Archives For HIPPA

HIPAAHIPAA Isn’t Helping

If You Want To Help Sure Up Security, Start With HIPAA

As I mentioned in yesterday’s post, I’ll be interviewing Marc Haskelson later today, Founder and President of The Comliancy Group. He didn’t write the HIPAA requirements, but he understands them, and knows which of your clients need HIPAA.  He also knows where it falls short.

HIPAA Is Not Security – It’s A Government Law

Do you know what HIPAA stands for?  Google it and you’ll come up with more than one answer…if you’re going bring it up in a meeting, make sure you know.  Here it is: Health Insurance Portability and Accountability Act. (Note, it’s not the information portability act, and it’s not HIPPA).

It would have been great if the authors of HIPAA understood technology and security. The fact is, many of your clients either require HIPAA compliance, or will in the near future. The problem is, “HIPAA isn’t helping” healthcare security according to Gary McGraw, CTO of Cigital (a leading software development firm headquartered in Dulles, VA.)  If you’ve read my book, The House & The Cloud, 2nd Edition, you know I agree.  There’s a large chasm between compliance and security, but regardless, HIPAA is required.

In a recent study, “Healthcare overwhelmingly scored lower than financial services firms, ISVs, and consumer electronics firms, which include some Internet of Things providers.” according to Kelly Jackson Higgins, in an article posted on DARKReading.

As McGraw states it, “All [HIPAA] did was increase bureaucracy and the tiny print stuff handed out each time you go to the doctor. It over-focused the healthcare domain on privacy and patient privacy data, which is an important thing. But there are many other aspects of security that have little to do with privacy.”

The real problem with HIPAA is it has given doctors a false sense of security. In a recent healthcare conference I spoke at, every session that had something to do with security was all about HIPAA. When I gave my presentation, I started by asking the audience to forget about HIPAA for just one hour, and listen to what it means to be secure.  The response was one of surprise. No one had ever told these people that data, governed by HIPAA, was still at risk.

Over the past year we’ve seen numerous companies attacked, regardless of their HIPAA compliance efforts. To name just a couple; Anthem and UCLA Health come to mind.

I have a colleague who recently took a job with Websense.  This year they publised a study showing healthcare organizations are being hit 3 or 4 times as often as other firms by cyber attacks. Forbes noted in a recent article that healthcare data is worth 10 times that of credit card data on the black market.  A Trend Micro study shows that “nearly 27% of data breaches reported over the past decade occurred in the healthcare sector, and healthcare was the hardest hit by identity theft in the past 10 years, with 44.2% of those cases caused by insider leaks,” (Cited by the DARKReading article above).

Here’s The Problemcompliancy group

People think they are secure when they are compliant. HIPAA requires so much paperwork that the security issues get lost in the process. The financial companies know they’re a target, while a recent survey published by Trustwave reports that healthcare IT professionals don’t.

How can you get involved? First, where there’s a problem, there’s an opportunity.  I’m interviewing Marc today to get a better sense of what HIPAA really requires, and to show technology resellers how to get involved. Healthcare companies and their third-party providers both need help as well as education on HIPAA. The House & The Cloud Message was extremely effective in the healthcare conference I spoke at. For the first time their eyes were opened, and they saw the need. This kind of education opens doors of opportunity that are both helpful to your clients and profitable to your business.

Here are two things you can do…

First, visit the Compliancy Group Site to get more information on how to become a HIPAA Security Provider. Marc will do everything he can to help you get up and running with minimal time and investment.

Second, enroll in the Security Sales Mastery Program – If you qualify with one of the many sponsors supporting this program, I can get you a free seat (Normally $450).  Contact me and we’ll find a way to get you into the program.

© 2015, David Stelzl

Advertisements

I’ve spent the week interviewing presales consultants in the Chicago area this week…next week I’ll be teaching a sales class to presales engineers over in Singapore (yes, its live onsite).  This is an under-served group needing some attention in most organizations.

An Undefined Job

When I talk with a presales consultant (A job I personally have quit of bit experience doing), I am struck by the varying definitions and responsibilities these people give when asked, “What do you do?”  It’s kind of undefined.  This make the hiring process difficult.  It’s not like sales where the person simply says, “I sell stuff.”  Some interface with very technical people and therefore spend most of their time staying up on very technical things.  Some do a lot of speaking, others don’t.  Some design for free, some are generalists, and still others are product specialists.  The commonality is, few have ever had any formal sales training.

Yet, these people are expensive, largely non-billable, and as most sales people would agree, critical to the selling process. A great presales consultant is worth their weight in gold, and many sales people are asking for more resources in this area.

Considerations

A few things your sales organization should consider:

  • Clearly define this role.  Since these people are expensive, it makes sense that the sales management should clearly write out the job description for this person, even though most of these people will not actually report to the sales manager (Something else to consider).  The description might look different for different organizations, but in most reselling organizations this person will be a shared technical resource.  I recommend resellers hire sales people with strong consultative sales skills, and then hire presales consultants (and stop calling them SEs) that are aligned with some area of expertise – such as security or data center, etc.
  • Pay them on commission.  These people should be responsible for driving business, so they should have some skin in the game.  More leverage means more risk – but risk and commission motivate strong work ethic and allow companies to pay out more to high performers.  The higher the risk/reward, the better, however, many of the candidates for this job are not interested in a 50/50 split or more on commission.  At some point, higher risk takers will opt for sales jobs if they think they can take more home at the end of the year.  I also recommend making this a limited resource in your company, forcing sales people to set things up before actually taking this person in.  Reserve them for qualified calls only and use the phone often rather than making the trip to the client’s site – Webex also works well here, with the sales person onsite, and the consultant speaking from a remote location.
  • Train these people.  Sure, they get training – but most of it is product knowledge.  This is largely a waste of time. Hire presales consultants who are willing to do some reading and tell them to learn the products they support.  Let them visit with local vendors and Google the rest.  But then, teach them to sell.  Of all the people I have trained on sales and marketing, this group has been the most responsive and the most teachable.  Once they see how they can improve their game, and more importantly, communicate effectively with non-technical audiences, they get excited.  It is likely that your presales consultants feel confident in front of IT people, but lack confidence in front of C-Level people.  Training is the answer.
  • Teach them to present.  Another aspect of training is presentation.  Twice this week I had presales consultant candidates tell me, “You won’t be able to read my writing on the white board.”  Are you kidding? – in both cases I replied, “It’s a requirement of this position.”  They responded with a chuckle…I wasn’t laughing.  One candidate is currently enrolled in Toastmasters…this is a wise move.
  • Teach them to write.  Writing is not easy.  I guess we assume people can write, but there are all kinds of writing and not many technical people write well when it comes to addressing management in written form.  I once took a group of sales people through a class on writing called Information Mapping.  It was one of the best investments I have ever made.

© 2013, David Stelzl

P.S. If you are a presales consultant looking for a job, make sure you spell check all of those acronyms on your resume.  Since Word won’t  recognize most of them, it’s all up to you.  Is it HIPAA or HIPPA?  Two candidates failed on this point this week.