Month: April 2012

The days of stressing out because you left your big presentation on your work computer or because your hard drive crashed, losing all the work you put into that major report, are over. Thanks to IronOrbit’s desktop virtualization, you can access your desktop from anywhere, on any device. The use of virtual desktops is rapidly growing, and it is predicted that there will be an 8-10% market penetration by the year 2015. Gartner predicts that, by the year 2014, the desire of employees to use their own devices for work purposes will make it necessary for companies to support corporate applications on employee-owned computers and cellphones. When considering desktop hosting as an option for your SMB, you should familiarize yourself with some of the terms used when referencing the topic, as well as the benefits of VDI, so that you make informed decisions.

Definitions

Unless you are an IT person or are just really into technology, there may be a lot of terms you are unfamiliar with when it comes to cloud computing and desktop virtualization. Below are two important terms you should be familiar with when you consider moving your SMB to a virtual desktop.

• Desktop Virtualization– Using software to separate operating systems, applications, and other data from a physical source.
• VDI– An acronym that stands Virtual Desktop Infrastructure. It is one of the forms of desktop virtualization available. It involves “running a user desktop inside a virtual machine that lives on a server in the datacenter.” It remains centrally managed but allows for customized desktops for individual users.

Benefits

A virtual desktop provides its users with several benefits.

• Virtual desktops are cost-effective. They allow for a centralized way of managing a large number of computers: upgrades can be conducted quickly and efficiently and new computers can be installed quickly. This means businesses can focus on their customers rather than IT issues, an aspect that is especially beneficial to SMBs that don’t have an IT person on-site.
• VDIs also allow for increased mobility. Now that smart phones and tablets play a major role in daily business, it is essential that employees can access their data from multiple sources. Since desktop virtualization allows data and applications to be centrally located, users can switch back and forth between various devices.
• Virtualized desktops are extremely secure. They are generally located behind firewalls and the connected devices don’t contain any local data. They are also protected by filters that seek out viruses and other threats.

IronOrbit’s VDI

IronOrbit is proud to partner with Citrix to bring our customers hosted desktops that are both fast and secure. Citrix’s VDI-in-a-Box is a streamlined VDI. This revolutionary technology consolidates several aspects of traditional VDIs into a single appliance. At IronOrbit, we bring you all the benefits of the VDI-in-a-Box for a great price: our virtual desktops start at just $1 a day. And you can stop worrying about time; we can have your network built up in less than two hours.

When you sign up for IronOrbit’s services, you can enjoy benefits such as the ability to access and edit your documents from any device, no matter where you are; the peace of mind that your data is secure and monitored at our data centers; and the knowledge that our experts are there to help you with any possible problems that may arise, 365 days a year.

From the looks of it, cloud computing is here to stay. Several studies predict that cloud-use will increase dramatically over the next few years. For SMB owners, the cloud realm can be overwhelming. There are a lot of things to consider when moving your company to a cloud system. In a previous post, we briefly introduced you to the various types of clouds available to you: public, private and hybrid. In today’s post, we will give you an in-depth look at public and private clouds, including some pros and cons of each, in order to give you a better understanding of why IronOrbit’s cloud system is a good solution for your business.

Public clouds

Public clouds, like Facebook and Google, are owned by the provider and made available to the general public through a server.  According to the National Institute of Science and Technology (NIST), a public cloud “may be owned, managed, and operated by a business, academic, or government organization, or some combination of them.” Multiple tenants can access this type of cloud since you are sharing infrastructure with other people. The following is a list of the major pros and cons of public clouds (although this should not be taken as an exhaustive list of either):

Pros

• Cost: There are several cost benefits that come with using a public cloud. Public clouds are generally free or available as pay-as-you-go services; you pay hourly for the resources you use.
• Accessibility: Since the infrastructure of public clouds is shared, information is easily accessible. This is particularly advantageous to organizations that wish to get their information out to the public quickly and easily. Readily-available tools make it easier to develop, launch, and promote new services.
• Increased utility: Since they are easily accessible, public clouds have a wide range of uses and can be utilized for numerous activities.

