The Blog

 
 

Open the Spreadsheet to View the Data Better

This may sound controversial, but it is not the Healthcare System's job to keep us healthy and uninjured. This is a societal responsibility. To be clear, when I say Healthcare System, I don't mean elected officials and DHS. I mean Hospitals, Doctors, and Nurses. That being said, it is the Healthcare System's job to get us healthy and fixed.

During the COVID19 quarantine it is hard to stay off social media or to stop watching traditional media. If you view either, it won't take long before you see a comment along the lines of, "the US is the richest country in the world, why is our healthcare system so bad?"

This is an unfair statement and is devoid of statistical evidence in regards to the important statistics around COVID19 treatment.

Today the US went over 100,000 cases and is now the most infected country. You would think from the headlines and social media this puts us in the most precarious situation. But infected cases are not the statistics that matter. Deaths are the statistic that matters. And when asking the question how our Healthcare System is doing, death rate as a percentage of infected is the most important judge of how "good" or "bad" we are doing.

So let's take a look at that.

First some thresholds.

The analysis only takes into account the top 100 countries by population. It then says it has to have an infection rate of at least .017%. This is just under South Korea's infection rate, and if you listen to the media, it seems to be regarded as the "lowest" in the civilized world. Lastly, there has to be at least 1 death in the country.

When this is applied, there are currently 16 countries that meet this threshold. All the relevant players but China (more on that later) are present. We then figure out a death rate by dividing the number of deaths by the number of people infected.

But what about age? I mean, it isn't the Healthcare System's fault if the country is full of old people! Glad you asked.

We apply a Median Age adjustment by using the US as the standard and adjust up and down to give "credit" to countries with an older population and a "penalty" to those with a younger population. We then calculate the adjusted death rate and rank.

And what do we find?

Surprise, surprise the American Healthcare system is one of the best in the world ranking - 6th out of 16th.

But you say, that rank isn't that great. That might sound right until you start looking at the X-Factor (aka how much more likely you are to die in another country compared to the United States).

The best country is Czech Republic. There is some dispute (and logic would dictate) that there is probably something wrong with that data. Next up I am willing to concede at this point that Israel, Austria and Germany are doing better. South Korea (the gold standard to the response by Media standards) has an only a marginally better rate than the US.

But then let's start really getting into the numbers. If you catch COVID19, you are 2x more likely to die in Sweden than the US. That number is 3.2x more likely in England. France and Netherlands 3.6x. Spain 4.4x. And Italy, even when adjusting for their aged population, you are 5.5x more likely to die.

All in all, I am glad I live in the United States.

But what about China?

Well first, let's be honest, any data coming out of China should be cautiously believed. On the surface, they don't meet the .017% threshold of the infected population (right there has me questioning the data). But let's throw them in the mix as if they do. They have an age-adjusted death factor of 2.7x the United States.

Of course some of this will change and I will continue to update the spreadsheet above with new data.

But what is this all about? Simple. The American Healthcare system is doing an amazing job. But we aren't hearing that. I say that because, while I am not a doctor, I have led seemingly insurmountable challenges in my professional life. When in the thick of it, it does not help having those outside the "warzone" critiquing as if you are failing when you are actually succeeding.

So for all the doctors, nurses, and hospitals out there: you are doing an amazing job! The data backs it up. Thank you very much. You are all heroes and the best in the world!
We Are Zealots for Efficiency: The Andy Borgmann Story

Core Values Series: This is the final of an eight part series
highlighting the backstories to our core values


When I was a boy my dad would ask, like most fathers, "how was school?" I'd mentioned something along the lines of "well I had a math test today."

Then my dad would ask, "well how do you think you did on it?"

And I would answer, as if it was the most obvious answer to his question, by informing him that I finished faster than everyone else in the class.

Looking a little perplexed by that answer, he would then follow up with, "ok, but how do you think you scored on that test." And I would respond along the lines of, "yeah, that was a given. I got an A on it."

In my mind the fact I got an A, wasn't what set me apart. The part that set me apart was the fact that I finished before everybody.

To be very clear, I am not saying I was the smartest person in the class. But I was an "A" student in a gifted program. So let's say I was in the top 5%, but I was not in the top 1%.

This didn't really bother me then and it definitely doesn't bother me now. Answering my dad so naturally that I finished first, spoke more about what I eventually learned about myself: which is that I have a zeal for efficiency.

