Hawaii Behavioral Health. Technology Plan. Technology and System Plan. Carla Gross Chief Operating Officer. Technology and System Plan 2013-2015



Similar documents
Hawaii Behavioral Health. Information Technology. Contingency Plan Version: 1.0. Carla Gross Chief Operating Officer

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

MSP Service Matrix. Servers

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

Client Security Risk Assessment Questionnaire

Supplier Security Assessment Questionnaire

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

INCIDENT RESPONSE CHECKLIST

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

AVeS Cloud Security powered by SYMANTEC TM

HIPAA Security Alert

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

INFORMATION SECURITY OVERVIEW

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

GETTING STARTED WITH A COMPUTER SYSTEM FACTSHEET

Contact us for a free consultation today! officemove@aie195.com

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Office Technologies Managed Services Professional Services. SERVING OVER 18,000 CUSTOMERS IN THE NYC & TRI-STATE AREA tomorrowsoffice.

Sagari Ltd. Service Catalogue and Service Level Agreement For Outsource IT Services

Enterprise Governance and Planning

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Call us today Managed IT Services. Proactive, flexible and affordable

Information Technology Solutions. Managed IT Services

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

JOB TITLE: CURRENT CLASSIFICATION/GRID POSITION # IT Tech II AD Grid Level 5(g) #123 Network Support Technician

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

White Paper. Support for the HIPAA Security Rule PowerScribe 360

CHIS, Inc. Privacy General Guidelines

Procedure Title: TennDent HIPAA Security Awareness and Training

Technology Solutions For

NET ACCESS HIPAA COMPLIANT FLEXCloud

Secondary School 1/04/2015. ICT Service Specification by: Andrea Warburton ONE IT SERVICES AND SOLUTIONS

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

The Second National HIPAA Summit

Cloud Computing Thunder and Lightning on Your Horizon?

Electronic Health Records Are You Ready?

Altius IT Policy Collection Compliance and Standards Matrix

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

MaaS360 Mobile Service

Guardian365. Managed IT Support Services Suite

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Best Practices For Department Server and Enterprise System Checklist

Cybersecurity Health Check At A Glance

Fully Managed IT Support. Proactive Maintenance. Disaster Recovery. Remote Support. Service Desk. Call Centre. Fully Managed Services Guide July 2007

The Practice of Internal Controls. Cornell Municipal Clerks School July 16, 2014

ICT Category Sub Category Description Architecture and Design

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Network Services Internet VPN

Information Systems and Technology

USING GENIE REMOTELY

TECHNOLOGY STRATEGY AUDIT

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

Choosing a Server to Fit Your Business. A step-by-step guide to help businesses maximize the benefits of Intel. Xeon -based server solutions.

IT Assessment Report. Prepared by: Date: BRI Works East Main Street, Suite 200 Charlottesville VA

EHR Implementation: What you need to know to have a successful project: Part 2. Bruce Kleaveland President Kleaveland Consulting, Inc.

HIPAA Privacy and Security Risk Assessment and Action Planning

An Introduction to HIPAA and how it relates to docstar

Brazosport College VPN Connection Installation and Setup Instructions. Draft 2 March 24, 2005

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

ADM:49 DPS POLICY MANUAL Page 1 of 5

Retention & Destruction

H.I.P.A.A. Compliance Made Easy Products and Services

5 Essential Benefits of Hybrid Cloud Backup

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Technical Standards for Information Security Measures for the Central Government Computer Systems

HIPAA: Compliance Essentials

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

Remote Services. Managing Open Systems with Remote Services

STATE OF NEW JERSEY Security Controls Assessment Checklist

HHSN W 1 QSSI - Quality Software Services, Inc

HIGH AVAILABILITY DISASTER RECOVERY SOLUTION

Chapter 8: Security Measures Test your knowledge

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department

Service Descriptions

Cyber Security Best Practices

Why cloud backup? Top 10 reasons

Lessons from the DHS Cyber Test Bed Project

Transcription:

Hawaii Behavioral Health Technology Plan Technology and System Plan Carla Gross Chief Operating Officer Prepared by: Michael Lukson

Hawaii Behavioral Health TECHNOLOGY & SYSTEM PLAN 2013-2015 The purpose of HBH s technology plan if to provide a framework for the delivery and alignment of technological services and solutions to support HBH s mission, HBH mission is to provide a statewide system of integrated services to improve the educational, health, and safety outcomes for Hawaii s youth and families. The HBH Technology Plan applies to any and all technological functions, revision, and expansions within the company. It is intended to outline areas for review and possible implantation. This document is a chronical of the process that HBH has implemented and is updated and published annually to share progress with staff and key stakeholders. Prepared by: Michael Lukson Date: 02/04/2013 Reviewed by: Jessica Wong-Sumida Date: 02/13/2013 Approved by: Carla Gross Date: 02/20/2013

Hawaii Behavioral Health (HBH) must continue to leverage technology in its plans for the future. Technology is a fundamental component in the business operations of Hawaii Behavioral Health. The adaption of new technologies to improve system reliability, employee efficiency and to assist in the management of the company will have a strong impact. HBH is also committed to ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA). As HBH continues its work with the private insurance market, technology systems and practices will continue to be in alignment with this requirement. The basic issues for this year s technology plan is to decide upon the best action to take with regards to existing systems. A decision should be made to either outsource critical systems to ensure effective data protection or to increase training or possibly hire an IT position to support company operations. Hardware Plan a. Server Upgrade/Replacement: HBH has two server data centers located in Honolulu and Hilo. These data center provide an array of services for the company including domain logon/authentication, security assignments for file server data, email server and web server. While both data centers are currently operational it will be important to have planned replacements for data center systems. The following graph outlines the physical layout for both data centers. The Hilo data center servers are nearing end of life expectancy. Both the windows and file servers are over six years old. Budgeting and planning for both systems to be replaced in the near term, should occur before any critical data is put at risk. b. Long Term Hardware Budget and Plan: A long-term (five year) budget plan should be developed to replace critical data center equipment phasing in these new systems in a multi-year plan. Phasing in new

systems over multiple years will spread the capital requirements for the equipment and ensure that systems don t reach their end of life period at same time. This hardware budget/plan should also include other data center appliances such as the firewall/vpn units. Also considered should be the office ethernet cabling and wireless access points. The budget plan could also include scheduled replacement of company workstations and laptops. Possible solutions such as corporate replacement leasing programs could be pursued if cost effective. c. Broadband Internet Connections: A review of site broadband internet connections should occur. Close attention to what vendor is used and what business class speeds are available should be in the review. Cost effective solutions should be pursued for all offices. However, given that work backups occur between the individual geographic locations care that suitable connectivity speeds are available to support business operations. d. Barcode or IT Inventory System Review: A barcode system or inventory review for server and workstations should be looked into. An easy to use barcode software system would help protect IT equipment for the company and assist in inventory documentation. e. Information and Technology System Position: HBH should review the possibility of creating an employee IT position to support existing systems. Currently HBH does not have any professional staff to support data centric operations. Instead it has relied upon external partnerships to provide professional labor. This may cause issues related to timeliness of backups and security procedures if adequately on-site IT staff are not available to perform these functions. An alternative might be to be to identify existing positions to serve as additional IT assets and increase training to support business functions. Anther options would be to outsource existing systems (host with third party company) such as the email or cloud based hosting of file server data. Keep in mind that outsourcing with third party company may cause HIPAA certification problems. SYSTEMS AND SOFTWARE PLAN a. Information and Billings Systems Efficiency Review: HBH currently has two billing and information management systems used. One is a contract vendor solution called NPAWorks. The other is a mandated web input system from the Department of Education used for billing and

inputting of work for that contract. Both systems should be reviewed for efficiency of use. HBH has always been a strong document centric workplace. A document centric workplace is one where common word and spreadsheet documents are often used for management data. In today s information age, the move from document centered solutions to application solutions should be occurring. A review of workplace practices would be good to make sure that maximum utilization of existing information systems is used over user produced documents. b. EMAIL System: HBH should consider the option of outsourcing the email system to a third party partner. Keeping the exchange server running as a stand alone system may put email data at risk. Many companies are outsourcing email to a hosting company. There are a couple options available. One would be hosting with a local third party company. The other would be hosting with an enterprise level host such as Google docs for business. Making this move would have to be evaluated from a cost perspective. The current system and licenses are paid for. Outsourcing to a third party system would involve recurring monthly fees that would be tied into the number of email accounts required. c. CLOUD Storage File System: Another system upgrade for evaluation would be to transfer the file server over to a business class cloud storage solution. This change assist employees with access to the system to centralized business file system. It would also streamline the backup of critical data files since the third party partner of the cloud storage entity would handle the backups for the system. This would also have to be evaluated from a cost perspective. File servers represent an upfront cost to the business. A cloud storage system would result in monthly subscription fees. d. WEB Site Rebuild: A rebuild of the existing web site should be considered. A rebuild of the web site would have multiple intended purposes. The first would be a visual improvement to the existing look and workflow for the site. The current site could be improved upon with a more modern look. A second consideration would be an improvement to the existing employee content. Currently employees can use the site to logon to

email, and download some document. A better system with categorized document downloads would benefit the company. Any new web site designed should be done with a content management system. This will allow HBH to correct and post new information to the site with minimal training. Any new web site should be designed with assistive technology tools in place. This will allow for maximum distribution of essential information to potential interested parties. e. Employee Technology Training Program: An assessment for a possible employee technology training program should be made. The purpose for this training would be a formalized training curriculum based upon position. This training program would be designed to increase system usage familiarity and increase business productivity and efficiency. SECURITY PLAN a. Firewall Review: A review of the firewall appliance will be conducted. Each geographic location should have a firewall with VPN tunnel installed. The firewalls should be updated to the latest firmware which should be documented in an annual security report. b. Anti-Virus Review: A single anti-virus provider should be identified and a corporate subscription setup for all HBH workstations. A documented review of installation and checks per workstation should be conducted to ensure each is protected and updated automatically on a regular basis. c. Domain Logon Review: A review of domain logons should be conducted. It is important that only user level access be granted to the user. The basic user should have no software installation privileges to protect the workstation from viruses, adware and trojans. A review of logons should be conducted annually to also ensure that terminated employees accounts are deleted. This also impacts email accounts. If an employee is on legal the account should be deactivated. CONFIDENTIALITY a. HIPAA Data Review: A review of systems should occur with HIPAA confidentially standards applied. This would be a systemic review of all patient related data to ensure that: i. All patient related data is identified.

BACKUP REVIEW PLAN ii. All web assessable patient related data is protected with encrypted data channels. iii. Employees who have access to this data are identified. iv. All patient related data is protected via file authentication assignments. v. Patient related data centers are in a secure location. The Recovery and Backup Policy should be review for accuracy and updates. A review should also ensure that checklist and backup logs (electronic or paper) are being maintained. Backup equipment should be tested annual as well to ensure proper functioning. DISASTER REVCOVERY PREPARADNESS The HBH Contingency Plan should be reviewed for accuracy and possible updates. In addition a write plan with cost estimate should be produced that identifies specific system components which might be procured in advance to assist with any disaster related events. Because the HBH data centers cannot rely on local off-the-shelf equipment there will be equipment acquisition delays during an actual disaster event. The pre-purchase and storage of potential backup equipment would speed up the reconstitution operations for the data center. This would have to be a cost effective measure and the plan could layout possible equipment and cost factors.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information