Cons

• Security: One of the main drawbacks of a public cloud is a lack of security. Because systems are shared, it is easy for people outside of your organization to access your information. Some sites are vulnerable to attacks, thereby making your company vulnerable by extension. Backups and other security measures are not consistent across the board, so the user is responsible for ensuring their data is not completely lost if the cloud is attacked.
• Limited customization: The purpose of public clouds is utility; they are meant to be used by a broad range of people doing a broad range of things. Some companies have specific needs and wants; public clouds are not customized to your company’s individual needs since they are meant to be utilized by the general public.

Private clouds

Private clouds are managed by a third-party organization and tailored for a specific client, based on their needs. According to the NIST, private clouds “may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.” Access to individual clouds is limited to the organization it is designed for and to anyone else they choose to whom they choose to grant access.  One report showed that 41% of executives would prefer a private cloud. Like the public cloud, there are pros and cons to this type of cloud computing.

Pros

• Security: There is an increased level of security since private clouds can only be accessed by designated people. This is of great importance if your business handles or deals with sensitive information (e.g. healthcare or government agencies).
• Control and flexibility: You have the ability to control what your cloud looks like and how it is used. Customers using this type of cloud have control and ownership of the cloud even if it is implemented by a third-party.
• Ease: You don’t have to worry about maintaining a system; it is taken care of by the company you hired.

Cons

• Cost: Since private clouds are created and designed for a specific corporation, there is an associated cost with designing and maintaining them.
• Time: Private clouds take more time to implement (but once they are created, there is little to no difference in speed of processing).

IronOrbit offers the best of both worlds:

• Low cost: IronOrbit knows that as an SMB, every dollar counts. That’s why we are proud to offer services that start at just $1/day. For a flat monthly fee you get access to your private cloud from any device, anywhere in the world. Disaster backup and recovery are also included in this low cost, and we guarantee that there will be no unpredictable fees tacked onto your account.
• Security: We pride ourselves in our multi-level security system, designed to deliver the highest levels of protection to our customers. In order to further protect your system, we have developed our Orbital Security System, which includes:
  • Physical & environmental security
  • Operational security
  • Backup & disaster recovery
  • Logical & system security
  • Customization: Our services are customizable, based on your business needs. Our team of experts takes your business into account when designing your private cloud and develops it to your specifications.
  • Access: Since you probably don’t live at your office, IronOrbit allows its users to access their information from anywhere in the world, instantly and securely.
  • Speed: Through Kaviza’s “VDI in a box, IronOrbit can set up your entire network of Virtual Desktops, with multiple servers, in less than two hours.

Mac users might have thought they were out of the woods after the recent “Flashback” virus scare.  But no sooner than Apple released a software update to take care of the problem did a new Trojan emerge.

Russian-based Kaspersky Lab disovered the virus named Backdoor.OSX.SabPub.a, aka SabPub.  Two versions of the virus have been discovered.  The first version has been floating around for a couple months now and infects computers through Microsoft Word.  The second version has infected more computers than its predecessor and, like Flashback, utilizes Java.  Unlike Flashback, however, the SabPub trojan is a “classic backdoor Trojan,” which allows attackers to remotely access the infected computer and, by extension, the owner’s information.

While the SabPub virus seems to have a small list of specific targets and is not attacking a larger population, the recent rash of trojans and viruses attacking Macs has lead to an increased question about security.  IronOrbit offers customers a secure way of managing their business.  We have established Cisco firewalls that protect your desktop and important data from attacks.  We constantly install new security patches that protect you from any known viruses, trojans, malware, and other threats.   For more information on our “Orbital Security” system, check out our Data & Network Security page.

