An Update on HIPAA - New Breach Notification Rule
HITECH (Health Information Technology for Economic and Clinical Health) Act has been signed into law as part of the Recovery Act, making changes to to privacy and security rules of HIPAA which are effective immediately. New Breach Notification Rule for HIPAA applies to vendors of personal health records and third party service providers.
Definition of Breach:
Defined by the Department of Health and Human Services, a breach is "an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, repetitional, or other harm to the affected individual".
Unsecured "protected health information" (PHI) is information that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the guidance.
Requirements of the new breach notification rule:
- Individuals must be notified within 60 days of breach
- Notification need to include a description of the breach, description of the type of information that were involved, steps that affected individuals should take
- Required to provide a notice to prominent media outlets (i.e. press release) if over 500 residents of a state are affected by the breach
- Must submit breach notification to the Secretary of HHS
Recommended steps:
- Identify which types of protected health information are unsecured
- Evaluate how the unsecured information can be made secured
- Evaluate approved technologies and methodologies
- Select a reliable service provider
- Establish security guidelines and train your staff on the proper procedures
Many common day-to-day practices are vulnerable to data breach. Just think for a minute about how you communicate information to your own staff, clients or partners. For example, email attachments are one of the most common use case of unencrypted file transfers that could easily lead to breach of sensitive information. It is critical to select a reliable service provider to transfer or store private data. A few things to look for while picking a service provider:
- Track record of reliability and strong industry reputation
- SAS 70 certification
- Service Level Agreement
At LeapFILE, we've been providing a secure file transfer solution for thousands of businesses - helping users and IT to easily comply with regulatory requirements. Let us know if you have any questions about how we can help!
Unlocking CCH Files with Right Click
In life we often take the little things for granted, however, things we’ve grown accustomed to expect as standard may be far more unique than we originally thought.
While I was at the Boomer Technology Conference last December, one of our customers gave a presentation to show the different technologies they used to communicate to their clients and why it worked for them. The overall message: implement technology that is easy to use or your staff won't use it. He pointed out that their firm used LeapFILE for secure file transfer because LeapFILE allows them to right-click in CCH Engagement to securely send files to their clients through Outlook. I didn’t think too much of it until I had a conversation with another accounting firm. He let me know he used CCH for paperless, so I asked him if he used Engagement. When I told him he could right-click on a file within Engagement and send the file using Outlook via LeapFILE all in one step, he said that’s something he must test out. His firm signed up about a week later. I figured I was on to something so I started asking all the firms I talked to if they used CCH, and if so, I let them know about this “neat little trick”.
It wasn’t until the end of December that I learned the real significant of that right clicking. I just started working with an accounting firm looking for a solution to securely send files over email that wouldn’t break the bank and would be easy for their accountants to adopt. Of the several products they researched, they narrowed the field down to two viable options under consideration with LeapFILE being the last product for them to evaluate. During our demonstration, I asked them if they were CCH users and if they used Engagement. When I received the “yes” answer and explained the right click capability to them, they were in utter disbelief. Apparently they had tested several services with Outlook Plug-ins before and could not see how LeapFILE could do this while the rest our competitors could not. I set them up with a trial account as a POC, and through their testing, also determined that LeapFILE allows the same actions to be done in CCH Document as well.
As an old time LeapFILEr once said, “Not all Outlook Plug-ins are created equal.” Right-click on a file to securely send a file through Outlook. To think that something that seems so simple and expected turns out to be an absolute treasure.
Any File, Any Size. The Goodness of Java Applet
- Upload and download files of any size
- Auto resume broken upload and download
- Can be used with all browsers and all platforms like Windows, Mac and Linux
- Drag- drop multiple files and even folders
- Shows file compression and transfer progress
New Deployment Options for Administrators
In our ongoing product enhancement efforts, the team rolled out a few changes last week that I’d like to share with you. Some of our enterprise customers requested these features and today we are very happy to announce the new feature availability to all our users.
Customize your welcome email
First, we have provided an option for the administrators to customize the welcome email which is sent to users when their accounts are created. This enables administrators to enforce company policies in their implementation. You can include HTML and embed your company logo as well. The temporary login information from LeapFILE will be appended below this message. If you use our AD integration, then you do not have to use this feature.
Customize your help desk URL
Second, the support link in the application can be turned off or customized to point to your helpdesk. If your company has its own helpdesk team managing LeapFILE, then you can update the URL to redirect user queries. While most customers enjoy and even rely on LeapFILE’s client support, some still want to make use of their own help desk. This option will make that preference possible now.
