We've got a lot to be thankful for.

@ Turn Key Solutions we have so much to be thankful for that even on the Monday after Thanksgiving, it's still hard to write this list & not miss something.   But here's a start...

We're thankful for our customers. We appreciate your support and your loyalty more than we can express. We are so blessed to have the opportunity to serve people, to make your day better, and to make your technology work so that you can make things happen.

We're thankful for our opportunities and our freedoms here in the USA.

We're thankful for God's blessings on our country, our business, and our families.

We're thankful for our courageous military and their families that give up so much to protect our freedoms.

We're thankful for our team members.   (Interesting aside - we recently took an in-house survey, and every one of us, without exception, listed their primary motivator as "Helping People.")

We're thankful for our new office.    YES!  You heard it first right here!   Over the next 4 weeks, we're moving about 4 miles over to a much nicer, bigger office building.   We are looking forward to launching a whole new series of customer training sessions in our brand new office.   Stay tuned - we'll have an open house soon, and you'll be invited!

Okay, I could go on quite a bit here.   We've got so many great customers, employees, vendors, solutions, opportunities and blessings all around, that all I know to do is say "Thank You.".  
And brace yourself.   2012 is going to be a great year.

Our entire team and I look forward to hearing from you and helping you as you make the most of your blessings and opportunities too.

Sincerely, 

I don't need no stinking risk assessment. (HIPAA, HITECH & YOUR TECH Part 3)

In our previous blog about HIPAA & HITECH compliance we walked through a simple outline of steps towards meeting HIPAA / HITECH compliance, all of which are based on a walk-though of the HIPAA administrative simplifications.

Quick recap - step 1 is to familiarize yourself with the law and get a team together that can help you be compliant.   HERE's  a great document from HHS on how to do the risk assessment.

STEP #2 - The next step is  do a risk assessment.

"THIS IS STUPID.  WHY?" you ask.   "I know my risks.  I don't need you to tell me what my risks are."

Well, forget the fact that the HHS expects you to do it.  How about looking at this from a PURELY BUSINESS PERSPECTIVE.

What would you do if one of your employees accidentally lost a box of your patient charts?

What would you do if a major hurricane was coming?



What about if your practice was hit by a tornado?   Could you EVER recover your business data?  Collections reports?  Patient charts?


The shocking thing for me, as a consultant, is how QUICKLY we forget things like the Joplin tornadoes , and hurricanes Gustav and Katrina.

I WANT YOU
to give me your patients' data,
and all your money.   

But as a business owner or manager (and that's what you are, even though your business is healthcare..), here's the biggest threat you've got: UNCLE SAM.










SO, if you adhere to HIPAA / HITECH regulations, obamacare, or whatever you want to call it, great.  You're already looking for compliance solutions & doing your homework.

BUT IF YOU DON'T believe that HIPAA & HITECH are real threats to you, then forget about the risk assessment as a HIPAA mandate, but DON'T OVERLOOK IT AS A SOUND BUSINESS PRACTICE.

So, if you're interested, here's what your Risk Assessment should look like:

1. It should be periodic.   The world changes, your business changes, and risk factors change.  Your assessment from 2005 is outdated, refresh it or start a new one.

2. You should be involved in it.  If you pay a consultant to do it 100%, it won't reflect your organization accurately.

3. Your assessment should be thorough.   HIPAA law (164.308(a)(1)(ii)(A) states that you should assess the vulnerabilities to the
         A. Confidentiality
         B. Integrity, and
         C. Availability of electronic protected health information (ePHI) held by the covered entity.

SO HOW DO YOU DO A RISK ASSESSMENT?

Our recommendation is to use a company called eGestalt.
WHY?

1. For most practices, their solution costs at or under about $100 / month.
2. It's a secure offsite repository for your compliance plan.
3. It's built and maintained by a team of people who do nothing but obsess over security compliance, so they're keeping it up-to-date.
4. Simple reporting - with a few clicks, you can see in color and in pictures EXACTLY how compliant you are.
5. Comprehensive reporting - with a few clicks, you can pull an extensive report on your compliance status, complete with your supporting policies & documents, to provide an auditor.
6. It's HIPAA / HITECH simplified - all throughout the process of their assessments, you're provided both detailed links to the actual law, and also great explanations & templates for how to meet the legal requirements.

Are there options out there?

You bet.

