This week’s blog is written by Connie Pilot, executive vice president and chief information officer at Inova Health System. Pilot will be sharing her expertise on the “The Coming Storm from IoT” panel at the Capital Cybersecurity Summit on November 2-3, 2016


Pilot_Connie UpdatedWith billions of data-generating devices connected to the Web, the Internet of Things (IoT) is changing the way we do business. No industry is immune, including healthcare. The Food and Drug Administration estimates that 500 million people around the world use some sort of mobile health app on their smartphones and millions more have embraced wearable health technology. Inside the hospital, Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps provide critical patient monitoring and support and as wireless technology proliferates in healthcare, so too does risk. The Web is fertile ground for stolen medical records, which are now more valuable to hackers than credit cards. Providers must find new ways to secure private data in an ultra-connected world.

The IoT offers important benefits for healthcare delivery and efficiency. It provides new avenues for patient communication, improves patient engagement and compliance, and enhances value-based care and service. At Inova, we use it in many ways: to monitor fragile newborns in the neonatal intensive care unit, control temperature and humidity in the operating room, deliver pain medication post-operatively and measure heart rhythm in cardiac patients, to name just a few. Medical data tracking enables us to intervene when necessary to provide preventive care, promptly diagnose acute disorders or deliver life-saving medical treatment. The benefits extend beyond our hospital walls into the community, where the IoT drives telehealth advancements that improve access for patients, such as virtual visits, eCheck-In, patient portals and electronic health records.

Balancing the benefits of greater connectivity with the need to protect critical data is a growing priority for healthcare providers. Opportunities exist for instilling interoperability and security standards that will seamlessly facilitate the sharing of necessary patient care information, while continuing to safeguard it from cyber-attacks.

Enabling connection and communication among different information technology systems and software applications can be daunting. While healthcare organizations can use proven security protocols in other domains, differences between IoT devices and traditional computing systems pose significant challenges. The IoT introduces innovative technology that requires emergent, often untested, software and hardware. Wearables, such as consumer fitness trackers and smartwatches, are a case in point. They present non-traditional access into the technology environment. While they use existing communication protocols that can be secured, there are challenges with multi-factor authentication and control of the devices in case of loss or theft.

Additionally, with millions of people using wearables, the volume of data generated can easily overwhelm an organization’s network, leaving it vulnerable to a potential denial of service attack. In this scenario, hackers attempt to prevent legitimate users from accessing information or services. Methods must be developed to limit data transmitted from wearables solely to those devices that should be transmitting and solely to information that is required for patient care.

Clearly, developing new methods of securing devices and the information they generate is a formidable task. We are fortunate to do business in an area that is well positioned to tackle this growing cybersecurity threat. With one of the most sophisticated technology workforces in the country, pioneering start-ups, world-class educational resources and a large government infrastructure, the National Capital region stands at the epicenter of innovation, policy and research. Our collective expertise can help us meet healthcare privacy and security challenges, and keep our patients and community safe.

 

Connie Pilot is executive vice president and chief information officer at Inova Health System. As the leader of Inova’s technology services division, she oversees all aspects of technology, including IT applications, change and quality management, information security, enterprise architecture, service delivery and informatics. 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Gabriela Coman, partner and co-chair of Rubin and Rudman’s Intellectual Property Practice in Washington, D.C., discusses the ever-expanding field of medical device wearable technology and the important intellectual property implications around these devices.


RubinRudman

Wearable devices such as personal health monitoring, prevention and management devices, as well as methods of using such wearable devices, have become part of our everyday life and essential tools of modern medicine. From head-mounted display devices such as Google Glass or Oculus Rift to bracelets such as Fitbit or Garmin, wearable devices have also become part of an increasingly competitive and litigious environment, especially when competitors enter the market.

To become successful in the marketplace, a wearable device company needs a superior product and patent protection for its wearable device and related methods of use, both in the United States and abroad.

Patents are critical. A patent is a legal right that excludes others from practicing, manufacturing and selling the technology claimed in the patent (the wearable device and/or method of use of the wearable device).To obtain such patent protection, a wearable device company must submit a separate patent application for each country (or region, in the case of the European patent application) in which it wishes to protect its investment and invention. The time, money and effort required to obtain U.S. and international patents are important considerations because the process to obtain a patent requires a significant investment after filing the application.

Without patent protection, the costly product development for wearable devices may easily be copied by competitors. However, if the wearable device is patentable (and once it has been patented), the company will be able to (i) create legal barriers to entry for competing devices by preventing others from copying, selling or manufacturing the patented device; (ii) license the patented device to generate revenue; and (iii) enhance the value of the wearable device company by building equity in the company and creating assets that may attract other investments.

Before a wearable device company invests time and money to develop a wearable device and bring it to market (particularly for medical devices in the U.S. market that require FDA approval and clearance), the wearable device company should consider the following:

1.    What Are Wearable Devices?

Wearable devices encompass various technologies and systems that span numerous lifestyle applications including health and wellness, sports and fitness, home diagnostics, childcare, pet care, fashion and continuous lifestyle monitoring, among many others. These wearable, portable medical devices make it easier for people to assess their wellness, adopt better lifestyles and prevent the majority of diseases with early diagnosis and treatment. These wearable devices (when connected to a hospital or doctor) can also alert health professionals to various problems regardless of where the patient is located.

