I was invited by the Box.com healthcare team to discuss Shadow IT in Healthcare for their "Secure Cloud Collaboration in Healthcare" webinar. The recorded webinar is available at https://www.brighttalk.com/webcast/8843/67115

1. Reducing Shadow IT by embracing
“good enough for HIPAA” businessfriendly SaaS tools
Box.com Healthcare Webinar
Shahid N. Shah, CEO

2. NETSPECTIVE
Who is Shahid?
•
•
•
•
20+ years of software engineering and multisite healthcare system deployment
experience
12+ years of healthcare IT and medical
devices experience (blog at
http://healthcareguy.com)
15+ years of technology management
experience (government, non-profit,
commercial)
10+ years as architect, engineer, and
implementation manager on various EMR
and EHR initiatives (commercial and nonprofit)
www.netspective.com
Author of Chapter 13, “You’re
the CIO of your Own Office”
2

3. NETSPECTIVE
Clinical tech users are resourceful
Clinical professionals that
are counted on to save
lives do not always wait
around for solutions, they
create them.
www.netspective.com
3

4. NETSPECTIVE
Shadow IT is prevalent & growing
• When they only had
access to MS Office,
“Shadow EHRs” were
created using Word,
Excel, and Access.
• In the cloud era, they
pick consumer-grade
and least-secure options
when you don’t give
them reasonably secure
options instead.
www.netspective.com
4

5. NETSPECTIVE
What does HIPAA compliance mean?
The rules:
– http://www.hhs.gov/ocr/privacy/hipaa/administrative
/omnibus/
Read the rules, don’t take anyone else’s informal
legal opinion (these are federal regulations).
www.netspective.com
5

6. NETSPECTIVE
Most important HIPAA considerations
Participants
(Specific)
• Covered
Entities [CE]
(plans,
providers,
clearinghouses)
• Business
Associates [BA]
(needs data to
help a CE)
www.netspective.com
Safeguards
(Guidance)
• Administrative
• Physical
• Technical
get a business
associate agreement
(BAA)
6

7. NETSPECTIVE
Most important cloud considerations
• Business-grade
functionality
• Consumer-grade ease of
use
• Auditable with easy to
use notifications (reduce
permissions requirement)
• Workflow-independent
• Platform-independent
• Device-independent
www.netspective.com
7

8. NETSPECTIVE
Healthcare Industry Fallacies
• Healthcare folks are neither technically challenged nor
simple techno-phobes (they’re busy saving lives)
• Most technology product decisions are no longer made
by the CIOs
• Complex, full-featured, products are not better than
stand alone tools that have the capability of
interoperating with other solutions
• Hospitals will not buy unless one proves value.
www.netspective.com
8

9. Visit
http://www.netspective.com
http://www.healthcareguy.com
E-mail shahid.shah@netspective.com
Follow @ShahidNShah
Call 202-713-5409
Thank You