But this one is a cheap, simple and comprehensive way for you to meet this incredibly important part of HIPAA & HITECH.   And it's proven, reliable, and industry-accepted as a strong solution.

So, when you're ready, CALL US at  225-751-4444 or visit us online at www.TKSHEALTH.COM to learn more or to get started on your audit.

http://www.hhs.gov/ocr/privacy/hipaa/enforcement/cmscompliancerev08.pdf

We forgot to say "Happy Improve Your Office Day!" (and a review of my new Lenovo e420s laptop)

Wow, I feel like such a toad.  I forgot to wish everyone a very happy "Improve Your Office Day" on October 4th this year.

Really, it's an official sort of official holiday!  Check it out yourself - http://www.daysoftheyear.com/days/improve-your-office-day/

Well, probably that's because my new Lenovo E420s laptop hadn't shown up yet, and John and Harold's had.  I admit, I was a grump.

Well, I got mine a week later, and I have been loving it.   For the life of me, I can't figure out why I waited so long to get a new laptop.   As a techie, you'd think I'd be all about trying out the latest toys, the newest gadgets.

Strangely enough, though, I'm a late adopter of new toys.   I have some personality flaw that makes me like to keep what I've got working for as long as I can.   Perhaps it's inherited from parents that lived through WW2 and got ingrained with "Fix it up, wear it out" mentalities.

Anyway, so here I am, 2 weeks later, and I have to say, this is my all time favorite laptop yet.

The Lenovo e420s is now officially on my list of things I love.

A quick run-down of my favorite features, in non-techie language:

• $799 list price
• Intel Core I5 CPU (FAST!  Windows 7 sees 4 cores)
• 4 gb ram
• 320 gb hd
• Light weight
• Big keyboard
• Big monitor
• Fingerprint security (ie, it can log you in with a finger swipe)
• High resolution camera & good microphone (just hosted a webinar today, they were perfect for the job)
• A LIGHT at the top of the LCD monitor that you can turn on when typing at night (using it right now - it's very effective!)
• Bluetooth
• HDMI video output.

Anyway, look, here's the moral of the story....   I was tinkering along with a great computer that is about 5 years old before this that was awesome when I got it, and still runs Windows 7 fine, but good grief this new laptop is WWWWAAAAY faster, tons more features, and it was cheap!

So here's the deal....    As a business owner, I try to be cheap.   Don't you?   Instinctively, we want to keep expenses down.   Which means employees don't really need anything faster than that dinosaur of a computer you bought sometime during President Clinton's 2nd term, right?

WRONG.    They're wasting your time and your money using that dog.   Not intentionally.   But the time it takes for them to wait for it to boot, wait for print jobs, wait for reports, etc, etc, etc, is time not making you money.   It's time they could be spending helping your customers.

Instead, what are they most likely doing?   Telling your customers they're having computer problems.

So take a minute, go around your office and figure out how old your computers all are.  

HERE'S A GOOD RULE OF THUMB that's held true for the last decade....   for most office workers, if their computer is:
 ..... 5 years old or older, replace it now.
 ..... 4 years old, put it on next years' budget.
 ..... 3 years old, evaluate if it's a truly business critical machine - chances are there's no warranty on it anymore, and you either want to increase your backup routine on it, extend the warranty on it, or move the computer to a non-critical position in your business, and get this employee a new or newer computer.

If you're of the mindset that your staff should run their computers until the monitors melt, you're saving pennies  & burning dollar bills.   Oh, and you're probably really ticking off your employees.  Check out this recent survey from Staples.... http://investor.staples.com/phoenix.zhtml?c=96244&p=RssLanding&cat=news&id=1612573

So that's all for now.   I am loving this Lenovo e420s laptop, and hope to have many happy years of use out of it.

But not too many....

A tale of two Covered Entities (Prologue)

This week we met with two different healthcare providers, or, in HIPAA-speak, "Covered Entities" (CE)

And they couldn't possibly have had more different responses to the concept of HIPAA / HITECH compliance.

The first CE, we'll use the pseudonymn "London Healthcare" didn't know that much about HIPAA / HITECH requirements.  Over the course of our conversation, though, they were extremely receptive to learning what they could about it, and quickly got to the point of detailing a gameplan.  

We wrapped up our 2 hour meeting with some clear action items for both parties, and an enthusiastic, positive mood all around.

The second CE, we'll call them "France Healthcare," knew precious little about the subject either.   And over the course of our 24 minute conversation, it was painfully clear that they didn't want to know any more, either.  

