HIPAA Compliance for Dental Practices and Their Business Associates

HIPAA

HIPAA

For almost 20 years since the Health Insurance Portability and Accountability Act (HIPAA) came into existence, the health care industry has had to deal with increasingly complex layers of regulations. Dental practices are acutely affected by HIPAA, namely by the recently added rule that holds a dental practice responsible for the security procedures of any company or individual it does business with.

With the increasing complexity of regulation and the huge possible fines for noncompliance, many dental practices find that working with a third-party company that is already an expert on HIPAA compliance is the the best way to stay in compliance. Below I have given an overview of the issues, and shown why working with a company like J.J. Micro LLC IT Consulting can eliminate the fear of HIPAA compliance for your practice.

BASIC HIPAA REQUIREMENTS

The HIPAA Privacy Rule, effective since 2003, is probably familiar to most dentists. This rule gives patients various rights regarding their protected health information (PHI). These rights include the right to change what is in their records and to limit the sharing of these records. The HIPAA Security Rule, (2005), relates to a dental practices’s management of its patients’ electronic health records (EHRs) and mandates a set of ongoing, practice wide, security protocols. These protocols include staff education, regular risk audits, secure redundant backups, email encryption, and documentation of these protocols. An Enforcement Rule (2009) and a Breach Notification Rule (2010) added more requirements regarding when the media has to be alerted to a breach and what kinds of civil penalties can be levied. As stringent as these regulations are, they seem simple to follow when compared to the HIPAA Privacy and Security Omnibus Final Ruling from January of 2013.

YOU ARE NOW RESPONSIBLE FOR YOUR CONTRACTORS

The Omnibus Final Ruling strengthens and expands the regulations enacted previously. But it also adds another level of regulations that make a dental practice responsible for the security protocols of any outside entity it does business with. HIPAA calls these outside entities Business Associates. These are entities such as a collection agency, a document storage or disposal company, billing providers, and IT service providers. Every dental practice must keep on file a Business Associate Agreement (BAA) that outlines who is allowed to be in contact with protected health information (PHI) and what is allowed to be done with that information. If a dental practice were to give a 3rd party access to PHI without a BAA in place, the practice will be liable for any non-compliance penalties.

LET AN EXPERT HANDLE YOUR INFORMATION TECHNOLOGY HIPAA COMPLIANCE

You’re dedicated to providing the best possible care for your patients. This probably takes up the vast majority of your time. With an already busy work schedule, why spend time trying to be your own IT manager. As time goes on, privacy and security laws will only continue to become more complex. Let J.J. Micro LLC IT Consulting stay abreast of the changing state of HIPAA compliance regulations and leave you and your staff to what you do best, caring for patients. Contact J.J. Micro today to schedule a free HIPAA compliance checkup. We will help you develop a plan to become compliant and then keep you in compliance going forward.

For more specifics on the ways J.J. Micro will help you become HIPAA compliant, read our article on HIPAA compliance IT recommendations

And here is more information about HIPAA compliance from the American Dental Association. 

Posted in Business, Dental, HIPAA, Security Tagged with:

IT Related HIPAA Compliance for Dental Practices

HIPAA

 

J.J. Micro LLC IT Consulting provides managed IT services to dental practices in the Greater St. Louis area. Working with dentists over the years has allowed us to become familiar with HIPPA compliance as it pertains to IT infrastructure. Below is some great information that could help your practice become compliant. If you would like a free HIPAA compliance consultation, please call or text message us at 636-556-0009 or email us at help@jjmicro.com. To view other services we provide, please visit www.jjmicro.com.

 

 

HIPAA Magnifying GlassAs a dental practitioner, when was the last time you thought about HIPAA compliance? Are you aware that rules regarding the storing and sharing of protected health information have been changing over the last decade? Do you have a plan in place to address the new laws the Omnibus final ruling in 2013 created? The new laws allow for a $50,000 fine per patient record breach with a maximum fine of $1.5 million per year. These hefty fines could bankrupt a smaller practice and the negative press from a data breach will affect any practice large or small.

HIPAA compliance can be overwhelming if you don’t already have a good plan in place. My experience working as an IT consultant for local dental practices in the Saint Louis, Missouri area has forced me to become familiar with HIPAA laws to be able to provide compliant solutions to my clients. Whether you have an existing HIPAA plan in place or not, I hope I can explain some areas of HIPAA compliance you had not previously considered.