This is something very unique in technology. That is why I want to build our company on this value.

You can find companies that can do relatively the same thing as us. But you'd be hard-pressed to find one that can do it as fast as us. Likewise, you may be able to find companies who can move as fast as we can, but the quality and security of what they do is not up to par.

In college I had a professor, who is still a great mentor and friend, named Dick Pritchard. He would say in completely different context from business, "you can have something good, fast, and cheap, but you have to pick two out of three. You can't have all three." For the first 10 years of my professional career I always liked to think that I was the anomaly. You can have all three with me. Eventually over time I became less and less cheap.

While we might not be cheap in the strictest definition, we are the greatest value. Because in business time is money. First in a billable sense meaning that if you can do something in 10 hours that others will do in 40 hours, it doesn't matter if you charge twice as much because you still saved them half. But there is also opportunity costs. If something takes two years to implement that could be implemented in 6 months, there is a significant amount of missed opportunity in the 18 months lost.

So at our core: we are high quality technology innovation in the shortest amount of time. We have a zeal for efficiency.
We Are Dying If We Aren

Core Values Series: This is the seventh of an eight part series
highlighting the backstories to our core values


If there is one thing I am most grateful in this life is that I have had amazing mentors at all stages. There were three in high school. Two in college. Four after college. But there is one mentor that I have had throughout all the stages. Charlie Paparelli.

It is not an understatement to say I would not be the person I am today without Charlie. He is my Uncle. He is a very successful businessman. But when he realized that the life of success he was pursuing was pulling him away from family and instilling some bad habits, he had the strength to become someone completely different. A better person.

When everyone else in my life was just impressed I was a 4th grader with a job, he wasn't. That wasn't good enough. I still remember sitting in my dad's office and him teaching me (at 4th grade mind you) how to sell more newspaper subscriptions and the value of recurring revenue. I mean, who does that?

If you are going to be around Charlie you got to be ready to improve.

As a kid I don't remember him being an alcoholic. I just remember him being my Uncle Charlie. Right as I became of age and started knowing things is when he turned his life around. He's now as passionate about reaching this world for Jesus as he is a savvy businessman.

I remember a lot of his sayings throughout the years. One of which was when I was 13 or 14, I was up in my cousin's David bedroom, and he gave me this classic Charlie look. If you know Charlie you know that look. It's a look that means something - whether asked for or not - is coming. I love that look. He said, "Andy, if you are not learning you're dying." I am sure there were many supporting points to this statement that followed. I don't remember those. But I always remember that saying.

Unlike Allen Hunt's value, Charlie's value is one I naturally gravitate to. I like learning new things. I like experiencing new things. I get a little bored once I have become "good enough" at something. I think a lot of time when we get in trouble in life is when we basically come to the point where we say "yep I have learned that" and then try to coast it on in.

Charlie gets overcoming this temptation better than anyone I have ever known. It is rooted in the saying, "if we are not learning we are dying."

Be someone who is constantly trying to learn new things. Be someone who is trying to be better today than you were yesterday. Be someone who does not feel that it is up to anyone else to train, equip and develop you. Go out and find the answer and then do something with those answers.

We are dying if we are not learning.

Thank you, Charlie Paparelli. We will strive to be like you.
Do Not Confuse Efforts With Results: The Glenn Davenport Story

Core Values Series: This is the sixth of an eight part series
highlighting the backstories to our core values


There is no person in this life that I have worked with that has taught me more about business than Glenn Davenport. He is an amazing individual.

Glenn Davenport didn't go to college. He started at the ground level of Morrison Restaurants. They asked him to move (often) and he moved. His journey took him to Saudi Arabia. The personal sacrifices he made to advance his career were significant.

They spun off Morrison Restaurants into Morrison Restaurants, Ruby Tuesday, and Morrison Management Specialists which was essentially their healthcare arm before healthcare was healthcare. When they did, he became CEO of Morrison Management Specialists.

Even becoming CEO was not particularly easily handed to him by most standards. He had to take great personal risk when taking that position. But he did it well. He took them public, ran them as a public company, and then re-privatized them. Few get to do one of those things, let alone all three.

He also sat on the board of other publicly traded companies including Cracker Barrel and Team Health.

But more than all that Glenn Davenport is a great man. A great father. A great grandfather. A great boss. A great friend.

It is the greatest privilege of my professional career at this point to have gotten to spend 14 years with him (and continue to get to spend time with him).