Their perspective was that HIPAA / HITECH was frivolous law, and that rumors of auditors assessing fines were all fake propaganda.   We left each other without any progress, and tangible distrust and frustration being the remaining attitudes all around.



So, what was the difference?   Why did these two small CE's have such completely different perspectives on the significance of HIPAA  & HITECH?

After thinking it over for a few days, here's the best explanation I can come up with:

1. TRUST (or the lack thereof):
   

Our positive, receptive CE, "London Healthcare" (again, real names changed to protect the innocent...), TRUSTS ME AND MY COMPANY.    We've got a relatively long relationship where they've trusted us with pretty much their entire I.T. operations, and we've not let them down.   In their words, we've always been quick to respond, looked out for their best interest, and on top of things.  So there was already a high degree of trust there.

On the other hand, our not-so-receptive client, "France Healthcare," is a new client for us, and doesn't quite yet trust us.  They're obviously holding us at arms' length still.

2. HOW WE APPROACHED THE SUBJECT:

We went to "London Healthcare" to start planning a major I.T. infrastructure refresh, but we walked through it from the perspective of how each piece is colored by HIPAA / HITECH.   I think this helped them understand that these laws aren't completely frivolous, but that they're a good framework for looking at all your practice's I.T. decisions and infrastructure.

We went to "France Healthcare," though, to talk about HIPAA / HITECH.   I'm fairly certain that from the moment we walked in the door, they felt like they had to be on the defensive, and that they knew they weren't compliant, but didn't want to acknowledge that it's "that big of a deal."

SO, end result?  Shame on me, at least to some extent.   My customers, and our healthcare community at large, need to prepare themselves appropriately against the threat of a HITECH audit. 


Don't believe me?   Do you think this "HITECH junk" is smoke & mirrors?

1. Check out the Department of Health & Human Services' wall of shame here.
   (Here's the full URL: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html)

There are two companies in my home town of Baton Rouge, LA listed there!   And these are just for breaches affecting 500 or more individuals!


2. Did you know that HHS imposed a $4.3 million fine earlier this year for HIPAA violations, as it's first official fine?   In the Office of Civil Rights' directors' words...

“Today the message is loud and clear:  HHS is serious about enforcing individual rights guaranteed by the HIPAA Privacy Rule and ensuring provider cooperation with our enforcement efforts,”  -OCR Director Georgina Verdugo.

There are other cases of fines too, but that was a nice way for them to get the party started.

Anyway, back to my two customers, "London" and "France."

Congratulations to London.   Clients that are raving fans are usually going to be more receptive to new ideas, but this client looked at the whole concept from a business perspective, quickly realized that the HIPAA regulations just detailed good business practices anyway, and almost immediately set up an action plan, a timeline, and an educational agenda.    WOW.


And France?   We've both got some work to do.   I'm going to continue trying to educate them, gently and persistently.   And we'll talk about it next time piece by piece, and perhaps from a different perspective.

So, our tale of two cities is just getting started.

I'll keep you posted on how the war goes. :)

HIPAA SCHMIPAA. This is a cake walk. (HIPAA HITECH YOUR TECH Part 2)

HIPAA compliance can almost be this easy.

HIPAA, SCHMIPAA.

No, that's not another acronym you've got to learn.   It's a dismissive slur.

Really.  THE TECH ASPECTS OF THIS IS NOT INSURMOUNTABLE.

These regulations ARE a lot of fairly reasonable guidelines that should ultimately put your practice, your clinic, or your hospital in much better shape.   (Okay, yes, there's an abundance of governmental, "legalese" language in there too...)

AND Okay, so calling it a cake walk is possibly an overstatement.   Cake walks are no-brainers: you keep getting back in line, and eventually you're going to get a cake.

With HIPAA & HITECH, you've not only got to get in line, you've got to do a little heavy lifting, a lot of homework, and a decent amount of paperwork.

So let's get to it.   HERE'S WHAT WE'RE GOING TO COVER IN THE FOLLOWING ARTICLES:

1. What you've got to do
2. How to do it.

Simple.

Step 1.   What's your primary I.T. goal as relates to HIPAA?    

ANSWER: PREVENT BREACHES OF Protected Health Information (PHI).

Okay, first off, how do you define the word "Breach"?

HITECH ACT, SEC. 13400. DEFINITIONS.