HIPAA stands for the Health Insurance Portability and Accountability Act. As it pertains to technology, we are mainly concerned with the word accountability. Accountability in this context means many things. HIPAA requires that you control access to PHI (protected health information). You must provide proper electronic storage for your PHI. All physical storage spaces must be secure. You and your employees shouldn’t be sending PHI via standard email attachment. Any wired and wireless networks have to be secure. Your IT providers and other contractors must be HIPAA compliant. And finally, a large part of HIPAA compliance is having a written plan in place to address all of these subjects.

When I begin working on a HIPAA plan with a new client, I start with controlling access to PHI. Every employee of your practice must have a unique username and regularly changing password to login to their workstation. This way you have a log of who used which workstation and when they were accessing specific files. Your compliance plan should include a section on what happens when an employee is terminated: which user accounts need to be deleted, if keys and alarm codes need to be changed, and who needs to be notified in the case of a termination (i.e. your IT provider).  If an employee is terminated and all employees share the same login, it is difficult to prevent the former employee from accessing your systems. With unique usernames and passwords, it is easy to control access.

It is always a best practice for your users to lock their workstation any time they leave it unattended. However, people can be forgetful. To prevent unintended access to PHI, your workstations should be set to lock automatically after a period of inactivity. Additionally, on computer screens that are visible to people besides your employees, privacy filters should be installed. A privacy filter is a piece of polarized film that is applied to the monitor so that only a person directly in front of the monitor can see what is being displayed. Anyone viewing the monitor from an off-axis angle just sees a black screen. Many times a practice will have computer monitors in the front desk area that are clearly viewable by patients in the waiting room. If this is the case, a snooping patient could be seeing sensitive information. This would be considered a breach under HIPAA rules.

Proper storage of PHI is commonly an area I see go unaddressed with many of my new clients. PHI should always be encrypted wherever it is being stored. This may sound like an expensive proposition; but it generally doesn’t cost much to implement. All modern Windows Server operating systems have built in encryption software called BitLocker that can be enabled on whichever drives PHI is being stored. Encryption should be enabled on both a server’s internal hard drives and the external backup drives. Encryption also applies to any online or cloud backup software. Most online data backup providers do allow for encryption. But be sure to pick a provider that is HIPAA compliant and doesn’t store your encryption keys anywhere on their servers. Only you should have access to your encryption keys.

Many dental practices do not have a dedicated server room to store their server and backup drives. Some practices have a small closet with a locking door. While other providers place their server and backup drives right out in the open. It is not always practical to build a server closet or a server room in your office. In that case, it is important that your server is physically attached to something. If your office is broken into, you want it to be difficult for a thief to walk away with a server filled with PHI. A cable with a Kensington style lock works with most tower servers to physically attach them to something immovable. And if your server is rack mounted, make sure the server is bolted into the rack. If your external backup drives are encrypted, it is not as important to have them physically attached to something as the data stored on them is useless without the encryption keys. However, if you can’t encrypt them, they should be attached with a Kensington style lock as well. If your server and backup drives sit behind a locked door and are secure from potential thieves, pat yourself on the back; you are already a step ahead of many practices.

Sending PHI via email is something that HIPAA rules have made more difficult. The problem with most email systems is a lack of end to end encryption. If there isn’t encryption all the way from the sender to the intended recipient, PHI can be breached. If you are going to send a client’s PHI via email, you should make use of an encryption service like Virtru or Mail 2 Cloud. These services allow you to send PHI as a secure attachment to an email. The patient or medical provider that you are sending the email to has to create a username and password to download and view the secure attachment. This prevents the data from being intercepted during transmission and from being opened by an unintended recipient on the other end.

Many of my clients provide free WiFi to their patients. This is a great way to keep patients happy while they wait, but it can open a huge security hole if not implemented properly. It is important that both your internal and guest wireless networks are secured and encrypted. But beyond that, it is imperative that they are separated from each other. Internal and guest wireless networks shouldn’t communicate with each other at all. If you’re not sure if your WiFi networks are secure and segregated, you should contact an IT professional to have your networks inspected and secured.

Your wired network must be secured as well. This includes having a proper firewall to protect you from threats outside your network and limiting physical access to network ports inside your network. Business class firewalls can be properly configured to prevent intrusion. And you should never install a network port in an area where patients will be left unattended like your waiting room.

