Biscom Delivery Server » Compliance

Biscom announces new legal clients

cmagliato — Mon, 07 Nov 2011 16:16:26 +0000

Biscom’s legal business continues to grow! We are pleased to announce the addition of 5 new legal clients. Our growth is the result of Biscom’s laser focus on the legal industry. During the last 2 years Biscom has collaborated with our legal clients to identify and deliver features and enhancements to better meet the secure document needs of law firms and corporate legal departments. Of particular focus for us has been the litigation and practice support groups that have a need for a high performance file and folder upload capability to support production discovery environments. We are also hearing from law firms that are increasingly concerned about the unsanctioned use of hosted file transfer services that increase the firm’s exposure to unauthorized access to confidential client data. Our strong encryption and authentication features as well as on-premise deployment are critical to helping our legal clients offer an easy to use, firm sanctioned self service secure file transfer facility to attorneys and administrative staff. And we are not resting on our laurels. Stay tuned for future announcements of product enhancements designed to improve attorney/client collaboration.

DIY ROI by Mass General Hospital

bho1 — Wed, 27 Apr 2011 13:38:52 +0000

Mark Haas from Massachusetts General Hospital penned an article in the April 2011 edition of the Journal of AHIMA discussing how MGH solved their release of information (ROI) problem using Biscom Delivery Server.

Data Breaches and Encryption Kryptonite

cmagliato — Fri, 25 Mar 2011 13:14:36 +0000

One wrong keystroke or misplaced flash drive can run you $7.2 million.

That’s what a typical data breach will cost you these days, according to a data breach study released this month. This figure is up seven percent from 2009, with the most common causes of data breach attributed to breach incidents (41%), lost or stolen portable or mobile devices (35%), malicious attacks (31%) and system failure (27%.)

While $7.2 million is a sizeable sum we all can collectively cringe at, it doesn’t even come close to estimating the damage to your law firm’s reputation or client relations should it encounter a data breach. Get a taste of how it could feel by reading up on ACS:Law and how it failed to properly secure personal information.

Encryption Kryptonite

The study states that encryption is driving “a decrease in breaches due to system failure, lost or stolen devices and third-party mistakes.” I’m a big fan of encryption (and I suspect anyone in the legal world would be as well), but like Super Man, encryption faces its own version of kryptonite: File transfers via FTP or email. Both FTP and email post significant risks that can open the door for regulation violations or confidentiality breaches.

File Transfer Protocol (FTP) is limited to single authentication – not two-factor authentication which is a requirement of PCI and other security standards. Also, in today’s rushed law firm IT department, there is the risk of an FTP site being set up improperly or of rogue lawyers setting up their own sites.

Email is insecure because it doesn’t allow users to encrypt large files and documents as they are transmitted to the recipient. Plus, most companies and email providers have limitations on the size of email attachments to keep the strain off the servers. This results in bounce backs, error messages and information potentially getting in the hands of someone who shouldn’t see it.

The Remedy: Managed File Transfer

You can defeat encryption kryptonite from emails and FTP sites with managed file transfer (MFT). MFT is a secure method of transferring large files and sensitive data and is typically used in place of e-mail and FTP.

With MFT, you can send encrypted files through a designated network that automatically logs and centralizes the audit trail. This applies most commonly in situations where your company is regulated by the Payment Card Information Data Security Standard (PCI DSS), HIPAA, SOX and other regulations.

Here’s how one law firm uses managed file transfer and reduced IT help desk hours in the process.

Even with the best efforts, every law firm faces the potential of data breaches and the fallout that comes with it. By identifying weak links in your security – such as the encryption kryptonite of FTP and emails – and applying technology such as MFT to combat it, you elevate your ability to thwart potential data breaches. And all in a single bound.

Biscom on Mass Health Data Consortium panel March 25, 2011

bho1 — Mon, 21 Mar 2011 18:35:40 +0000

March 25, 2011. Biscom Delivery Server has been invited to participate in a Mass Health Data Consortium and Platform Solutions panel discussion on the topic of Security Controls for Meaningful Use.

Robert Matthews, from Biscom will be providing examples of how healthcare leaders are using secure file transfer to protect personal health information with minimal impact on user behavior and maximum compliance with HIPAA and HITECH guidelines.

What Security Concerns Keep Law Firm IT Pros up at Night?

cmagliato — Fri, 11 Mar 2011 15:33:51 +0000

During the past quarter, I’ve had the privilege of hosting a series of ILTA roadshows focused on security issues around file transfers. The roadshows – held in Boston, New York and DC – typically welcome around 20 IT professionals each from multiple law firms. The intimate size helps us all to have frank discussions about what keeps IT up at night.