Primarily for financial reasons, many in the healthcare industry still cling to the all-paper office. Nearly 50% of U.S. outpatient physicians do not use an electronic records system. Over 65% of physicians that have not implemented an electronic health records (EHR) system cited as their main justification the high costs of installation and training. Of the half abstaining from adopting an EHR, over 55% claimed that financial incentives would tip the cost-benefit balance and persuade them to switch to electronic recordkeeping. Other barriers exist to the widespread digitization of medical records, however. For instance, some question the security of EHR systems. And others point out that the privacy risks outweigh the benefits of accessible and transportable electronic medical records.

Until recently, another significant obstacle to EHR adoption has been their inability to promise or provide benefits directly to physicians. EHRs allow patients to receive faster, better, and more consistent service from multiple healthcare providers (family doctors, specialists, in-hospital physicians, pharmacies). Electronic medical records also provide researchers and disease control experts with an accurate, up-to-date, and all-encompassing source of nationwide health data. But because the increased efficiency of EHRs has never been extensive enough to offset the costs of implementation and training, doctors have never had a financial or market-based incentive to adopt an electronic records system. Furthermore, nearly half of U.S. physicians are 55 years and older. Many of these older doctors have neither the ability nor the desire to adopt and productively utilize information technology systems.

Recent regulatory and technological developments have increased the financial incentives for EHR adoption, however. First, the HITECH Act of 2009 rewards physicians that implement and demonstrate “meaningful use” of EHR systems with up to $100,000 in Medicare and Medicaid payments. Second, the expenses of purchasing, installing, and hosting an EHR deployment has declined, primarily due to the cost-efficiency of cloud-based systems.

Also, the facts prove that a properly-maintained EHR does not endanger the security and privacy of patient information more than a paper recordkeeping system. Software Advice’s report on HIPAA data breach violations from 2009-2011 concluded that hacking only accounted for 6% of incidents. Conversely, almost 70% of incidents involved physical theft, loss, or improper disposal of paper records and hard drives. And of the 2% of incidents that directly involved EHRs, 100% of them involved on-premise systems.

Externally-hosted cloud-based EHRs offer many benefits over on-premise solutions, not to mention paper recordkeeping systems. 1) Many independent and small practice healthcare providers do not have an existing IT infrastructure or any on-staff technical personnel. 2) An externally-hosted, cloud-based EHR costs much less than an on-premise EHR that a healthcare provider builds, implements, and manages for itself. 3) State laws require physicians to maintain patient records for between 20-100 years. Cloud-based EHRs, centralized and web-enabled, can back up and transfer data to more stable and less accessible storage systems quicker and easier than on-premise systems. 4) Physicians in hospitals and in larger practices treat different patients in multiple rooms. Cloud hosting allows peripatetic doctors to access EHRs from web-enabled laptops, tablets, and smartphones. 5) Healthcare providers that have already selected an on-premise EHR to their preference can quickly and without disruption transfer the deployment to the cloud.

Physicians convinced of the benefits of a cloud-based EHR and desiring the best in price, performance, and service should select IronOrbit as their hosting provider. IronOrbit deploys and manages HIPAA-compliant EHRs from Epic, Allscripts, NextGen, and others. Our patented Atomic Speed Technology and Orbital Security deliver industry-best processing speeds and data protection. And with our 24x7x365 technical service and performance monitoring, even in-hospital physicians working the graveyard shift receive optimal support.

In a previous post on our IronOrbit blog, we discussed how healthcare legislation over the last 15 years has directly and indirectly altered the industry’s IT requirements. Some legislation, such as HIPAA and HITECH, straightforwardly require more secure management of patients’ electronic records. Other laws, such as the Affordable Care Act, change healthcare IT by, for example, adding patient volume or increasing documentation requirements of medicinal practices that involve electronic records. Today we will discuss legislation and regulations that affect the IT requirements of retail and financial services businesses in similarly direct and indirect ways.

