Life in Caps Lock: cyberslate's posterous

technology, shoes, chocolate, cats, and the occasional run-on sentence // crossing the digital divide

  • About Me
  • Find me?
  • In the Blink of an Eye
    • 0
      17 Feb 2012

      Need to Know *More* Women in Health IT #himss12 #hitsm #healthIT

      • Edit
      • Delete
      • Tags
      • Autopost

      It was great to see the blog post excerpted below this week on Women in Health IT as we head into HIMSS12. As a woman working in this field I applaud this as a great start in highlighting the accomplishments women make in a field in which we are woefully underrepresented. It can be difficult for women to make inroads personally and professionally when there is a lack of role models or recognition, particularly when the work requires extensive commitment, time and dedication.

      Two thoughts:

      1) Starting point: Lists such as "the top..." or "the greatest..." are meant to be conversation starters, not definitive or exclusionary. Similar to the #HIT100 list earlier this year, defining the transformational space of Healthcare IT is about building a community of players and acknowledging people making a difference in difficult fields helps us all, not just the those named.

      2) Defining healthcare IT: A conversation this week with a colleague on how healthcare IT is "different" thatn "IT" tout court revolved around the fact that healthcare IT has so many domain and functional experts in addition to technical experts due to the complexity of the requirements. The original list below reflects that with the inclusion of non-traditional leaders (advocate, researcher) in the field of "IT." I applaud that as well: growing our understanding of "IT" to include end user, functional and business leaders only enriches the fold.

      Here's my suggestions for *more* women to know. I've let them speak for themselves and used their own bios and how they define their own contributions to the field. Looking forward to your comments and additions. Or while you're at it, take the time to nominate someone for the 13th Annual Women in Technology Leadership Awards (due 24 February 2012).

      • Cindy Throop - The Data Nerd
      • Sherry Reynolds - The Patient-Centered Design Evangelist
      • Lygeia Riccardi - The Consumerista at ONC
      • Liza Sisler - Looking for a connected world (and health IT maven and community "glue")

      Original Post:

      Need to Know: 5 Women in Health IT by Katie Matlack, Medical Analyst for Software Advice, where she blogs regularly about health IT.  

      You want irony? Try this: the Kaiser Family Foundation reports that we women are the ones make the health care choices for the kids in 8 out of 10 families. Yet women are far and away the minority gender in the world of health IT leaders. Health IT is one of the most important segments of health care, during a time of great change. If women are the ones who’ll be where the rubber hits the road when it comes to the future of health, why aren’t more of us, more involved, in determining what that future of health looks like?

      While this is by no means the definitive list, I’ve done some research on the women who ARE making their mark in HIT. I list five to know below. They’ve been included both for their individual accomplishments and for the attention I think that’s due in the areas of health IT where they’re active. 

      • Regina Holliday - The Patient Advocate
      • Judith Faulkner - The Veteran 
      • Susannah Fox - The  Researcher 
      • Halle Tecco - The Connecter 
      • Amy Sheng - The Inventor

       

      • views
      • Tweet
    • 0
      13 Feb 2012

      IT Governance, Compliance and HITECH Act: Got Metadata?

      • Edit
      • Delete
      • Tags
      • Autopost

      In follow on discussions from my recent presentation at SharePoint Saturday Philadelphia on securing Microsoft Technologies for HITECH Compliance, the question of enterprise architecture and enterprise content management has been at the forefront.

      I was fortunate to have the insights of AvePoint’s Microsoft MVP Jeremy Thake on board during the interactive panel and discussion portion of the session and wanted to take a moment to expand on one of the session themes of logical and physical segmentation of data in enterprise content management. Jeremy recently blogged on this based on his experience in other highly regulated verticals. See his thoughts on governance and compliance in the financial sector here: http://www.docave.com/TeamBlog/Lists/Posts/Post.aspx?ID=64

      There are four (4) critical success factors are of particular importance in managing sensitive information (ePHI) at the enterprise level:

      1)      Enterprise Architecture: Understanding of business architecture and business processes involved in managing sensitive information

      2)      User-Centered Design: Understanding of roles, personas, user preferences, work management and ethnography

      3)      Workflows: Understanding that sensitive information is dynamic, not static

      4)      Outputs: Understanding what compliance (and e-discovery) requests may be needed prior to architecting enterprise content and records management systems

      Managing ePHI in the context of the HITECH Act requires a thorough commitment not only to the four CSFs above but to an enterprise level content management strategy that incorporates metadata management, taxonomies, and privacy and security planning in the design phase. In addition, logical and physical segmentation of data is your friend not only from a standpoint of usability and performance of any content management system, but also from the standpoint of privacy and security.

