Resources

Upcoming Webinar:

Cloud Computing for EHR/RCM Systems: March 13th, 2012 @ 2 PM. Register Now!
Read More >

News:

IT Management Group Selects Online Tech’s HIPAA Compliant Data Centers
Read More >

Online Tech’s Michigan Colocation Services Allow SourcePath to Expand Business
Read More >

Clinical Info Solutions Benefits from Online Tech's Independently HIPAA Audited Managed Cloud
Read More >

Online Tech's HIPAA Compliant Cloud Hosts KMJ's Sign-off Application
Read More >

In The News:

Online Tech Grows in Mid-Michigan Market
Read More >

PCI Compliance Status & Data Breaches

Only 21 percent of organizations were found to be fully PCI compliant during their first assessment of attestation in the Verizon 2011 Payment Card Industry Compliance Report, showing only a 1 percent increase since their 2010 report (statistics based on QSA assessments). Translating to a 79 percent fail percentage, the organizations, on average, only met 78 percent of the test procedures defined in the DSS (Data Security Standards).

What are the top causes of a PCI breach?

The report also details the top “threat actions,” meaning the cause or action that contributed to PCI breach incidents. The top five are as follows:

• 44% sent data to external sites/entities (malware)
• 44% allowed remote access or control (malware)
• 43% was due to the exploitation of default or guessable credentials (hacking)
• 42% was due to the exploitation of backdoor or command and control channel (hacking)
• 36% was a result of phsyical tampering (physical skimmers for the intent of fraud)

Read More >

Healthcare Hosting Solutions for PHI Protection

Protecting patient health information has never been more important. As stakes mount on the march towards meaningful use, the dismaying trend of patient health record breaches threatens to undermine progress. Outsourcing can improve efficiencies and save resources, but it can't come at the cost of putting PHI at risk.

Read More >

Making Sense of Service Organization Audits

In February, we had David Barton of UHY Advisors and Jon Long of Compliance Point joined us for a webinar on "Making Sense of Service Organization Audits.

In this webinar, David & Jon discussed the differences between AICPA's (American Institute of Certified Public Accountants) SOC (Service Organization Controls) audits and reports, other types of audits, and the difference between point-in-time, period of time, self-assesments and independent assessments.

A key thing takeaway presented during the webinar were the differences between SAS 70, SSAE 16 (SOC 1), SOC 2, and SOC 3 audits and reports, and that SAS-70 and SSAE 16 only comply with controls related to financial reporting.

To check out the recording and the full transcript of this webinar, click the Read More link below.

Read More >

Online Tech Interviewed by Compliance Point: First Data Center to get a SOC 2 Report

Jon Long from Compliance Point recently interviewed Director of Operations of Online Tech Jason Yaeger, to share points on why Online Tech decided to go for a SOC 2 audit while everyone else was still talking about SSAE 16 and SAS 70.

To check out a video of the entire interview, click on the Read More link below.

Read More >