Read the whole act here or jump straight to the definition of breach here
In this subtitle, except as specified otherwise:
(1) BREACH.— (A) IN GENERAL.—The term ‘‘breach’’ means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.

Second, how thoroughly should you work to prevent breaches?  

According to the Office of Civil Rights:
Read the whole companion document here
SAFEGUARDS PRINCIPLE: Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.

and
Read the source here 
HIPAA, § 164.306 (b) – Flexibility of approach
(1) Covered entities may use any security measures that allow the covered entity to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart.

And oh, what is PHI again?

Basically, it's almost any kind information about patients that could be used to figure out who your patient is

Specifically, there are 18 pieces of data that make it up.   We'll write in gross detail about that later, but here's the best explanation I've seen yet: http://www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/

So, a gross summary of this 1st BIG POINT is that YOUR JOB, as a healthcare provider or vendor to healthcare vendors, is to keep the wrong people from finding out anything about your patients.   SEEMS FAIR.


Now, for the zillion dollar question:

STEP 2.   What steps should we take to prevent breaches of PHI (And pass an audit...)

THE SINGLE BIGGEST POINT WE CAN MAKE HERE IS THIS.....

DO A RISK ASSESSMENT. 


If you're ready to read on, though, here's a simple to-do-list of things you can do to get a HUGE chunk of your HIPAA / HITECH issues out of the way & put to bed:

  USE 164.308 implementation specs as a TO DO LIST:

¨  Do a risk analysis

o   Internal Audit / Self-Assessment

¨  Risk management

o   DO SOMETHING.   Address Self-Assessment results.

¨  Sanction policy

o   Make your employees know this is serious & get their help.

¨  Regular Information Systems activity review

o   Audit, review, and improve.

¨  Procedures for Vendors, H.R. & I.T. interaction

o   …including a termination policy with I.T. steps

¨  Security awareness and training

o   Guard against malicious software

o   Log-in monitoring

o   Password management

¨  Create good contingency plans – including backups, Disaster Recovery & emergency ops

¨  Use Business Associate Agreements

Sounds simple, right?    Most for-profit businesses do the same stuff.   It's certainly basic stuff that Turn Key Solutions, LLC has taught our clients to do since 1999.

So, how do you do each step?

Stay tuned!

I'll walk you through each piece of this, and a lot more, in pretty deep detail.

Need a jump start?   Call me!  (225) 751-4444.   I'll be glad to answer your questions.

Need to back up?  Here's our primer on HIPAA / HITECH

PS: Good resources:
HIPAA SECURITY SERIES,  Part 2 - Security Standards: Administrative Safeguards
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf

HIPAA, HITECH & YOUR TECH

So tomorrow, 9/21/2011, I'm presenting the first of a series of lunch & learns titled  "Hipaa, Hitech & Your Tech."

As the title hints at, we're talking about what specific tech things that a Business Associate (BA) and Covered Entities (CE) need to do to assist in their HIPAA / HITECH compliance strategy.


Here's a brief summary of what we're going to cover, and an overview of what I'll lay out in this blog, as well:

A. Being HIPAA / HITECH compliant is doable.   Possible.  Not an insurmountable mountain.

"DO OR DO NOT.  There is no try."

B. Being HIPAA / HITECH compliant is required.  The immortal words of Yoda may be haunting you:  "Do or do not.   There is no try."

He's right.  You gotta do this.  Don't play with it.  Just do it.

C. There are tactical points in the HIPAA, HITECH, OCS & other documents that you can hang your hat on and work with.

D. There aren't really aren't zillions of laws you need to read to understand the basic intent & requirements of the HIPAA & HITECH laws.

E. You probably do need to get a little help with this, but it doesn't have to cost you an arm and a leg.


Let's start with a quick summary of what you're facing, and what's at stake for CE's and BA's with HIPAA / HITECH.

So, here's what good I see coming out of all of this:

THE GOOD:

1. HITECH ACT Grants offer possible +/- 44k over 5 years
2. Medicare Incentive for meeting Meaningful use w/ EMR
3. Healthcare info (PHI) will (probably) be more secure.
4. Healthcare will get measurably better??

THE BAD:

1. Choosing the wrong EMR can cost you more than 44k.
2. Financial penalties for anyone that touches PHI
3. Legal fees the Attorney General levies!
   

Ug.  You put my client's PHI on Facebook.
Me sue you now.  Ug. 