Like healthcare IT legislation, retail and financial services IT regulations developed only after electronic storage and transfer of data in those industries had become ubiquitous. The IT regulations of retail and financial services were drafted for different reasons, however. Customers and payment card companies had always tacitly expected and demanded that businesses accepting credit cards and other forms of electronic payment securely manage, store, and transfer sensitive financial data. Retail businesses that failed to properly manage credit card data might be punished with fines or decreased sales, but until recently neither the government nor the payment card companies had imposed explicit, consistent, or punishable data security regulations. For accounting departments and financial services companies, on the other hand, data security was never the primary IT issue. Economic scandals in the early 2000s and 2008 convinced lawmakers that financial services required better records management standards, more transparent reporting and disclosures, and more oversight of the auditing process. The Sarbanes-Oxley and Dodd-Frank acts were the result of this thinking.

Sarbanes-Oxley (2002). In response to the corporate scandals of Enron, WorldCom, Tyco, and others, Congress drafted Sarbanes-Oxley to discourage auditing malfeasance and to make it more difficult for businesses to publicly misrepresent their financial health. Under Sarbanes-Oxley, companies must continually preserve 5 years’ worth of financial records; they need to implement and maintain a stable records management system (paper or electronic); and they have to restrict access to financial data to designated employees or contractors. Also known as Sarbox or SOX.

PCI DSS (2004). Five major credit card companies (VISA, MasterCard, American Express, Discover, and JCB) developed the Payment Card Industry Data Security Standard in 2004 in response to a worsening epidemic of electronic credit card theft and fraud. PCI DSS requires companies to securely store and transmit credit card data and to restrict access to databases containing customer financial information.

Dodd-Frank (2010). The Wall Street Reform and Consumer Protection Act responded to the 2008 economic crisis by extending the requirements for reporting and disclosures and increasing regulation of formerly unregulated financial institutions. Like Sarbanes-Oxley, Dodd-Frank does not address financial services IT directly. However, satisfying the new reporting requirements (mainly about compensation, investments, and sources of funding) may require the IT system to adjust the way it creates, stores, and transfers company documents.

Many companies have to adhere to the regulations of Sarbanes-Oxley, PCI DSS, and Dodd-Frank all at once because they both accept electronic payments and administer their own accounting services. Complying with these regulations all at once can be tricky because PCI DSS mandates impeccable security and access control while Sarbanes-Oxley and Dodd-Frank require companies to deliver the near-opposite: more access to regulators, more honest communication with the public, and increased financial transparency. Usually small and medium sized companies do not have the IT resources or knowledge to build and maintain an IT infrastructure with the requisite combination of security and openness.

SMBs certain of their IT’s incompliance (or, conversely, uncertain of its compliance) should select cloud-based virtualized desktop infrastructures and hosted applications from IronOrbit. Our virtualized desktop infrastructures comply with PCI DSS with strict access control, encrypted transfers, and physically and electronically secure data centers. IronOrbit VDIs also comply with Sarbanes-Oxley and Dodd-Frank with comprehensive daily and weekly data backups and authorized remote accessibility. Additionally, we host individual applications such as document management platforms and accounting software like QuickBooks and Peachtree that also comply with retail and financial services IT regulations. With virtualized desktop infrastructures and hosted applications from IronOrbit, companies involved in retail transactions or performing financial services tasks should feel safe and compliant in putting their money in the Cloud.

IT professionals utilize Disaster Recovery to prevent or minimize the damage of infrastructure downtime or failure. A “disaster” in the IT field can be anything that knocks an infrastructure offline. It can be as dramatic as a fire or flood destroying a data center or as unspectacular as a power outage or hacking attempt disrupting a network. Disaster Recovery is a comprehensive response to such an event. An approximately equal amount of tasks of a Disaster Recovery effort must be performed before and after a disaster. In anticipation of infrastructure downtime or failure, a company must back up its data and assign Disaster Recovery tasks to certain internal or external IT personnel. In addition to data, some companies will rent entire infrastructures (processing, networks, storage) as backups. Backup infrastructures can either be hot sites (an entire, functional, ready-to-go infrastructure) or warm sites (a scaled-down ready-to-go infrastructure). Companies should also perform tests of their Disaster Recovery preparations. They need to confirm in advance the functionality of their backup storage and infrastructure. Once the disaster occurs, IT personnel need to assess the damage to the existing infrastructure and, to the extent that the situation requires, route users and data to the functional backup systems. The first step should be to resuscitate the still-functional original infrastructure or move all critical applications and data to the temporary infrastructure. Only after a stable IT arrangement has been established should the company attempt to recover less critical applications and data or rebuild the entirety of the original infrastructure.

The resources involved in and the intensity of the Disaster Recovery effort will be planned for (but not guaranteed) by the recovery point objective (RPO) and the recovery time objective (RTO). A company sets its RPO as the maximum amount of data (expressed in time) it can afford to lose in an infrastructure failure. With an 8-hour RPO, a company will back up all of its data every 8 hours. Implicitly the company then accepts the risk of losing a maximum of 8-hours’ worth of data. Due to bandwidth and storage costs, extremely low RPOs can be expensive. Companies have to balance with their budget their desire to retain the largest possible amount of data. With an RTO, on the other hand, a company decides the maximum tolerable amount of downtime for an infrastructure or other service. A 24-hour RTO means that a company has determined that if a knocked-out infrastructure has not been restored within 24 hours the company will experience severe (usually financial) consequences. A company lowers its RTO the more resources and preparation it invests in Disaster Recovery.

According to this article from Continuity Central, companies that want to handle their own Disaster Recovery efforts should avoid a few common pitfalls. First, they should not accept cookie-cutter solutions or copy the plans of other companies. To be effective, they need to customize their Disaster Recovery plan according to their specific infrastructure and IT requirements. Second, companies need to double-check that their most important files have been copied by their backup systems. The article also advises the companies be sure not to store the master copy of the Disaster Recovery plan on the infrastructure that it pertains to.

Companies can avoid the uncertainties and complexities of Disaster Recovery by selecting virtual desktop infrastructures and hosted applications from IronOrbit. IronOrbit promises an RPO of 4 hours and an RTO of 12 hours. As this article from InfoWorld points out, virtualized infrastructures can be backed-up, repaired, and replaced much faster and easier than non-virtualized infrastructures. Additional Disaster Recovery features offered by IronOrbit include weekly server snapshots, SAN storage arrays, and disaster-proof, geographically-separated data centers. IronOrbit managed and resolves IT disasters for our clients, allowing them to turn their focus from potential emergencies to revenue-driving, day-to-day work.

We have mentioned the feature “scalability” multiple times on the IronOrbit blog. We even briefly defined the term in our “Cloudy to Clear” series. In today’s post, we will focus in depth on scalability and its uses, benefits, and latest developments.

In the third edition of our “Cloudy to Clear” series, we wrote: “A system is scalable that can be ‘scaled’ up or down, or enlarged or shrunk, and still maintain its basic composition and proportions. A scalable cloud can add further users, storage, or processing power simply by connecting extra hardware to the existing infrastructure. By definition this type of expansion does not require any extended integration or reworking of the existing system and will not disrupt the service of ongoing users.” A scalable system has several benefits. Most importantly, a scalable solution retains its singularity and centralized management as it expands and contracts. While an un-scalable system can match the total performance or storage capacity of a scalable alternative, it lacks efficiency and the ability to perform wide-ranging tasks or impose consistent settings and policies. The singularity of scalable systems allow them to 1) perform specific, complicated tasks while consulting massive amounts of data; 2) ensure system-wide performance and security; 3) prioritize and maximize computing resources, letting richer companies get more out of an existing IT hardware infrastructure and poorer companies be able to afford a high-performance, high-capacity system.

Because of their combination of cost-effectiveness, high performance, and large storage capacity, scalable solutions form the foundation of technologies as various as clouds, virtual desktop infrastructures, research supercomputers, and web services like YouTube and Twitter. Scalability also has a lot to do with Big Data management and analytics. The term “Big Data” refers to extremely large amounts of related data and all the technical and ethical issues associated with the management, storage, and sharing of that quantity of information. For example, the social media website Facebook operates and manages about 10 full-size data centers that allow it to host 30 billion new pieces of content every month and 100 million new photos every day. Privacy advocates question both whether Facebook has the technical ability to securely manage their Big Data and also if a single non-government entity should possess and control so much information about so many people. Regardless, without a scalable IT infrastructure, Facebook would not have the same performance speeds or storage capacity and would probably have to charge for its services.

Reinforcing the utility and importance of scalability-backed Big Data technology, the Obama administration recently announced over $200 million in funding for Big Data research and development. Twenty-five million dollars of the total has been allocated for the Scalable Data Management, Analysis, and Visualization (SDAV) Institute, a partnership between a private-sector developer of Big Data analysis tools and the illustrious government research organization Lawrence Berkeley National Laboratory to improve the speed and relevance of the filtering of large scientific data sets. Scalability-enabled Big Data has already had a sizeable influence on the world of scientific research: the CERN particle accelerator produces almost 20 gigabytes per minute and 13 petabytes of data (about 13,500,000 gigabytes) every year, processing and storing the data with a cloud-based infrastructure with a total capacity of 150 petabytes and 200,000 processing cores.

IronOrbit utilizes in our own hosted infrastructures and applications the same kind of high-performance scalable technologies that sustain Facebook and the CERN particle accelerator. Thanks to scalability we can build low-cost, high-capacity solutions for our clients and add users and storage on demand. With scalable infrastructures and applications from the IronOrbit, your company’s growth will be supported and reinforced, not impeded, by the performance and capacity of your IT system.

A storage area network (SAN) connects most or all of a system’s servers and storage devices. In the unmodified data center, servers can access and utilize only the storage devices that they have a direct connection to. To locate a specific file in a non-SAN system, users may have to search each server and its associated storage devices individually. With a virtualized storage area network, however, these disparate “siloes” of information will appear and perform as a single, gigantic file system. Servers in SAN can connect to a large number of storage devices and, vice versa, a storage device can connect to a large number of servers. SAN makes it easier to 1) access records; 2) perform tasks that require high amounts of both processing power and data; 3) transfer or back up large amounts of data. Common uses of SAN include email servers, databases, and high-capacity file servers. Computer animation studios famously utilize SAN in order to process and share their huge video and graphics files. DreamWorks Animation, for example, recently placed this job ad requesting a Storage Engineer with the responsibility of “Storage Area Network (Zoning / Alerting, monitoring, analysis, solution identification).”

InformationWeek has published some recent articles (1) (2) arguing that SAN’s role in the data center will decline in importance as companies emphasize performance over the flexibility, security, and high-capacity of a storage area network. The high processing requirements of applications and virtualization solutions require a faster solution than SAN, the author says. In the new data center, SAN will become less involved in processing and frequently accessed data and will turn into more of a records management and data backup system. Frequently used and accessed data will be located on the actual servers with “server-side caching,” eliminating the time and energy spent retrieving the information from storage devices. But the author also admits, “We have seen SAN-attached flash-based storage appliances that are optimized for high-network throughput and low-latency flash memory turn in performance results that are only a couple of dozen microseconds slower than of a directly attached PCIe card [the preferred hardware for server-side caching].” And he adds, “This is not an either-or situation. A mix of the technologies is probably more appropriate than going all in on one or the other. For the typical data center, it makes sense to use flash-only or flash-enhanced shared storage for the bulk of the workload. Then use PCIe SSD for a smaller set of workloads that have unique performance demands.”