Many dental practices don’t ensure that their sub-contractors are following HIPAA compliance guidelines. To be HIPAA compliant, a practice must have a business associate contract on file with anyone who might have access to the practice’s protected health information. A business associate contract outlines how the business associate is allowed to handle PHI, how they will protect the PHI, and what they will do in the case of a PHI breach. When looking for an IT provider, you should ensure that the provider is familiar with HIPAA compliance laws and following all HIPAA rules when providing service for you. If an IT provider will not sign a HIPAA business associate contract, you should not work with them.

Once a dental practice has decided on a plan to address all areas of HIPAA compliance, that plan should be well documented and available to the US Department of Health and Human Services upon request. In addition, a single employee of the practice should be designated as the HIPAA compliance officer. It is the compliance officer’s job to make sure that all employees are aware of HIPAA rules and are following them. Having a written plan will allow the compliance officer to hold the entire practice accountable and work to prevent PHI breaches. For information on the other aspects of HIPAA that I didn’t cover, please visit the official HIPAA government website.

If after you read this article you can confidently say that you have addressed all of these concerns, I commend you. Many practices don’t have the time or energy to design or enforce a comprehensive HIPAA compliance plan. But a lack of time and energy is an excuse that will not fly with the US Department of Health and Human Services. If you haven’t started your HIPAA plan, you should schedule some time now to meet with your IT provider. You don’t want to be on the receiving end of a hefty fine or the bad press that will come when you are forced to list yourself on the HHS.gov breach list as a provider that has had a PHI breach.

J.J. Micro LLC IT Consulting will provide a free HIPAA consultation for your practice. Please give us a call at 636-556-0009 and ask about our HIPAA checklist.

Posted in Business, Cloud, Data Backup, Dental, HIPAA, Network Security, Security, Server, Uncategorized, Wifi Tagged with: , , ,

OCR Announces Fines for Breaches Affecting Fewer Than 500 Patients

As a HIPAA compliance IT consultant I work with many small dental and medical practices that are affected by HIPAA regulations. For many years, dental practitioners and boutique medical service providers have been able to fly under the radar of the OCR (Office of Civil Rights) and not worry about audits or fines resulting from breaches. However, in 2016 the OCR began to perform random audits of all covered entities and their downstream business associates. And with the new announcement that the OCR will issue fines for breaches affecting 500 or fewer patients, we will see an even bigger focus on HIPAA compliance from these small practices.

Our service offering, PracticeProtect, has seen a recent uptick in sales as more medical service providers are made aware of the dangers of non-compliance. Where practice owners were once unconcerned with the possibility of an audit and thus lax with their security policies, we are now seeing a strong focus on compliance. Many practice owners have spent so long not focusing on compliance that they aren’t aware of just how non-compliant they are. Our first visit with a new client includes an initial HIPAA risk assessment where we cover twenty topics that are usually problem areas for a small practice. We generally find that practices are initially compliant in less than five of those twenty areas.

There are considerable investments in both time and money to become compliant. Many practices have weighed the cost/benefit ratio before and found that the risks weren’t great enough to warrant the investment. But that cost/benefit ratio is changing and I believe more and more practices will be investing in compliance over the next few years.

Read here about the first case where the OCR issued a fine for a breach that affected less than 500 patients. A laptop containing 441 patient medical records was stolen. At the time, the organization that owned the laptop had not performed a HIPAA security risk assessment, nor did they have any policies or practices in place to prevent a breach like this one. Simply encrypting the data on the laptop and password protecting the encryption would have stopped this breach. Because the organization had no procedures in place, the OCR levied a $50,000 fine. Since the breach occurred in 2010, that organization has brought itself into compliance. But they could have avoided the breach and the fine all together if they had been prepared for this. The likely cost of compliance would have been a fraction of the fine they paid.

If you are a small medical or dental practice, let J.J. Micro perform a free HIPAA risk assessment to find out where you stand with HIPAA compliance. There are no strings attached to this risk assessment. You are free to do what you like with the information we provide. We are not government auditors and do not report any security risks to the OCR. We are only here to help you bring your business into compliance.

Posted in Business, Dental, HIPAA, Security

HIPAA Audits Are Coming To Dental Practices

Starting in February of 2016, the Office of Civil Rights (a division of the US Department of Health and Human Services) began phase 2 of the HIPAA audit program. What does this mean for dental practitioners and other health service providers? What does a health service provider need to do to be prepared for an audit? And what happens if a provider isn’t prepared?