AND THE UGLY:

1. February 17th, 2010 – BA’s became subject to HIPAA regulations
2. February 17th, 2011 – mandatory civil penalties for violations involving “willful neglect” for BA's AND CE's.
3. February 17th, 2012 – Complainants will share in collected civil monetary penalties.   (Can anyone spell "Class Action Lawsuits out the Wazoo"?)

In our humble opinion, that's the big highlights of what's on the table with HIPAA / HITECH.   

Stay tuned to the next entry, and we'll start going line by line of about 8 simple things you can do to get compliant.

The evolution of online security

In my last blog entry, we had a few brief graveside words about our recently departed old friend, Antivirus Software.

For 12+ years now, our company, Turn Key Solutions, LLC has been selling it to every customer that would listen to us.  99%+ of them did listen, by the way.

In the last 3 years, though, I have had way too many conversations with clients that went roughly like this:

Me: "We need to format your hard drive and either restore from backup, or reload the OS from a clean start.   It's completely bogged down with malware."


Customer: "AAAGGHH!!! <insert the occasional !@#$!%%!!!!> "


Me: "I'm sorry, what was that?  I couldn't hear you because of all the spit coming through my phone."


Customer: "I paid you good money for <insert brand of Antivirus Software> and now you tell me I have a virus!   My <insert position> is going to be down for a whole day!   Do you know what <he/she> costs me???!!!"


Me: "No sir, not exactly.   But it's not a virus that wiped out the computer, it's malware."


Customer: "Don't get smart with me, Henry.  It's the same thing.  This software you sold me didn't work, and I don't want to pay for this!"


Me: "Er, actually, it's not the same thing.   Your employee intentionally installed the <insert name of malware program, usually it's something like "Antivirus 2010">.   Had it really been a virus, your Antivirus software would have stopped it."


Customer: "AAAGGHH!!! <insert the occasional !@#$!%%!!!!> "   

Moral of the story: most of the downtime caused by junk on computers these days seems to be coming from malware.   And my company and our customers are both stuck dealing with the problem.

A quick recap - here's the basic difference between malware and computer viruses:

What is a computer virus?   A program that spreads by itself much like a human virus, causes computer harm, compromises security, almost always an intentionally malevolent creation.

What is Malware?   Software that often sounds like a good software package to the user (ie, free antivirus software), and often does most if not all of what it said it would do.   Harmful results range from loss of productivity to slower computer performance, to forced purchase of software.

So the obvious solution is this, right?....  SELL ONE STINKING SOFTWARE PACKAGE THAT WILL BLOCK EVERYTHING!

Okay, phew!   Problem solved?    We can go home now?    NOPE.   Not even close.

"WHY?" you ask... 

Simple reason?  Most computers come to a complete crawl when running 3rd party software that provides all the services you need (antivirus, antimalware, phishing protection, inbound and outbound email scanning, firewall, content filter, and, last but not least, logging).   Yes, even your bad-to-the-bone, brand new PC will run noticeably slower when you ask it to do all these functions at a software level.  

Another very significant problem with the "single package blocking everything" route is that it is inherently insecure.   Users forget to renew the licenses, viruses kill the software, or the software just plain old breaks and leaves you vulnerable.  

Good Grief.   So what are we supposed to do?

SIMPLE (sort of) SOLUTION:   LAYERED SECURITY.

What?

What's that?

A basic overview of some pieces of a layered security plan.

Okay, here's a quick layout I just drew that shows some of the basic pieces of the puzzle that make up a good layered security setup:

Piece 1: "THE CLOUD":  There are tons of good service providers that you can use as a filter for your network.  These services get rid of bad stuff before it ever gets to ANY of your equipment.

Piece 2: A current Firewall / Router appliance.   If you bought your office's firewall at Walmart or Office Depot, chances are it isn't cutting it.   Here's a link where Watchguard describes what current, good firewalls can do.

Piece 3: A firewall package on your PC.   From Windows XP sp3 & up, there's been a decent attempt from Microsoft to integrate this.   IMHO, it's not bad.

Piece 4: A good antivirus package.   Hint: Use the same one on all your computers, and have them all renew at the same.

Piece 5: Your PC:  Yep, it's critical to keep it patched, and control what programs get installed on your computers, and how people use your computers.  

If you're the kind of organization that handles medical data or financial data, you'll need to step up how you secure your computer itself even more. Ie, encrypted hard drives, physical security, etc.