      Finally, the importance of good metadata in managing ePHI cannot be underestimated. Data without metadata is Wikileaks-all-over-again. As noted in Michael Daconta’s recent “Good Metadata Means Good Government” good metadata design (including “identification, static measurement, degree, categorization, relationship and commentary”) is critical to search, usability, and on the other hand, the ability to tag and quarantine sensitive data (in our case, logical segmentation of ePHI).

      Meta_data_standard_transmission
      Good metadata can accelerate "findability" and open doors to search, retrieval, e-discovery and BI/data analytics (quantitative and qualitative) but can also put the brakes on unwanted data getting out.

      I’ve updated the slides with the reference materials and white papers, as per attendee request.

      For more information on the data privacy and risk forecast for HITECH entities in 2012 (which by the way dovetails nicely with my presentation on the same date!) see Christine Marciano’s trend report: http://databreachinsurancequote.com/wp-content/uploads/2012/01/2012_trends_healthcare_data.pdf Great minds!

      For more information on my esteemed colleagues’ work on governance, records management and compliance (GRC) in the DoD and highly regulated verticals in earlier versions of SharePoint, please see the Applied Information Sciences’ white paper: http://www.appliedis.com/pdfs/Military%20Grade%20Compliance%20for%20SharePoint%20WP.pdf

       

      • views
      • Tweet
    • 0
      6 Feb 2012

      Securing Microsoft Technologies for HITECH Compliance #spsphilly [blog]

      • Edit
      • Delete
      • Tags
      • Autopost

      Thanks to all who attended and participated in my interactive session this weekend at SharePoint Saturday Philadelphia on enterprise security planning for deploying SharePoint 2010 on premise or Office 365 in healthcare covered entities.

      Special kudos to Mike Fleck and the CipherPoint team as well as Levi Lohnes, Jeremy Thake and the AvePoint for working with me for the past few months on developing the concepts, requirements and use cases we've encountered in practice. Special kudos to AvePoint and the soft launch of their Healthcare Data Kit - it was an honor to have Jeremy in the room and be able to get that word out on Saturday.

      BLUF: SharePoint security will only take you 20% of the way in securing the platform for HITECH compliance.

      But that's not a bad thing. Not at all.

      Having a comprehensive understanding of what the security and privacy requirements of the HITECH are. As is having an enterprise security architecture, master data management strategies, and organizational security and privacy policies for technical, physical and administrative safeguards. Looking at SharePoint 2010 in isolation only contributes to a fractured security ecosystem and will often miss the mark.

      The audience had great use cases that sparked a lot of discussion (some of which is summed up here):

      • SharePoint works best for managing unstructured data and business processes, often in conjunction with structured data sets (such as an EHR))
      • Having an understanding of domain specific clinical applications (EHR, PACS, ELNs, logistics, etc.) will avoid the SharePoint worst practice of trying to build complex transactional/relational databases in SharePoint. No no no! As a presentation layer it is a critical component of service-oriented architecture, but security and privacy concerns aside, clinical data sets are too complex for SharePoint.
      • Starting with a PIA (privacy impact assessment) is absolutely essential to determine EEOI (essential elements of information) and how they will be managed in SharePoint. ePHI is a dynamic concept and depends on the fluidity of workflows and field level data elements (the 18 HIPAA direct identifiers).
      • Stating "don't put PHI in SharePoint" will simply not work. Not only is it impractical, users will rebel. Using native SharePoint security and permissions in conjunction with third party products (CipherPoint, AvePoint, Nukona, Credant, amongst others) can produce an elegant and transparent solution that allows for both collaboration and content security without burdening the end user.
      • Appropriate business and security architecture in the design phase allows for planning for costs, licensing, project planning, integration and testing of third party tools in implementation and ultimately successful deployments.

      Finally, from a cost/benefit perspective, securing SharePoint is an investment, not a cost, given the penalties provided by the HITECH. An ounce of prevention, people....

