10 Questions to Ask when Choosing a Secure File Transfer Solution

With the holiday weekend upon us, a few things jump to the top of the "To Do" list, such as planting your vegetable garden, reseeding the lawn, and planning your next big barbeque. Summer is also a great time to rethink your file transfer strategy. Is your IT support staff spending valuable time setting up FTP sites or are large files clogging up your mail server? Could a data breach have occurred because someone unintentionally sent a document unsecurely?

You may want to ask yourself if there's a better way. The easy answer is: yes. The hard part is knowing what to look for and knowing what solution will fit your organization. There are a lot of secure file transfer (SFT) solutions out there and finding the best fit may take some research.

To jump start your project, I have listed three questions to ask when searching for a Managed File Transfer solution.

1. How should data be secured? All communication between the application and the end user should be done over an encrypted channel such as SSL and when storing files (files "at rest"), make sure your solution encrypts the files using a NIST-approved encryption algorithm like AES 256. Best practice for many best of breed companies is to deploy their web applications in a three-tier architecture that separates the presentation layer, business logic, and data layer. Properly separated, the presentation and business logic layers should not contain any user data, and the data layer is locked down securely deep inside your network.

2. Is it easy to use? Technology and applications that are complicated for the end user won’t be used – that’s a big issue for business and operations groups who must use applications for compliance or other policies required for secure data transmission.  You want a SFT solution you pick minimizes changes to existing behavior and ensures widespread adoption.

3. Can it integrate with my network, other applications, and legacy systems? Once an SFT application is deployed, integrating it with other applications or legacy systems can speed up your return on investment. Open standards-based APIs that are platform and language neutral allow integration with a diverse application pool. APIs enable developers to build business applications without having to worry about the implementation details of file transfer, security, user management, and storage.

To see the complete list please click here to download our white paper 10 Questions to Ask when Choosing a Secure File Transfer Solution.

Case Study: How ZOLL Medical Meets Data Security Compliance Mandates

As a business that deals with the research, development, and sales of medical devices, the secure transfer of Protected Health Information (PHI) both within and external to the company is critical.   Prior to implementing Biscom Delivery Server, ZOLL Medical needed a secure, auditable method for sending data in order to meet several compliance mandates.   The case study describes how ZOLL Medical solved the challenges of:   Replacing tools that were too "clumsy" for end users; Sending large files to recipients who often had e-mail attachment limits; Auditing file transfers from customer service and technical service departments. Biscom assisted ZOLL in meeting three different compliance requirements, eliminated its existing secure e-mail solution, replaced Secure FTP servers, and achieved their ease of use requirements across internal and external end-users. Click here to download the Zoll Case study

"Just meeting the compliance goals pays for itself in the time it's saved me. If we didn't use Biscom, I'd have to create some kind of audit trail or guarantee that we're meeting compliance when we send an encrypted document." - Director of IT, ZOLL Medical Corporation

Biscom Helps Reach The International Space Station

Longtime Biscom customer Space Exploration Technologies (SpaceX) was on the front page of every news site today for their successful rocket launch this morning.  The unmanned rocket is scheduled to dock with the International Space Station, a watershed moment marking the change in space travel from government to private commercial companies. 

Designing and building a commercial rocket obviously requires extensive document exchange and collaboration.  Biscom is proud to have facilitated the large file transfer within SpaceX and external partners. 

Congratulations to SpaceX on their historic achievement!

Notes from the 10th Annual Legal CIO Forum

On April 24 Biscom particpated in the 10^th Annual Legal CIO Forum as a sponsor for the second year.  The Forum, attended by more than 35 AmLaw 200 CIOs, covered  topics and panel discussions relating to the critical challenges  facing law firm IT leaders in the post-downturn market.  Based upon the presentations and conversations, here are some of the most prominent trends and ideas that surfaced at the CIO Forum:

• Rates are rising: The demand for legal services has risen by 3 percent compared to last year and this has been followed by a slight rate hike of 6-8 percent. However, a majority of attendees are getting pressure to support alternative fee arrangements.
• Budgets staying level, but still have limitations: None of the polled CIOs indicated that they were asked to cut back on their budgets, although expenses continue to rise. Limitations include a difficulty in approving contract employees and a stalemate on technology investments due to the recession. Another challenge? As one CIO said, “Storage alone is astronomical.”
• Outsourcing: There is a strong push to outsource and centralize data center operations due to the high cost of handling them in-house.
• Security is king:  Basic security parameters, such as forcing password changes, used to be a big issue two years ago. This year, CIOs are working to instill a culture of security with the help of law firm leadership. This movement encompasses everything from attorney errors, phishing, hiring of IT security specialists, regular cross-firm technology committee meetings and the push to make security part of every discussion. One CIO contracts with a third party organization that monitors hack sites to see if his firm’s website or operations show up as a compromised.  Also, there is a rise of client requests for security audits. 
• Usage of mobile devices:  Currently, iPads are mostly used by older attorneys to read emails. iPads are not being used by (for example) an associate who is writing a 200-page document. 

 

 

PHI Data Sharing and Secure Collaboration Made Easy

The article in Health Management Technology discusses today's challenges communicating Protected Health Information (PHI) and how Secure File Transfer (SFT) systems are helping healthcare entities secure PHI, accelerate clinical productivity, and drive end-user adoption.

Shortcomings of historical methods are covered along with a primer on what to ask vendors when looking at SFT systems:

1. How simple is the SFT system for end-users and how fast is adoption?
2. Is data in transit and at rest automatically encrypted? Will encryption work seamlessly with your anti-virus software?
3. Are there any file size limitations? Does the solution depend on any Exchange Server file size limitations?
4. Does the application seamlessly tie to your existing information systems, such as Microsoft Outlook, and use Active Directory?
5. Must the app be deployed in the DMZ, or can it be split between network layers?
6. How easy is it for your IT department to audit user activity and files shared?
7. How do you add users outside the hospital walls (practices, payers, HIEs, etc.)?
8. Is the solution exclusively software and easily upgradeable?
9. Are there extra charges for major release upgrades, or are they included in the service agreement?
10. What are the vendor’s mobile strategies and capabilities?

Four customer examples are also included with a summary of benefits achieved.

PHI Data Sharing and Secure Collaboration Made Easy

Keeping Faxes Secure in Healthcare: A Checklist and Case Study

With robust HIPAA, HITECH, and state governmental regulations, meaningful use financial incentives, and accelerated auditing of Protected Health Information (PHI), it’s always smart to ensure the basics are in place to protect the security of faxes containing PHI. The HIPAA Act also establishes guidelines and regulations for faxing PHI data.

Some questions to ask include:

1. Where are sent/received fax documents and who has access to them?
2. How do users easily access and maintain fax # destinations to ensure they go to the right recipients?
3. How do recipients know they have received a fax and senders know their faxes have been received?
4. What’s on the cover page and who sees them?
5. How and where are faxes stored?
6. How do you audit and track fax communications across the enterprise?
7. How to ensure faxes are routed to only the proper locations?
8. Have you looked at computer fax servers or hosted cloud services which are far superior to stand-alone fax machines or MFP systems?
9. When outsourcing cloud fax infrastructure:
   1. Are faxes sent / received to the cloud via multi-hop TLS email methods or the more secure SSL which is point-to-point and encrypted?
   2. Does the fax vendor use Tier1 data centers with robust and scalable redundancy and network security?
10. Have you looked into examples of successful conversions?  For example, St. Anthony’s Medical Center in St. Louis achieved significant benefits in cost, efficiency, accuracy, and compliance by moving to a fax server system with workflow.

Biscom enterprise fax servers and hosted cloud fax offerings are reliable, easy to use, interoperable with health IT systems, and help you achieve compliance with healthcare regulations. Please download our checklist on Keeping Faxes Secure in Healthcare and the St. Anthony’s case study for more detail.

 

 

Click here to download the checklist »
You'll also receive a hospital case study when you register

Also access the hospital case study:

St. Anthony’s Dramatically Improves Physician, Patient and Service Provider Satisfaction with Biscom’s Fax Server and Workflow

eWeek: Cloud Faxing Lives on in Healthcare with FAXCOM Anywhere

eWeek just released a great article describing one of the major trends in faxing today – the move to the cloud. Many folks remember the stand-alone fax machine of the 80s and 90s, thinking fax is an old or aging technology.