For example, a personal heart monitor like AliveCor Heart Monitor (FDA-approved for detection of atrial fibrillation) allows patients to monitor their heartbeat using an iPhone and provide the information to their doctors. The AliveCor Heart Monitor may be combined with its AliveECG app to provide a 30-second, one lead electrocardiogram in addition to recording heart rate per minute. In just 30 seconds, a patient could capture a medical-grade electrocardiogram and know instantly if the heart rhythm is normal or if atrial fibrillation is detected in the electrocardiogram. The AliveCor Heart Monitor operates remotely and includes a control unit wirelessly connected to a transmitter that could relay heartrate signals and electrical profile of the heartbeats, skin temperature and other measurements from a chest band or patch, for example.

Google Glass is another exemplary wearable device. As a head-mounted display device in the shape of a pair of eyeglasses, Google Glass allows medical personnel (surgeon) to view information relevant to a patient during surgery without having to turn away from the patient. As the projector display is next to the user’s right eye, the surgeon could see all medical information without looking across the room and away from the patient. The Glass projector could also display patient’s vital signs, urgent lab results and surgical checklists, along with relevant information on the specific surgical procedure. The doctor can control the device manually through voice commands and a touchpad located on its frame.

2.    Impact Of Wearable Devices On Health Information Technology

With the 2014 launch of the Apple Watch and its related Apple Health app (a health and fitness data dashboard) and HealthKit platform, many have predicted the beginning of a digital healthcare revolution. Indeed, wearable technology devices have impacted our personal lives in many ways providing insight into our health and diet regimen, blood pressure, sleep pattern, heart rate and many other life aspects. Wearable devices in the form of sport watches track steps and amount of calories burned; Doctor on Demand facilitates video conferences and live discussions with remote physicians; Google Glass facilitates surgery by offering surgeons information relevant to the patient without having to turn away from the patient; mobile health apps help patients stop smoking or lose weight (and can be installed either on a mobile phone or tablet).

Recently, medical device companies have promoted the use of biometric technology within people/patients. The idea is that sensors within the body could be used to call the healthcare provider if the person is sick. These sensors could be swallowed and placed in the blood or injected or inserted directly under the skin. The sensor can report when a patient ingested a prescription drug, as well as a patient’s vital signs. For example, a digital sensor recently approved by the FDA can be placed inside a pill and swallowed by a patient. Once the patient swallows the tiny digital device, the sensor transmits the identity of the medication and timing of ingestion to a mesh worn on the patient’s skin. The mesh then transmits the received information to a mobile phone app that can also provide physicians with vital signs such as heart rate, body temperature and various rest patterns.

Data from biometric digital sensors can be integrated with wearable devices to create new age health monitors that are further integrated with smartphone apps. Conventional health parameters such as glucose, blood pressure and heart rate can now be combined with environmental data to provide predictive as well as preventative information. In this manner, the emphasis is shifted from treatment to prevention of illnesses and diseases.

3.    Wearable Devices And Types Of Intellectual Property

Wearable devices in the medical field could be protected by various types of intellectual property including patents, copyrights and trademarks.

Utility patent applications may be filed to encompass various aspects of the device per se, such as components and specific structures of the wearable device, as well as designs of various components of the wearable device (through design patent applications).

Patent applications may be also filed to cover hardware of the wearable device such as software, interface, or materials and specialized particulates employed in the wearable technology.

A wearable device company may also apply for copyrights in various software for operating the wearable technology and device, and/or trademarks directed to branding. Considerations may be also given to the packaging of the device for possible protection by trade dress.

4.    Patent Protection For Wearable Devices

Wearable device are protected and patented in the U.S. and other countries.  However, methods or surgery and medical treatment methods are protected and patentable in the U.S. and Australia but typically not in Europe and other countries such as Canada, South Korea or Japan.

Utility patent applications may be filed directed to various aspects of the device per se, such as systems, sensors (electrical, optical or chemical sensors that monitor patient parameters), servers, accelerometers, actuators, materials, controls, kits or specific mechanical components of the wearable device, as well as designs of various structural components of the wearable device (through design patent applications).

Patent applications may also be directed to software, interface (iconic, graphical or numeric user interface with monochrome or color LCD display) or controller (high speed microprocessors or microcontrollers for analysis and data control) of the wearable device.

For example, US 8,764,651 entitled “Fitness Monitoring” discloses and claims inter alia a monitoring system with a portable device, one or more sensors and a processor; a system with a cellular telephone, an accelerometer and one or more sensors; and a system with a server, a portable appliance with a heart sensor and a processor. US 8,108,036 entitled “Mesh network stroke monitoring appliance” discloses and claims inter alia a monitoring system that includes one or more wireless nodes and a sensor coupled to a person to determine a stroke attack; as well as a heart monitoring system that includes one or more wireless nodes, a wearable appliance and a statistical analyzer. Similarly, USD 737159 and USD 764346 are examples of design patents that depict and claim ornamental design for wearable devices.