Administrators can find these options under Account -> Account Setup. So go ahead and start using these new features :)
Want more? Talk to us. Our solutions are customizable to fit your business requirements.
Single Sign-On… in 60 minutes or less!
- No more password fatigue
- Reduced IT costs due to lower number of IT help desk calls about passwords - According to recent research by Enterprise Management Associates (EMA), password management costs $250 per year, on average, for every computer user in an organization. So, if an agency has 10,000 employees, it is shelling out $2.5 million annually just for assisting staffers who have lost or forgotten their passwords.
- Security and real time access control
- Centralized reporting for compliance adherence
- Supports latest as well as conventional directory services
- Import the virtual machine into your existing VMware infrastructure
- Power on the imported VM and give it internet access and AD server IP
- Prepare your Firewall and configure access rules
- You’re done! We will configure the rest of it :)
You spoke. We listened.
Over the past few months, we have focused on building innovative products like Oxygen while maintaining and enhancing our existing product, LeapFILE Transfers.
We are very aware of the trust that you have placed in us, and our responsibility to deliver what you have asked for. Today, we're happy to announce the following enhancements to the desktop client and Outlook plug-in for LeapFILE Transfers:
- Redesign LeapFILEComhub service for Terminal server and Citrix systems. The desktop client will now stream data to the service via IPC.
- Increased the number of streams and packet size for upload throttling
- Support for non-English systems. You can now install and use desktop client on Windows OS using any language like German, French or Chinese etc.
- Error message pop up in the system tray for failed transfers and connectivity issues
- Improved proxy and firewall support.
- Sync desktop client and plugin settings at login and every 30 minutes.
- Better temporary file clean up.
- Improved Outlook plug-in for RTF file handling.
- Saved copies of sent items are marked as read.
- Added time stamp in subject line and body of the message for easier sorting and achieving compliance goals.
If you are excited and would like to see the new features in action, check out the latest desktop client installer.
As always, we would love to hear your feedback. Tell us what you think about these enhancements. Leave a comment or talk to us via Twitter
Biggering a Big Idea
When we launched LeapFILE Folders at DEMO fall '09, we thought it was a pretty big deal that we were enabling users to collaborate with team members and clients directly from their desktop file explorer without emailing, browsing or uploading/downloading. In addition to easy collaboration, the system provided IT with complete control and visibility of corporate data, including remote wipe. The response to our launch at DEMO and our early private beta program feedback substantiated it was a big deal.
In continuing the momentum, we also stepped up our marketing efforts, including participation in major tradeshows like Enterprise 2.0 and Defrag, and hiring a well known PR firm. A funny thing happened along the way. We realized that our new technology could serve as an aggregation platform, which would connect all users from their desktop to any and all corporate file sources. LeapFILE Folders has now evolved, naturally and organically, into LeapFILE Virtual File System ("VFS").
The power and possibilities of VFS are limitless. You can see examples of what VFS can solve here and here and here. The response from our customers so far has been overwhelming and shown us that this is the right direction. To achieve this enlarged vision, we've decided to defer attendance of Enterprise 2.0 (we're signed for 2010 in Boston) and Defrag. We are going to miss those who were planning to meet us at those events.
Instead, we are going to take the necessary time to ensure that our product meets scalability demands, performance expectations, and feature robustness. If you follow and know us by now, this is not a time out. We're working harder than ever and reloaded with talent on every front.
In fact, the next time you see us on the conference and trade show circuit, you may know us as the "Next Big Thing". Enterprise 3.0?
IT 2.0 - LeapFILE as the marriage counselor between Users & IT
When we attended DEMO Fall 2009 last month as one of the companies presenting on stage, I was impressed with all the cool apps being showcased that helped people do things better, faster, or in a more collaborative way. There were tools that made your emails into a task manager, a social video chat service, and an application that lets you connect your various spreadsheets into an integrated model. Good stuff…and I will probably try a few of these out myself. However, I couldn’t help but notice that while these apps certainly appeal to the users of these tools, they don’t speak to the other group of people who are just as important in getting these tools implemented within businesses – the IT folks.
On the other end of the spectrum, the solutions and policies that IT implement within a business environment typically address one of the top priorities of IT – governance for security, compliance, and effective management reasons. Yet, many of these traditional enterprise systems are simply too complex or enforce an unnatural workflow for end-users to work with on a day-to-day basis. In the end, the people who actually use the system become frustrated and eventually look for tools elsewhere to help them do their day jobs...tools that enable users to work but are out of corporate IT’s control…which was the very reason IT implemented certain solutions in the first place (the last paragraph in this related article about the recent T-Mobile Sidekick fiasco touches upon this...on a side note, there wouldn't be any data loss if Sidekicks were running on LeapFILE's virtual file system).
