Tuesday, April 16, 2013

Shiny New Gadget Of The Month: Ultra-Small Bluetooth Location Stickers

Shiny New Gadget Of The Month:   Ultra-Small Bluetooth Location Stickers
With Stick-N-Find, never lose your keys again, find your remote control, track your luggage or keep a virtual leash on your pet fluffy so that you get notified when they go too far away.

   About the size of a quarter and 0.16 inches thin, you can stick these just about anywhere!  Stick them to any device, person or animal and find them with your smartphone.
    With an Apple iOS or Android app, you can view your misplaced items on a radar screen and decide if you would like to have it buzz, flash or do both. Or create a “virtual leash” with the sticker – if that sticker moves away more than a selected distance, your phone will alarm you. Lastly, “Find It” alerts allow you to be alerted when your lost item comes in range of your phone.
   Stick-N-Find Stickers have a Range of about 100 feet with a battery that lasts for over a year.
Find out more at www.sticknfind.com.

Do you have a cool gadget that you'd like to share with us?   Please let me know!  225-751-4444
Thank you!   

~Henry Overton

Monday, April 15, 2013

Mobile Devices: BYOD or COPE?

 BYOD or COPE? Do You Allow Employees To Use Their Own Devices For Work?

    The evolution of personal mobile devices and the rise of how necessary they are to business success these days are forcing many small business owners to make a choice. BYOD or COPE? Or “Bring Your Own Device” vs. “Corporate Owned, Personally Enabled”.

The Typical Solution - BYOD.    According to the CDW 2012 Small Business Mobility Report, 89% of small-business employees use their personal mobile devices for work. But the headache involved here is how do you support and secure all of these devices? The scary thing is that most small businesses don’t even try!  The CDW survey found that only 1 in 5 small businesses have deployed (or plan to deploy) any systems for managing and securing employees’ personal devices.

The Alternative - Is COPE Any Better? A minority of small businesses has implemented a Corporate Owned, Personally Enabled (“COPE”) policy instead. They buy their employees’ mobile devices, secure them, and then let employees load additional personal applications that they want or need. And the employers control what types of apps can be added too. And the “personally enabled” aspect of COPE allows employees to choose the company-approved device they prefer while permitting them to use it both personally and professionally. COPE is certainly more controlled and secure, but for a business with a limited budget, buying devices for every employee can add up pretty quick. If you go the COPE route and are large enough to buy in volume, you can likely negotiate substantial discounts.

Security Concerns With BYOD. If you have client information that must be kept secure or other industry specific regulations regarding the security of client data, then COPE is likely your best approach. It takes out any gray area of whose data is whose. Plus there is a certain comfort level in being able to recover or confiscate any device for any reason at any time to protect your company without any worries of device ownership.

Advice For BYOD Companies. Despite the numerous advantages of COPE, most small businesses will still choose BYOD because it can save them money. Here are 2 of Lawrence Reusing’s (GM of mobile security at Imation) important rules for BYOD. Consider these when creating your mobile device policy.

1. Assume employees will use personal devices on the corporate network even if they are told not to. 50% of employees use personal devices to take confidential data out of companies every day.
2. Assume employees value convenience more than security. If your policies are inconvenient, employees will work around them.

For our friends in the healthcare industry: here's a good site with short, educational videos about mobile device security (and why it's basically a must now...): http://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security 

If you have any questions about managing and securing your mobile devices, give us a call at 225-751-4444!

Wednesday, March 27, 2013

Turn Key Solutions on LPB for Small Business

When:  March 27, 7:00PM

Where:  LPB

The LPB program “Louisiana Public Square” (http://www.lpb.org/publicsquare) topic will be “Tax Reform 2013” and will feature an interview with John Overton.   John is one of the owners of Turn Key Solutions, Chairman of the Small Business Council of BRAC, Chair-elect of the Leadership Council of the NFIB, and serves on the Small Business Advisory Council, BRAC board of directors and BRAC Executive Committee. 

From the perspective of a small business owner serving other small business across the state and a leader in several small business groups, John sees pros and cons of the Jindal administration’s tax reform package.  Turn Key Solutions’ commitment to the communities we serve is to advocate for the success of fellow small businesses—both in terms of the technology they use and the legislative environment in which businesses operate.  We encourage small business owners to run the numbers on how the package will affect them, and join us in working with our lawmakers to preserve the parts that help small business grow and modify the parts that could be impediments.

Additional airings of the LPB program featuring Turn Key Solutions will be as follows:

03/27/13, 9:00 pm LPB2
03/31/13, 12:00 pm LPB
04/09/13, 9:00 pm LPB2

Friday, March 1, 2013

Advocate for your Success

Turn Key Solutions and Turn Key Health are more than just technology companies.  We’re your advocate for success.  Our core competencies are summed up by our motto, “We make technology work for you!”  However, our commitment to our clients is also demonstrated by our dedication to affecting the legislative environment in which both we and our clients operate. 