Medical device companies in the wearable technology field should protect all novel aspects of the wearable device including structural attributes and methods of use, as well as the ornamental look and design of the product. When possible, medical device companies should include claims that cover not only the product per se but also software that is within the app and the wearable device, without referring to the device, to preserve the right of the patent owner to sue the manufacturer of the software for direct infringement of the patent.

5.    Wearable Devices And Privacy Concerns

While wearable devices and biometric technology are redefining the information landscape offering many opportunities, they also pose several challenges.

One important challenge is protecting personal data and ensuring that the policies protecting the privacy and confidentiality of patients are evolving at the same pace as the expanding use of new technologies. Concerns are being raised as to where this personal data is stored and how it is being protected. Highly sensitive and personal data is constantly input into many smartphones with health apps which monitor an individual depending on the data that is inputted. The more data that is inputted, the more vulnerable the individual/patient becomes.

The digital format of data from wearable devices and biometric records opens a world of opportunities for hacking and data breaches, especially when the wearable device is linked with a smartphone, tablet and computer.

 

Gabriela I. Coman is partner and co-chair of Rubin and Rudman’s Intellectual Property Practice in Washington, D.C. Coman practices primarily in the intellectual property area, concentrating in the fields of medical, biotechnology, pharmaceuticals, chemical, semiconductors and design patents. Contact Gabriela Coman by email at gcoman@rubinrudman.com or by phone at 202.794.6300.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Marty Herbert of NeoSystems Corp. shares the second in a series of tips for workflow and process automation.


In Part 1 of our Workflow and Process Automation Series, Re-evaluating Your Processes, we looked at a few steps your organization can take towards drastically simplifying your billing process. Keep in mind that throughout this series, I will highlight solutions which produce time saving, compliance-driven processes that integrate with business systems, like Deltek Costpoint, NetSuite, SAP or others and create an enhanced workflow automation framework. In today’s post, Part 2 of our series, we’ll address vendor invoice processing.

A few years back, while working on a series of consulting projects, I looked at a client’s AP department while performing an audit and noted several variations they employed to process their vendor invoices. Some invoices came in via email, others via snail mail. Some came in to the attention of the company’s AP department; others came in via the project manager. Some were based on a PO and others were one-off ‘bills that needed to be paid.’ Knowing who the appropriate approver is could be multi-faceted and involve the receipt of goods (or services). Similar to many larger government contractors, our client used Deltek Costpoint for vendor invoice processing so I will use that system as an example of a well-known business system that is largely identifiable for our audience.

This business system has a great mechanism for capturing data and information related to accounts payable, but it can’t necessarily control how invoices are delivered, who approves them, and how that approval is captured for compliance purposes.

Our client’s overarching goal (outside of employing processes that increased efficiency and effectiveness) was to find a way to electronically interface an APPROVED invoice for vouchering in Costpoint. That sounds like a simple objective, but there are nuances that might not be immediately obvious. The “approved” aspect implies that there needs to be a process followed to obtain a valid, recognized approval. The “electronic” aspect implies that the entry into the ERP system should be automated without the need for manual data entry. Automated work flow tools make the design and controlled execution of a process possible, while Costpoint Web Services enables an electronic interface.

But, let’s slow down. Before we send data along, we have to gather the data. In this case the data comes from a vendor’s invoice, but we want to make sure the vendor’s invoice has been reviewed and approved before we send it into the system of record. The first step in automating this process is to gather the data input (the invoices). There are multiple ways we could approach this:

  • We can give vendors access to a “portal” whereby they upload the invoice directly into a workflow, or vendors can email the invoice to a specific address that will automate process kick-off and move it into a queue for AP servicing, or
  • We can receive a vendor invoice and initiate the process by loading it to the AP queue (potentially after scanning it in if it is received hard copy).

Then it is time to route the invoice to the proper ‘approver.” If companies are already connected to an ERP application that supports project management data, they are able to use the data inherent to any given project to pull the relevant approvers for PO-based invoices. AP clerks will then have matched the invoice to a PO (unless the vendor did that already) and chosen the lines from the PO to which the invoice applies then… well, that is all they have had to do so far.

Off to the approver(s) the invoice goes. The approver gets the invoice that has been submitted as well as details added by the AP department. The approver can decide to reject it or send it to another approver, or sit on it a while. Any (or all) of these tasks can be built into the process. The end result is (hopefully) an approved invoice.

At this point, the system should validate the invoice information and manage the voucher process through creation, voucher number generation, accept or reject status and check generation. It is critical and most efficient to have a complete trail of activity from submission to payment.

This process, when automated, is extremely easy to follow, saves time and money and is easier to implement than one might think. Unfortunately, most government contractors don’t know the ease with which automation software can achieve this and many other processes quickly and effectively.

There are numerous effective workflow management software systems in the market today. Integrify, a workflow management software used to automate a myriad of processes within a variety of platforms, is one tool we use at NeoSystems to automate vendor invoice processing within the business systems we use.