      Thanks to all who came and discussed - especially since it was last session at the end of a looooong and fulfilling day!

      Securing Microsoft Technologies for HITECH Compliance

      View more presentations from Marie-Michelle Strah, PhD

       

      • views
      • Tweet
    • 0
      6 Feb 2012

      You Don't Need Approval: Women in Technology Resources #spsphilly

      • Edit
      • Delete
      • Tags
      • Autopost

      [Images uploaded 2/6/2012 Flash #Fail]

      Thanks to Suzanne George for organizing this weekend's Women in SharePoint panel at #spsphilly and to conference organizers David Mann and Mike Mukalian for supporting this event. But most of all, kudos to the panelists and audience members who were on point, engaged and avoided "dead spots" that Suzanne would have had to fill with Chuck Norris jokes (but let's all remember, folks, Chuck Norris' workflows don't need approval. He's Chuck Norris, for pete's sake!)

      Chuck Norris jokes aside, though, there is a lesson there for women in technology and women in leadership that became clear during the panel session: leadership in technology is 80% competence, 20% confidence. Communicating, presenting and establishing leadership in any technical realm can be a challenge for both genders, but particularly for women who may have to fight expectations and perceptions that women are support staff, not leaders.

      Chuck_norris
      Thanks to Dan Lewis, AKA ShareComic, for the Chuck Norristude!

      Adopting the confidence and assertiveness of a Chuck Norris may seem to be a caricature of effective leadership but along with the effective use of networking and mentor networks was a running theme of the SharePoint Rockstar panel (including Marcy Kellar, Rima Reyes, Stacy Deere, Stephanie Donahue). A follow up discussion with Dee Anne Gavlick (herself a SharePoint knowledge management rockstar and one of the first speakers at Women in SharePoint DC) yielded this great practical tip:

      When going into a meeting immediately ask: "who's taking notes?" or better yet, assign someone to take notes to avoid the oh-so-awkward "let's have the woman take notes/make coffee" moment that several of the attendees noted unfortunately still occurs. It can be difficult to work one's way out of a credibility black hole when you've been tagged as secretary/food service.

      Thanks to Fabian Williams for adding to the convo on military leadership skills in the civilian world (we'll save the Army versus Marines for another time LOL). But in that vein, here's the two books I recommended during the panel as resources. Run, don't walk to your nearest bookstore or 1-click your Amazon account for these tomes:

      Nice_girls

      Nice Girls Don't Get the Corner Office 101 by Lois Frankel

      Leading_from_the_front

      Leading from the Front: No Excuse Leadership Tactics for Women

      Thanks ladies! Hooah!

      • views
      • Tweet
    • 0
      6 Dec 2011

      Day Two Wrap Up from #mhs11

      • Edit
      • Delete
      • Tags
      • Autopost
      Amazing resource and videos below from the @mhealthsummit website in case you missed any sessions.

      •Disruptive innovation is critical to healthcare and patient centered care and has attracted a huge startup market.

      •However, biggest successes may come from technology firms who are flexible and agile enough to innovate from within.

      •Bringing experience in service delivery and best practices from other verticals (finance, energy, cybersecurity) will jump start healthcare IT and avoid 'reinventing the wheel.'

      •Mobile health is about patients. Not about wireless, mobile or tablets in health. Firms that ignore that do so at their own peril.

      •Speaking with @dayle7 from @unfoundation today we were amazes at how far the small, core #hcsm community that grabbed cupcakes and tweets a couple years ago has flourished, matured and grown from idea to solutions. This conference itself is prrof of that.

      If you haven't registered yet for the Xbox with Kinect giveaway tomorrow at noon at booth 541 please do so!  @planettech is excited to connect with you!

      Wp_000012
      Have you checked out Regina Holliday's booth and #thewalkinggallery yet? If so, you're missing out (and missing the point!) See how far the gallery has travelled and how we took it to the Microsoft SharePoint Conference this October in Anaheim here: http://lifeincapslock.com/spc11-community-ecosystem-women-in-sharepoint

      VIDEOS: welcome @2healthguru @ahier Incredible resource! Thx @mhealthsummit from posting #MHS11 videos online http://bit.ly/sIO17m via @Cascadia

      Marie-Michelle Strah, PhD | http://lifeincapslock.com | Sent from my Windows Phone

      • views
      • Tweet
    • 0
      5 Dec 2011

      #mhs11 Day One Wrap Up @mhealthsummit

      • Edit
      • Delete
      • Tags
      • Autopost

      Wp_000010

       

      Yes, that's right, our booth is right next to the bar and dinner being served here at #mhs11 because that's how we roll!