Many of IronOrbit’s cloud-based solutions employ some form of SAN. A storage area network allows our virtualized desktop infrastructures and hosted applications to function as singular systems despite being spread across multiple servers and storage devices. SAN accounts for the scalability of our clouds, allowing additional processing power and storage capacity to be quickly and simply integrated with the existing system. By permitting large-scale and high-speed transfers of data, SAN also accounts of the ability of our clouds to maximize available resources and to be frequently, consistently, and completely backed up. From top to bottom, IronOrbit incorporates the latest and best technologies into all of its cloud-based solutions, including SAN, Atomic Speed Technology, Orbital Security, and industry-leading products such as VMware ESXi virtualization platforms, Citrix VDI-in-a-Box virtual desktop management, and Windows Server 2008.

Doctors, especially outpatient physicians with small or individual practices, are not well-positioned to build, maintain, and update their own IT infrastructures. The healthcare industry has some of the most stringent and frequently amended information security and records regulations. Doctors already have very little free time and relatively few staff members to assist them with non-medical affairs. Neither they nor their staff have the time or expertise to be implementing and managing even a basic IT infrastructure, much less an IT system that has the performance, security, and flexibility that the healthcare industry requires.

For doctors or IT administrators with the fortitude to try to build and manage their own IT infrastructure, we have provided below an overview of the data security and records management legislation and standards over the last fifteen years. Clicking the link over the name of the legislation or standards will direct you to either a copy of the actual legislation or the website of the institution responsible for it.

HIPAA: Most doctors have probably heard of HIPAA (the Health Insurance Portability and Accountability Act). Enacted in 1996, HIPAA requires that healthcare providers protect the privacy of their patients’ data. The American Academy of Family Physicians offers a helpful 10-point guide to attaining HIPAA compliance. Some of the requirements of HIPAA include documentation of security procedures, auditable records, data encryption, anti-virus software, and other standard data security controls and initiatives.

HITECH Act: This 2009 extension of HIPAA adds breach notification requirements and further financial penalties for mishandling patient data. It raises the maximum financial penalty for violations from $25,000 to $1,500,000. HITECH also provides financial incentives for healthcare providers that employ “Meaningful Use” of electronic health records (EHR) systems. Doctors or their IT administrators can find out if their EHR deployment qualifies as Meaningful Use by consulting this page for the Centers of Medicare and Medicaid Services (CMS).

HIPAA 5010 and ICD-10: The latest update of HIPAA standards and the ICD-10 (International Classification of Diseases, 10^th Version) will add further possible values to existing medical forms and data transactions. Healthcare providers must be sure that their systems and networks will support 5010 and ICD-10. The ICD-10, for example, will add 53,000 new diagnoses codes and 72,000 new procedure codes from ICD-9. The deadlines to comply with these regulations have been pushed back to June 30, 2012 for HIPAA 5010 and October 1, 2013 for ICD-10.

Affordable Care Act: The Patient Protection and Affordable Care Act (also known as “Obamacare”) did not add any new healthcare information security or records management requirements. But experts think that the law will change healthcare enough that healthcare IT will inevitably be affected. This InformationWeek article cites as an example the law’s mandated state health insurance exchanges that each require a massive IT infrastructure to be built and implemented and then integrated with existing healthcare networks. The article also points out that the June Supreme Court decision on the constitutionality of the Affordable Care Act may negate or turn into losses any changes made in response to the law.

Healthcare providers can avoid the hassles, expenses, and unpleasant surprises of maintaining an in-house IT infrastructure by switching to a cloud-based infrastructure from IronOrbit. Our infrastructures provide processing, storage, bandwidth, and hosted EHRs that already comply with most industry data security regulations, including HIPAA, Sarbanes-Oxley, and PCI DSS. We have experience designing, building, and hosting EHRs and other IT solutions for thousands of different healthcare providers. We understand and can anticipate many healthcare providers’ concerns, requirements, and time constraints. IronOrbit has been there from the start of mainstream healthcare IT (we began in 1997, one year after HIPAA) and will be there whenever you need us (with our knowledgeable 24x7x365 technical support). With an IronOrbit hosted infrastructure or EHR, healthcare providers can focus on their patients and forget about data security regulations and IT performance problems.