I learned how to run a company from him. Learned how to read a P&L. Learned about the importance of EBITDA. That's just the start. While Glenn may not have taught me a lot about technology, everything else there is to running a business, he taught me.

Early on before Glenn became who was in my life, his CFO at that time was a guest on the talk radio show I was producing. We were doing a show on adoption. His CFO was adopted. He eventually tracked down his parents. This narrative fed into the nature of that episode.

I don't remember a lot about that show. But I remember walking into the radio station on October 22, 2006 like it was yesterday. Allen Hunt asked the CFO something along the lines of, "why do you like working with Glenn?" And his CFO said, "when I first started working with Glenn I remember him saying 'we don't confuse effort and results.' And I knew that was a man I could go work for as that is how I saw business as well."

A book could be filled with the amount of core values Glenn Davenport taught me over the years. I had to stop at eight, and I had to pick one for him, and I was just drawn back to that foundational moment before all this really got started.

We are not going to be people who judge performance based on effort, as tempting as that is. Likewise, if something gets results with less effort, that's a cause worth striving for.

Thank you, Glenn Davenport. We will strive to be like you.
We Are a Christian Company: The Dr. Jeff Justice Story

Core Values Series: This is the fifth of an eight part series
highlighting the backstories to our core values


Church was not part of my childhood. I started going in Middle School without my family and eventually became a Christian. In that time, I got to know a man named Dr. Jeff Justice.

Dr. Justice was amazing. He was a great father, a great husband, and very active in our church.

The first time I met Dr. Justice he was teaching a Sunday School class when I was still new to this whole thing. He gave a simple quiz - one of the questions was along the lines of what is Matthew, Mark, Luke and John - which anyone who has been going to church would answer easily those are the Gospels. But I didn't know that. I didn't really know anything about what was in the Bible.

Since I didn't know any of the answers to the quiz, it was a quick quiz for me. So I turned in the quiz with no answers. I wouldn't say he called me out, but I think he thought I was being a punk middle schooler not wanting to do the quiz. Not realizing that I had just started coming to church and knew nothing, he kind of teased me a bit for it.

I love that story.

Beyond that though, the one thing that struck me about Dr. Justice was how well he was respected outside of church. It's hard to describe unless you live in a community like Fort Wayne, IN, but everyone within the Medical/Legal/Business community kind of knows everybody. It's big enough to be something of substance. But also, small enough that most people know each other.

Often my church was a topic of conversation with people outside of my church and I would eventually talk about people inside there and when I would get to Dr. Justice people would stop and say how much they liked him and respected him. How much the nurses liked working with him. How much his patients liked him.

That wasn't always the case with other doctors.

Dr. Justice modeled what it was like to be a great father and husband, but also what it looked like to be a Christian out in the marketplace. Respected first for his marketplace impact, but also for a character that forces the question, "what else is there to this man?" Why is he different?

I am not naive to the idea that this core value is probably the most controversial for a business. Partially for reasons that might be warranted. But also for reasons that aren't.

We are glad that you are here regardless of who you are and what you believe. My life was impacted deeply by Dr. Justice and I want us to have that same impact in our marketplace. I would be remised if I didn't establish the same foundation Dr. Justice modeled for me. One that loves, that respects, that gives, that rests, and that creates a positive family environment.

Thank you, Dr. Jeff Justice. I will strive to be like you.
We Value All People: The Gina Donnelly Theising Story

Core Values Series: This is the fourth of an eight part series
highlighting the backstories to our core values


It has been a joy living in four very distinct places in my life. The first 18 years in Indiana. 4 in Los Angeles. 8 in Atlanta. And going on 7 in St. Petersburg, FL. More than living in these places, it has been a privilege working with some amazing people.

Starting my own company was always on my radar. Because of that, I maintained a list of people that are first and foremost great people, but also excel at some area that my future company may need.

One of those was Gina Donnelly Theising.

She was the Associate Director of Chapel Programs at Azusa Pacific University. She was so good at what a lot of people aren't good at: office administration. She did that relatively unsexy job with such joy and love that just permeated through the entire office contagiously.

The timing to start my own company was very much a struggle for me. I'd say I really wrestled with it for about two years. The time came in June of 2019 when I finally accepted it was time to leave the best job I ever had and start Vy Technology.