Let’s start with a little bit of history on HIPAA audits. In 2011 the OCR began Phase 1 of the HIPAA audit program. They selected 115 covered entities to audit for HIPAA compliance. A covered entity is defined as: health plan providers, health care clearinghouses, and health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. At the time, they weren’t worried about Business Associates or other tangentially related businesses. These audits were very targeted and didn’t affect most health practitioners.

Microsoft Word - Address Verification Email.docxFast forward to 2016 and the OCR has begun Phase 2 of this audit program. Instead of targeting just 115 providers, they are now compiling a comprehensive list of all medical service providers in the United States and will be reaching out to each provider via phone, mail, or email. Click here to view a sample contact letter. Once they add you to their list, they will make contact to find out who your HIPAA compliance officer is and ask for your HIPAA compliance documentation. They will expect you to have comprehensive documentation that generally adds up to somewhere between 50 and 150 (sometimes more) pages of legal documents, policies, training records, and other documentation.

You should already have a binder that contains all of this documentation ready to go. Part of being HIPAA compliant is being able to prove that you are HIPAA compliant. When performing HIPAA risk assessments for our clients, we generally find HIPAA documentation to be lacking or non-existent. If you don’t already have a HIPAA compliance binder, start one today. You’ll need copies of all of your policies surrounding HIPAA, records of employee HIPAA trainings, results of recent and regular internal HIPAA audits, and other documentation. If you don’t know where to start, contact J.J. Micro at 636-556-0009. With our PracticeProtect™ offering, we will help you every step of the way towards full compliance and documentation.

What happens if you are contacted and you aren’t ready for an audit? The OCR will give you 10 business days to respond with your documentation. If they don’t receive your documentation within 10 days, they will schedule a site audit. During a site audit, they will still want to see all of your documentation, but they will also want to interview your employees and look for any potential breeches or lack of documentation. From there, they will begin levying fines based on the severity of potential breeches. Benign issues could be $100 per issue, serious issues can be up to $50,000 per issue.

On average it takes somewhere between three and six months for one of our clients to go through the process of becoming HIPAA compliant. Do not wait until you are contacted by the OCR to begin the process. 10 business days is not enough time to gather all of the information, come up with your own policies, document everything, and provide the proper training for all of your employees. Get started now with PracticeProtect™!

Posted in Business, Dental, HIPAA Tagged with: ,

The Real Cost of Downtime

Everybody knows that when your IT infrastructure goes down it can cost your business money. But have you taken the time to truly quantify the cost of downtime for your business? At first it can seem daunting to put a real price on an hour or day of downtime. However, if you know how much your business brings in on a yearly basis and how many employees you have and their average wage, we can do some simple calculations to find a per hour or per day downtime cost estimate.

[CP_CALCULATED_FIELDS id=”6″]

As an example, if your company does $1,000,000 in revenue per year with 10 employees making on average $20 per hour, you have a potential downtime cost of $681 per hour and $5,446 per day.

Does your company have a backup and disaster recovery (BDR) plan to mitigate downtime? If not, it is imperative to design a plan that fits your needs. The average cost of one day of downtime is more expensive than many BDR solutions for the company described above.

At J.J. Micro we offer many BDR solutions ranging from simple cloud backups to fully fledged high availability clusters with active failover to the cloud. We can design a solution for you that takes into account your recovery point objective and recovery time objective.

The recovery point objective is how often you need your data to be backed up and how many copies of the data you want to keep. For instance, if you have mission critical data that changes hourly and you want to keep each change for a week, you need a backup that runs hourly and keeps 168 copies of the changes.

The recovery time objective is how quickly you want to be able to recover from a disaster or data loss. In a company where a few hours of downtime is acceptable, a simple image based backup might be perfect for you. But if your business needs constant uptime, you should heavily consider live replication to the cloud with automatic failover in the case of an outage.

Call J.J. Micro today at 636-556-0009 to schedule a free Backup and Disaster Recovery consultation. We will work with you to eliminate downtime and keep revenue flowing.

Posted in Business, Cloud, Data Backup, Productivity Tagged with: ,

Troubleshooting CrashPlan Backup Completion Issues

CrashPlan Pro

When using CrashPlan Home or CrashPlan Pro for online data backup, you may notice that your backup never fully completes. You may get a status email that says 99.9% or 100% completed with last completion date weeks or months in the past. You may start wondering why Crashplan never catches up and finishes the backup. Here is an example of what I see in my CrashPlan log emails sometimes.

