Many industries are subject to US government regulation regarding Information Security. Aside from direct government contracting entities, the main three industries are now national infrastructure, financial, and healthcare. Government contracting entities and the financial industry have had to deal with this type of regulation for a long time now, but the other two are fairly new to it. The healthcare industry looks more like the financial sector, specifically the credit card processing model, in that even the smallest entities are impacted by the regulations. With the passing of HIPAA, HITECH, and now what is commonly referred to as Obamacare, the healthcare industry is undergoing a transformation. How it impacts individual entities is the subject of much concern. The natural reaction is to get away from regulation as much as possible, but these acts leave very little room to breathe. Other industries have already accepted the fate to which Information Security regulatory acts have imposed upon them, and it is time for healthcare to get serious about it. In this article, I will attempt to break down the specifics and suggest a course of action.
Before a suggested course of action, an examination of the government regulation is in order here. Specifically, whether the regulation is even applicable to a particular entity. Currently, the HIPAA and HITECH acts apply only to healthcare clearinghouses, agencies that must work with the federal government for either Personal Identifiable Information or billing purposes, or professionals in the healthcare field such as doctors and hospital administration. This seems to leave some entities out, but be very wary. With the passing of Obamacare, this could be rapidly changing. The observation here is that Obamacare mandates that everyone carry health insurance, and those that are not provided insurance through an employer must purchase it at the state level, funded by the federal government. Although private industry insurance providers are still the carriers, the government oversight here cannot be ignored. Obamacare impacted every man, woman, and child currently carrying insurance by enacting regulation over the industry. Much like the financial industry, the healthcare insurance carriers now cannot ignore governmental regulation. By extension, any entity doing business with the insurance carriers are similarly impacted, much like any business that accepts credit cards must be found to be in compliance with PCI-DSS. This is the transformational event that is being addressed right now. The implication here is that even the smallest agencies will have to consider HIPAA and HITECH compliance in the very near future. Due to the heavy penalties of HIPAA non-compliance, and the ramifications stated above, it is in the best interests of any entity planning or operating any type of healthcare industry to budget and implement a security compliance effort whether they feel they are in scope or not.
HIPAA and HITECH generally go hand in hand, but compliance with one does not equate to compliance with the other as they have different focus areas. They are complimentary, not conflicting though, so achieving compliance in one or the other makes it easier to become compliant in the second. The problem with both of these is they do not state how compliancy is to be achieved, they simply lay out the objectives. In order to meet the objectives, another tool must be adopted in order to move an entity through the design, planning, implementation, and assessment phases in order to prove compliance. Many security frameworks are out there, some publically available, some through a small cost for licensing. None of them are simple in scope, cost, or time. Once a security framework is adopted, a software toolset is necessary as well to move the entity through the process. So, to sum up, government regulation must be examined to see if it applies, a security framework compatible to the regulation must be chosen, and the corresponding toolset must be obtained. These steps are relatively easy to achieve, and as stated above, it is in the best interests of a business to just simply submit to the regulation and make the effort to become compliant as doing otherwise may be the first death toll heard for them.
As many in other industries have pointed out, becoming compliant is very costly, both in capitol and labor. Although there are a few shortcuts that can be done, the effort itself is the bulk of the cost and cannot be avoided. As in other industries though, there is hope for entities that simply could not afford the compliance effort otherwise. A new type of B2B entity is beginning to emerge, one that provides a service to small and mid sized businesses to take the responsibility of compliance out of their hands. This is not a new concept for the financial industry, but it is much larger in scope as applied to the healthcare industry. The healthcare industry cannot simply obtain an approved device and let the worry of compliancy fall upon the processor....or can it? Such a model does not currently exist in the healthcare industry, but perhaps as the industry maturates, this could be possible. Currently though, the headache is squarely on the entity performing transactional services for medical records or medical billing for Medicare or Medicaid reimbursement. So what about private pay agencies? Well, this is a very gray area, as discussed above in relation to Obamacare. Now that everyone is mandated to carry insurance, and insurance will most likely carry some form of long term care clause, doesn't it follow that the pressure is already evident for private pay home care agencies to be compliant as well? In my opinion, it is.
Friday, March 28, 2014
Monday, March 24, 2014
Job Hunting
Perhaps I'm getting older in an ever increasingly complex online world, but the job hunt has me all "a twitter" right now. The last time I was on the hunt was three years ago, and the premier job board was still monster.com, although there were several offshoots that were getting much more specific to certain industries. This time, I have found that things have changed yet again, and the best place to look is now firmly in the hands of a social media site, LinkedIn. This led me down the road to examine my other social media accounts and connections. Updating the information on them has been completed, and I have cross-linked them as much as they have allowed me to do, and where they don't inherently do this for me, I have done so manually by posting the links to the status updates fields on all of them.