Like every year, I was planning on spending the 4th of July with my family up at the lake in Coldwater, Michigan. So I said, "I think I know where I stand on this, but I am going to take that week just to clear my head before I do what I need to do."

In the middle of that week I got a message that Gina died at 47 years old in an ATV accident.

This world can be tough sometimes. Good things happen to bad people. Bad things happen to good people. That's a conversation for another day. If this were a just and fair world, probably everyone reading this blog should have gone before Gina. She just loved everyone. She saw the value in everyone.

When I went to her funeral a few weeks later, I was awe struck how many people were there. I thought I knew the people who knew her. If I were to guess, the large Catholic Church in Simi Valley, CA had about 100 pews. They were all full. But the people I knew maybe took up 5 of those pews. It was then I realized just how big of an impact she had. That was all because of how much she loved.

She was always the first one there for anything. She would sign up for the marathon you wanted to run. She'd go hiking if you wanted to go hiking. She had a zeal for life and that zeal always involved others.

I am sure she had her selfish moments. Though from the outside that was not evident. She just loved and valued people the way God loved and valued people. We want to be a culture where we value all people the way Gina valued all people.

Thank you, Gina Donnelly Theising. We will strive to be like you.
We Pursue Margin: The Ray Neslund Core Value Story

Core Values Series: This is the third of an eight part series
highlighting the backstories to our core values


My grandfather Ray Neslund was an astonishing man. He spent most of his childhood in Stockholm, Sweden. Immigrated to a very poor side of Chicago. There are parts of his childhood that he wouldn't share. You can just tell that things were not good.

One of the things we do know is that he lied about his age to go fight in World War II. At 17 years old he traversed the Atlantic dodging German U-boats. Even back then, 17 year olds wouldn't volunteer for that type of operation if things were good at home.

He never went to college. He came back from World War II and after some time he started the Manpower franchise for Denver, Colorado.

It wasn't until I co-led a massive FEMA emergency meal operation in 2017 that I learned a nuance of Grandpa's business. Within that project, we had to employ 700 temporary employees. Even though we employed temps every day in our normal operation, there is something to be said about needing 700 temps as quickly as we needed them.

We had a very small break between Hurricane Irma production and Hurricane Maria production. In that small amount of time, another executive and I debriefed and we said that most went fairly well, but one thing that needed to change was how we checked in temps. In a matter of two days and a budget of $40, I developed a digital check-in system that could most easily be described as an airline boarding process. This took the temp check in process down from 2 hours to 15 minutes, and from requiring 10 people to 2.

Later I was sharing this story with a family member who said, "your Grandfather would have loved to have seen that." I was a bit surprised because I was always under the impression that his business employed more office temps than blue collar temps.

My uncle said "ohh no, he made his name in Denver with blue collar temps because he created a niche where he would pay them the same day they worked. This enabled him to get the best temp employees in the Denver market."

Grandpa of course did very well in business (with no formal education). He had built a lot of profit and margin for himself and his family. But he also built a lot of margin for his customers and his employees.

At that time credit cards weren't as accessible as they are today - especially to this population. Being able to pay the same day extended a lot of lifestyle margin to his employees. I also know full well that a lot of margin is extended to a company (his customers) that used temporary employees either by impacting profitability or flexibility or adaptability. You are enabling a lot of margin for that company too.

That is what we intend to do. We pursue margin for our employees, our customers, and our owners.

Thank you, Ray Neslund. We will strive to be like you.
Doing Right vs. Being Right: The Allen Hunt Core Value Story

Core Values Series: This is the second of an eight part series
highlighting the backstories to our core values


In 2005, my first job out of college was being a Videographer for a church in Alpharetta, Georgia. That is where I met Allen Hunt. He was the Senior Pastor of that church.

Unbeknownst to me when I graduated on a Saturday and packed up and moved from Los Angeles to Atlanta by Tuesday, was that Allen Hunt would become (and continues to be) a huge influence in my life.

I also didn't know at the time that he and another individual - Glenn Davenport - were starting a talk radio show aimed at talking about faith in the mainstream (not on Christian radio).

I spent the next six years working side by side with Allen. The show started as a side project of our church and eventually we struck out on our own: just the two of us.

It is where I learned a lot about running technology for an operation because we had no budget and a lot of needs. I was responsible for everything - from the networking to the website design, database management, CRM, graphic design, satellite uplinks, audio editing. You name it, everything.