Piece 6: YOUR USERS.   This is probably the most important piece.   If your users don't want to keep your data secure, or don't know how to, in our experience, the end result is that you're not going to be secure.




SO..............

There you have it.

That's the beginnings of a game plan to truly do best efforts at keep you secure & safe.

Yep, you read in between the lines correctly.  EVEN THE BEST LAYERED SECURITY ISN'T GOING TO PERFECTLY PROTECT YOU FOREVER.

So how do you keep a computer perfectly safe & secure?

Turn it off.

For those of us that need to use our computers, though, I can tell you the basic stats:

Since 1999, our customers that have employed all of the steps I've lined out above just don't get hammered by problems.   It's weird.   Almost spooky.   Their stuff just works.

And customers with virus & malware problems that adopt a layered security infrastructure?   Strangely enough, the problems just go away.

It's simple, it's not expensive, and it works.   And it will be worth it, I guarantee.

-Henry

Henry D. Overton President & Co-founder Turn Key Solutions, LLC (225)751-4444

We make technology work for you!

Antivirus software is dead





Antivirus software is dead.

Oh, the good old days w/ Norton.

And it had such a sweet, short life.  For a decade or more, there was no argument that a your basic AV software package like Norton Antivirus or Mcafee Antivirus was all you needed to fight off a relatively small (under 250,000) group of viruses.


What we have now, though, is an unimaginable, unbelievably huge mess. The number of known, documented "regular" computer viruses topped one million in 2008. Now, a short 3 years later, most simple antivirus products are aware of over thirteen million virus signatures.

Here's a very depressing quote from Trend Micro's 2009 "Threat Roundup" Executive summary:

...security vendors collected 1,738 unique threat samples in 1988.   [...]Ten years later, the number of unique malware samples had risen to 177,615. [Now,] on average, over 2,000 new, unique malware threats hit the Internet every hour. It now takes less than a week to produce the entire malware output of 2005.

(Yes, it's a few years old, but it's a good read, if this subject matter is interesting to you. Read the full report here. )

Okay, so did you catch that?   Let's put it this way:
1988 - 1,738 threats
1998 - 177,615 threats
2008 - 1,000,000 + threats

An exponential growth in viruses isn't the biggest problem, though.   The bigger problem is that there are so many other electronic threats online.  There are countless resources online dedicated to just trying to help you understand all the other things trying to harm you and your computer. (Here's a good glossary of threat terms from Trend Micro - http://us.trendmicro.com/us/trendwatch/awareness-and-prevention/threat-glossary/)  

Here's a quick summary of what we at Turn Key Solutions run across day in, day out, and what our customers are struggling against:

1. Viruses.   The occasional computer still gets viruses, even with antivirus software.
2. Malware.    Basically, this is software that makes your computer perform less than it could, or in ways you'd rather not.  (Anyone remember Incredimail???)
3. Phishing.   You wouldn't believe how many people STILL go for the emails that state they need to "click here to reset your Capital One password."   Here's a good wikipedia article on what phishing is. 
4. Time wasters.    This is a HUGE category, from social media sites, to personal email, to just checking on the news.
5. Predators & actual people wanting to hurt you, your family, and your business.  
     A. Your kids aren't the only ones that are threatened, but let's start there - Focus on the Family's safety resources is a good place to read more.
     B. Your businesses' data is valuable to someone.  It's not just the likes of Sony, TJMaxx and other fortune 500's that are threatened by hackers.    Your SMALL BUSINESS is at risk, too.    There have been several businesses here in my home town of Baton Rouge, LA that have had to stop taking credit cards lately because they either failed to secure their networks and were hacked, or were cut off preemptively. 


SO, if you've got antivirus software on your computers, congratulations. If it was updated yesterday or today, it may not be completely worthless against the bigger threats.


So what in the world do you do?   What's a small business owner supposed to do to protect their interests, stay PCI compliant, and not have ridiculous I.T. expenses?

Coming up next, we'll outline a series of relatively inexpensive, simple things that small and big business alike can do to fight these threats.   


Come back & read more about what you can do.  (Here's a sneek peek: For starters, any one vendor that tells you they have the whole solution solved IS LYING.)

Henry D. Overton President & Co-founder Turn Key Solutions, LLC (225)751-4444

We make technology work for you!

What is the Meaning of Meaningful Use?

