Grab your paper shredder and a pair of scissors, because it’s time to go paperless. Surety recently became members of The Paperless Project, a coalition of content management providers who are dedicated to encouraging the adoption of electronic documents and processes within the office environment.

With the goal of reducing the reliance on paper, The Paperless Project’s Go Green Initiative’s mission is to identify processes by which offices can adhere to in order to decrease paper usage and encourage the adoption of electronic solutions. As a member, Surety will aid fellow content managers in making smart, proactive and thoughtful decisions about the security of their electronic documents.

For more information about The Paperless Project and the ways Surety is contributing to its initiative, check out their website and read about the benefits electronic records management authentication. You can also read the full press release announcing the partnership here.

Surety has joined the paperless green movement, have you? If so, tell us about it – we’re always interested in hearing about the ways companies are implementing electronic environments.

Most enterprise-class Electronic Lab Notebook (ELN) systems can be expensive, cumbersome or even overkill for many organizations. Many don’t benefit from all the ELN’s features , and some never deploy and use the ELNs they have purchased because they do not meet their needs.

Before any organization invests in a commercial ELN, we recommend they take a step back. Consider how you can most cost-effectively and efficiently enable your researchers and scientists to focus on getting world-class products and ideas to market faster in a collaborative, workflow-friendly environment, with built-in intellectual property protection.

Chances are, if your organization already has an Enterprise Content Management (ECM) system like Microsoft SharePoint or Open Text Livelink, an email system, such as Microsoft Exchange, a database application like Oracle or SQL Server, and Surety’s AbsoluteProof Data Integrity Protection service, you have all of the core components to meet the most common objectives of an ELN, without the overhead, costs and complexity of deploying yet another enterprise-class system.

By purchasing a commercial ELN application, you will spend as much, if not more money tailoring it to fit your needs and with integration. Why not leverage your existing investments in software and applications you already have deployed today and easily “customize” an ELN that meets your EXACT needs, and save time, money and resources as a result?

(Photo credit: Wikipedia)

A note from The New York Times after claims that a published photograph had been digitally altered.

If a picture speaks a thousand words, does a screen shot as well? Check out the Editor’s Note posted by The New York Times yesterday:

The pictures in this feature were removed after questions were raised about whether they had been digitally altered.

What’s this all about? A different Editor’s Note posted by The New York Times today offers some additional insight:

A second Editor's Note posted by The New York Times offers more insight into the digital manipulation.

In case you can’t read it, here’s what the Editor’s Note says:

A picture essay in The Times Magazine on Sunday and an expanded slide show on NYTimes.com entitled “Ruins of the Second Gilded Age” showed large housing construction projects across the United States that came to a halt, often half-finished, when the housing market collapsed. The introduction said that the photographer, a freelancer based in Bedford, England, “creates his images with long exposures but without digital manipulation.”

A reader, however, discovered on close examination that one of the pictures was digitally altered, apparently for aesthetic reasons. Editors later confronted the photographer and determined that most of the images did not wholly reflect the reality they purported to show. Had the editors known that the photographs had been digitally manipulated, they would not have published the picture essay, which has been removed from NYTimes.com.

From what we have read and can gather, a commentator on the community blog MetaFilter may have been the first to spot the digital manipulation.

Evidence of digitally manipulated New York Times photographs, available at http://gurno.com/adam/images/abandoned-house-ps-evidence.gif

Unfortunately, this instance isn’t the first we’ve seen where a reputable media outlet published digitally altered or manipulated images, and equally unfortunately, we are certain it won’t be the last. The good news, however, is that solutions already exist that enable organizations to detect whether any electronic record – including digital images! – have been tampered or manipulated, either maliciously or inadvertently, helping them to avoid the reputation damage and loss of trust caused by a lack of data integrity safeguards.

http://www.surety.com/News/Press-Releases/Surety–LLC-Joins-Microsoft-BioIT-Alliance.aspx

Data Integrity Provider First to Bring IP Ownership into Discussion

Surety, LLC, the leading provider of data integrity solutions, announced today that is has joined the Microsoft-sponsored BioIT Alliance as the first and only data integrity protection provider of its kind within the alliance.

Utilizing digital timestamp technology, Surety’s solutions allow government and commercial organizations to validate the integrity of their electronic records and help prove their authenticity and intellectual property (IP) ownership when challenged in a competitive or legal situation. With the use of electronic records, files and additional digital content on the rise, the need for immediate and legally-defensible IP protection continues to increase as well.