On the forefront: Breaching client confidentiality and regulations.

Beyond the obvious dread of jeopardizing a law firm’s reputation and opening it up for massive fines, there’s a personal take as well. IT leaders are realizing that they are responsible for technology safeguards that protect client data and comply with federal and state data privacy regulations.

The Culprits: Email and FTP Sites

Two methods of potentially risky file transfer kept surfacing during our conversations: Email and FTP sites.

The attendees expressed concern that there seems to be little regard from attorneys and staff when it comes to potential security breaches caused by using email and unsecured FTP sites to transfer client documents and files.

It is almost like the proverbial Sword of Damocles is hanging over legal IT’s head. IT is only one wrong click or FTP error away from heavy fines and potential damage to law firms’ reputations.

Revenge of the Large Email Attachments

The 2010 ILTA member technology purchasing survey identified email management as the biggest issue facing legal IT for the third year running and the roadshow attendees verified that the ever-increasing size of email attachments is a growing support issue.

Is this scenario familiar?

An attorney tries to attach a 50 MB+ PDF to an email addressed to a client. If the email is lucky enough to traverse the firm’s exchange gateway, there is a good chance it will get bounced back due to recipient email size limitations. The attorney then receives an undeliverable message (sometimes not until the next day) and contacts IT for help. Cue the IT support drama!

Would you believe that one of the most popular remedies is to break up a large file into multiple smaller files and then send multiple email messages? This is a quick fix, yes, but doesn’t speak to a law firm’s technical prowess.

And Don’t Even Start us on FTPs

Another common option is for IT to erect an FTP site. After a communal groan, the attendees agreed FTP sites are often difficult to use, challenging to secure and an overall pain in the neck.

What do you think?

Does your law firm face challenges when transferring large files? What do you think are the leading security issues around this?

Leave a comment below so we can continue the conversation.

Coming to a City Near You

ILTA is planning more roadshows for Biscom so hopefully I’ll be in your neck of the woods soon. Feel free to reach out to me at cmagliato at biscom.com if you have a specific city in mind you’d like to see us in. I will keep you posted.

Post-ILTA 2010: Recap & Key Takeaways

cmagliato — Tue, 07 Sep 2010 15:00:05 +0000

I’ve recently returned from the ILTA Conference in Las Vegas and if you haven’t heard, there’s been a lot of exciting buzz about the event. Biscom had the opportunity to exhibit at ILTA this year, we had a great turn out and when looking back, I’m pleased to say I left with many new connections, friends and valuable information (can’t say I left Vegas any richer though, the casinos won this time).

While the e-discovery, litigation support, and case management were among the usual hot topics at ILTA, discussions I’ve had with legal professionals suggest security and data protection are the new black. We experienced record crowds at the booth from law firms looking to solve the growing challenges of preventing unintended employee data breaches and meeting compliance with data privacy regulations. Furthermore, we were featured as one of the top 20 booths to visit at ILTA, according to Law Technology News we were the only secure file transfer provider at the conference, reinforcing our leadership in the legal market and our commitment to meeting the specific needs of law firms and corporate legal departments.

It was an exciting and successful event and one where we gained valuable insights regarding the needs and challenges of law firms, such as:

• Legal IT is growing increasingly frustrated with the cost and inefficiency of transferring large files through the traditional methods of e-mail , FTP and overnight courier. This was validated by the 2010 ILTA Member Purchasing Survey released at the conference. For the second year in a row, e-mail management was identified as the biggest challenge facing legal IT overall.

• File transfer security is an increasing concern. Security moved from the 7th position last year to the 4th position in the ILTA purchasing survey’s “biggest challenge facing IT”.

• Attendees were particularly excited about the capability to transfer files securely from iManage WorkSite and the recently announced BDS 4.0 release. (See the video interview with Bill Ho below)

Somewhere in the middle of manning the Biscom fort in the exhibit hall, I had the chance to attend two very informative sessions; “Taming the E-mail Filing Monster with iManage WorkSite 8.5.” This session included an open panel discussion of three law firms and how they deployed iManage to move e-mails out of exchange to iManage for tracking e-mail content by matter and reducing exchange storage – a growing need for law firms. The other, “The Changing Regulatory Landscape and its Effect on Law Firms,” featured Beth Chiaiese, Director of Loss Prevention, and Jodi Malek, CIO, of Foley & Lardner. Key topics discussed involved HIPAA, HiTECH and the Massachusetts Data Breach regulations and the specific compliance requirements for each, including the important role technology plays in meeting compliance, such as the encryption and secure transfer of sensitive data.