Our next blog will focus on the delightful automation of purchase requisition. If you have any burning questions about this or other processes (even those we haven’t gotten to yet!) using web services and workflow management software for your business system, please feel free to contact me.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, Marty Herbert of NeoSystems Corp. shares the first in a series of tips for workflow and process automation.


Marty HIf you are an ERP user, you likely know that most applications are rich with many features that address the nuances of running projects, especially if you are a government contractor.  However, no application can address the many steps that an organization must go through to accomplish what might be seen on the surface as a simple task.

Take ‘billing’ for example. I was asked a while back to determine how to route a bill for approval, and I thought it would be a “piece of cake”. Create bill. Send to approver. Get approval. Bill is right – Send to customer. Bill is wrong – rinse and repeat.  For this article, we’ll use commonly known GovCon ERP, Deltek Costpoint, as an example.  This system is very good at the first part. If you need to create a bill, you can create bill replete with support for hours worked and costs incurred. The problem, however, is there is no nice and simple way of implementing a workflow process that will accommodate most organization’s review and approval routines within the ERP framework.  That’s not a knock against Costpoint, no ERP systems on the market adequately address this issue, especially when you magnify it by the many, many other processes, that an organization has in place to accomplish their back office routines.

Over the next six weeks we will be taking a look at several areas where workflow plays a big role and how to leverage the automation of workflows via integration with your ERP. Companies unaware of how to automate in these areas are wasting precious time in determining the process, missing steps and ultimately don’t know how to streamline efficiencies that will save them money down the road.

In our first post for “Evaluating Your Process for Users of Deltek Costpoint or a Similar System,” I’ll examine the role of an AR clerk with my ‘piece of cake’ attempt at automating bill routing.

I had bills created from our ERP and I had Outlook, so I sent two bills to their respective approvers to verify hours were correct so we could bill the services to the client. Then I waited and waited and waited and waited… you get the picture. I followed up via email at least three times over the next week and finally, a week later, I knocked on their doors to see if they had time to review the email I sent.

‘Approver 1′ called me to his desk and had me look at the count of emails in his inbox. Until then, I was unaware that this number could go over 9,999, but there it was. I apologized and helped him find my email. Five minutes later he reviewed it and sent me an email saying we could bill it. Finally, the bill was out the door. I don’t remember whether I had to mail it or email it, but that is of no consequence. Oh, and of course, I forgot to tell my supervisor that I got the bill out the door so she was unnecessarily on my case the next morning.  I’ll try not to make that mistake again.

‘Approver 2′ (let’s call her Amy), asked if I had received her email. She said she responded immediately to each of the messages I sent, so I crept back to my cube and found her responses.  Suddenly I was the culprit in slowing down my own process! “Sorry, this Acme project isn’t mine,” she said. “These should go to Janet, she runs the Acme project.” Ugh! Wouldn’t you know she didn’t even have the courtesy to copy Janet on her response to me. So I just trudged down the hall to Janet’s office and had her review the paper copy. She looked at it briefly and said “yep, looks fine.” Great, I was out her door and happy to get the bill out of the door. Never mind that I forgot to get Janet to initial the invoice to indicate she had approved it and, of course, I forgot to tell my supervisor I sent the bill.  But, hey…bill is out the door, case closed.

Actually, the case was just getting started. The following week, in walks my supervisor. “I got a call from Acme Company’s CFO.  She asked me who Francis Miller was and why we were billing Acme for her travel to Las Vegas.  When I look in our system, this bill isn’t even posted, when did you send it out? Did you get Amy to review and approve this before you sent it out?” Sorry, I said, I forgot to post the bill in the system, and Amy said the project really belongs to Janet, so I got her to review and approve it…..see (as I pulled my copy from the file drawer). But, of course, Janet’s initials weren’t there.  Now my boss is mad at me for sending out an invoice that she thinks I didn’t get reviewed AND I forgot to post it. Swell.

I realized there was A LOT of room for improvement in this process. Problem #1, people are swarmed with email. Problem #2, people change roles and responsibilities a lot. Problem #3, no coordination with the ERP and the approval activities.  Problem #4, I can be my own worst enemy. Why couldn’t all this stuff be linked together somehow, and why isn’t there a way to get things posted in the system without me having to remember every little thing. I’m only human, after all. And this was a simple bill.  I could only imagine – or rather didn’t want to in this case – what would have happened if there had been revisions.

From experience I’ve gathered intelligence on how to sidestep these common pitfalls. Apart from working together as a team, companies always think in terms of making changes to their IT infrastructure. What I believe needs to happen is approaching these pitfalls in terms of changing the process infrastructure. There are no short term ‘quick fix’ changes, but rather logical steps toward automating manual processes that run at the heart of their businesses.Workflow

Step 1

Get people out of email and into a single system for approvals. This will help solve problem #1 and 3. By logging in to a single system for approvals, the approver should be able to get to a “To Do” list that helps them focus on the task(s) at hand. A system that alerts ONLY when an approval is required, and only when this task is “past due,” can assist in decreasing problem #1.

