Posts from ‘Auditing’
Here’s a great write-up of how Rochester General Hospital is using Ipswitch’s MOVEit solution to manage over 400,000 electronic billing transfers per year to dozens of payer systems.
Quick background on the business need: Rochester General Hospital needs to exchange patient records, insurance claims, and billing information from their electronic medical record (EMR) and accounting systems with many health providers and insurance companies.
Security and compliance are critically important: Not only do the transfers need to be reliable to facilitate timely payments, but they also needed to be highly secure and auditable to protect patient privacy and ensure compliance with HIPAA and HITECH.
Ipswitch eliminated complexity and created efficiencies:
“We needed to consolidate on a standard way to transfer files to many different payer systems…. MOVEit consolidated a number of batch files and legacy tools into a single, secure and easy to use file transfer solution,” says Dylan Taft, Systems Engineer at RGH.
“In the event of an audit, MOVEit allows us to provide chain-of-custody and non-repudiation with just a few clicks. Without MOVEit, we wouldn’t have this visibility.”
If we didn’t have MOVEit, we would have to hire one or two additional people just to review the log files every day – not to mention lost files, information arriving late, and frustrated doctors and payers.”
Do you have a great Ipswitch story of your own to tell? Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!
Let’s start to examine the impact of end-to-end visibility and ways it can be put to work for your organization. For starters, let’s dig into correlation.
Correlation involves identifying related actions and events as a file moves through a series of business processes (including what happens after a file is moved, renamed, or deleted), and using that information to make business decisions. Correlation can also associate file transfer metadata with downstream processes such as whether a product was shipped or an invoice was paid after an order was received from a customer.
Ipswitch’s Frank Kenney shares some thoughts in the video below on why correlation is an especially important part of visibility and how it enables you to really understand not only file transfers, but also the applications, processes, purchase orders and other items in your infrastructure that tie back to customers, SLA’s and revenue..
Correlation enables users to easily view all the events related to the transfer and consumption of a single file or set of files, including subsequent applications and resulting business processes. For example, they can track a file through a complete workflow and throughout its entire lifecycle, even if it was shared with a customer or business partner – critical insight that can impact the quality and timeliness of work, service level agreements, not to mention revenue and profitability.
Information flows into, within and out of organizations faster and in greater volumes than ever before. Complicating matters is the growing number of vendor systems, applications and platforms that make up your company’s business infrastructure and touch even your most sensitive and mission-critical information.
If you don’t have visibility into the data and files that are flowing between systems, applications and people — both inside and beyond the company firewall — things can go haywire very quickly.
- Lost files, security breaches and compliance violations
- Broken SLAs and other processes that are dependent on files
- No file lifecycle tracking as data flows between applications, systems and people
- Damaged partner and customer relationships
- Lost opportunities
Relying on the reporting capabilities of each individual system has proven to be risky and inefficient. Chances are, you’re swimming in a sea of not-very-useful-or-actionable data and static reports that are already a week behind with what’s actually happening in your company this very instant.
In today’s blog video, Frank Kenney shares his thoughts why having one consolidated view is critical and why organizations are having such a hard time achieving visibility.
When it comes to your file transfers, many questions exist. Do you have the total visibility your business requires? How do your customers gain visibility into their file transfers?? Do you have all the information you need to meet your service level agreements (SLAs) as well as enabling transparency about integration and file transfers??? Let Ipswitch help you answer these questions and overcome your visibility challenges.
You’re going to be hearing more and more about “VISIBILITY” from Ipswitch, so I’d like to quickly start this blog post with our definition of visibility in the context of files and data flowing into, within and out of your company:
Visibility: “Unobstructed vision into all data interactions, including files, events, people, policies and processes”
Fast, easy access to critical file and data transfer information is a must-have – it’s critical to the success of your business. Whether it’s tracking and reporting on SLAs, analyzing file transfer metrics to identify bottlenecks and improve efficiency, or providing customers and partners with easy self-service access to the file transfer information they require – as well as countless other business objectives – unobstructed visibility is imperative.
Having one consolidated view into all of the systems and processes involved in your organizations file and data transfers will deliver tremendous business value and a competitive edge. Please do take a couple of minutes to watch Ipswitch’s Frank Kenney share his perspective on why visibility is important.
August 2011: Yale University announced that 43,000 social security numbers posted to an insecure FTP server have been available to Google search engine users for the past 10-months.
May 2011: Southern California Medical-Legal Consultants (SCMLC) disclosed that the medical records of 300,000 injured workers were available online to the public through Google search.
For Yale, it seems that the file containing the names and social security numbers was stored in a FTP server which was used for open source work – That means that ANYONE could access the information without even being asked for a username/password. Although IT Director Len Peters said “there is no indication that the information has been exploited”, that sounds to me an awful lot like “nobody has told us that their information was breached but we don’t have the visibility or audit trail to know for sure.”
For SCMLC, an internal server exposed documents containing health information (including names and social security numbers) of California residents who applied for workers’ compensation benefits. The files were neither encrypted nor password-protected. According to Joel Hecht, President of SCMLC, “We take data security and privacy very seriously, unfortunately, our internal security policies and procedures were not followed.” In theory he’s saying the right things and his company may (or may not) have the proper tools and systems in place, but the key here is they lacked the proper management and enforcement of access controls and security policies. Now there are a gazillion reasons wanting to keep health information confidential, and in this case that list would include workers compensation information being read by possible future employers and impacting hiring decisions.
Ipswitch’s Frank Kenney sums things up nicely in a recent article on the increasing security risks of web-searchable databases:
“In many cases organizations don’t know that they’re wide open. The databases that exist today have ultimately been designed to allow the easiest access from a multitude of devices and places. In many people’s minds they think that there is a measure of safety for the data sitting underneath the application because the application is secure. But your database is sitting out there and it came configured out of the box to be connected to the Internet.”
So take this opportunity to identify what Web-facing databases you have and really dig into the information they contain. If you are exposing any sensitive or confidential information, take measures to properly manage that data, control access to it, set up security policies and of course ensure visibility into all files being uploaded or downloaded from the server.