      Have you come by to register to win an XBox 360 with Kinect yet? If not, please come by and learn about our secure solutions for healthcare (www.planethealthcareIT.com)

      Takeaways from Day One:

      •WalMartization of US medicine: soon you will be getting primary care and cat litter in same place. Be ready for it. It's a huge opportunity to democratize care.

      •Global health. Global health. Global health. Being able to deploy solutions in low bandwidth and rural areas critical. Also, although we tend to navel gaze a bit in the US, it's important to realize there's areas of the world where people don't have worry themselves sick about how to pay for care. Lessons learned for us.

      •Behavioral health and interdisciplinary care models haven't received the attention yet that chronic disease apps and solutions have but are coming on strong.

      •Data geeks rule. Big data, BI, unstructured data. It's raining data geeks here, people. Love it.

      •The Planet Technologies and Mobile Entree team are having a blast and enjoying our discussions with hospital systems, researchers, providers, and federal technology partners and are excited to join #thewalkinggallery tomorrow!

      Come hang with us and share in the conversation tomorrow. We've got the best geeks AND we know health. Plus we have the best candy at the show.

      Marie-Michelle Strah, PhD | http://lifeincapslock.com | Sent from my Windows Phone

      • views
      • Tweet
    • 0
      4 Dec 2011

      6 Hottest #HIT #job skills for 2012 #in #mhs11

      • Edit
      • Delete
      • Tags
      • Autopost
      From a Tweet by @brad_justus today from Government Health IT article comes a list of:

      The 6 hottest #HIT #job skills for 2012 http://bradjust.us/sLEvrK #Healthcare

      People, can we say:
      •ICD10/5010
      •EMR/EHR implementation
      •Application development (also read: cloud and mobile)
      •Data management
      •Security and compliance
      •BI/analytics

      Heck, yes. I would also like to add that those all point to the underlying challenging of securely managing •unstructured• data in a world of structured data and workflows. Secure enterprise content management (emails, chats, wikis, documents) integrated with structured legacy systems and EHRs is going to be a significant hurdle.

      Implementing an EHR is one thing, managing the world of data around those records to provide comprehensive visibility into the whole patient for continuity of care and patient safety is well, a whole other ball of wax. And with HITECH privacy and security regulations, this data needs to be secured end to end in a BYOD world.

      Disheartened at the daunting prospects of tackling this? Never fear!

      Come see me and my team at mHealthSummit this week (http://www.mhealthsummit.org) in Booth 541 to discuss how we can tackle these challenges with you... And register to win Xbox 360 with Kinect to #getupandmove away from that keyboard!

      Mobile health isn't just about devices, its about bringing movement, exercise, and mobility back to health and wellness (yes, you, get out of that swivel chair!)

      Find out more at http://www.planethealthcareIT.com

      Marie-Michelle Strah, PhD | http://lifeincapslock.com | Sent from my Windows Phone

      • views
      • Tweet
    • 0
      24 Nov 2011

      Thanksgiving 2011 #thankfulfor

      • Edit
      • Delete
      • Tags
      • Autopost
      • Not having any turkey whatsoever today - not even close.
      • Despite being asked today if I worked as a hairdresser, summoning the ability to not explode or have my eyebrows pop out of my head and to simply say: "No, I work in computers."
      • The female altar server at Mass today - proud to see her there, especially given recent decisions by some to remove women from altar. She rocked.
      • The patient advocate at the VA who worked miracles this week to coordinate appointments despite the 1950s era telephone system I was caught in and to the staff who had a great sense of humor about it.
      • That I can research the holiday online at NARA if I so choose and learn more than I ever wanted to know about war economics, economic expansion and holiday scheduling in the executive and legislative branches.
        Amendment-xl

       

      • views
      • Tweet
    • 1
      21 Nov 2011

      No Laughing Matter: Healthcare IT Security is PIA

      • Edit
      • Delete
      • Tags
      • Autopost

      But maybe it is... As David Harlow posited today in reference to Sutter Health's recent landing on the ePHI Wall of Shame, it could be that dealing with encrypted data is PIA (pain in the ass, not privacy impact assessment. The latter would have prevented the former, actually).

