LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: NetApp, Iron Mountain team up on medical archive service - Computerworld
From:	"Mahoney, Melissa" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 1 Dec 2011 15:22:15 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (98 lines)

Hi, Larry,
You raise two point's I'd like to address. One -- about Iron Mountain's role in offering technology services since we sold some of our business to Autonomy. Second, your questions about the security of the cloud in healthcare. Good, pertinent questions.

As you noted, Iron Mountain divested it much of its software business earlier this year. The divestiture reflected a shift in our strategy to discontinue our software development business and focus on our core competencies of delivering cloud storage services, leveraging partners' technology, like NetApp’s Storage Grid platform (acknowledging we don't have to be software developers to offer technology services to our clients). Iron Mountain continues to offer our medical image archive solution as a cloud-based service, as we did before the divestiture (it was never "shut down" - but I can see how there might be confusion). We will also continue to invest in software solutions that are core to our business, like our Accutrac records management software.

And as you indicate, security and confidentiality is a top requirement for our healthcare customers (much like all of our customers). And not all cloud-based storage options are created equal. The security of our customers’ data is very important to Iron Mountain and we have met and exceeded the HIPAA security rule requirements related to administrative, physical and technical safeguards. We speak to our customers about security considerations all the time and, in many cases, we take customers to our data centers so they can see firsthand how Iron Mountain will protect and manage their ePHI. There is a shift in the healthcare industry and we are seeing a greater adoption of cloud based technologies and security will continue to be one of the key areas of focus if that trend is going to continue.

We have several thousand healthcare customers and a BAA is included in our contracts with customers. We recognize the importance of compliance for a covered entity and as a business associate we must also be in compliance with the rules for privacy and security. Because we work with so many hospitals storing records and information, we have those same concerns ourselves (i.e., security and disaster recovery). We are not only a compliant Business Associate for our customers, but we also work closely with them to help them work with their Business Associates and ensure compliance.

I hope this helps address some of the questions you and others might have.

Regards,
Melissa

Melissa Mahoney
Vice President, Corporate Communications 
Iron Mountain
745 Atlantic Avenue
Boston, MA 02111
Phone: 617-535-8310
[log in to unmask]
www.twitter.com/mhmahoney
www.ironmountain.com
   
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Larry Medina
Sent: Wednesday, November 30, 2011 1:53 PM
To: [log in to unmask]
Subject: Re: NetApp, Iron Mountain team up on medical archive service - Computerworld

Okay so this is a weird one and it doesn't leave me with a very warm and
fuzzy feeling.

"Iron Mountain today announced a secure cloud-based archive service for
medical data based on NetApp's grid-architecture, object-based, storage
software." 

First cloud-based < secure , check?

I think this has clearly been demonstrated in a few key cases and if I was a
healthcare provider putting HIPAA impacted data into this cauldron, I'd be
DAMN SURE I had a Business Associates Agreement for third party indemnity in
place and would SCOUR the T&C to make sure you know what makes this
"secure".  If they say it is, are they accepting 100% of the liability, with
NO limits? Do you have that in WRITING?

"...with two Iron Mountain medical data archiving services: the Digital
Record Center for Medical Images and its vendor neutral archive offering."

Second Digital records =/= Iron Mountain 

Just this past April, IM announced it was ABANDONING the use of cloud based
services http://goo.gl/mZK78 and NOW they are touting the offering AND
calling it secure?  What did I miss?  Cloud BAD... NO!! Cloud GOOD!!! ???

Third required policy is met through a contract?

"Iron Mountain said that a cloud-based archive allows organizations to meet
current HIPAA compliance standards that require a disaster recovery plan and
policies for protecting that data."

HIPAA requires that a COVERED ENTITY must meet the compliance requirements
for protection and disaster recovery- and I get that you can have a
contractual arrangement to assist you in meeting those, but THE ENTITY is
the one on the hook, so again I refer you to #1.  

""Iron Mountain's medical image archiving offerings deliver the best of all
worlds..."

Fourth how can you offer what you've shut down?

This article clearly states that IM is discontinuing the "Archive Storage
Platform" http://goo.gl/IV5tb  again I ask, did I miss something?

I dunno this seems like a rather questionable offering to me- if you have a
medical provider that is considering a move into the EMR/EHR arena OR if you
work for one that is, you may want to give them a heads up and suggest they
find out which IM Digital they're talking to- the one who bowed out of this
service arena in April 2011 or the one that's selling themselves as the best
thing since bottled beer in Nov 2011.

Larry
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]



The information contained in this email message and its attachments is intended only for the private and confidential use of the recipient(s) named above, unless the sender expressly agrees otherwise. Transmission of email over the Internet is not a secure communications medium. If you are requesting or have requested the transmittal of personal data, as defined in applicable privacy laws by means of email or in an attachment to email, you must select a more secure alternate means of transmittal that supports your obligations to protect such personal data. If the reader of this message is not the intended recipient and/or you have received this email in error, you must take no action based on the information in this email and you are hereby notified that any dissemination, misuse or copying or disclosure of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by email and delete the original message. 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US