Step 2

Link your system to Deltek Costpoint or a similar platform! Not only does it save time from transferring information into Outlook, but it also ensures that the information will not be incorrectly entered or failed to be entered. Additionally, users can maintain project leads in Costpoint, and can link to a user in the system to automatically assign the approver to the person(s) involved in any given approval process. Problems #2 and 3 solved.

Step 3

Create a workflow that allows for rework, rejection, and handles the issues and items that may need to be addressed when something is “wrong.” That way, the stakeholders that need to be involved can be included automatically based on roles, or by selecting a user from a list of possible issues/departments involved. This decreases the amount of emails sent out for approvals. Assigning a task and automating reminders in the system accomplishes all these things.

Step 4

Solve Problem #4.  Remove yourself from your enemy list.  Relax. Stay out of email. Work on other things. Seriously. At a recent conference I attended, it was estimated that we spend around 28 percent of our work time sending or reading emails. What happens when you remove a single work stream worth of emails from your list of things to do? You can get back a piece of that time to work on other more pressing issues.

If it sounds like I’ve been through this process at least a few times, it’s because I have. Using the power of a business process management tool called Integrify, NeoSystems has automated this and other processes and tied those processes to Costpoint and similar platforms. Throughout this series, I will highlight the ways we have implemented, envisioned, and produced time-saving, compliance-driven processes that integrate with your ERP to create an Enhanced Workflow Automation Framework.

Have burning questions about Process Automation? Feel free to contact me ahead of next week’s blog post.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Collecting Big Data Footprints

May 23rd, 2016 | Posted by Sarah Jones in Guest Blogs | Member Blog Posts - (Comments Off)

This week on NVTC’s blog, the Virginia Commonwealth University School of Engineering shares research on Big Data footprints that the Electrical and Computer Engineering Department is working on with the Huazhong University of Science and Technology.


vcublogXubin He, Ph.D., professor and graduate program director of the Virginia Commonwealth University School of Engineering Electrical and Computer Engineering department, is working with Huazhong University of Science and Technology (HUST) to establish an international research institute focused on creating design techniques to improve data reliability and performance. Coordination efforts are currently underway to create rotation periods for students from VCU and HUST to conduct research within each university’s state-of-the art laboratories.

“This next step in our partnership with VCU helps both universities attract more high-quality research students, while enhancing the breadth and depth of our research,” said Dan Feng, Ph.D. and dean of the School of Computer Science and Technology at HUST. Feng also serves as director of the Data Storage and Application lab at HUST.

Managing big data

Data storage is a booming industry, with lots of opportunities. Just a decade ago, computational speed dominated research efforts and water cooler conversations. According to He, data is more important now. “Data empowers decision-making and drives business progress. No one can tolerate data loss, whether that data represents favorite photos or industry trends and analytics,” added He. And yet, trying to increase data capacity or replace obsolete data systems can shut down vital data centers for days.

Research teams from both universities find creative solutions to global data pain points. For example, these collaborative research teams reduced overhead costs associated with data failures by up to 30 percent. Their algorithms allow businesses to encode data that can be easily retrieved, instead of having to rely on costly data copies or redundant data centers.

Currently, in addition to HUST, He’s team also works with top data storage companies such as EMC, which ranks 128 in the Fortune 500 and had reported revenues of $24.4 billion in 2014.

The network effect

He has a simple philosophy to gauge the success of university research efforts — he looks at who else is there. “At top data storage and systems events such as USENIX’s File and Storage Technologies conference and USENIX’s Annual Technical conference, we’re presenting with peers from Harvard, MIT, Princeton and other premier universities we admire,” said He. These conferences typically accept about 30 presentation papers — that’s less than 20 percent of the global submissions they receive.

“Professor He’s leadership represents one of many efforts to build our international reputation in industry and academia,” said Erdem Topsakal, Ph.D. and chair of the Department of Electrical and Computer Engineering. “HUST is ranked 19 on the U.S. News World & Report’s Best Global Universities for Engineering list. When leading universities like HUST want to work closely with you, you know you’re doing something right.”

For more news from the Virginia Commonwealth University School of Engineering, click here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Protecting Data at Its Core

May 20th, 2016 | Posted by Sarah Jones in Guest Blogs | Member Blog Posts - (Comments Off)

This week on NVTC’s blog, Richard Detore of GreenTec-USA discusses the deep concerned over recent cyber-attacks and offers a solution to prevent data damage.


picforblogEveryone in the cybersecurity field – both inside and outside of government – is deeply concerned over the kind of cyber-attacks that hit federal agencies such as the Office of Personnel Management (OPM) and private companies such as Sony. Rightly so, government agencies and private companies continue to make large investments in cybersecurity.

This sense of urgency extends to America’s key infrastructure, as underscored last October when President Obama issued a Presidential Proclamation on Critical Infrastructure and Resilience. In that proclamation, the president noted that

“Our Nation’s critical infrastructure is central to our security and essential to our economy. Technology, energy and information systems play a pivotal role in our lives today, and people continue to rely on the physical structures that surround us. From roadways and tunnels, to power grids and energy systems, to cybersecurity networks and other digital landscapes, it is crucial that we stay prepared to confront any threats to America’s infrastructure.”