       I know encryption can be a drag, but I'm not a techie. If you are, I invite you to educate me (and the other non-techies out there) on the question of how miserable it really is to have to deal with encrypted data; if you're really a techie, write a program to enable light-touch encryption that doesn't interfere with use of data [from Privacy and Security: Joke or No Joke]

      There are quite a few programs out there that do "light touch" encryption (I assume that means less PIA factor, but not quite sure). Properly architected systems can be both user friendly as well as secure - that requires proactive thinking, planning, and the appropriate staff (in house or consultants) to do so.

      Most of the PIA factor comes from trying to reverse engineer systems that were not secured - methinks the problem is really "let's wait until the last minute" - always a really really really bad idea from an architecture standpoint.

      As I noted in my comment, data encryption can and should be transparent to the end user. Setting it up requires work on IT's part, but IT teams in major medical centers should be used to this as their bread and butter. If not, get consultants who can.

      Capture

      This brings me to two other great blog posts in the post-Sutter datapocalypse era: George Hulme's interview with Gunnar Peterson and Bill Brenner's excerpt of David Kennedy's analysis of why healthcare is the most breached industry in 2011.

      Both excellent studies of why yes, healthcare IT security is really, really hard. I'll echo their comments and would like to add the following:

      1) Heatlhcare IT is 10-15 years behind commercial or business solutions - healthcare has been a very slow adopter of IT and now is in "catch up" mode | many entities want to grab for meaningful use dollars without planning for or paying the piper (time and money needed to secure those systems).

      2) Often HIPAA/HITECH experts are sequestered in "HIPAA Privacy Offices" and don't speak with IT or HIPAA Security Officers (if there are any) - hence huge gap in perception, requirements, and communication.

      3) Healthcare IT teams are faced with moving targets of HITECH compliance regulations and guidance, usually with little to no funding, and are often at the mercy of clinical informatics staff they report to who don't necessarily have IT background. Loads of background in workflow, patient safety, data analytics, but systems architecture and enterprise architecture... not so much.

      4) External consultants brought into help may be development ninjas, but not architects, application salespeople, but not architects, or security gurus, but not familiar with healthcare's unique requirements. Any one of those can lead to the pain and suffering alluded to above and make what can be transparent and compliant solutions.

      5) HITECH is as much about data privacy (data architecture, information architecture) as it is about security - no amount of third party tools will substitute for appropriate logical and physical segmentation of data.

      To avoid PIA, trust, but verify, and measure twice, cut once. And please do a PIA (privacy impact assessment). Logical and physical segmentation are your friends.

      Now, can someone please pass the Excedrin?

      • views
      • Tweet
    • 0
      8 Nov 2011

      Webinar: Healthcare, Compliance, Security and Microsoft SharePoint 2010

      • Edit
      • Delete
      • Tags
      • Autopost

      BLUF: Microsoft SharePoint 2010 is a significant enabler for healthcare organizations in transformation.

      However, one of the challenges in building patient engagement, practice management, and enterprise content management solutions with healthcare agencies in the public and private sector is the need to balance privacy and security with openness, transparency and collaboration.

      All too often healthcare IT projects using Microsoft SharePoint can be caught between two extremes, with HIPAA bandied about in both use cases like a blazon:

      1) The "can't do that because of HIPAA" problem -or-

      2) The "HIPAA's overrated we can go ahead and do that" problem

      Either attitude employed by IT professionals can introduce unnecessary risk and unanticipated costs into healthcare IT projects using Microsoft SharePoint.

      Both, however, stem from a lack of insight or knowledge into security, compliance and risk management around HIPAA, HITECH and enterprise architecture and are usually uttered by well-meaning folks who don't have sufficient domain in experience in Microsoft SharePoint, HITECH Act compliance or healthcare (or a combination of one or more of those).

      I had the opportunity to present a webinar recently with Planet Technologies' partners at CipherPoint Software on how to architect secure and compliant solutions with Microsoft SharePoint for healthcare organizations. Upfront planning saves time, reduces costs and risks and allows SharePoint as a enterprise collaboration platform shine, when implemented properly.