We also had an opportunity to meet with several members of the press. Sean Doherty, Sr. Technical Editor, Law.com was excited to hear about the new BDS 4.0 features, integration with iManage and plans to integrate with SharePoint (Last December Sean published an in-depth BDS product review in Law.com). We certainly appreciate his time.

Overall, the ILTA Conference was a rousing success and we look forward to next year’s conference.

As an added benefit, you may also enjoy the these post-ILTA reviews:

ILTA 2010: What Happens There, Ends Up Everywhere, Online
http://abovethelaw.com/2010/09/ilta-2010-what-happens-there-ends-up-everywhere-online/

Light Bulbs in Las Vegas
http://aboveandbeyondkm.com/2010/08/light-bulbs-in-las-vegas-ilta10.html

ILTA 2010 – E-discovery after the flood
http://blogs.the451group.com/information_management/2010/09/02/ilta-2010-%E2%80%93-e-discovery-after-the-flood/

ILTA 2010 Recap – Change is in the Air
http://www.corcoranlawbizblog.com/2010/08/ilta-2010-recap-change-is-in-the-air/

In Focus: Post-ILTA 2010
http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202471231934

Mass General works to solve piece of meaningful use puzzle

bho1 — Thu, 01 Jul 2010 20:49:00 +0000

Healthcare IT News just published an interview with Mark Haas, associate director of health information services at Mass General Hospital, one of the premier hospitals in the world. Mark discusses how MGH implemented Biscom Delivery Server to more than double the number of release of information (ROI) requests they can handle with the same staffing. MGH is now handling 52,000 releases per year with the help of BDS.

Another interesting statistic – MGH has reduced their costs for providing these medical records to insurance companies, law firms, and others who request them from $16.08/request down to $5.61 – a 65% savings. MGH also benefits by using BDS to comply with meaningful use objectives.

To see the full case study on MGH, go here.

Like Schrodinger's cat, online privacy is both alive and dead

bho1 — Tue, 13 Apr 2010 21:53:55 +0000

Lora Bentley from IT Business Edge asked a smattering of people for their opinion on privacy — whether it’s alive or dead. I started thinking about this and to me, privacy is what we make of it — we can choose whether we keep our lives private (as much as it’s possible to do these days) or open ourselves up to the online world. To me, privacy is both alive and dead, and we’re ultimately responsible for it. That’s when a vision of Schrodinger’s cat popped into my mind — pretty esoteric reference to those who did not take quantum mechanics in college, but what can I say, I’m a bit of a nerd.

I also remembered an article that came out not too long ago about some teen who killer her boyfriend because she was drinking and driving. Not only was this a horrible event, for which the girl was going to be charged as a minor (she was only 17), but she posted a picture of herself on Facebook titled “Drunk in Florida” a month later. The judge caught wind of this and changed his decision, denied her youthful offender status, and instead charged her as an adult. Now, this girl, in my opinion, did not choose wisely regarding her online privacy. However, it was her choice. How much of ourselves we put out there is really up to us.

I don’t subscribe to the idea of complete privacy, because these days that’s pretty hard to do (who doesn’t buy an occasional something from Amazon?) However, we do need to be judicious. And of course, when it comes to obeying the law (e.g. HIPAA, SOX, GLBA, etc.), we should also be aware of the consequences if we don’t protect confidential or sensitive information.

Doctors put patients at risk by using file sharing software

bho1 — Wed, 17 Mar 2010 21:55:43 +0000

File sharing sites have never been known for their security but now physicians are starting to put their patients’ data up on these peer to peer sites, potentially exposing private and confidential information, and clearly violating HIPAA requirements.

Healthcare IT News is reporting on this study and it’s really quite scary: http://www.healthcareitnews.com/news/docs-file-sharing-risky-business-patient-data

ILTA article: A Data Breach Pandemic

bho1 — Wed, 10 Mar 2010 14:58:04 +0000

The International Legal Technology Association (ILTA) just published its March issue of Peer to Peer magazine. You’ll find an article I authored on data breaches, privacy laws, and how secure file transfer can help companies distribute their confidential information while complying with various legal requirements. You can also use this link to download the specific article as a PDF.