The truth is today’s fax is not only ubiquitous as its always been, but mission critical in many segments, especially healthcare. Today’s fax technology is mostly software which is completely interoperable with ERP, network, email, and health IT systems. One of the key developments is the movement of fax from on-premises servers to the cloud through SAAS technology and of hybrid server/cloud fax systems with built in business continuity and redundancy.

In the article, Brian Horowitz does a great job describing how the “new fax” is key to healthcare applications for Barnes Healthcare, a durable medical equipment and pharmacy company in Georgia. For them, outsourcing fax to the cloud relieves them of the burden of telecommunications management and allows them to receive signed documents for legal prescriptions.

Fax is productive, ubiquitous, and just works like it always has. Biscom has thousands of healthcare customers like Barnes Healthcare where we help them serve their patients day in and day out. I hope you enjoy the article.

http://bit.ly/I5G4Uf

Can File sharing be Easy And Secure for Protected Health Information (PHI)?

Health data breach spending is projected to reach $70 Billion by 2015 related to EHR (Electronic Health Record)  systems and mobile technology to meet government compliance standards.  (The Boyd Company)

With recent examples of major data breaches and increased regulatory oversight to secure PHI, healthcare entities are questioning existing methods for file sharing and collaboration. These include common web-based file sharing services that may be unsecure and difficult or impossible to audit by the IT and compliance organizations.

Central to achieving HIPAA compliance and meaningful use qualification is securing PHI data within the enterprise and externally when communicating with partners, suppliers, payers, and providers. The best way to secure PHI data is to encrypt it effectively. This includes PHI data in transport and at rest. Tracking and auditing the file transfer process will also help healthcare organizations through upcoming meaningful use qualifications.

The question is whether complete security can be obtained easily with broad end-user adoption, integration with current systems, and seamless handling of large files. Securing patient information should be as easy as email without any of the hassles.

Thankfully, secure file transfer technology is encrypted, can integrate with existing systems, handles large files with ease, and will provide IT with automatic auditing and reporting across the enterprise. Best of all, user adoption should be immediate.

In the following Network World article, Ellen Messmer discusses how enterprises are beginning to secure PHI data with ease, avoiding the data breach risks that can be introduced by commonly used file-sharing services.

http://www.networkworld.com/news/2012/031512-cloud-file-sharing-257296.html

 

PHI breaches doubled in 2011

According to Redspin consulting, as reported in  infosecurity, the number of patient record breaches has doubled last year.

Redspin cites the increasing concentration of protected health information (PHI) on unencrypted portable devices and the lack of sufficient oversight of PHI disclosed to hospital’s business associates as the main reasons for the increase.

Here at Biscom, we're definitely seeing an uptick in demand for our secure file transfer solution from our healthcare customers - there are serious consequences, both in terms of financial liability as well as reputation that are at stake. NIH, Mass General Hospital, Children's Hospital, Medtronic, and many more healthcare organization trust us to transmit their PHI securely. Contact us if you're facing similar issues - we can help!

Knowing is Half The Battle - A Discussion About Law Firm Security

Video Run Time - 2:26

Law firms face the daily task of protecting themselves and their clients from breaches of confidential data that could lead to noncompliance with government regulations, large fines, damaged reputations, and loss of business. What some firms are not aware of is that the most ordinary tools and practices – from emails to software configurations – can open a legal organization up to breaches.

Biscom is hosting a webinar on the issue of law firm security and the hidden dangers that lurk within firms. Our Legal Practice Director, Charlie Magliato, will be joined by Jeffrey Brandt, Editor of the Pinhawk Law Technology Daily Digest and noted legal technology thought leader. They will discuss the vulnerabilities posed by the proliferation of mobile devices, the consumerization of technology and cloud computing.  In addition, they will also talk about the following which can be helpful to a law firm as they assess their security program:

• High-profile data breaches  - law firms are no longer immune.

• Culture and technology pressures that contribute to increased risks

• The increasing demands of both national and state government regulations

• How  employees, clients and vendors  contribute to data breaches

• Current and emerging security best practices

Webinar Details:

Date: Wednesday, January 25, 2012

Time: 12:00 pm - 1:00 pm EST

Register Now