      As they pointed out in their blog,

      [...] outsourcing business functions does not mean that you've outsourced the risk. Assessing and understanding the risk that you have from your outsourcing partners is important. With the HITECH act expanding the scope of HIPAA to directly cover business associates, the importance of really understanding and managing risk from your outsourcing partners is increased.

      Adopting a proactive security posture with strategic risk management approach to any software implementation is critical for data protection and privacy, especially with collaboration platforms such as Microsoft SharePoint.

      See the recorded webinar here:

      (download)
      Click here to download:
      2011_11_02_SharePoint_Security_in_Healthcare.wmv (51.25 MB)

      For more information from the original presentation in August 2011, please see this post.

      For a copy of the slides, see here.

       

       

       

       

      • views
      • Tweet
    « Previous 1 2 3 4 5 6 7 Next »

    • Search

    • Find me at:

      • cyberslate's tweets
      • cyberslate linked in
      • cyberslate's shared slides
      • Women in SharePoint DC

    • Tags

      • SharePoint
      • Health 2.0
      • SharePoint 2010
      • women in technology
      • Women in Media
      • Security
      • Women in SharePoint DC
      • Enterprise Architecture
      • Mobile Health
      • User Adoption
      • User-Centered Design
      • healthcare IT
      • #hcsm
      • Business Intelligence
      • HITECH
      • Privacy
      • User Experience
      • #HITsm
      • Business Architecture
      • Cultural Psychology
      • Gov2.0
      • Humor
      • INFOSEC
      • Innovation
      • Microsoft
      • healthcare
      • 9/11
      • Agile
      • Data Architecture
      • Dynamics GP
      • Information Architecture
      • Media Psychology
      • Mobile
      • SharePoint Foundation
      • SharePoint Saturday Philadelphia
      • project management
      • #HIT100
      • #bpc11 #sharepoint WSDPC #opengov #performance #security #gov20 #health20 .NET AJAX
      • #conv11
      • #mhs11
      • #spsnyc
      • American Women Veterans
      • Architecture
      • Business Connectivity Services
      • Business Process Re-engineering
      • Collaboration
      • Dashboards
      • ECM
      • EHR
      • First Responders
      • GovLoop
      • Government 2.0
      • Practice Management
      • SDLC
      • SPSDC
      • SUGDC
      • Social Justice Camp
      • Veterans
      • crowdsourcing
      • "Kill Switch"
      • #OBL
      • #SPC11LB
      • #SPCRockstars
      • #bpc11
      • #bpc11 #sharepoint Women in SharePoint #health20 #gov20 collaboration business intelligence work management HIPAA security
      • #getupandmove
      • #jan25
      • #mmmmtdc
      • #occupyhealth
      • #opengov
      • #spstcdc
      • .NET
      • 2010
      • @krazykriz
      • ARRA
      • Android
      • Animals
      • Business Portal
      • CKO
      • CMMI
      • CRM
      • Christmas
      • Clinical Decision Support
      • Customer Service
      • DC
      • Dickens
      • Disney
      • Disruption
      • ERP
      • Egypt
      • Exchange
      • FEDSPUG
      • Foodie
      • Fourth of July
      • GPUG
      • Google
      • Grace Hopper
      • HHS
      • HIMSS
      • HIPAA

    • Archive

      • 2012 (4)
        • February (4)
      • 2011 (61)
        • December (3)
        • November (5)
        • October (9)
        • September (3)
        • August (4)
        • July (6)
        • June (3)
        • May (2)
        • April (3)
        • March (12)
        • February (5)
        • January (6)
      • 2010 (11)
        • December (2)
        • November (4)
        • October (5)
    • Obox Design

  • Life in Caps Lock: cyberslate's posterous

    Uber-geek, been around the block a few times, Chief Snarkitecht, SharePoint, #gov20 and #health20 junkie; any views here are *strictly* my own.

    Twalteregos (AKA you can find me sometimes posting for these fab groups): @wspdc and @USWomenVeterans

    Email me at michelle AT lifeincapslock DOT com

    Copyright 2010-2011 Marie-Michelle Strah, PhD All rights reserved.

    53891 Views

  • Get Updates

    Subscribe via RSS
    TwitterLinkedIn