses are at risk of being the victim of a cybercrime. Hackers don’t discriminate when choosing businesses. They are targeting their money. Small businesses are big targets for phishing attacks. Phishers target employees who are responsible for the company’s finances. When the phishing emails are opened, it can result in sensitive financial information being exposed. This is how the cybercriminal gains access to a company’s money.

Fact 7. The cost of all this cybercrime last year? 600 billion dollars! That’s three times the amount spent on Halloween candy.

In the February 2018 report “Economic Impact of Cybercrime – No Slowing Down” it says that cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP. The reasons for this growth are as follows:

• Quick adoption of new technologies by cybercriminals
• The increased number of new users online (these tend to be from low-income countries with weak cybersecurity)
• The increased ease of committing cybercrime with the growth of Cybercrime-as-a-Service
• An expanding number of cybercrime “centers” that now include Brazil, India, North Korea, and Vietnam
• A growing financial sophistication among top-tier cybercriminals that, among other things, makes monetization easier

Do these facts scare you too? Are you worried about the cybersecurity of your business? If so, contact us, and we’ll help you determine if you are adequately protected.

What’s The Remote Access Protocol And Why Should I Worry About It?

The Remote Desktop Protocol (RDP) is a means that Microsoft provides for Windows (and Mac) users to access another computer remotely. Remote computer access is often used by IT people to diagnose and repair a problem with a computer. If you’ve ever worked with a company’s Help Desk, then the technician may have asked for remote access to check out your computer. The help desk tech has all the powers and abilities that the user has.

If that user is an administrator (if only one user is authorized on the computer, that user is set up as an administrator by default), they have total control over the remote computer. They may well have total control over the network as well, depending on how the network administrator’s permissions are set up.

So How Does RDP Work?

RDP works by connecting the computer remotely, then controlling it over a local network or the internet. The internet port used for this is 3389. If that port is open in the remote computer’s settings, anyone can potentially connect to it and control it.

The FBI recently warned that hackers are constantly scanning the internet for open RDP ports and selling the access information that they find on the Dark Web. Several types of ransomware and other exploit tools rely on finding open 3389 ports. One security company, Rapid7, found 11 million open 3389 ports on the internet in 2017. There are over 1,000 attempts to find open RDP ports per day.

Obviously, if you don’t know your ports are open, you are not going to be able to protect them. The first step is to make sure that only machines that need remote access are set up for it. Your system administrators can use several methods to make sure that only computers that need remote access have it.

But We’re Covered…Or Are We?

Ah, you say, but we are protected against this kind of attack because we have all our RDP-enabled computers protected by a password. Guess again. If you look, you may well find RDP servers (and servers in general) that are not password protected. Sloppy system administrators (sysadmins) all too often leave the machines they manage unprotected, so they don’t have to remember the passwords to them.

Even if both the servers and the remote machines are protected by usernames with strong passwords, there are two ways that hackers can still access them. One, called a brute-force attack, keeps trying usernames and passwords until it scores a hit. This is known as a dictionary attack.

The other way is to use lists of username/password combinations that are automatically created, bought on the Dark Web, stolen, or some combination of this. The only defenses against this are two-factor authentication or the use of security keys (dongles).

In two-factor authentication, users have to enter a second password, sent by SMS to a smartphone or by email, to log on. When dongles are used, a physical device, such as Google’s Titan security key is used.

Use of biometric identifiers (fingerprints, face scans, retinal scans) is another way of either single-or two-factor authentication (i.e., the user is required to use a password and scan a fingerprint.)

How Bad Is This Problem Really?

Remember, once a hacker gets into your system via RDP, you are probably vulnerable if you do not have two-factor authentication and/or biometric identifiers enabled on all your machines, both Mac and Windows. In any other condition, you are vulnerable. The lists of RDP endpoints being sold on the Dark Web include those stolen from airports, hospitals, nursing homes, and government agencies.

How Bad Could This Get?