But while I self-taught myself a lot about tech during my time with Allen, I also learned a lot about life from him. Looking back, it would be amazing if everyone spent the first six years of their professional journey with someone like Allen.

Allen would have this saying that there is a "difference in being right and doing right."

I always loved that. Not because I was particularly good at it. I like being right. If you know me for more than five minutes you know I like being right. I grew up in what I would call a multi-generational, extended-legal family. In three generations I can count seven lawyers and one politician. And that doesn't even count the two intense businessmen. It breeds into you the ability to think creatively and stand your ground. Which has its benefits some times.

But this was added as one of our core values partially because I am not good at it and I need the reminder, but also because - no pun intended - he's right. It is better to do right than be right.

Sometimes that means swallowing your tongue. Sometimes that means doing the right thing regardless of whether or not someone is right to have asked of it. Sometimes it means just having empathy.

It also makes a lot of sense given our industry. There is something about being in Technology and being in Healthcare that makes this all the more important. There are a lot of egos. There is a lot of dysfunction. A lot of times it just takes someone stopping and asking the question, what is the right thing to do, and then doing it.

We probably will not be successful at this at all times. But we strive to be.

Thank you, Allen Hunt. We will do our best to be like you.
What University of Michigan Football Could Teach Business: The Bill Borgmann Core Value Story

Core Values Series: This is the first of an eight part series
highlighting the backstories to our core values


My Grandfather - Bill Borgmann (#6) - played football for University of Michigan back in 1934. He was good buddies with fellow teammate Gerald Ford (#48). Grandpa went on to be a Lawyer. Gerald Ford went on to be President.

One of their teammates was Willis Ward (#61). Ward was a black football player 15 years before Jackie Robinson played Major League Baseball.

When the University of Michigan was to play Georgia Tech, Tech refused to take the field if Ward played. The story goes that when the players found out about this they contemplated refusing to play. Now I don't know if it was truly the "Rudy-esque" moment that President Ford's campaign made it out to be. There seems to be some dispute about that.

But what I do know is that they did take the field without Ward. Early in the game one of the Tech players made a snide comment to my Grandfather and President Ford that I can only assume used the N-word. As the story goes, my Grandfather and President Ford hit that guy so hard on the next play it took him out of the game via a stretcher.

Even 40 years later, you can still see the pride and joy in Ward's retelling.


Grandpa never told me that story. It would be 7 years after he died when I first heard it. I love that story for a lot of reasons. One of which is because I believe it speaks to a familial belief that this world should be a meritocracy.

This is one of the reasons I love sports so much (it certainly isn't because I am good at them). Ultimately at the end of the day, sports do not care about anything other than how well you play, how well you help your teammates, and how well your teammates help you.

Within that meritocracy there are phenomenal players and there are great players - you don't make it to the team if you aren't great - but compensation and tenure is solely based on how well you perform. Tom Brady is not compensated the same as Edelman, and Edelman is not compensated the same as the backup lineman. That doesn't devalue the backup lineman. Our value in this world should not be based on our position or earnings.

But business should be a meritocracy. Your value within a company should not be based on whether you are male or female, young or old, Republican or Democrat, educated or uneducated, straight or gay, Christian, Jewish, Muslim or non-religious, Black, White, Latino or Asian, or anything else. The only thing that matters in a business is how well you perform for your team.

Tech companies in particular are not notorious for being good at this. Sure, their Executives write books on the concept, but their cultures do not reflect this. Vy Technology will strive in all things to be a meritocracy.

Thank you, Bill Borgmann. We will do our best to be like you.
Database Replication - Business Above IT
We have a customer that is growing very fast in the Healthcare space. Two years ago their Member database was around 200,000 members. After 2020 Annual Enrollment Period settled, they are now over 5 million members. This growth is a very good problem to have.

One of the features of Vy Healthcare CRM™ is something called "IntelliSearch." This feature enables a quick and easy ability to find members when names are not always the same or when it is not obvious which MCO they are with (something that can be more difficult than you'd think - but this is a topic for another day).

The problem with IntelliSearch is that while it makes it very user friendly for Call Center agents, it is way more taxing on the server, especially as that database grows.

Another feature of Vy Healthcare CRM is that we process discharge/authorization files as soon as they come in from the MCO. This is of course great for the MCO, our customer, and ultimately the member getting served, but it is also pretty taxing to be processing through thousands of discharges and comparing it to millions of Members in the middle of the day.

So when average page load times went from 1.2 seconds to 7 seconds in January, something needed to be done and needed to be done fast.

It was initially proposed that we need to remove IntelliSearch and that file processing should be moved to an overnight job because that is where the problem lies.

The problem with this is that it would severely impact usability and also provide worse customer service.

And therein lies the problem. For those outside of technology (looking at you CEOs and CFOs), all "tech people" seem the same. But there are a lot of different types of technology people. In a perfect world you have:
  • Developers
  • Database Administrators
  • Server Admins
  • Network Admins
  • Security Specialists
  • Project Managers
  • And of course, an Executive over all of them that understands all of this

If you have an appetite for all that, Vy Technology may not be for you (that's at least a $1 million in payroll right there). Even if you can afford it though, finding and retaining is a whole other issue. So what most small and medium sized businesses do is they hire a single Network/Server Admin type, put them in an IT Director position, and turn to them to make big picture decisions. If you found that diamond in the rough that can wear all those hats and you can keep them happy, great! But if you don't have that, you can't leave operational business decisions up to the wrong type of technology person.

In the end, we went with a replicated database solution that processed the searching in one database, the discharge files in another database, and left the master database free to do everything else (at no additional cost, no operational impact, little work for the internal IT department, and in a matter of two days).

This absolutely was more work. Did it "ruin a weekend," yes. Was it the easy way out, no. But there is no doubt this was the right move to make for the business. And putting the business over the IT department is what good businesses (and IT departments) do.
Need help with keeping functionality as you grow? It would be fun to discuss. Contact us.
896 MemberID Variation Solution
One of our core values at Vy Technology is that We Know the Difference in Being Right and Doing Right. What we mean by that is, being right is important, but doing right is far more important. When those conflict, choose doing right.

Even though most of our core values reflect what I naturally gravitate to in business, this, in full disclosure, is not one I naturally gravitate to. Out of all our values, this is one that I personally struggle with the most. I think a lot of technology personalities struggle with this. It's why it's important it's there.

Living out this value of course can manifest itself in many ways. One recent way was looking at helping a customer of ours come up with a solution because their customer didn't have the ability to provide consistently formatted data.

This story may get a little complicated so I will go ahead and call our customer Good Food Company and I will name their customer Homestead Insurance Company (neither are their real names).

A standard need for Good Food is being able to process hospital discharge files. This usually entails processing through the discharge file, comparing MemberIDs to a previously loaded eligibility file, and then proceeding on if a match is found.

This match is important because after the member has been served, the reporting needs kick in and there is a lot of metadata associated to that member from the eligibility file that needs to be reported back to Homestead.

The problem lies however in the fact that you would think the MemberIDs in the discharge file would be in the same format as the MemberIDs in the eligibility file. For most MCOs, that is the case. But for Homestead, that wasn't the case.

Now we could have rightly held firm and said, you need to get your two files to match. We would be right saying that. But that isn't necessarily doing right given the situation.

Why? Because we know that Homestead will take months to get this resolved. We know that Good Food will be missing out on revenue while Homestead sorts through that. And most importantly, we know that Homestead's members will be missing out on a benefit they very desperately need when they are at their most vulnerable.

So how does a "doing right" versus "being right" mindset solve this issue? Simple. Vy Technology proposed and then wrote an algorithm that tries 896 different combinations of MemberIDs to find a match.

So if a MemberID is 123456789-01 in a discharge file, then we try 12345678901, and 123456789*01, and 00012345678901, and 123456789, and 892 more variations. The computational impact on the server is measured in milliseconds. The coding effort was measured in 2 to 3 hours. Good Food is happy, Homestead is happy, and Homestead's members are happy.

These are the types of issues you find when doing business in healthcare. And this is the type of creative problem solving you get with Vy Technology.
Need help with creative solutions to complex problems? We'd love to hear from you. Reach Out.

On a recent visit to my alma mater, I sat in on a Machine Learning class.

It was fascinating. Being in the room with 20 or so students talking about a technology trend I have little real world experience with was a thrill.

But as thrilling as it was, and as talented and intelligent as those students were, I left the class with the words of my father in my head. He'd always say, "No one ever asked for my law school GPA two years after I graduated." The strong point that made to me as a child was that school is important, but the real world will be different.

Put another way: the theoretical is great, but the rubber meets the road in the practical.

15 years removed from the classroom, away from the field I originally studied, and after hiring many people in the technology field (and interviewing even more), I find his professional philosophy to be truer than ever.

Technology is full of incredibly smart people. No doubt about it. However, what those in technology miss too often that impacts particularly small and medium-sized, non-technology companies is a business first, technology second mindset.

If that doesn't quite resonate, simpler put: if an organization is struggling to get out of spreadsheets, machine learning is likely not the solution.

Now in full disclosure, and to his credit, the Professor made this point to his class. I believe his exact words were, "if you can solve a problem with out machine learning, you probably should." But what that Professor understood is very often missed by businesses vetting technology providers. And when missed, it becomes a big part of their frustration down the road.

Instead, those vetting technology providers should ask themselves, is this a Technology first or a Business first solution?

  • Technology first asks, what is the latest and greatest?
    Business first asks, with out sacrificing the objective, how can we make this the least disruptive to our workforce?
  • Technology first asks, what is everyone in the industry doing?
    Business first asks, what does this particular business need?
  • Technology first asks, what will garner the most respect of my peers?
    Business first asks, what will make the largest impact to this company's goals?

Sometimes these answers are the same. Usually they are not.

There is something great about being cutting edge, no doubt about it. But if it is incredibly expensive, it is incredibly disruptive, it takes longer than expected, and ultimately doesn't produce the desired results, there is no value in it. And providing more service value than you take in payment is the foundation of all great businesses.
Need help with a business first solution? We'd love to hear from you. Reach Out.
Pillars of HIPAA
When I first started developing HIPAA compliant software I had been developing custom software for 9 years. But I had never had to develop a HIPAA compliant solution. Like a lot things in life I figured, no biggie, I'll do some research and figure this out.

Boy was I in for a surprise how nebulous the law is and how wide the varieties of interpretations were.

This blog will feature HIPAA extensively in other posts, but today I wanted to share what came to be called the Pillars of HIPAA.

Eight of these were developed pretty early on. Five more were added over the course of the next six years.

When we went for HITRUST Certification, we were positioned pretty well with just these pillars. Yes, the Certification required us to codify a more formal IT Policy. And in no way am I saying these pillars are the equivalent of HITRUST Certification. But I do believe the 105-page IT Policy that ensued doesn't do that much more than these 13 pillars below did to secure data in a HIPAA compliant system.

  1. Encryption in Transit - all data is encrypted and transferred using a 128-bit SSL secure connection.
  2. All access is controlled by an individual username and password for every employee.
  3. Every page view and action is logged - including date, time and IP address.
  4. PHI is always hidden unless an employee purposely chooses to see it, in which case a special entry is logged.
  5. All PHI is stored in the database in an encryption at rest state - i.e. a social security number of XXX-XX-XXXX would be encrypted and stored as WhvNDTdXAPJYzWajhkXegzfX...
  6. All PHI (which is already encrypted) is stored in a separate table from other identifying information. As an example, names and addresses are stored in a separate location than Social Security numbers and Medicaid IDs.
  7. Permissions for all employees are set on an individual level using the Principle of Least Privilege - access to information is reviewed and granted on an individual level.
  8. All member related data is not accessible outside of our internal network without the use of 2-Form Authentication via Google Authenticator and a proprietary key. This conforms to algorithms specified in RFC 6238 and RFC 4226.
  9. All reports are generated with minimal information needed.
  10. The server can only be accessed via SSH/SCP - since FTP connections are unencrypted, they are not allowed on the server - SSH/SCP is more secure than FTP and SFTP.
  11. SSH/SCP access is only granted via security keys (no passwords) - thus preventing brute force attack attempts - this method is much more secure than a traditional username and password method.
  12. Our firewall only opens the following ports: 80/HTTP, 443/HTTPS, 22/SSH to the outside
  13. All versions of Linux, PHP, Apache and MySQL are long term stable (Ubuntu 18.04.x LTS / PHP 7.2.x / Apache 2.4.x / MySQL 5.7.x).

After going through HITRUST Certification for one of our Customer's systems, I would add the following four as well.

  1. Force logoff system after 15 minutes of inactivity
  2. Include warning messages on all systems (Web or SSH sessions) that informs an individual they are entering a system with PHI and their actions are monitored
  3. Implement a DLP solution for Email that includes the ability to send secure
  4. Implement annual third party penetration testing and risk assessment
Need help with hipaa compliance? Don't be a stranger then. Let's talk.