CrashPlan Email Log

CrashPlan Email Log

In my experience, it’s not that your internet is too slow or that you have too many files that need to be backed up again every day. It’s that Crashplan is having trouble accessing a specific file or folder that has been selected for backup.

There is an easy way to find out which files or folders CrashPlan doesn’t have access to.

Open the C:\ProgramData\CrashPlan\log folder.

Inside you will find a file called backup_files.log.0

Copy that file to a different location (you can’t open this file if it’s in use by CrashPlan).

Then double click on the file to open it and choose Notepad to open it with.

The file will look similar to this:

I 01/25/16 10:10PM 42 d2e9eefef5bf7e096dee6be94f3d5ca7 0 C:/Users/. . .
I 01/25/16 10:10PM 42 c8dc77dba0da3454dc8b5c9009e65e93 0 C:/Users/. . .
I 01/25/16 10:10PM 42 83ce8fff98e976c2ff3be1d23cc9190b 0 C:/Users/. . .
I 01/25/16 10:10PM 42 0767af0e1471ec8d01502e8793ff8cbc 0 C:/Users/. . .
I 01/25/16 10:10PM 42 899644bd3322949766a4c9c7fb628864 0 C:/Users/. . .
I 01/25/16 10:10PM 42 af987dc3545e753c27f6331dc062241b 0 C:/Users/. . .
I 01/25/16 10:10PM 42 0e3938f366c7ff7509f622cc8746c72a 0 C:/Users/. . .
I 01/25/16 10:10PM 42 a64da407130b71be94afe9f87d20a329 0 C:/Users/. . .
I 01/25/16 10:10PM 42 [Default] Completed backup to CrashPlan Central in < 1 minute: 44 files (17.40MB) backed up, 388.10KB encrypted and sent @ 3Mbps
I 01/25/16 10:10PM 42 – Unable to backup 16 files (next attempt within 15 minutes)
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .
W 01/25/16 10:10PM 42 – C:\Users\. . .

Each line that starts with I is a file that was successfully backed up.

Each line that starts with W is a file that CrashPlan wasn’t able to back up.

You can use Control+F to search through the document for lines that start with W. I find that if you search for W plus the first two digits of the date you are looking for, you won’t get stuck on all of the files that have a W in their name. So try searching for this:

W 03/

The next step is to figure out why that particular file is locked. Sometimes the files are inside an encrypted folder. If you inadvertently turned on file encryption on that folder, you can disable it in Windows by right clicking on the folder, choosing properties, and clicking advanced. There you can uncheck “Encrypt contents to secure data”.

Sometimes the files are locked by whatever program uses them. If this is the case, maybe you don’t need to backup this particular file, so you can uncheck that file in Crashplan’s backup settings. By opening Crashplan and on the backup tab choosing “change”. From there you can uncheck specific files and folders from the backup.

If the file needs to be backed up, but is locked by the program that uses it, either CrashPlan has to wait until the program isn’t locking the file to try to back it up, or you will need to schedule a copy of the file to be made on a regular basis so CrashPlan can back it up.

If the problem file isn’t needed at all on your PC and you don’t want it to be backed up, you could just delete the file. But please be careful, you don’t always know if a file is important or not.

Posted in Business, Cloud, Data Backup, Uncategorized Tagged with:

HDD vs SSD: Which Disk Technology is For You

HDD vs SSD

With solid state drive (SSD) pricing falling fast, more and more people are choosing SSDs over traditional spinning disks (HDDs). For many of my own clients, the slight increase in cost of an SSD over an HDD is well worth the extra benefits like reliability, power savings, and most importantly speed. But there are still some good reasons to choose a standard HDD over an SSD. I want to talk about the differences between the drive types and help you decide which is right for you.

How is an SSD different from an HDD?

Spinning Disk Drive

Traditional Spinning HDD

An HDD consists of one or more spinning magnetic platters with armatures that scan along the surface of the spinning platters to read and write data. An SSD differs in that there are no spinning platters. In fact, there are no moving parts at all. An SSD drive is mainly made up of microchips. There is a chip to control the drive and multiple memory chips to store data.

What are the benefits of a traditional HDD?

HDDs currently and for a while to come will have much higher capacities than SSDs. Your average HDD has a capacity between 1TB (terabyte) and 8TB. The average SSD drive has a capacity between 128GB (gigabytes) and 2TB. There are a few SSD drives with bigger capacities than 2TB but they are extremely expensive. So if you plan on storing a lot of data on your drive, you should consider sticking with a traditional HDD.