So far, the use of RDP as a means of network penetration has been limited to attempts to install ransomware or steal banking, credit card information, and online shopping information.

There is little evidence (remember, we don’t find it unless we look for it or the hackers make a mistake) of any state actors or terrorists using it. But RDP access is really low-hanging fruit for them.

Practically everything runs on computers today, and the vast majority of them communicate over the internet with unencrypted data. Imagine terrorist hackers shutting down first-responder communications systems. They also have the potential to shut down hospital EHR systems or disrupt air traffic control at the airport.

Once we begin to think of the vulnerabilities in our systems, this problem of open RDP ports gets worrisome very quickly. Small wonder that the FBI is warning everyone about it.

In 2017, just one Dark Web site had 85,000 RDP endpoints for sale. It has dozens or hundreds of imitators. We just do not know until the FBI or some other agency finds the Dark Web site and tries to take it down. If you work with a managed IT services company, then it can be worth your while to ask them to check your computers and networks to see whether you have RDP ports open and susceptible.

We know it’s important to have good habits in many parts of our lives, from our work to our daily hygiene. However, quite a few of us forget that we need to have good computer habits, too. Developing wise practices in connection with our computers and smartphones can make our lives much easier and help us to stay much safer on the internet.

Back Up Your Files

One thing that many people fail to do is back up their files. All it takes is one catastrophic computer crash and days or even months of work can be lost. Priceless family photos, fun videos with friends, key work files, and important school assignments that were a work in progress can be lost. Backing up your files isn’t that hard nor is it expensive. And, to make things even better and easier, you have many different options from cloud-based backups (such as GoogleDrive, OneDrive, or DropBox), convenient USB thumb drives, portable hard drives, and even specialized backup drives. A good practice is to make sure your files are backed up daily, or at least weekly.

Keep Your Software Updated

Software updates can be a pain, but they are vital to ensuring that your computer and software runs smoothly. In fact, one of the major reasons that updates are released is to fix bugs and issues that could make your computer vulnerable to cyber threats. Hackers know about these bugs and vulnerabilities. If you don’t allow your system to install the patches and fixes, then you are making yourself a prime target for a cyber attack.

Keep in mind that you don’t have to perform updates in the middle of your work anymore. Most software (and smartphones) will give you options for when the update should take place, so you can choose times when you aren’t busy on your computer.

Be Smart When Using Public Wi-Fi

Public Wi-Fi in places like fast food restaurants and coffee shops can be tempting to use when you need an internet connection, but they can also be dangerous. These public Wi-Fi networks are a common target of hackers, and even hackers with minimal skill can quickly figure out things like your social media credentials and more.

If you do have to use public Wi-Fi, take safety precautions such as turning off network discovery, file sharing, and printer sharing and make sure your firewall is turned on. Don’t be an easy target for hackers.

Make Use of Antivirus Software and Passwords

Would you leave your front door unlocked if you lived in a high-crime neighborhood? Well, the internet is a high-crime neighborhood. Failure to use updated anti-virus software and good passwords is the same as leaving your door unlocked. You can’t afford to make it easy for the wrong people to access your personal and financial information.

Your first line of defense lies in the passwords you choose. Don’t use easy to guess passwords, and don’t use the same passwords for everything. Include letters and symbols with your passwords to make them harder to crack, and add some numbers for good measure.

Your second line of defense, much like a deadbolt for your front door, is anti-virus and firewall software. They don’t have to be expensive in order to do a good job of protecting your computer. It is also vital that you keep your anti-virus and firewall software updated and don’t ignore alerts they provide.

Be Careful with Email

Going back to our analogy of living in a high crime area: if your doorbell rang in the middle of the night, would you fling the door open and invite whoever it was inside? You would probably want to make sure who it was, and even check their ID if they claimed to be some kind of official demanding access to your home. Strangely enough, far too often we inadvertently provide access to individuals with malicious intentions when we click on links in emails without making sure where those emails are really from.

In short, don’t open an email unless you have a good idea of who it is from, and beware of clicking links in emails even if they seem to be from friends. Be cautious about opening attachments, too. In short, be as careful with your email as you are with your front door.

Conclusion

You work hard to keep yourself safe from physical dangers such as criminals and disease. It makes sense that you should work just as hard to keep your electronic devices safe, too. Backing up files (including documents, photos, and videos), keeping your software updated, and being smart when on public Wi-Fi is a good start. Add to that antivirus and firewall software, robust passwords, and the careful use of email and you are on the road to developing excellent computer habits that will keep your files, data, and personal information safe.

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal statute, and associated regulations, that, among other things, control what healthcare providers and other “covered entities” do with “protected health information” (PHI). The HIPAA regulations are fairly straightforward, but there are a lot of them. There is a good summary here, with links to the relevant portions of the Code of Federal Regulations (CFR). This article covers only the basics.

Who Does HIPAA Apply To?

“Covered entities” are health care providers, health plans, and health information clearinghouses. The latter are usually aggregators of health information from hospitals, doctors, and the like. “Protected health information” is any information that relates to an individual’s past or present health status, treatment, and payments for any treatment an individual receives. Past, present, and future healthcare records are covered.

Data falls under HIPAA protection for 50 years after the death of the patient. The form in which the information exists does not matter – it can be written, oral, or electronic. If the information is in electronic form, additional requirements for protecting it apply.

Why Should I Worry About All This?

People are concerned about following HIPPA guidelines and they should be. It’s important to protect the personal and healthcare information of all patients. In addition, the Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) can impose large fines and other penalties for HIPAA violations. Hospitals and health systems have been fined in the millions of dollars for HIPAA violations. And HIPAA violations, if they make it into the news media, always create bad publicity.

What Can I Do To Remain Compliant?

Training of staff on HIPAA rules and practices is by far the most important step. The second is making sure that PHI stored in electronic form is protected. That involves things like:

• Using encryption when data is stored or transmitted
• Making sure that staff have only the access needed to do their jobs
• Making sure that access to systems is, at a minimum, protected by strong passwords
• Protecting records with the latest technology such as swipe cards or biometric identifiers

What Do I Have To Do To Conform To HIPAA?

You need to:

• Formulate your privacy practices
• Notify patients of privacy practices
• Obtain consent or authorization when required
• Make sure that your arrangements with business partners meet HIPAA requirements
• Make sure you distinguish your normal health care operations, where consent is not required, from disclosures, where consent or authorization is required
• Make sure you follow the HIPAA “security rule,” which covers PHI in electronic form

It goes without saying that your legal department needs to be involved in all of this. The Notice of Privacy form should inform patients and staff of what your practices and guidelines are. The notice should be given in written form to patients when they are first encountered.

“Arrangements with business partners” concerns companies that may have access to PHI in the course of providing services to a health care provider. These include companies that provide storage of documents, destruction of documents, or electronic handling of documents. You are required to make sure that they understand the HIPAA requirements and conform to them. You can think of it as the HIPAA requirements “flowing downhill” from you to your business associates.

What’s The Difference Between Consent And Authorization?

In many cases, no consent is required. This includes disclosure of PHI for treatment, payment, and health care operations. A covered entity may, but is not required to, seek consent from a patient for these purposes, but it is common to do so.

On the other hand, an authorization is required for any use of PHI other than the ones listed above. An authorization is more formal than a consent, must be written, and must contain several elements, which are covered here.

Authorization is required when the disclosure is for any purpose other than treatment, payment, or health care operations. This includes disclosure to a third party, such as a life insurance company, an employer, or a provider not affiliated with your healthcare organization.

Please note that electronic transmission of PHI is covered by the authorization requirement as well. If authorization to send the information on paper is needed, authorization to send it electronically is needed as well.

What Are The Takeaways?

• HIPAA compliance is not optional.
• Penalties for violating it can be very costly.
• HIPAA applies to PHI in any form – paper or electronic.
• Obtaining consent is generally a good idea; authorizations are required.
• Depending on the services your business partners provide to you, they may be required to conform to HIPAA as well.
• It is always better to err on the side of caution when dealing with HIPAA.

If you still have questions, be sure to visit the HIPAA website. Today, there are many organizations that can help you learn about and comply with HIPAA guidelines. For instance, many managed IT services providers have tools to help with compliance.

 

Today’s business owners carry many burdens, but tax time can cause a headache like no other. Filing taxes is often a cause of stress for small business owners and those just starting their empires, and with an ever-changing set of rules and regulations to follow, it can be difficult to understand it all. It’s important, though, to pay close attention to changes in tax codes. One change, implemented just this year, is already presenting big benefits for business throughout the U.S.

H.R.1.’s Section 179 was signed into law in January of 2018, marking a change to the previous tax laws followed by business owners throughout the U.S. The IRS 179 Deduction was enacted to help small businesses lessen their taxable income, thereby reducing their tax burden. At its core, the tax code now allows business owners to take a deduction equal to the full purchase price of a qualifying piece of equipment. Not only does this encourage small businesses to invest in new equipment, but to also invest in themselves. Numerous small businesses are already reaping the benefits.

What Does Section 179 Do For Businesses?

Due to its signing, Section 179 will see an increase in deductions from $500,000 to $1 million, while equipment purchases will be subject to an increase of up to $2.5 million. Small businesses ought to take advantage of these new changes by investing in their growth, and one of the best ways to achieve this is through technology.

With these new regulations, businesses are now able to file a deduction equal to the total purchase price of a piece of equipment. Qualifying equipment may include laptops, routers and phone systems, among others. In order to take advantage of these new tax benefits, you’ll need to buy, lease or finance and use your equipment by 12/31/2018.

What Type of Equipment Qualifies?

A wide range of tech items qualify for the deduction, and qualifying equipment doesn’t need to be owned, either. Business owners can still take advantage of deductions even for items that are financed or leased. This includes both hardware and software. One stipulation is that the equipment must hold a service contract for business in order to qualify and that equipment must have been in service between January 1 and December 31 of 2018. If the equipment was purchased under a Capital lease, dollar buyout or cash sale, it still qualifies.

Items eligible for deduction include those that help promote and maintain productivity. To take full advantage of these deductions, businesses ought to invest in equipment with the potential to improve efficiency and security measures. Routers and firewalls, for instance, should be replaced every few years to stay in tune with the most current security standards. Other equipment like scanners and switches, both of which are constantly improved, should be upgraded every few years to maximize productivity. With items like these, newer often means faster, and in a bid for productivity, newer and faster can’t be beaten.

Laptops and ultrabooks are covered by the new tax code, and businesses would do well to frequently upgrade to models that boast longer battery life and other features that can aid in productivity and efficiency. Workstations and additional monitors are also eligible for deductions. To take advantage of this, organizations may want to consider providing a 2nd monitor for employees to further enhance productivity.

This also applies to backup equipment and appliances built for disaster recovery. If your business doesn’t yet have a reliable system in place to keep your business afloat in the event of an emergency, it’s something you should definitely consider.

Other items like storage can also be deducted. Storage Area Networks and Redundant Array of Independent Disks are just two examples of storage systems that are deductible for businesses.

Is There A Bonus Depreciation?

In regard to business tax codes, bonus depreciation can be unpredictable. In 2018, bonus depreciation is being offered at a full 100 %. While the Section 179 Deduction applies to both new and used equipment, the same has not always been the case with Bonus Depreciation. Up until just recently, Bonus Depreciation only covered new equipment. Now, it also applies to used equipment, which has proven useful to large businesses that may surpass the Spending Cap under Section 179, which is currently set at $2,500,000.

Tax codes for businesses can be complicated, but the goal of Section 179 is a simple one: encourage businesses to spend more in order to do more. Businesses large and small would be wise to make the most of these tax benefits and leverage them to plan for the future. A certified accountant can walk you through these changes and help you make educated decisions when investing in equipment for your business.

The phrase, “Technology…you either love it or hate it” is a concept that no longer works in the modern world. In fact, it really is not even relevant. Technology has worked its way into nearly every business. The legal sector is no different. Of course, legal professionals may have held out longer than others.

The contemporary law office barely resembles traditional practices. In fact, technology continues to handle larger amounts of legal work at a greater frequency. This frees attorneys to work on more personal aspects of the job. Unless they are technically-savvy, most lawyers delegate these tasks to support staff. Generally, however, it is only the largest law firms that hire an onsite IT team.

This is why many offices prefer to outsource their IT services.

How Are Resources Utilized When Law Firms Do Not Outsource?

When a firm hires an IT-specific employee, this is a major commitment. This individual becomes a member of the support staff and is paid regardless of whether his or her services are required. Otherwise, if one of the partners chooses to take on the task, it is at his/her financial detriment. He/she would be using the time that would otherwise be directed at serving clients, etc.

Additionally, as new technology is required, the firm would need to personally handle it. The on-staff tech (or benevolent partner) would need to take time, and possibly classes, to learn everything about it. This all results in a bit of a mismanagement of resources, which is especially true when there are other options.

Would the Law Office Incur Additional Fees or Experience Downtime?

When a firm outsources their IT services, the provider takes all the responsibility. They spend the money. They invest in the education, software licenses, training, and certifications. This enables them to troubleshoot and resolve problems with the firm’s computers, Internet, servers, and software issues rather than the firm’s.

Generally, outside IT service providers are made up of a team of experts rather than one overworked technician. This allows them to have a variety of individuals who offer a range of experience and skills. They also have access to more advanced technology and tools. Since it is their primary focus, they have to keep up with all of the latest innovations. Otherwise, they lose their edge.

Since there are many people with different perspectives, team members are able to consult with and advise each other. With so much at their disposal, it makes it much easier to identify and resolve the core problems more quickly. This means that there is little if any, downtime or interruptions for the firm.

Does Outsourcing IT Service Provide Business Continuity?

By outsourcing their IT services, a law firm will receive support 24-hours a day, 7-days a week, and 365-days a year, whether they need it or not. This level of support is not possible from even the most diligent in-house employee. An outside source would also have additional resources available that an inside tech would not have.

Since the work to troubleshoot an issue is outsourced, the rest of the office can go about business as usual. Nothing else changes. In fact, business continuity is one of the primary reasons to outsource. It ensures the law office is able to continue as if nothing is amiss. This makes it a particularly responsible option.

What Are the Top IT Outsourcing Options?

When choosing an outside IT firm for a law office, it is important to take due diligence. There are many options, and they are not all equal. Fortunately, there is a resource that has already ranked the top choices. The Everest Group researches each. This makes a time-consuming personal analysis almost unnecessary.

The Everest Group is a management consulting and research firm that advises businesses around the world. Every year since 2008, the Everest Group has evaluated outsourced IT service providers according to 26 characteristics. These include the technologies they use and the geographies they cover, among others.

The top 10 for the year 2018 include the following IT firms:

• Accenture
• TCS
• Cognizant
• Wipro
• IBM
• HCL
• Infosys
• CapGemini
• DXC Technologies, which is a merger of CSC and HPE
• NTT Data

Although these are the top 10 in this reporting year, there are many reputable providers. The Everest Group keeps tabs on the up-and-comers who may unseat the 10 as well. Checking previous winners provides a more comprehensive picture of who has performed reliably.

In Conclusion

For some law firms, there is peace of mind having their own in-house technician or IT team. Most offices, however, would benefit from outsourcing their IT services. Ultimately, it conserves money, time, and other resources. Rather than researching the various options, a busy attorney would do better to peruse the years of lists compiled by the Everest Group. With several reliable performers on them, there is no reason not to.

Although many long for the simplicity of yesterday, advancements in technology are quickly taking over every industry. This includes the legal field. Technology provides an ability to streamline resources and improve efficiency. Of course, people are required to manage it.

No one argues against the benefits of having good support staff members. They are essential to the continuity of the work cycle. They ensure that the lawyers and legal staff are able to focus on what they do best. For example, when IT needs to be optimized or updated, the rest of the office should be able to function normally.

Whether it is by hiring a team or a single technician, handling IT in-house can use more resources than necessary. Plus, as technology continues to advance, it will require additional resources to keep up. That is why it is often better to outsource.

Here are five of the primary reasons your law office should consider outsourcing its IT services.

How Will Outsourcing Improve Availability?

By outsourcing to a full-service IT provider, the office’s network will continue to run smoothly. This means that attorneys always have access to their critical data. For example, it is necessary to be able to find and retrieve records and case files when preparing for court. If the network crashes, those documents would be unavailable.

It also ensures that existing clients have easy access to their counselors. If clients are unable to reach their attorney, they are likely to hire another. If potential clients cannot find a specific law firm’s website, there are plenty of others from which to choose. It is a highly competitive market.

Outsourcing eliminates this as an issue or at least reduces the likelihood.

Will It Help the Firm Maintain Compliance?

In an age of identity theft and cybercrime, it is even more important to take every precaution to ensure the safety of a client’s data. In the legal industry, it is also the law. Unfortunately, compliance is a complicated process.

Someone seeking legal advice assumes that his or her information will be kept safe. They believe that the lawyer they choose will do whatever necessary to protect it. Outsourcing IT provides the best security for your clients’ sensitive data.

Will It Reduce Expenses for the Firm?

There are several ways in which outsourcing IT operations saves money and makes the practice more profitable. A team of full-time IT employees is costly. They have limited expertise and the firm might be financially responsible for paying for certification. Otherwise, they could fall behind and be unable to work with more advanced technology, as it is developed.

By outsourcing, the office has access to a full team of specialized experts who are qualified to work on the most recent tech. The firm is not responsible for their training and they are available 24/7/365. It is less expensive than hiring full-time technicians.

What Quality of Service Is Available?

Since remaining at the top of their game is vital to their edge, an IT firm is nearly guaranteed to be skilled in all of the contemporary tools and tricks. Plus, since it is comprised of a team of experts, problems can be identified and resolved quickly. If one technician does not have the answer, he/she can easily consult with others.

With an outsourced IT team, law firms receive the following benefits that an in-house technician would not be able to provide:

• Business continuation
• Customized technology
• Predictable expenses
• Reduced overhead
• Superior security
• Team of specialists
• World-class IT service

Law firms that hire an in-house IT employee are likely to get someone with a moderate amount of experience and general problem-solving skills. They may try to hire a “dream team” of IT experts but that would be time-consuming and expensive. Plus, who would know more about hiring IT experts—an IT firm or a legal one? By outsourcing to a provider that specializes in the legal industry, the benefits multiply.

How Will Outsourcing Provide a Competitive Advantage?

New technology is an ever-evolving beast. While a talented IT employee working in a law office might try to keep up, it would be nearly impossible. This is especially true since legal technology is a niche that is innovating in previously unpredicted ways.

Additionally, new security threats are developing almost as quickly as technology itself. With so many things happening at once, it’s easier for a managed IT services team to adapt. With a “divide and conquer” approach, they are less likely to miss something.

Having an outside company of IT experts provides law firms a competitive edge. By using the most up-to-date technology, lawyers are able to devote their energies to more important things.

In Conclusion

There’s no doubt that advances in technology bring numerous benefits to clients, as well as the firm. They allow counselors to work efficiently and be more accessible than ever before. Outsourcing IT allows lawyers to have all of these tools at their disposal without requiring they become an expert in each. With the benefit of a professional IT firm on call, they can focus on what is most important in their practice: the clients.

 

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal statute, and associated regulations, that, among other things, control what healthcare providers and other “covered entities” do with “protected health information” (PHI). The HIPAA regulations are fairly straightforward, but there are a lot of them. There is a good summary here, with links to the relevant portions of the Code of Federal Regulations (CFR). This article covers only the basics.

Who Does HIPAA Apply To?

“Covered entities” are health care providers, health plans, and health information clearinghouses. The latter are usually aggregators of health information from hospitals, doctors, and the like. “Protected health information” is any information that relates to an individual’s past or present health status, treatment, and payments for any treatment an individual receives. Past, present, and future healthcare records are covered.

Data falls under HIPAA protection for 50 years after the death of the patient. The form in which the information exists does not matter – it can be written, oral, or electronic. If the information is in electronic form, additional requirements for protecting it applies.

Why Should I Worry About All This?

People are concerned about following HIPPA guidelines and they should be. It’s important to protect the personal and healthcare information of all patients. In addition, the Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) can impose large fines and other penalties for HIPAA violations. Hospitals and health systems have been fined in the millions of dollars for HIPAA violations. And HIPAA violations, if they make it into the news media, always create bad publicity.

What Can I Do To Remain Compliant?

Training of staff on HIPAA rules and practices is by far the most important step. The second is making sure that PHI stored in electronic form is protected. That involves things like:

• Using encryption when data is stored or transmitted
• Making sure that staff have only the access needed to do their jobs
• Making sure that access to systems is, at a minimum, protected by strong passwords
• Protecting records with the latest technology such as swipe cards or biometric identifiers

What Do I Have To Do To Conform To HIPAA?

You need to:

• Formulate your privacy practices
• Notify patients of privacy practices
• Obtain consent or authorization when required
• Make sure that your arrangements with business partners meet HIPAA requirements
• Make sure you distinguish your normal health care operations, where consent is not required, from disclosures, where consent or authorization is required
• Make sure you follow the HIPAA “security rule,” which covers PHI in electronic form

It goes without saying that your legal department needs to be involved in all of this. The Notice of Privacy form should inform patients and staff of what your practices and guidelines are. A notice should be given in written form to patients when they are first encountered.

“Arrangements with business partners” concerns companies that may have access to PHI in the course of providing services to a health care provider. These include companies that provide storage of documents, destruction of documents, or electronic handling of documents. You are required to make sure that they understand the HIPAA requirements and conform to them. You can think of it as the HIPAA requirements “flowing downhill” from you to your business associates.

What’s The Difference Between Consent And Authorization?

In many cases, no consent is required. This includes disclosure of PHI for treatment, payment, and health care operations. A covered entity may, but is not required to, seek consent from a patient for these purposes, but it is common to do so.

On the other hand, an authorization is required for any use of PHI other than the ones listed above. An authorization is more formal than a consent, must be written, and must contain several elements, which are covered here.

Authorization is required when the disclosure is for any purpose other than treatment, payment, or health care operations. This includes disclosure to a third party, such as a life insurance company, an employer, or a provider not affiliated with your healthcare organization.

Please note that electronic transmission of PHI is covered by the authorization requirement as well. If authorization to send the information on paper is needed, authorization to send it electronically is needed as well.

What Are The Takeaways?

• HIPAA compliance is not optional.
• Penalties for violating it can be very costly.
• HIPAA applies to PHI in any form – paper or electronic.
• Obtaining consent is generally a good idea; authorizations are required.
• Depending on the services your business partners provide to you, they may be required to conform to HIPAA as well.
• It is always better to err on the side of caution when dealing with HIPAA.

If you still have questions, be sure to visit the HIPAA website. Today, there are many organizations that can help you learn about and comply with HIPAA guidelines. For instance, many managed IT services providers have tools to help with compliance.