It's hard to remember a more elusively defined subject than that of "Meaningful Use"


Well, maybe the word "IS" was a bit tougher...
http://www.youtube.com/watch?v=j4XT-l-_3y0

If you're struggling with "Meaningul Use," here's a great slide deck from the American College of Radiology that should help as a primer:

http://www.acr.org/SecondaryMainMenuCategories/GR_Econ/FeaturedCategories/federal/hhs/Stage-1-Meaningful-Use-Overview-Deck--March-2011.aspx



The long & short of it is that MOST (but maybe not all...) healthcare providers are going to have to be very careful about who they partner with in deploying their core information systems.

Need more information?  Call us anytime.

Henry Overton President & Cofounder Turn Key Solutions, LLC (225) 751-4444

We make technology work for you!

Can Office 365 save the world?

I can just hear Steve Ballmer (big dog @ Microsoft) singing it now:

"Give me one more chance
And you'll be satisfied
Give me two more chances
You won't be denied"  

(lyrics to U2's "Even Better Than The Real Thing")

Ever since Apple has become so unbelievably successful (again), Microsoft's advertising has taken that distinct tone - Please give Microsoft one more chance.

So is it worth it?   Is Office 365 going to be what it takes to keep Microsoft relevant against Apple, Google, and the rest of the hordes of pretty good products out there?

Well......  as your friendly consultant, I have to defer to a very old, very safe position:  It depends on what you want to do.   

So, What is Office 365? Office 365 is, at it's heart, just a hosted version of many of Microsoft's most popular products.   (Office, Exchange, Sharepoint & Lync).

So what's the uproar?  What is the OVERT BENEFIT of Office 365 for your business?   SIMPLICITY.

I'll keep you posted as we use it more here at TKS, but at this point, I'd have to say here are my favorite perks:

1. Office 2010 deployment & licensing nightmares are significantly reduced.   You log in to your portal, click on the right link, and as long as your computer is compatible, it downloads & installs your fully licensed version of Office.   No keeping up with the license card, no hassling with where you put the DVD's, etc, etc.

2. Sharepoint 2010 is pretty slick.   Integration with Office 2010 is almost seamless, so this means that sharepoint can become your central intraweb, your central file store, and your team's calendar, all in the space of a few hours.   More to come about Sharepoint 2010 in this blog later, I think.

3. Hosted Exchange.   Someone else has to manage your exchange server?   Okay, sign me up.   After doing this for close to 15 years now, here's my take on Microsoft Exchange:  It's still the best email server platform out there for teams, workgroups, and small businesses, but it costs a lot to keep it secure, backed up, and stable.   And GOD FORBID that your own, in-house Exchange server crashes.   That can often translate to a TON of work, which, for a small business, means A TON OF CASH going out the window.   So if you don't use software systems that require that you have an in-house Exchange server, then as of right now, this is really worth looking at.

4. Improved security.   Let's be honest here - Microsoft spends more on the firewalls keeping this platform secure than most of us spend on our entire I.T. environment.   Here is a cool video tour of some of their datacenters: http://blog.insidelync.com/2011/07/microsoft-shares-video-tour-of-its-cloud-datacenters/

So is it worth it?    Should your business transition to Office 365?   Give me a call anytime to talk it over, but it's probably worth a look.

Henry Overton President & Cofounder Turn Key Solutions, LLC (225) 751-4444

We make technology work for you!

Redundant Redundant Connectivity Connectivity

By John Overton

Is one of your competitive advantages the ability to stay in business when others are put out of business by a disaster? We serve several such businesses. Through either hard knocks or pure business savvy, they understand the importance of 1) best-of-breed primary systems, and 2) as many backup systems as they can conceive and afford.

As with any insurance policy, calculating a ROI is hard until you actually need it. I just renewed my flood insurance. In the 11 years that I've been in this house, have I ever flooded? Nope. I recently visited Nashville, TN and got a somber reminder that just because you're in a 100 year flood plain doesn't mean it won't happen in your life time. More than a year after a devastating flood in this beautiful country music paradise, numerous retails areas, businesses and homes are still down and out (granted, some of it is due to insurance settlement disputes!)

Don't let that point slip past you--many of these businesses had flood insurance. They should have been good to go, right? Nope. They discovered that their backup plan was inadequate.

Similar scenario with one of our clients who has a very robust IT infrastructure, massive batteries, awesome gas generator, and bad-to-the-bone redundant connectivity system via a mobile satellite internet system.

