Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Check our similar posts

Vendor Selection

When shopping for an IT solution for your enterprise, there are two things you should scrutinise: the product (or service) itself and its vendor. Many times, companies overlook the importance of the latter, giving the reason that “it’s only the product we need”.

Wrong.

What about after-sales technical support and training? Ok, so you have an in-house team with the required competency for that IT solution in question… not that I believe it’s reasonable basis to pass up on the expertise that the vendor can provide. How about upgrades, patches, and documentation?

Still unperturbed? Here’s one factor that you may not have started to consider – What happens to your product if the vendor goes bankrupt or gets swallowed by a merger and acquisition? Surely, you no longer believe this is far from possible, do you?

But how are you supposed to know the financial stability of each vendor or whether it is an acquisition target? Well, you can either conduct your own research or you can leave that up to us. Part of our job includes not only establishing linkages in the industry but also being in-the-know on such relevant information.

Evaluation of Business Needs

You can’t separate vendor selection from the process of choosing the desired IT tool. That’s why our vendor selection services starts by defining exactly what your business needs are.

Once we’ve pinned down your needs, we can then narrow down the list of possible IT solutions. Only then can we proceed with the main vendor selection process.

Have you ever been caught in a situation wherein you thought you knew what you wanted, only to end up realising it’s not what you were looking for after all? We’re here to make sure you don’t get caught in that kind of situation when choosing an enterprise-class IT solution.

With the TCO (total cost of ownership) of such solutions typically running up to hundreds of thousands of euros, you can’t afford to arrive at what you really want by way of trial and error.

These are the things you stand to benefit the moment we start working with you:

  • Thorough assessment of your IT needs. We’ll consult the people in your organisation who’ll be affected the most in order to obtain a clear picture of what your specific needs really are. Most IT solution purchases are made with very little consultation that, after installation, many of the end users don’t benefit at all.
  • Minimal interruption during assessment. As with all our other services, we see to it that the interruptions we make are absolutely necessary. So the moment we start with our work, you can still continue with yours.
  • Insightful suggestions of the required IT solution. You still know your business better. So even after we’ve gone through the assessment and given our recommendations, the decision as to what IT tool should be pursued will still be up to you. The difference now is, you’ll be making a decision based on expertly gathered information put forward in an insightful proposal.

Request and Evaluation of Vendor Proposals

With so many IT solutions companies mushrooming, it is becoming more difficult to keep track of them, their specialities, strengths, and weaknesses.

Companies selling best-of-breed products may be relatively easy to spot. But there are also other attributes that are equally important but not as well publicised. For instance, which companies offer better quality management philosophies? Which companies have strategic visions running parallel to yours? Which of them possess implementation capabilities that can cater to your rapidly growing IT requirements?

Vendors who answer positively to these queries need to be given the appropriate importance in the selection process. We see to it that these and other relevant attributes are factored into our scorecards and evaluation processes.

These are the things you can look forward to when you grant us the opportunity to serve you.

  • Experience is a vital item in our vendor selection criteria. Our vast knowledge of the reliable players in the industry will lead you to experienced vendors who can hit the ground running from day one and continue with the same vigour onward.
  • We can help you draw positive response for each of your Request For Proposals (RFPs) or Request For Information (RFIs). Did you expect these vendors to be enthusiastic in sending out proposals each time you asked them to? Think again. You’ll have to persuade them first of your sincerity to become a potential customer. With our help, your RFPs will make preferred vendors see “opportunity” written all over.
  • No need to go “Eany, meeny, miny, moe”. Deciding which vendors should move up in the selection process can take up a lot of time if you don’t know which criterion should be given more weight. Our scorecards are designed to collect the most relevant information and to generate results that will help you decide on these matters at a glance.

Interview, Negotiation, and Monitoring

As soon as you start getting positive response to your Request For Proposals, the interview process should be next. It’s at this point that vendors can present and highlight their strengths while we try to glean as much information of their true capabilities as well as their dedication to the project.

Some companies can provide proof-of-concepts and we may require them as part of the interview process. This will not only give us a better idea as with regards to their product’s capabilities, but also to their level of expertise on the solution in question.