Last year, in testimony before the Senate Armed Services Committee, Director of National Intelligence, James Clapper, noted how cyber-attacks threaten public and private sector interests:

“Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial-of-service operations and data-deletion attacks undermine availability. In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity…instead of deleting it or disrupting access to it. Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”

And in his most recent appearance before the Senate Armed Services Committee, Clapper stated that “Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact.”

According to a recent study published by the cybersecurity firm Tripwire, 82 percent of the oil and gas companies surveyed said they saw an increase in successful cyberattacks over the past year. More than half of the same respondents said the number of cyberattacks increased between 50 to 100 percent over the past month.

Last year, federal investigators uncovered the fact that Russian hackers had penetrated the U.S. State Department in a major cybersecurity breach that gave Russian hackers access to the White House – including the President’s schedule.

Other threats, such as ransomware, are now on the radar screen of key policy makers in Congress, as well as the U.S. Departments of Justice and Homeland Security. Ransomware encrypts a computer user’s information, and hackers then demand payment – usually in the form of crypto-currency such as Bitcoin (which is extremely difficult to trace) – to unlock the information.

In fact, in recent years several police departments have fallen victim to ransomware and have had to make payments to the hackers. One typical example happened in Maine when two police departments were hacked into. To date, the perpetrators in these cases have not been apprehended.

Obviously, protecting and securing data at its core is a key component of cybersecurity efforts for both the public and private sectors. While it is important for cybersecurity efforts to focus on improving detection and enhancing firewalls, one approach that may often be overlooked is better protecting data at its core.

picforblog2Until recently, it was not possible to fully protect data at its core –the hard drive. In 2013, Write-Once-Read-Many (WORM) disk technology was developed and successfully installed that now, for the first time, allows government agencies and private companies to safely secure and protect data at the physical level of the disk. Any and all data stored on a WORM disk cannot be altered, overwritten, reformatted, deleted or compromised in any way within a computer or data center. The WORM disk functions as a normal Hard Disk Drive with zero performance degradation from its additional built-in capabilities. These capabilities prevent data damage from any form of cyberattack.

This new breakthrough combined with encryption makes it impossible for hackers to steal data or render it useless by attacking the stored data, or disks.

In addition to advances in malware and firewall enhancements, comprehensive cybersecurity efforts should take a close look at technologies that protect data at its core. Such efforts will impact the public and private sectors in profound ways.

Richard Detore is a NVTC member and CEO of GreenTec-USA, a technology company based in Reston, VA.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

LeaseWeb’s  introduces six tips to help you find the perfect cloud partner for your business.


By now, the concept of the cloud is ubiquitous, but for many business leaders the idea still presents more challenges than opportunities. Understanding the complicated technology, not to mention the vast array of delivery models, degrees of services and levels of security available, can be a daunting task for companies under pressure to adapt or adopt.

In a new white paper, “Developing a Cloud Sourcing Strategy: Six Steps to Select the Right Cloud Partner,” LeaseWeb gives decision makers the tools they need to formulate an effective cloud strategy or to identify the right cloud partner to executive it. In summary form, these six tips will help you find the cloud partner for your business.

  1. Support and services — For most businesses, concerns about cost, security, vendor management and technology take the lead in the search for a reliable cloud partner. Surprisingly, the ability of  a provider to smoothly and effectively deliver customer support, SLAs and managed services is often minimized or overlooked, at the expense of the customer. When deciding which cloud partner best fits your needs, don’t underestimate the crucial importance of the support and services they make available. It’s the difference between a cloud partnership that takes your business to new levels and one that just adds to your daily hassles.
  2. Architectural alignment — One of the biggest considerations is whether to use a hyper-scale or traditional hosting model. Practically speaking, a hyper-scale provider requires users to be responsible for operational, day-to-day tasks, while hosting providers oversee the day-to-day management of the infrastructure elements. It’s up to you to decide which is a better fit for your technical team and business needs.
  3. Security and compliance — Data centers are a frequent target of malicious attacks, so it’s important to make sure that your cloud provider is prepared for every eventuality. This means everything from physical security and network threat recognition, to regular security audits to updated compliance certifications like HIPAA. Your data is your most valuable asset, so make sure it’s going to be treated that way.
  4. Support for data sovereignty and residency requirements — In tandem with security and compliance issues, data residency is another issue that frequently stalls cloud and hosting projects. The growth of “bring your own device” (BYOD), big data and cloud projects is dragging sensitive data to third-party clouds and data centers. This makes many business owners uneasy, which is why it’s so important to address the location of your data, the laws governing the export of data wherever it’s stored and the security and encryption of that data.
  5. Financial management — Traditional hosting companies typically offer a more basic cost scheme, based upon initial configurations with monthly utilization. This traditional model works well for companies with steady and predictable usage patterns. Hyper-scale cloud services, on the other hand, were built around granular per minute or hourly costs from their inception. Provisioning is primarily self-service and allows users to turn up server, storage and network services. This feature appeals to users who need to spin up environments in near real time and then turn them down when not needed. Consider your requirements to determine which model fits you – or if you want a mix of both.
  6. Cultural and strategic alignment — Cultural fit with your service provider is a key point that never receives enough attention in the RFP process. For nearly all enterprises, using a cloud or hosting provider is truly a new venture, one that requires extensive internal buy-in. For first-time cloud buyers, the ongoing degree of partnership is an unknown factor. Each provider engages and on-boards clients differently.