But what happens when somewhere in the outer edges of our atmosphere something goes wrong with that satellite? It's not the client's fault, not the installers fault, not the manufacturer's fault, . . . ultimately whose fault it is--that's irrelevant. And it is small consolation when your backup plan is kapoot, that thousands of other businesses across the continent are affected by that same bird in the sky.

Motosat Satellite Internet we installed on a Barge! (Nope, even this isn't foolproof!)

No matter how great everything is going with your primary systems, knowing that your backup plan is shot makes you feel vulnerable. This is where "redundant redundant connectivity connectivity" comes in to play. Beyond the technology tools, your systems and processes is your team. Are you connected to the people who understand your business needs? The right team is not only essential to putting together an effective disaster plan, but also is the most important part OF your disaster plan. Technology will fail. Systems will fail. Processes will fail. And when they do--like this mobile satellite internet system--your peace of mind comes from knowing you did the best you could, but if that doesn't cut it you're connected to the right team with the right resources (and desire) to get you back in business.

Here's the Motosat TCC Satellite trailer we deployed for a client.
As bad to the bone as this is, even it goes down sometimes.

I wish I could control the satellite technology. I can't. But I am connected to people who can get this system working on another bird. That's my commitment to this client. We've had clients with servers that went up in smoke, and the backup that they tested a week ago got corrupted somehow. We've had clients on "the Cloud" who have had Amazon and Sprint-level crashes.

It's when Plan A and B are toast that your Connections (we'll Creatively Call it "Plan C") make all the difference. We've rebuilt corrupt data, provided loaner servers (that a story for another post), and restored data from a 3rd or 4th backup of mission-critical systems--whatever it takes. The right Plan C team can turn a road block into just a pot hole. Now is the time to make connections to your Plan C team--your redundant redundant connectivity connectivity.

Call us today to get your plans in place!

John Overton

Turn Key Solutions, LLC

(225) 751-4444

Disaster Recovery 101

Joplin, Missouri's recent tornado devastation should be a wake-up call for every business owner.  

That is, it should be your wake-up call if you've been pressing the snooze button on your "Hurricane Gustav" alarm clock.


Which should only be buzzing still if you slept through Hurricane Katrina.......




Seriously, I can't understand how many businesses, healthcare practices, schools, and other organizations don't have any Disaster Recovery (D.R.) plan whatsoever.   Whether or not a disaster would put you out of business, if you're not prepared for it, it will certainly cause you, your employees, and your customers an unbelievable amount of grief and unnecessary work.


It's simple to get started on a good D.R. plan, and simple to lay out the basic fundamental elements.   Here's a quick guide, and some simple solution ideas:

1. Don't have a D.R. plan?   Get started now.   Get a pen & paper, your IPad, whatever.   Seriously - please do it now!
2. Start with a worst case scenario: "If I showed up at work and there was nothing but a concrete slab there, what would I do?"
3. From that scenario, let's line out some key areas that would need to be addressed (this is only a starter, not a complete list by any means...):
1. How do you communicate with...
1. Employees (idea...  ever thought about Google Voice for a D.R. hotline?)
2. Customers
3. The community (if it's relevant)
2. How do you keep doing what you do?
1. Do you need to have an alternate facility scoped out?
2. Can you temporarily run your business without an office (ie, go ?   
3. How do you keep money coming in?
1. Do you have your accounting data readily available via an offsite backup?   
2. Can you get back to billing easily?
3. In the event of a regional disaster, would your customers be able to keep paying you?
4. Do you have sufficient business continuity insurance or cash reserves to handle 1 payroll?  2 payrolls?
   
4. If your business is like mine, you don't have time to sit down & answer all these right now.   BUT GET STARTED!!!!   Somewhere, anywhere!

We've been working on our D.R. plan here @ Turn Key Solutions for 12 years.   And, as our business evolves, that plan will have to keep changing to stay relevant.

For example, we now have almost all of our servers in Tier-3 & Tier-4 data centers in Texas & Louisiana.   We've also just moved to a pure I.P. based phone system.   These two steps mean that we can really work from anywhere, even if our phone lines and/or power go out (which happens a lot in Baton Rouge).

So, don't try to make it perfect right away.   But do take time to think about what you'd need to do in a worst case scenario.   Because sooner or later, Mother Nature is probably going to visit us all, and we better be ready....

And if you need help with this, don't ever hesitate to call or email us for some more ideas!