  • We’ll help you set up the interview process and organise the evaluation committee. Members of the committee will typically include representatives from each department that will be affected by the new technology, which we would have already identified during our Evaluation of Business Needs.
  • Since our scorecards are designed to expedite the filtering and selection process, you may eventually be able to choose the finalists yourself. However, in the event that two or more vendors turn out evenly matched, we’ll help you identify the better company.
  • We’re very familiar with the price ranges of various IT solutions, including the effects on price of certain variables. As such, we can tell you whether a product’s price tag is justified or not.
  • Our exceptional familiarity on both the IT industry and the entire negotiation processes itself will give you the edge when it’s time for us to haggle for the best bang for the buck.
  • After the contract is awarded, we’ll even be on hand to monitor whether deliverables are handed over and milestones are achieved as promised.
How Sustainable is Suez Environment

French-based Suez Environment works in the water and waste-management environment, with specific reference to water production, treatment, & pollution disposal, and waste treatment, recycling, incineration and site desensitisation. Its more than 65,000 employees distributed worldwide have participated in flagship projects like Renault’s goal of 95% reclamation of vehicle parts, and Lyonnaise des Eaux?s saving of 12 million cubic meters of water in a single year.

Suez Environment claims to have consistently increased the recovery rate of treated waste, decreased direct and indirect greenhouse gas emissions, and made significant inroads into the production of sustainable energy on behalf of its clients. But then surely that’s Suez Environment’s business, and with over 65,000 employees we are entitled to expect this. Given that there have been persistent allegations of privatised water distribution bumping prices up to the detriment of the poor, how effective is Suez Environment at practising what it preaches back home?

GDF Suez is its largest shareholder and includes it under its environmental and societal responsibility umbrella. This makes environmental performance an overarching goal alongside management systems, health and safety, risk and procurement, and ethics. Its environmental ambitions spin out into the following strategies:

  • Understand the interactions between our activities and the environment
  • Open dialogue with stakeholders and foster partnerships with them
  • Set quantitative and qualitative targets at all levels of the organisation
  • Achieve optimum balance between financial and environmental challenges
  • Be proactive; anticipate impacts on the environment and plan for them
  • Increase employee awareness through interactive training and education
  • Be constantly innovative; share successes within the organisation
  • Monitor progress continuously and publish measured results achieved.

These goals direct the Suez Environment management team?s attention towards optimising performance in key areas like greenhouse gases, energy management, renewable energy, biodiversity, responsible water management, pollution prevention and health and safety considerations.

Among numerous other examples, its waste incineration programs convert hazardous and conventional waste into heat used to generate electricity without requiring virgin carbon products. Elsewhere, the same energy warms market-gardening tunnels and work places on winter days.

Suez Environment uses sophisticated energy management software to analyse information that’s transmitted by data logging devices online. ecoVaro provides a similar service in the cloud. ecoVaro adapts to your requirements providing fresh insights to your business.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
What Is Technical Debt? A Complete Guide

You buy the latest iPhone on credit. Turn to fast car loan services to get yourself those wheels you’ve been eyeing for a while. Take out a mortgage to realise your dream of being a homeowner. Regardless of the motive, the common denominator is going into financial debt to achieve something today, and pay it off in future, with interest. The final cost will be higher than the loan value that you took out in the first place. However, debt is not limited to the financial world.

Technical Debt Definition

Technical debt – which is also referred to as code debt, design debt or tech debt – is the result of the development team taking shortcuts in the code to release a product today, which will need to be fixed later on. The quality of the code takes a backseat to issues like market forces, such as when there’s pressure to get a product out there to beat a deadline, front-run the competition, or even calm jittery consumers. Creating perfect code would take time, so the team opts for a compromised version, which they will come back later to resolve. It’s basically using a speedy temporary fix instead of waiting for a more comprehensive solution whose development would be slower.

How rampant is it? 25% of the development time in large software organisations is actually spent dealing with tech debt, according to a multiple case study of 15 organizations. “Large” here means organizations with over 250 employees. It is estimated that global technical debt will cost companies $4 trillion by 2024.