While all the above is all great, in the end, it's rather like climbing to the highest tower in a city and shouting from the rooftops. Not only will your words be drowned out by the din of the others, there is no expectation of a reply worth pursuing. Is this really good networking? Sure, the friends and followers on the social media sites have been picked carefully, or at least with an eye toward some personal gain, but it's a far cry from showing up at a company and handing your resume to them personally.
I have never been very comfortable with selling myself, nor being an active participant in social media in general. My comfort zone is firmly on the right hand side of someone else as a trusted advisor, being an expert in my field, and my social circle is almost exclusively limited to my own wife and kids. I truly envy people that can thrive in the limelight of the media, be the social butterfly at any event, or those that seem to have a natural ability to land a really great job. I've learned what I needed to over the years, and followed the trends as much as I was able, but the one factor that has been the most useful over the years has been to be in the right place at the right time when the new job came along.
I only hope this factor comes my way this time as well. In the end, I've done what I can to encourage this to happen, even extending myself outside of my normal comfort zone tremendously, yet I can't help but wonder if there is something I can be doing that will further this cause. Get myself in front of more people who can see what my skillset may bring to them. On LinkedIn, I could try to friend all the recruiters I can. On Twitter, I could hashtag the popular trends with a link to my LinkedIn profile. I can blog here. I can spread the word on the other social networks. Does this cross any boundaries or present me as an annoying person? I am simply not sure about the perception such actions would be viewed. That having been said, the end may justify the means here, all I can hope is that it does not tarnish my online reputation.
Wednesday, February 26, 2014
An in-depth Look at Destructive Behaviors
I come to this post today with a great deal of apprehension, guilt, and remorse. This is not to be a confession, as the important people in my life already know the particulars, but more to the point, this post is about the how and why of the behaviors I have been exhibiting for quite some time. In short, I have failed a large number of people in my life as well as myself and today I will examine the specific behaviors that led to this as well as to document a plan forward.
I cannot pinpoint a specific time that it all started. Like many things in life, this has been a gradual decline that gained momentum as it progressed. I can say that a level of disappointment in my life is probably a trigger to the behavior I am about to describe. I have been an avid gamer for as long as I can remember, from Dungeons & Dragons and mundane board games to the great social giants of MMORPG's prevalent on the Internet today. I have enjoyed this activity immensely and as I realize now, achieved a natural high on dopamine as my reward for playing. Because this has been a mainstay in my life for such a long period of time, and very few people have called attention to this activity as being destructive, I had a great deal of confidence that there wasn't a problem in engaging in this activity, that it was completely normal, justified, and there was no reason to stop or even scale back on the practice. As a child, this category of activity is even encouraged, leading to this level of thinking and the resultant shock that it can even be considered a problem.
In my early adult years, it was easy to balance the gaming with other aspects of my life. My hormones and activity was completely normal for my age in all respects. I had many girlfriends, went to college, was able to keep jobs, and was a generally happy and healthy person in all respects. It wasn't until my first marriage that I can spot a period of time where gaming completely dominated my life for a solid week. The predictor was a failing marriage were my wife at the time went away for a week, I fell into a depressive state, got a medical release, and stayed in my apartment playing Baldur's Gate. I only broke off the game to eat, go to the bathroom, and sleep. While I was able to rise above this period and continue, it is, most certainly, a period where an addiction is evident.
Some other behaviors intervened, but the gaming never stopped. New games replaced old ones, but I was always playing at least one, if not several games, and from the time that computers were common, I have never been more than a few feet from one loaded with a game or several. At every point since I can picture myself sitting in front of a computer for hours on end, often when there was other things I should have been doing. Even though I chose computers as my career, it was not in the gaming industry, and my time was split between useful work and leisure activity while I was operating a computer. To put some time reference on this, the Commodore VIC-20 came out when I was 12, modems and bulletin board systems in my late teens, and the World Wide Web (Internet) in my 20's. It is, at the time of this post, now more than 20 years later, which means that I have practiced gaming for over three decades now, most of that time online in a social interaction with others in virtual space.
The true rise in social media and gaming began when I took a job with America Online in 1997, shortly before my first daughter's birth. There I was introduced to a truly interactive style of gaming which was completely immersive. At Gateway a few years later, they had a gaming room at the workplace where I was often found every break rushing back to my desk, sometimes late. The gaming had started to interrupt normal life at this point as I much preferred gaming to performing chores or even interacting with real people.
Over the next few years, I was able to relieve some of the gaming experience in the various subsequent jobs I had, but if I ever found free time, the gaming took over. I still only perceived it as a relaxation activity, but looking back, I missed a great deal of time with my children and other family in preference to playing various games. Ten years ago, I married a third time, this time to a woman who did not share any interest in computers, nor slacking off in any activity that wasn't productive. Although I still found time to game, it was always a point of contention between us. I even justified the gaming, insisted upon doing it, and at one point, setup my laptop on a TV tray in the living room as a compromise to the family so I could "spend time" with them and game at the same time. Realistically, even though I was physically present, my attention was only on the games.