Since end-users and IT live in the same house, how do we repair the relationship between the two? As any marriage counselor will tell you, a good start is to understand the reasons behind the discontentment before we can address it. 
There are two very good articles here and here written awhile ago by our friends at ReadWriteWeb describing trends dubbed IT 2.0 and “tech populism”. In a nutshell, the corporate workforce is increasingly distributed, mobile, and highly collaborative. At the same time, users are becoming more tech savvy and thus “self-provision” web 2.0 tools because they need and want collaborative applications that are always on and always available, regardless of location. This directly conflicts with the “intra”-firewall perspective of traditional IT, whose primary mandates include controlling and preserving corporate data. “Extra”-firewall Web 2.0 technologies are continually being adopted to circumvent IT shortfalls…so because of this, standard applications over VPN are simply insufficient as data is already leaving the corporate firewall via mobile users. This combination of a mobile workforce, ubiquitous bandwidth, and cloud computing is driving this next big shift: the need for IT to extend beyond the corporate firewall.
We at LeapFILE like to think we’re playing this marriage counselor role between end-users and IT. Our existing Secure File Transfer product and especially our new Virtual File System (aka LeapFILE Folders) were built from ground up based on this trend we’re seeing and the need to satisfy both the end-users and IT within a company. For users, this means the ability to access and share all corporate files wherever they may be located…with anyone, at anytime, and from anywhere simply from the comfort of their own computers. For IT, this means the ability for IT to extend their reach beyond the company firewall to govern corporate-owned data and gain instant visibility to all activity around that data.
I believe LeapFILE is among the very few that have designed an enterprise-level solution with this notion of IT 2.0 in mind. But, this is coming from the horse’s mouth, so don’t take my word for it. We invite you to try it out yourself, whether you are an end-user or IT administrator. Register for a free beta account (limited availability) for our new product and tell us what you think.
Portable Applications in the Cloud - Powered by Folders
Today I will show you how to use Oxygen with portable applications like KeePass, Firefox, Thunderbird or VLC. The beauty of portable apps is that you don’t have to install them on the computer. These portable apps will boost productivity by providing quick and easy access from any PC. For example, with Firefox, you can sync all your passwords and bookmarks on multiple computers. Portable email client, like Thunderbird, will not only let you access your emails from anywhere but also keep all the server settings, email filters, address book etc.
Step 2: Download the latest portable KeePass installer and unzip it to KeePass sub folder. Once all the files are uploaded successfully, you can run KeePass.exe and encrypt/save your Windows, Network, or Website passwords. Make sure you save the database file (kdb) into the same Oxygen Folder.
How the US Government could have avoided the perils of lost data with remote wipe capability
It's been recently reported that the personal information of some 70 million U.S. military personnel was lost last November. It's unknown whether the data has been actually breached, but an investigation is under way.
The incident occurred when a defective hard drive, which powered a system that veterans used to request copies of their health records and discharge paper, was returned to the vendor for repair without first destroying the data. To make matters worse, the drive was unencrypted. These are signs of very poor security standards and data-handling policies, which should make all Americans cringe. In addition to basic information such as Social Security and Medicare, the impending Federal healthcare overhaul will place healthcare information in their slippery hands.
Unfortunately, this isn’t the first time that the Federal government has been grappling with lost data. Earlier this year, the Veteran’s Administration paid $20 million to settle a class action lawsuit over a data breach that resulted from a lost laptop containing personal records on more than 25 million veterans. In another case, a hard drive containing data from the Clinton administration including 100,000 Social Security numbers, political records and event logs was lost, and the data has still not been located.
With LeapFILE's virtual file system, all data is safely stored in the cloud, with full end-to-end encryption on the client and server side. IT administrators can have full visibility and control over how data is accessed and who is accessing. And, as these cases with the Federal government have proven, IT capability to remotely wipe data is indispensable. Whether it be a lost laptop or a rogue employee, IT can safely erase all data from any device and then restore that data because it's securely stored in the cloud. (You can watch our recent presentation at DEMO fall '09 demonstrating the remote wipe.)
If the US Government were using LeapFILE, there would be no worry or lawsuits over lost data. Instead, our military heroes would get the peace of mind they deserve. They've placed their lives at stake to protect American liberty and soil; their precious data should be safeguarded as well.