Is there interest on technical debt?

When you take out a mortgage or service a car loan, the longer that it takes to clear it the higher the interest will be. A similar case applies to technical debt. In the rush to release the software, it comes with problems like bugs in the code, incompatibility with some applications that would need it, absent documentation, and other issues that pop up over time. This will affect the usability of the product, slow down operations – and even grind systems to a halt, costing your business. Here’s the catch: just like the financial loan, the longer that one takes before resolving the issues with rushed software, the greater the problems will pile up, and more it will take to rectify and implement changes. This additional rework that will be required in future is the interest on the technical debt.

Reasons For Getting Into Technical Debt

In the financial world, there are good and bad reasons for getting into debt. Taking a loan to boost your business cashflow or buy that piece of land where you will build your home – these are understandable. Buying an expensive umbrella on credit because ‘it will go with your outfit‘ won’t win you an award for prudent financial management. This also applies to technical debt.

There are situations where product delivery takes precedence over having completely clean code, such as for start-ups that need their operations to keep running for the brand to remain relevant, a fintech app that consumers rely on daily, or situations where user feedback is needed for modifications to be made to the software early. On the other hand, incurring technical debt because the design team chooses to focus on other products that are more interesting, thus neglecting the software and only releasing a “just-usable” version will be a bad reason.

Some of the common reasons for technical debt include:

  • Inadequate project definition at the start – Where failing to accurately define product requirements up-front leads to software development that will need to be reworked later
  • Business pressure – Here the business is under pressure to release a product, such as an app or upgrade quickly before the required changes to the code are completed.
  • Lacking a test suite – Without the environment to exhaustively check for bugs and apply fixes before the public release of a product, more resources will be required later to resolve them as they arise.
  • Poor collaboration – From inadequate communication amongst the different product development teams and across the business hierarchy, to junior developers not being mentored properly, these will contribute to technical debt with the products that are released.
  • Lack of documentation – Have you launched code without its supporting documentation? This is a debt that will need to be fulfilled.
  • Parallel development – This is seen when working on different sections of a product in isolation which will, later on, need to be merged into a single source. The greater the extent of modification on an individual branch – especially when it affects its compatibility with the rest of the code, the higher the technical debt.
  • Skipping industrial standards – If you fail to adhere to industry-standard features and technologies when developing the product, there will be technical debt because you will eventually need to rework the product to align with them for it to continue being relevant.
  • Last-minute product changes – Incorporating changes that hadn’t been planned for just before its release will affect the future development of the product due to the checks, documentation and modifications that will be required later on

Types of Technical Debt

There are various types of technical debt, and this will largely depend on how you look at it.

  • Intentional technical debt – which is the debt that is consciously taken on as a strategy in the business operations.
  • Unintentional technical debt – where the debt is non-strategic, usually the consequences of a poor job being done.

This is further expounded in the Technical Debt Quadrant” put forth by Martin Fowler, which attempts to categorise it based on the context and intent:

Technical Debt Quadrant

Source: MartinFowler.com

Final thoughts

Technical debt is common, and not inherently bad. Just like financial debt, it will depend on the purpose that it has been taken up, and plans to clear it. Start-ups battling with pressure to launch their products and get ahead, software companies that have cut-throat competition to deliver fast – development teams usually find themselves having to take on technical debt instead of waiting to launch the products later. In fact, nearly all of the software products in use today have some sort of technical debt.

But no one likes being in debt. Actually, technical staff often find themselves clashing with business executives as they try to emphasise the implications involved when pushing for product launch before the code is completely ready. From a business perspective, it’s all about weighing the trade-offs, when factoring in aspects such as the aspects market situation, competition and consumer needs. So, is technical debt good or bad? It will depend on the context. Look at it this way: just like financial debt, it is not a problem as long as it is manageable. When you exceed your limits and allow the debt to spiral out of control, it can grind your operations to a halt, with the ripple effects cascading through your business.

 

Ready to work with Denizon?

Contact Us Today