If you’re in the process of picking a cloud partner for your business, remember that no one becomes a cloud infrastructure expert overnight. But with a smart approach, you can make an informed decision that will lead to great results for your company.

Ultimately, remember that you will only achieve the higher-performance and lower-cost environments you are aiming for by choosing the provider that fits your needs and requirements best.

To learn more, visit us at here to receive our full white paper on selecting the right cloud partner today.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

May is Mental Health Awareness Month. Innovation Health Chief Medical Officer Sunil Budhrani urges Virginians to start a conversation about mental health. Budhrani moderated the Digital Health panel at NVTC’s Health Care Informatics & Analytics Conference on May 5.


Even for a medical expert, mental health can be a difficult topic to talk about.

I know the terminology, proper treatment plans and resources. But as a society (even among health providers), we often don’t know how to talk to those in need of mental health support – sometimes including ourselves. It’s uncomfortable. It’s emotional. It’s personal. So we don’t share. Don’t ask. Don’t act. And suicide rates across our nation skyrocket.

We need to talk about mental health.

When I joined Innovation Health as Chief Medical Officer last month, I sat down with my team and we made a collective decision. We decided to speak from our own personal experiences with mental health, however imperfectly. Because talking about mental health is the best way to truly help remove the stigma associated with mental health conditions.

Working as an ER doctor, I frequently saw patients whose anxiety and depression had gone unmanaged and ultimately led them to attempt suicide. Some I was able to help. For others there was nothing I could do. I realized that many times these patients weren’t getting the help they needed because they feared being labeled or misunderstood. Time and again, I saw that the cost of not treating these symptoms could be fatal.

Now, after so many years, so many news reports, and seeing so many of my colleagues and friends struggle, it is clear to me that we must confront the topic of mental health head-on if we are truly going to make a difference.

May is Mental Health Awareness Month and I hope it will be a catalyst for this critical conversation, which impacts so many Americans.

The proof is in the numbers: according to the National Institute of Mental Health, nearly one in four adults and one in five children in the U.S.  has a diagnosable mental health condition. In Virginia, more than 230,000 adults – roughly 3.8 percent of the population – have experienced a serious mental illness. These facts tell me one thing; we are not alone. We all know someone, work with someone, or love someone who struggles with mental illness. We may struggle with it ourselves. The fact is that anxiety, depression and substance abuse touch every community. The time to accept this is now. The time to speak up and reach out is now.

Many people don’t get the services they need because they don’t know where to start. If you or someone you know is struggling, you can start the healing process by following these three steps:

  1. Talk to a primary care physician about your mental health. They can help connect you with the right mental health support. If you do not have a PCP, I highly recommend you select one for your general health care needs.
  2. Educate yourself. Visit the Innovation Health website to take a depression or anxiety assessment or call 703-289-7560 to schedule an in-person assessment with a trained counselor.
  3. Be proactive about mental well-being. If you know someone who may be experiencing symptoms related to a mental health condition, encourage them to get the help they need.

It is never easy or comfortable to approach situations like this, but as a community we can’t let our fear or doubts stop us from helping others or ourselves dealing with mental illness. Talk about metal health with your family, friends and colleagues not just this month, but all year.

Together we can work to build a healthier world. But first, we have to start the conversation.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

John Wood of Telos Corporation provides an inside look into the Virginia Cyber Security Commission, established by Gov. Terry McAuliffe in 2014.


Shortly after taking office in 2014, Gov. Terry McAuliffe signed an Executive Order establishing the Virginia Cyber Security Commission “to bring public and private sector experts together to make recommendations on how to make Virginia the national leader in cyber security.”  It was my privilege to serve as a member of the Virginia Cyber Security Commission for the past two years, and I want to commend my fellow commissioners for their contributions, particularly Co-Chairs Richard Clarke and Secretary of Technology Karen Jackson, as well as our executive director, Rear Adm. Bob Day (Ret.).  With the Commission’s two-year authority ending this spring, it’s a good time to look back on what was accomplished and to see what’s next.

Being on the Commission was an eye-opener in many ways. The Commonwealth faces numerous and evolving challenges in the battle to secure state and local government networks, and to help protect the private sector and citizens of Virginia.  I was incredibly impressed with how open and honest our discussions were as we explored many complex issues.  This includes not only commissioners but the Governor’s appointees and other state employees who were party to our discussions – they were remarkably candid with us about the serious threats Virginia faces in cyber space and what actions are needed. We heard from and worked with representatives from state and federal law enforcement, the Virginia chief information officer, and other state government information security professionals. It was refreshing to hear such blunt assessments of our vulnerabilities – there was no “bureaucratic” caution, probably because the threat is so real and so immediate.