With this legislative session getting off to a fast start, there are numerous bills that represent threats and opportunities.  A prime example of both is the Tax Reform package.  Much media ink has been devoted to speculating on what will be in the package and how it will affect various demographics.  Long before the session, the leadership team of Turn Key has been meeting with leaders in the Jindal administration and numerous small business groups to make sure the interests of our clients are protected.  As a partner and the CFO of Turn Key, I also serve as chairman of the Small Business Council (SBC) of the Baton Rouge Area Chamber (www.brac.org), a member of the BRAC board’s Executive Committee, chair-elect of the Louisiana Leadership Council of the National Federation of Independent Business (www.nfib.org), and a member of the state's Small Business Advisory Council.  In these roles I work to protect the interests of small business, provide resources to small business, and build coalitions with other business groups to amplify our impact. 

There are numerous provisions of the Tax Reform package that will affect small business.  A few of the positive pieces will centralize tax collection(making it easier for businesses to collect and remit sales tax), eliminate corporate income tax, eliminate inventory tax, and eliminate franchise tax.  Those are all very small business-friendly.  However, there is also a potential down-side in the expansion of sales tax to include many of the services that we provide our clients.  Repair services are already taxable, but we believe that taxing consulting services will add an unnecessary burden on our clients. 

Turn Key has not raised our service rates in many years, despite constant increases in operating cost—especially with the rising costs of the healthcare benefit package we offer our valued employees and the increase in fuel and insurance costs.  Although we are being forced to seriously consider a moderate price increase on some services, we are also evaluating the potential increased tax burden on our clients.  And more importantly we are fighting FOR beneficial legislation and AGAINST harmful legislation.  It’s all a part of our mission to serve YOU, our valued clients and our community. 

If you have concerns about a particular piece of legislation and/or want to know how to make an impact, please contact John Overton at 225-751-4444.

Tuesday, February 12, 2013


So are most things that are really worthwhile - wouldn't you agree?

I just googled "hipaa compliance process" out of curiosity.   My browser says there's "About 5,570,000 results."

That's fairly daunting.   How do you do HIPAA compliance CORRECTLY with the time you've got every week,  and the thousand or so other responsibilities you've got?

Here's my simple, easy, solution for you:    Get started.   Do something.   And then keep doing something, regularly.

But please, please, please - don't stick your head in the sand.   Audits are coming faster every day now, and PHI breaches seem to be almost inevitable, no matter the size of your practice.

And what's the first something to do?   

I would suggest that you begin with the practical guidance from the HIPAA law itself - start with implementing a Risk Analysis Process.

Looking at the HHS's guidance on how to start compliance with the Security Rule here - http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/radraftguidance.pdf - their guidance is clear:

"In Summary 
Risk analysis is the first step in an organization’s Security Rule compliance efforts. Risk analysis is an ongoing process that should provide the organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of e-PHI."

This is why, at Turn Key Health, we follow this Risk Management Process with our clients:  

Visit us at www.tkshealth.com to learn more.
Step 1: Identify Risk Areas

Step 2: Assess Risks

Step 3: Create a Risk Management Plan

Step 4: Implement Risk Controls

Step 5: Re-evaluate & Measure

Step 6: Go to Step 1

I truly believe that Step 1 is the most important - take the time to thoroughly draw out EXACTLY where your ePHI is stored, where it travels, where it can be accessed, and draw the lines between those systems.    This is the one time in your  whole HIPAA compliance journey when you have my blessing to be really pessimistic and let your mind dwell on everything that could possibly go wrong.

Quoting again from the above HHS paper: 

"The following questions adapted from NIST Special Publication (SP) 800-66 are examples organizations could consider as part of a risk analysis.  These sample questions are not prescriptive and merely identify issues an organization may wish to consider in implementing the Security Rule:

  • Have you identified the e-PHI within your organization? This includes e-PHI that you create, receive, maintain or transmit.  
  • What are the external sources of e-PHI? For example, do vendors or consultants create, receive, maintain or transmit e-PHI? 
  • What are the human, natural, and environmental threats to information systems that contain e-PHI?"

If you take your time and do a thorough job at this step, it will make you WAY more effective in the ensuing steps.

We've all heard the quote "A journey of a thousand miles begins with a single step", right?  (Lao-tzu, Chinese philosopher)

Let's get stepping!  You can do this!

If you want to find out how we can make HIPAA compliance painless, visit us at www.TKSHEALTH.COM