The average price per GB for a traditional HDD is roughly $0.07 to $0.15 as of today (1/9/2016).  The average price per GB for an SSD drive is about $0.30 to $0.60. So if price is the most important consideration, a traditional HDD will likely be the right choice.

What are the benefits of an SSD?

Solid State Drive

Solid State Drive (SSD)

Speed, speed, and more speed. Depending on the task, SSDs are 33% to 730% faster than a traditional HDD. Windows boot time is on average 160% faster for an SSD equipped system. 63 seconds for an HDD versus 23 seconds for the same system with an SSD drive. File copies can be up to 730% faster; just 42MB per second with an HDD compared to a whopping 307MB per second with an SSD.

With its lack of moving parts, an SSD drive is much more rugged than a spinning drive. This is especially important for road warriors who use their laptops in many different environments. Vibration and sudden movements are both terrible for spinning drives, reducing longevity and causing data loss. SSDs are unaffected by sudden movements and vibration. It’s very common for me to close my laptop lid and toss my laptop in my briefcase before Windows has a chance to put the laptop fully to sleep. With a spinning drive, this could cause data loss. With an SSD, I don’t have to worry at all.

SSDs are unaffected by fragmentation. For decades, we have had to regularly defragment our spinning disk drives. Because of their rotary recording surfaces, HDDs work best with larger files that are laid down in contiguous blocks. In this matter, the drive armature can begin and end its read in one continuous motion. When hard drives start to run out of space, larger files can become broken up and scattered around the disk platter. Thus the armature has to bounce around the surface of the spinning platter to find each piece of the file. SSD drives don’t have to wait for an armature to move to a specific position to read a file. All places on the SSD drive are equally quick to access at any time.

We’ve all been in a room with a noisy computer. There are usually two reasons why a computer is noisy, fans and traditional HDDs. SSD drives have no moving parts making them inherently quieter than their HDD counterparts. The usual ticking or vibrating noise from HDDs is eliminated in SSDs. SSDs also put out less heat than a spinning drive reducing cooling fan speed in most systems and resulting in less noise.

The lack of a constantly spinning platter reduces power consumption considerably in an SSD. In a laptop this results in increased battery life. I personally saw an increase from about 2 hours of battery life to over 3 hours in my 6 year old Macbook Pro. On modern systems with better higher capacity batteries, the difference can be even greater.

So which is right for you?

If your main consideration is either price or maximum storage space, an HDD is currently your best bet. However, if you’d prefer speed, ruggedness, better battery life, and less noise, SSDs are worth the extra cost.

Generally, the extra cost for an SSD only adds about 10% – 20% to the cost of a new laptop or desktop PC. The productivity gains alone will pay dividends on your initial investment.

Posted in Business, Hardware, Productivity Tagged with: ,

Adding Your Google Apps For Business Account On iOS

Many of our clients use Google Apps for Business as a back end for their company email. On a regular basis, I am asked how to add a Google Apps account to an iPhone or other iOS device. I have compiled the instructions below with some screen shots to guide you.

 

Step 1: Find and click the Settings icon on your home screen.

1

 

Step 2: Click Mail, Contacts, and Calendars.

 

2

 

Step 3: Click Add Account.

 

3

 

Step 4: Click Google.

 

4

 

Step 5: Enter your name, full email address, password, and whatever you’d like to use as a description or nickname for the account. Then click Next.

 

5

 

Step 6: Choose which items you would like to sync. In most cases it is fine to sync all 4 of the categories: Mail, Contacts, Calendars, and Notes. Then click Save.

 

6

 

That’s all there is to it. When you open the mail app on your device, you will see a new inbox for this account. If you chose to sync your contacts and calendars, they will show up in the corresponding apps.

 

Posted in Email, Google Apps, iOS Tagged with: , ,

Transitioning to the Cloud

The cloud is one of the biggest technology buzzwords of the 21st century. But what is the cloud? What benefits does the cloud provide? Is it safe to move your data to the cloud? Can using cloud services save you money? These are all important questions if you are considering transitioning some or all of your infrastructure to the cloud.

The cloud or cloud computing is making use of virtual computers and storage space that exist outside your own network. Companies like Amazon, Microsoft, and Google have built enormous amounts of infrastructure to support other peoples’ needs for storage and computing. By taking advantage of economies of scale, they can sometimes offer you the same computing power and storage space for less than you’d pay to buy, install, and maintain your own physical equipment.