New devices appeared, and the laptop gave way to the iPad and iPhone with a plethora of entertainment applications that were much cheaper and able to be played just about anywhere I went. Of course this was a simple leap for me and the more mobile devices became my mainstay for satisfying my increasing need for gaming. At first, these apps didn't have much of a social component, but now, of course, they are very sophisticated and interactive. The game makers, wanting to increase profit, redesigned the billing model to be more subtle, placing incentives for spontaneous purchases in exchange for greatly enhanced abilities in the games. The more sly game makers most likely used this to a great advantage and are now reaping profits in the millions, if not billions due to the spread of devices into all areas of the globe, leveraging the power of mass profit. Now, instead of buying a game once and playing it for free, they offer the game for free, and fleece profit over time through in-app purchasing.
The billing model is deceptive, as you really can be duped into not paying attention to how much is spent or even that you aren't really getting anything in return for your purchase except the dopamine rush of addiction. Many doctors are now comparing the addictive qualities to a drug addiction, and the physiological response is more closely related to a gambling addiction. I have personally witnessed bills in the hundreds per month on my credit card statements. Compare this to a game 20 years ago that cost a mere $50 to purchase that you could play for years before it became obsolete. There is now no doubt in my mind that we are seeing companies taking fiscal advantage of a physiological addiction without regard to their customers well being.
So, to the point of this post. It has taken my wife, my father, and a therapist to finally get me to realize how bad my problem is, how long it has been going on, and how hurtful it is to everyone around me. An addiction of this magnitude generates a feeling in others that the activity is more important than they are. If it is the spouse feeling this, the activity can be compared to infidelity as the emotions and reactions are identical. In a clinical comparison, I may as well state that I have a gambling problem, an addiction to heroin, and am cheating on my wife in front of her eyes as there is no difference in those three from playing the game and being obstinate about doing so. It is so bad that in recent past, I have regularly spent up to 18 hours playing games and spent over 1% of my annual income per month on them (12% per year). I have heard that others spend more time and money than I have, which is astounding to me. For comparison, if you made $50,000 per year, that would translate to $6,000 in game related expenses a year and leave only 8 hours for activity not related to gaming per day, most of that spent in sleep.
I have chosen to leave this where it stands. To quit all games in order to return to a normal level of family activity, get over the addiction, and perhaps return to a much reduced form of gaming if it can be controlled. I have lost many thousands of dollars that I cannot recover, but more importantly I have lost precious time with my wife and kids that I can never get back. I will leave you with a story that hit home to me this morning. I chose to stop this activity just last night, and have deleted the games from my devices. This morning, I dropped my son off at day care and the teacher commented to me that I must be not traveling this week. This surprised me as I have not been traveling for several months. She explained how she knew....it was because she could tell a difference in my son's behavior when I was home. I smiled and left, without telling her the truth of the matter, but it was immediately evident to me what the truth was. When I wasn't gaming, my son exhibited different behavior than when I was focused on the game. Although the comment was hurtful to me, it wasn't intended to be. This, more than anything else, clinches my resolve to carefully monitor a return to gaming, if even I can trust myself to ever return.
I cannot pinpoint a specific time that it all started. Like many things in life, this has been a gradual decline that gained momentum as it progressed. I can say that a level of disappointment in my life is probably a trigger to the behavior I am about to describe. I have been an avid gamer for as long as I can remember, from Dungeons & Dragons and mundane board games to the great social giants of MMORPG's prevalent on the Internet today. I have enjoyed this activity immensely and as I realize now, achieved a natural high on dopamine as my reward for playing. Because this has been a mainstay in my life for such a long period of time, and very few people have called attention to this activity as being destructive, I had a great deal of confidence that there wasn't a problem in engaging in this activity, that it was completely normal, justified, and there was no reason to stop or even scale back on the practice. As a child, this category of activity is even encouraged, leading to this level of thinking and the resultant shock that it can even be considered a problem.
In my early adult years, it was easy to balance the gaming with other aspects of my life. My hormones and activity was completely normal for my age in all respects. I had many girlfriends, went to college, was able to keep jobs, and was a generally happy and healthy person in all respects. It wasn't until my first marriage that I can spot a period of time where gaming completely dominated my life for a solid week. The predictor was a failing marriage were my wife at the time went away for a week, I fell into a depressive state, got a medical release, and stayed in my apartment playing Baldur's Gate. I only broke off the game to eat, go to the bathroom, and sleep. While I was able to rise above this period and continue, it is, most certainly, a period where an addiction is evident.