The Commission served to shine a bright light on the challenges facing Virginia. We made a number of recommendations that led to subsequent actions by the Governor and General Assembly, improving Virginia’s cyber security posture.  Moreover, our activities have better positioned Virginia’s cyber security sector to be a vibrant national leader. These results are consistent with the Governor’s desire to “grow this key industry, keep Virginia’s cyber assets safe and create new, good jobs here in the Commonwealth.” 

I urge everyone to read the report issued last summer by the Commission.  It notes some of the recommendations that were already accepted by the Governor and adopted by the General Assembly, such as new laws to help prosecute cyber crime and put in place other policies to better protect Virginians.  More importantly, the report raises a number of issues that require further work.  The effort must continue – there is much to be done, and Virginia’s public and private sectors must continuously work together to illuminate the changing threats we face and to swiftly take appropriate actions to address them.

It was gratifying to see how easy it is to get things done when people work together to find consensus.  The Commission explored problems and made recommendations, and the Governor and General Assembly took action.  That’s the way government is supposed to work.

At the same time, I saw how difficult it is to get things accomplished when competing agendas battle for the same limited pool of resources. That was my biggest disappointment.  In our report, we identified a real need for dedicated funding to promote collaborative cyber security research and development between the higher education community and private sector. That course was endorsed by the members of the General Assembly’s own Joint Commission on Technology & Science (JCOTS), which recommended $5 million to fund this effort. But this bi-partisan recommendation was set aside in Richmond, at least for now, because there were simply too many R&D agendas fighting for the same pool of money and attention.  I am hopeful the Governor and General Assembly will return to this because I firmly believe, as do many of my fellow Commissioners and the members of JCOTS, that collaborative R&D will be a key element in our drive to grow the industry and make Virginia THE leader in cyber security.

One final note: cyber security does not recognize man-made, political boundaries.  In that light, we in the technology sector should be looking at where other companies and other states are making investments (like in R&D), and see where we might do the same. Similarly, I hope the Commission’s work will set an example for other states, and help to chart a path for Gov. McAuliffe to pursue greater cooperation among the states.  I know he is interested in making intrastate and interstate cyber security a major focus during his upcoming term as chairman of the National Governors Association, and Virginia’s cyber security leaders in the private sector should support his efforts in any way we can.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Kristin D’Amore of Dovel Technologies provides a look into how Virginia is supporting student innovation, an essential asset to the Commonwealth’s economy.


New businesses account for nearly all net new job creation and almost 20 percent of gross job creation as well as being responsible for a disproportionate share of innovative activity in the United States.* There is an enormous amount of entrepreneurial activity occurring at institutions of higher learning throughout the country, and Virginia is taking strides to strengthen student innovation on its campuses. On April 14, 2016, Governor Terry McAuliffe signed into law legislation that directs the Boards of Visitors of public colleges and universities to adopt intellectual property (IP) policies that are supportive of student entrepreneurship. The legislation, which was sponsored by Del. Charniele Herring, was supported by NVTC and a broad coalition of higher education and business community organizations across Virginia.

The legislation reduces some barriers to entry for student entrepreneurs by clarifying existing university IP policies to specify the conditions under which institutions of higher education own intellectual property as opposed to student ownership. Current policies at some institutions of higher education create uncertainty about IP ownership, which discourages students from launching new ventures, starting businesses, or commercializing research based on their own ideas. The bill encourages a campus culture that supports entrepreneurship and motivates Virginia’s universities to be hubs of creativity and innovation with the potential to drive regional economic growth through research commercialization and new business formation.

The issue of student entrepreneurship and IP rights was raised by the Governor’s Council on Youth Entrepreneurship, which was formed in August 2015 to study and recommend ways to support young business owners and innovators in the Commonwealth. The group is comprised of leaders in higher education, business, innovators and entrepreneurs. As a member of the Council, I was pleased to see an early win for young entrepreneurs and students across Virginia.

Increased student innovation and promoting IP commercialization and new patents by students is critical to growing Virginia’s economy.  Statistics from the Council on Virginia’s Future show that although Virginia’s rate of patent formation has improved in recent years, it is still well below the U.S. average. Furthermore, Virginia universities generated 1.94 startups per one million residents in 2013, measurably below the national rate of 2.38 startups and ranking the Commonwealth 27th in the country.

The Council on Youth Entrepreneurship is continuing its efforts assessing resources and opportunities in Virginia for young entrepreneurs and will be presenting additional recommendations to the Governor later this year.  The Council will make additional recommendations on areas including financial incentives for business formation, improving regulatory processes for entrepreneurs, strengthening academic programs for student innovators in K – 12 and higher education, and marketing the assets of Virginia’s education system to students, faculty, and business leaders across the country.  The Council’s efforts are focused on providing the next generation of entrepreneurs and innovators a solid foundation from which to launch their ideas, ultimately leading to further growth in the economy.

* According to the Kauffman Foundation, the largest foundation in the world devoted to entrepreneurship.

Kristin D’Amore is Director, Market Development and Strategy at Dovel Technologies and a member of Governor McAuliffe’s Council on Youth Entrepreneurship. 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS