Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Green Business!

Carbon emissions reduction has evolved beyond simply good citizenship to being a business tool. Implementing ?green? initiatives is now a competitive weapon which defines real business opportunities and bottom line savings that can contribute significant financial value to the organisation while meeting demanding customer requirements for sustainable and low-carbon products.

Energy efficiency is a low cost resource for achieving carbon emissions reduction. Better energy efficiency simply translates to lesser carbon emissions and less energy usage which translates into saved costs.

Reduction of an organisations carbon footprint is each and everyone?s responsibility. Human activities are the key responsibility for the release of greenhouse gas emissions into the atmosphere. These include usage of electricity generated from fossil fuel, heating or driving.

At the corporate level, various measures can be instigated to increase energy efficiency. Some of these can be, having zone lighting with sensors to minimise unnecessary office lighting, timers on large IT equipment, promoting energy efficient behaviour in the office, asking staff to switch off and unplug appliances when not in use and minimising staff travel.
At the individual level; it is the small habits that count; cultivating the habit of switching off unnecessary lights, plugging out appliances that are not in use, using video conferencing or online chatting instead of having to travel to meetings, using public transport instead of taking a taxi/ personal car and using energy efficient cars.

All these initiatives assist organisations in their corporate social responsibility reports and play a role in sustainability rankings which is instrumental to customers who are increasingly considering sustainability rankings in investment decisions, while achieving the goal of cost reduction internally.

Quality Assurance

There is a truism that goes “The bitterness of poor quality is remembered long after the sweetness of low price has faded from memory”.

While every consumer can probably relate to this idea, business enterprises offering goods and services are the ones that should heed this the most.

Quality Management Systems

The concept of quality was first introduced in the 1800’s. Goods were then still mass-produced, created by the same set of people, with a few individuals assigned to do some “tweaking” on the product to bring it to acceptable levels. Their idea of quality at that time may not have been that well-defined, but it marked the beginnings of product quality and customer satisfaction as we know it now.

Since then, quality has developed into a very basic business principle that every organisation should strive to achieve. Yet while every business recognises the importance of offering product and service quality, it is not something that can be achieved overnight.

If you’ve been in any type of business long enough, you should know that there is no “quick-fix” to achieving quality. Instead, it is an evolving process that needs to be continually worked on. And this is where the importance of having a workable Quality Management System (QMS) in an organisation comes in.

Whatever Quality tools and processes you need to implement the change needed in your organisation, we can help you with it. We are ready to work in partnership with your team to develop strategic systems which will produce significant performance improvements geared towards the achievement of quality.

What is a Quality Management System?

A Quality Management System is defined as the set of inter-related objectives, processes, and operating procedures that organisations use as a guide to help them implement quality policies and attain quality objectives.

Needless to say, the ultimate goal of every quality management system is to establish quality as a core value of the company among all employees, and across all products and services. Why? Because quality services make for happy customers, and satisfied customers ensure continued business for the company.

A Quality Management System does not stop with simply having a set of guidelines that the leaders of a company can easily have their organisation members accept and adhere to. Rather, effective QMS can be implemented when management provides a culture of pride and patience, which will inspire acceptance of individual and group responsibility.

In this manner, not only the heads of the organisation but the employees as well, will develop the desire to achieve company goals that will benefit:

All contributing teams;
The customers; and
The company as a whole.

Find out more about our Quality Assurance services in the following pages:

A Small External Enterprise Development Team is Cheaper than Your Own

Time is money in the application development business. We have to get to market sooner so someone else does not gazump us, and pip us at the post. We increase the likelihood of this with every delay. Moreover, the longer your in-house team takes to get you through the swamp, the higher the project cost to you.

Of course, in theory this should not be the case. Why bring in a team from outside, and pay more to support their corporate structure? Even going for a contract micro team ought not to make financial sense, because we have to fund their mark-up and their profit taking. Our common sense tells us that this is crazy. But, hold that thought for a minute. What would you say if a small external enterprise development team was actually cheaper? To achieve that, they would have to work faster too.

The costs of an Enterprise Internal Development Team

Even if you were able to keep your own team fully occupied ? which is unlikely in the long term ? having your own digital talent pool works out expensive when you factor in the total cost. Your difficulties begin with the hiring process, especially if you do not fully understand the project topic, and have to subcontract the hiring task.

If you decide to attempt this yourself, your learning curve could push out the project completion date. Whichever way you decide to go, you are up for paying advertising, orientation training, technical upskilling, travel expenses, and salaries all of which are going to rob your time. Moreover, a wrong recruitment decision would cost three times the new employee?s annual salary, and there is no sign of that changing.

But that is not all, not all by far. If want your in-house team to keep their work files in the office, then you are going to have to buy them laptops, plus extra screens so they can keep track of what they are doing. Those laptops are going to need desks, and those employees, chairs to sit in. Plus, you are going to need expensive workspace with good security for your team?s base.

If we really wanted to lay it on, we would add software / cloud costs, telephony, internet access, and ongoing technical training to the growing pile. We did a quick scan on PayScale. The median salary of a computer programmer in Ireland is ?38,000 per year and that is just the beginning. If you need a program manager for your computer software, their salary will be almost double that at ?65,000 annually.

Advantages of R&D outsourcing

The case for a small externally sourced enterprise development team revolves around the opportunity cost ? or loss to put in bluntly ? of hiring your own specialist staff for projects. If you own a smaller business with up to 100 people, you are going to have to find work for idle digital fingers, after you roll out your in-house enterprise project. If you do not, you head down the road towards owning a dysfunctional team lacking a core, shared objective to drive them forward.

Compared to this potential extravagance, hiring a small external enterprise development team on an as-needed basis makes far more sense. Using a good service provider as a ?convenience store? drives enterprise development costs down through the floor, relative to having your own permanent team. Moreover, the major savings that arise are in your hands and free to deploy as opportunities arise. A successful business is quick and nimble, with cash flow on tap for R & D.