Some other behaviors intervened, but the gaming never stopped. New games replaced old ones, but I was always playing at least one, if not several games, and from the time that computers were common, I have never been more than a few feet from one loaded with a game or several. At every point since I can picture myself sitting in front of a computer for hours on end, often when there was other things I should have been doing. Even though I chose computers as my career, it was not in the gaming industry, and my time was split between useful work and leisure activity while I was operating a computer. To put some time reference on this, the Commodore VIC-20 came out when I was 12, modems and bulletin board systems in my late teens, and the World Wide Web (Internet) in my 20's. It is, at the time of this post, now more than 20 years later, which means that I have practiced gaming for over three decades now, most of that time online in a social interaction with others in virtual space.
The true rise in social media and gaming began when I took a job with America Online in 1997, shortly before my first daughter's birth. There I was introduced to a truly interactive style of gaming which was completely immersive. At Gateway a few years later, they had a gaming room at the workplace where I was often found every break rushing back to my desk, sometimes late. The gaming had started to interrupt normal life at this point as I much preferred gaming to performing chores or even interacting with real people.
Over the next few years, I was able to relieve some of the gaming experience in the various subsequent jobs I had, but if I ever found free time, the gaming took over. I still only perceived it as a relaxation activity, but looking back, I missed a great deal of time with my children and other family in preference to playing various games. Ten years ago, I married a third time, this time to a woman who did not share any interest in computers, nor slacking off in any activity that wasn't productive. Although I still found time to game, it was always a point of contention between us. I even justified the gaming, insisted upon doing it, and at one point, setup my laptop on a TV tray in the living room as a compromise to the family so I could "spend time" with them and game at the same time. Realistically, even though I was physically present, my attention was only on the games.
New devices appeared, and the laptop gave way to the iPad and iPhone with a plethora of entertainment applications that were much cheaper and able to be played just about anywhere I went. Of course this was a simple leap for me and the more mobile devices became my mainstay for satisfying my increasing need for gaming. At first, these apps didn't have much of a social component, but now, of course, they are very sophisticated and interactive. The game makers, wanting to increase profit, redesigned the billing model to be more subtle, placing incentives for spontaneous purchases in exchange for greatly enhanced abilities in the games. The more sly game makers most likely used this to a great advantage and are now reaping profits in the millions, if not billions due to the spread of devices into all areas of the globe, leveraging the power of mass profit. Now, instead of buying a game once and playing it for free, they offer the game for free, and fleece profit over time through in-app purchasing.
The billing model is deceptive, as you really can be duped into not paying attention to how much is spent or even that you aren't really getting anything in return for your purchase except the dopamine rush of addiction. Many doctors are now comparing the addictive qualities to a drug addiction, and the physiological response is more closely related to a gambling addiction. I have personally witnessed bills in the hundreds per month on my credit card statements. Compare this to a game 20 years ago that cost a mere $50 to purchase that you could play for years before it became obsolete. There is now no doubt in my mind that we are seeing companies taking fiscal advantage of a physiological addiction without regard to their customers well being.
So, to the point of this post. It has taken my wife, my father, and a therapist to finally get me to realize how bad my problem is, how long it has been going on, and how hurtful it is to everyone around me. An addiction of this magnitude generates a feeling in others that the activity is more important than they are. If it is the spouse feeling this, the activity can be compared to infidelity as the emotions and reactions are identical. In a clinical comparison, I may as well state that I have a gambling problem, an addiction to heroin, and am cheating on my wife in front of her eyes as there is no difference in those three from playing the game and being obstinate about doing so. It is so bad that in recent past, I have regularly spent up to 18 hours playing games and spent over 1% of my annual income per month on them (12% per year). I have heard that others spend more time and money than I have, which is astounding to me. For comparison, if you made $50,000 per year, that would translate to $6,000 in game related expenses a year and leave only 8 hours for activity not related to gaming per day, most of that spent in sleep.
I have chosen to leave this where it stands. To quit all games in order to return to a normal level of family activity, get over the addiction, and perhaps return to a much reduced form of gaming if it can be controlled. I have lost many thousands of dollars that I cannot recover, but more importantly I have lost precious time with my wife and kids that I can never get back. I will leave you with a story that hit home to me this morning. I chose to stop this activity just last night, and have deleted the games from my devices. This morning, I dropped my son off at day care and the teacher commented to me that I must be not traveling this week. This surprised me as I have not been traveling for several months. She explained how she knew....it was because she could tell a difference in my son's behavior when I was home. I smiled and left, without telling her the truth of the matter, but it was immediately evident to me what the truth was. When I wasn't gaming, my son exhibited different behavior than when I was focused on the game. Although the comment was hurtful to me, it wasn't intended to be. This, more than anything else, clinches my resolve to carefully monitor a return to gaming, if even I can trust myself to ever return.
Subscribe to:
Comments (Atom)