Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Check our similar posts

Virtualisation

Using an IT solution that can provide the fastest (but still reliable) disaster recovery process is essential for the success of any business continuity plan. Although virtualisation is still considered leading edge technology by many business continuity specialists, it definitely brings a promise that, once fulfilled, can result in the cheapest, fastest, and most comprehensive solution for business continuity.

One great advantage of virtualisation over traditional BC (Business Continuity) methods is the relatively cheaper cost needed to achieve a certain level of business continuity assurance. Thus, more companies will find it easier to reach their required minimum for BC assurance. By contrast, some BCPs (Business Continuity Plan) based on a physical environment require companies to invest more than what they are willing to in order to reach the same minimum level of assurance.

Virtual machines, which can already encapsulate your operating systems and their corresponding applications, can be transported as a file from one machine running a compatible hypervisor to another. This makes the business continuity tasks of backup, replication, and restoration simpler and faster.

As of 2008, about 54% of IT professionals in Europe were willing to implement virtualisation within a maximum of two years. Furthermore, the expected compound annual growth rate of installed virtualised servers from 2008 to 2012 is already pegged at 33%.

If you want your organisation to take advantage of the benefits of this revolutionary technology, we’d be more than willing to help you discover what it can do for you. Then once you decide to make that transition to virtualisation, we can guide you every step of the way.

As not all applications are suited for virtualisation (e.g. some are too demanding on I/O and memory access), we’ll start by reviewing your entire IT system to see which portions can be implemented on a virtualized environment.
Using virtualisation and replication, we can conduct disaster recovery tests using up-to-date data without interrupting operations in your main IT site. Running these tests will increase your team’s preparedness and will allow you to discover possible weak points.
Provide a simple but comprehensive protection and backup system that encapsulates not only data, but also system configurations and application installations. This kind of setup allows for faster and easier disaster recovery operations. Because of these same characteristics, you can enjoy zero downtime while performing scheduled maintenance operations.
Since virtual machines are hardware-independent and transparent to operating systems, we can help you run a mix of legacy and new systems as well as open source and proprietary systems, allowing for more flexibility in your BCP budgeting.

We can also assist you with the following:

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

2015 ESOS Guidelines Chapter 7, 8 & 9 – Sign-Off, Compliance & Appeals

This is the final chapter in our series of short posts summarising the quite complex ESOS guidelines (click on ?Comply with ESOS? to see the details). This one addresses the legalities to follow to complete your report – and how to appeal if you are not happy with any of the Environment Agency?s decisions.

Director Sign-Off

This is by no means an easy ride. Confirmation of the work at individual or lead assessor level locks the company into the penalty cycle in the event there are significant irregularities. By signing off the assessment, the board level director(s)^# agree that they have

Reviewed the enterprise?s ESOS recommendations
Believe the enterprise is within the scope of the scheme
Believe the enterprise is compliant with the scheme
Believe the information provided is correct

Having an internal assessor requires a second board-level signature.

Compliance

You report compliance on the internet. This is free and you can do it at any time within the deadline. You can dip in and out of the process as many times as you wish, but must use the link in the receipting email. While this is something a board member must do, there is no reason why the lead assessor should not complete the basics. The online compliance notification addresses the following topics:

The ESOS contact person in the enterprise
Any aggregation / dis-aggregation during the period
The names and contact details of the lead assessor
The proportion of energy consumption per compliance route

The Environment Agency will acknowledge receipt. This does not constitute acceptance. You should keep the ESOS evidence pack in a safe place with at least one backup elsewhere.

Compliance & Enforcement Issues

In the event the Environment Agency decides your enterprise has not met ESOS requirements, it may either (a) issue a compliance notice with instructions, or (b) apply one of the following civil penalties:

A fine of up to ?5,000 for failure to maintain records
A fine of up to ?50,000 for failure to undertake an energy audit
A fine of up to ?50,000 for a false or misleading statement

Any enterprise has the right of appeal against government decisions. In the case of ESOS, this is via:

The First-Tier Tribunal if your enterprise is England, Wales or off-shore based
The Scottish Minister if your enterprise is based in Scotland
The Planning Commission if your enterprise is Northern Ireland-based

The notice you appeal against will supply details of the appeal steps to take.

This blog and its companion chapters concerning the ESOS Guidelines as amended 2015 are with compliments of ecoVaro. We are the people who break ESOS data into manageable chunks of information, so that board-level directors have greater confidence in what they sign.

Still Looking For A Way To Consolidate Excel Spreadsheets?

We use Excel spreadsheets everyday. We use them to prepare budgets and reports. We even use them when drafting plans and forecasts. With this ubiquitous office application, entering data and carrying out on-the-spot computations and analysis is quick and easy. However, when it’s time to consolidate Excel data, I won’t be surprised if you wished there was an easy way.

In fact, you were probably looking for a solution before landing on this page, right?

Because budgeting, reporting, planning, and forecasting are normally done by a group of people and not just by one individual, spreadsheets bearing the necessary data can be scattered in different folders, desktops, offices, and, in the case of really large organisations, geographical locations.

How are these data brought together? Through email attachments or by sharing folders in a local area network. Each member of the working team sends out copies of their own spreadsheets to other members, who then review them, make necessary changes, then send back to the source. The files can go back and forth until everyone is satisfied.

With each sending, sharing, and edit, business critical data gets exposed to all sorts of spreadsheet risks. Copy-paste errors, omission of a negative sign, erroneous inputs, accidental deletions, and even fraudulent manipulations can take place. And because each member can end up with multiple versions of a single spreadsheet, the chance of working on the wrong version exists.

So when all the data gets consolidated and finalised, it is possible for the end product to contain significant errors. It may not happen all the time, but it certainly can happen.

But that’s not the only disadvantage of spreadsheets. The entire process of comparing cells and sheets, copy-pasting data, linking cells, writing formulas, and specifying ranges can be very tedious, not to mention time-consuming. With spreadsheets, beating deadlines is always an almost impossible exercise.

What you need is a solution that will no longer require you to consolidate Excel spreadsheets. One that is faster, more reliable, and significantly less error-prone. Denizon has a server-based solution that has all those capabilities and much more.

With a server-based solution, all your data is stored in one place. Everyone is working on the same data source, so consolidation is fast and easy. Everyone becomes synchronised and no one has to worry about working on the wrong version.

Read more about our server-based solution

Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

Check our similar posts

Virtualisation

Contact Us

2015 ESOS Guidelines Chapter 7, 8 & 9 – Sign-Off, Compliance & Appeals

Still Looking For A Way To Consolidate Excel Spreadsheets?

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

Ready to work with Denizon?

8 Best Practices To Reduce Technical Debt

What Is Technical Debt? A Complete Guide