Click here to close now.


@CloudExpo Authors: Jayaram Krishnaswamy, Elizabeth White, Jason Bloomberg, Pat Romanski, AppDynamics Blog

News Feed Item

How to Cut Health Costs by Millions and Stay Out of Prison

A tiny USB drive stolen from the car of an Alaska health worker wound up costing the state of Alaska $1.7 million in federal fines last July. Will your organization be protected when enforcement of health privacy laws skyrockets in 2013?

Online Tech announced today it is the first data center operator to have its data centers and cloud computing infrastructure voluntarily audited to the U.S. Office for Civil Rights (OCR) HIPAA Audit Protocol.

“For the Department of Health and Human Services and OCR this isn’t a joking matter anymore – you will comply,’’ said Nate Buchholz, Information Services Director at Genesys Physician Hospital Organization (PHO). “We have five FTEs all dedicated to securing our infrastructure. Online Tech is our data center colocation partner: they keep our lights on.’’ With the federal enforcement soaring in 2013, Buchholz said health providers are turning to Online Tech because “they take security seriously.’’

“We provide cloud hosting for healthcare clients from across the country,” said Mike Klein, CEO of Online Tech. “These clients need the assurance that the data centers and the cloud infrastructure where they are hosting PHI (Protected Health Information) are audited to the requirements of HHS and Office for Civil Rights. None of our clients want to be fined by the Office for Civil Rights because their hosting provider failed to live up to the OCR audit requirements.”

UHY Advisors, LLP recently completed Online Tech’s independent third-party HIPAA attestation on the company’s cloud infrastructure and all three data centers. Online Tech and UHY agreed to use the newly established OCR guidelines that all healthcare and health IT companies will face from the Office of Civil Rights starting in 2013.

Online Tech is not a covered entity, but rather a business associate (an organization providing a service to a covered entity). Although the initial audit program only applies to covered entities, Online Tech decided to proceed with an independent attestation using the new guidelines.

The American Recovery and Reinvestment Act of 2009 requires the Department of Health and Human Services (HHS) to perform periodic audits of covered entities and business associates to determine if they are complying with HIPAA requirements. A November 2011 to December 2012 HHS Office for Civil Rights pilot program selected 115 organizations across the country to undergo the scrutiny of privacy, security, and breach notification audits by KPMG.

The OCR does not plan to penalize targets for pilots unless they uncover “serious compliance issues.” The HITECH Act has civil penalties for HIPAA violations that can reach $50,000 per violation and up to $1.5 million for identical violations across multiple records in a single calendar year.

In June 2012, the OCR released a copy of the protocol it is using to audit HIPAA compliance under their pilot program. The protocol provides a breakdown of specific audit criteria they are using for HIPAA audits. The protocol includes 169 specific performance criteria organized around compliance in three areas: the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

HIPAA data center compliance is no small investment. Data center operators must not only deliver the technology to meet the administrative, physical and technical safeguards required by the HIPAA security rule, they must also invest in policies, training, breach notification processes, legal support for business associates agreements, and HIPAA insurance. In addition, the organization must commit to consistently monitoring the safeguards and processes to ensure the security of the electronic protected health information (ePHI).

In 2011, Online Tech became the first data center operator to be independently audited for HIPAA compliance. This year, Online Tech decided it wanted to be the first data center operator independently audited against the OCR HIPAA Audit Program Protocol.

“It was a commitment and investment we knew we had to make to serve the best interest of our healthcare clients,” Klein said.

About Online Tech

Online Tech, Michigan’s largest managed data center is becoming the largest in the Midwest, expanding into at least four new markets. The “Fort Knox’’ for data is known for complete redundancy - “backups for everything” - from multiple back-up generators and backup systems to locations straddling two power grids and even two CEOs.

Online Tech leads in secure, compliant hosting services including cloud hosting, managed dedicated servers, Michigan colocation and disaster recovery. Online Tech’s Midwest data centers assure mission critical applications are always available, comply with government & industry regulations, and continue operating after a disaster. Backed by independent HIPAA, PCI, SSAE 16, and SOC 2, Online Tech delivers the security, privacy, and availability expected from world class data center operators. For more information, call (877)740-5028, email [email protected] or visit .

Press Contact: April Sage, Director of Marketing, Healthcare Vertical, 734.213.2020 x 113, [email protected]

For additional information, please visit UHY Advisors, LLP at

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@CloudExpo Stories
Data loss happens, even in the cloud. In fact, if your company has adopted a cloud application in the past three years, data loss has probably happened, whether you know it or not. In his session at 17th Cloud Expo, Bryan Forrester, Senior Vice President of Sales at eFolder, will present how common and costly cloud application data loss is and what measures you can take to protect your organization from data loss.
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
In his session at @ThingsExpo, Tony Shan, Chief Architect at CTS, will explore the synergy of Big Data and IoT. First he will take a closer look at the Internet of Things and Big Data individually, in terms of what, which, why, where, when, who, how and how much. Then he will explore the relationship between IoT and Big Data. Specifically, he will drill down to how the 4Vs aspects intersect with IoT: Volume, Variety, Velocity and Value. In turn, Tony will analyze how the key components of IoT ...
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT’s direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
SYS-CON Events announced today that Cloud Raxak has been named “Media & Session Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Raxak Protect automates security compliance across private and public clouds. Using the SaaS tool or managed service, developers can deploy cloud apps quickly, cost-effectively, and without error.
As-a-service models offer huge opportunities, but also complicate security. It may seem that the easiest way to migrate to a new architectural model is to let others, experts in their field, do the work. This has given rise to many as-a-service models throughout the industry and across the entire technology stack, from software to infrastructure. While this has unlocked huge opportunities to accelerate the deployment of new capabilities or increase economic efficiencies within an organization, i...
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the...
You have your devices and your data, but what about the rest of your Internet of Things story? Two popular classes of technologies that nicely handle the Big Data analytics for Internet of Things are Apache Hadoop and NoSQL. Hadoop is designed for parallelizing analytical work across many servers and is ideal for the massive data volumes you create with IoT devices. NoSQL databases such as Apache HBase are ideal for storing and retrieving IoT data as “time series data.”
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
As the world moves towards more DevOps and microservices, application deployment to the cloud ought to become a lot simpler. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. In his session at 17th Cloud Expo, Raghavan "Rags" Srinivas, an Architect/Developer Evangeli...
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated a...
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
Learn how Backup as a Service can help your customer base protect their data. In his session at 17th Cloud Expo, Stefaan Vervaet, Director of Strategic Alliances at HGST, will discuss the challenges of data protection in an era of exploding storage requirements, show you the benefits of a backup service for your cloud customers, and explain how the HGST Active Archive and CommVault are already enabling this service today with customer examples.
SYS-CON Events announced today that Key Information Systems, Inc. (KeyInfo), a leading cloud and infrastructure provider offering integrated solutions to enterprises, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Key Information Systems is a leading regional systems integrator with world-class compute, storage and networking solutions and professional services for the most advanced softwa...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, ...
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of ...