There are a number of things to be gained by eliminating local infrastructure. A cloud provider will take over the duties of maintaining, upgrading, and replacing the equipment at their own cost. They will pay for cooling the equipment and for the power the equipment uses. They will keep the equipment secure and provide redundant power and internet connections. If your data or services need constant uptime and high levels of security, it will likely be cheaper to outsource these responsibilities to a cloud provider.

The safety and security of your data and services is of paramount concern to small businesses. Can you achieve the same level of protection in your server closet as would be provided by a cloud provider? Well, it depends. Do you have a power generator in case of a long power outage? Do you control access to your building to keep someone from walking out with a server or backup drive? Do you have more than one internet provider as a backup if your main provider goes down? Most small to medium sized business owners do not have even one of those things in place. Providers like Amazon, Microsoft, and Google furnish every one of those things and more.

Along the same lines, choosing a cloud provider that is committed to safety and security is very important. FEDRamp is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Many providers like Microsoft, Amazon, and IBM do comply with FedRAMP’s standards. Although, conspicuously missing from the list is Google’s Cloud Platform. When choosing your provider, certification from FedRAMP is a good indicator that a provider takes security seriously.

Generally the most common reason to transition to cloud based services is the reduction in overall cost. It takes less personnel to use cloud services than to support a physical infrastructure. Also, cloud services eliminate wasted hardware and energy. A physical server in your office may only ever be running at 10% of its total capacity. With most cloud services, you only pay for the computing power and storage you are using at any given moment.

After considering the above information, it may be time for you to start planning your transition from physical infrastructure to cloud services. J. J. Micro will help you choose the provider and plan that best balances performance, cost, and security for your specific needs.

Posted in Business, Cloud, Virtualization Tagged with: , ,

Ensuring Your Data Backups Are Secure

There are many important questions to keep in mind when considering the security of your data backups. Are you backing up locally and to the cloud to avoid danger brought on by local natural disaster? Are you storing your physical and cloud backups in a safe place? Have you tested your data backup to ensure that the data is intact if you need to restore it? Are you encrypting your data backup if the data is sensitive?

Our highest priority when setting up a data backup solution is to plan for disaster. We want to ensure that if there were a flood, fire, tornado, or earthquake your data would be recoverable. With that in mind, storing your data in one location only is a bad idea. You could transport your backup drives to a different location daily (that’s how it was done in the old days). But with internet speed getting faster and data storage costs getting lower, the cloud backup has become a more viable solution. Prices vary, but for around $10 per month per PC you can have unlimited online backup storage. If natural disaster struck your business, and you had an online data backup, recovering your data would take less than a day in most cases.

When installing a backup solution for our clients we try to make sure the server and backup drive are stored somewhere safe. A server closet with a locking door is the best option. When that is not available, a lockable office works. The idea is to ensure that it’s difficult for somebody to come in and grab the server or your backup drive and leave with your valuable and sensitive data. It’s also important to choose the location of your online data backup. Don’t choose a service that will store your data in the same geographic location as your office. If a major earthquake struck Saint Louis it could affect your office and the location of the online backup if it were based in Saint Louis as well.

If you have a data backup in place, it’s important to attempt to recover data from the backup on a regular basis. This will ensure that when the time comes that you need something from your backup, it will be available. Many business with a data backup solution in place have never tested it before the time came that they needed the data back. When trying to recover data, you could find that your data hasn’t been properly backed up for months or years. The only way to ensure this doesn’t happen is regular testing.

Personal customer data like social security numbers or credit card numbers are sometimes stored on your network. If your business does store sensitive information like this in its backups, encryption is necessary. Encrypting your data backup is the equivalent of putting a very complicated password on the data. This ensures that if somebody were to walk away with your backup drive or somehow gain access to your online data backup, they would have to guess an impossibly long encryption key before being able to read the data. When configuring your local backup, you’ll want to choose backup software that can encrypt the data. And when choosing your online data backup, you’ll want to choose a service that allows you to choose your own encryption key that the service won’t have access to.

When choosing your data backup solution it is important to consider its physical and cloud location, to test it regularly, and to consider encryption when backing up sensitive data. Always choose a reputable IT provider to ensure all of these considerations are planned for.

Posted in Business, Data Backup Tagged with: , ,