“Surety’s acceptance into the BioIT Alliance further proves the market’s increasing recognition of the need to effectively secure and protect the integrity and authenticity of critical bio-IT and pharmaceutical content,” said Bob Flinton, Vice President of Marketing and Product Management for Surety, LLC. “We’re pleased to be a unique and strategic part of the alliance and are looking forward to contributing thought leadership and best practices discussion around the need for implementation of electronic document protection technologies, particularly within the Life Sciences market.”

The Bio-IT Alliance connects various IT, pharmaceutical and biotechnology industries to successfully collaborate best practices for improving drug development and consequentially improving the healthcare of millions of Americans. Members are encouraged to share their knowledge and industry expertise for the sake of reducing medical costs, increasing research and improving go-to market capabilities.

“We are delighted to have Surety join the Alliance. Their decision to become a member reflects the importance of alliances today,” said Rudy Potenzone, Ph. D., Worldwide Industry technology strategist for pharmaceuticals and director of the Bio IT Alliance, Microsoft. “They add an additional dimension that will offer existing members potential collaboration opportunities.”

About Surety, LLC

Founded in 1994 by leading Bellcore Scientists, Surety is recognized as a premiere third-party time-stamp authority. With millions of electronic records and files worldwide protected under its authenticity seal, the company’s flagship service offering AbsoluteProof® enables organizations to meet the legal, fiduciary and regulatory responsibilities associated with creating, managing and archiving electronic data by providing verifiable evidence of data integrity and authenticity. The company’s client base is made up of legal and financial services firms, healthcare organizations, research and development laboratories, managed services providers and copyright protection agencies that are ensuring record integrity with AbsoluteProof. For more information, visit http://www.surety.com.

About the BioIT Alliance

Formed in 2006, the BioIT Alliance is a cross-industry group working together to improve biomedical information technology on the Microsoft platform. Founding members include Affymetrix, Accelrys, Amylin, Applied Biosystems, The BioTeam Inc., Digipede Technologies LLC, Discovery Biosciences Corp., Geospiza Inc., HP, InterKnowlogy, Microsoft, Sun Microsystems Inc., VizX Labs LLC and other key companies in the pharmaceutical, biotech, hardware and software industries. Additional information about the BioIT Alliance can be found on the BioIT Alliance Web site at http://www.bioitalliance.org.

Photo credit: Aviationphotos.info

Falsifying electronic records has been a problem ever since they entered our everyday business lives. Time after time, we’ve seen instances where individuals maliciously tamper with IP ownership documents, contracts, budget numbers and other forms of electronic evidence. While these are all undesirable scenarios that have serious financial, legal and regulatory consequences, tampering of these records rarely results in injury or death. Some electronic records, however, are actually used in highly regulated industries to ensure safety of everyday citizens. Dependent on industry, these records might log things like hours worked, compliance training and safety procedures – all things that impact job performance and on-the-job safety.

Unfortunately, when records of this nature are purposefully altered, the consequences can be grave. Take Gulfstream International Airlines for example. According to a recent Wall Street Journal article, current and former employees allege that the airline tampered with electronic flight logs and falsified flight hours in order to allow pilots to fly additional hours than the federal safety rules allow.

“Mary Hebig, who worked as a crew-scheduling supervisor at the carrier from March 2005 to July 2007, said in an interview that the flight-dispatch department frequently and retroactively changed flight hours in the computer system without conferring with pilots or with her department.

When an initial check of computerized schedules showed that certain pilots had run out of allowable flight hours, according to Ms. Hebig, ‘dispatch would call back and say, check them again.’ Often, it was apparent the numbers had been changed between calls and ‘suddenly, the crew had a rebirth; they were now legal to fly’ more trips, she alleged.”

And while Gulfstream did not operate the Feb. 12 Continental Connection Flight 3407 that killed 50 people, fatigue has been frequently reported as a cause of airline industry crashes, making the allegations against Gulfstream extremely troubling. The Federal Aviation Administration recently proposed a $1.3 million penalty against Gulfstream, accusing it of “scheduling crew members in excess of daily and weekly flight-time limitations.” David Hackett, chief executive of Gulfstream International Group Inc., argues that the airline never changed work records in an attempt to bypass the rules.

Putting aside the argument of who’s right or wrong, the mere idea that flight logs can be tampered with is a scary thought. Federal safety rules are in place for a reason, and the thought of someone violating them (for whatever reason) should stop us all in our tracks. Electronic records are in need of safekeeping from individuals who are tempted to alter them. Products such as Surety’s AbsoluteProof, could have played a major role in this particular case. AbsoluteProof’s digital timestamping technology would have legally and irrefutably proved whether or not the electronic flight logs had in fact been tampered with. Thus, the FAA’s investigation would be an open and shut case, proving Gulfstream’s guilt or innocence.

We’ll stay on top of this story and report back with the end result of this case. Regardless of its outcome, we hope this experience helped the airline (and the entire FAA, for that matter) realize the necessity for proper electronic document security measures. Failing to implement proper precautions could end up being a life or death scenario.

Image credit: Computerworld UK

Forget about blaming hackers and competitors for a security breach of your businesses’ information. According to a recent ComputerWeekly article, an organization’s own employees are often times the biggest threat to the security of your information

“The majority of major data breaches that have occurred over the past 18 months can be directly attributed to employee behavior, an inability to follow policies and procedures that has had catastrophic results; millions of personal records being compromised, a plethora of government investigations, heavy fines and sanctions, reputational damage and the media baying for blood.”

This is something we’ve talked about before but it remains a massive misperception among IT and business executives that the largest threats are those outside your own walls. So, what’s an organization to do?

First, every organization needs to make a commitment to information security. As an increasing number of an organization’s most valuable assets – from intellectual property records to contracts – are kept in electronic format, this often means making a commitment to ensuring those records are protected and that, if necessary, the organization can establish that these records haven’t been tampered. Investing in products such as Surety’s AbsoluteProof can help alleviate these worries of tampering by providing data integrity assurance with the technology of digital timestamping. Pinpointing the exact moment an electronic document is illegitimately altered, AbsoluteProof provides legally verifiable evidence of data authenticity, ensuring the protection of some of your most valuable assets.

The amount of time and effort invested in these types of technologies behind your security measures should equal to that of the energy you put toward educating and training employees about their respective IT responsibilities. Employees need to understand the procedures needed to take in order to effectively secure information. Compliance regulations and expectations must be communicated on a regular basis, keeping up with the ever-changing IT landscape.

In order to do this and manage “user accountability and awareness,” organizations should follow the guidelines listed below as described in the article. You’ll notice that automation plays a big role in the process – that’s because according to this article, automating key security processes has proven to increase user awareness of security risks by 30 percent within three months.

• Automate the policy creation process so that you can quickly create or modify policies already in place.
• Implement automatic targeting and scheduling technologies so that you can be sure you’re targeting all your users.
• Require a response from a user each time he/she breaks the code of conduct so that you can have proof of communication relating to the event.
• Automate surveys and risk assessments to challenge your employees’ knowledge and share an outline of your current IT security position.
• Implement products with skilled reporting capabilities so that you can better identify and prevent risks down the road.
• Implement automation so that you can establish a routine process, thus increasing your chances of reliable IT security.

So, do you agree or disagree with these recommendations? What is your organization doing to protect against internal security threats?

2009 SharePoint Security Survey Proves Organizations with High-Value Electronic Records Need Additional Data Integrity Protection

Surety, LLC, the leading provider of data integrity solutions, has announced the results of its 2009 SharePoint Security Survey. The survey of more than 330 respondents spanned a broad spectrum of information technology job titles across markets, and the results revealed overwhelming concerns about the risks of data tampering in collaborative environments, particularly Microsoft® SharePoint®.

Alarmingly, nearly one-quarter of respondents lack confidence that their organizations’ electronic records or other digital content are protected when they are being shared within the SharePoint environment, and of the respondents whose organizations have suffered a data breach within their SharePoint system, 67 percent indicated that the tampering was at the hands of a person with access to SharePoint from inside the organization.

“This is not about SharePoint’s built-in protection controls, which are good in general, but instead it’s about protecting the integrity and authenticity of electronic records that can be shared across multiple parties in any document or records management system,” said Bob Flinton, Vice President of Marketing and Product Management of Surety, LLC. “With data security and integrity controls, like third-party digital timestamps, integrated into business process systems like SharePoint, organizations are able to deter electronic data tampering more effectively.”

The survey also revealed that a majority of organizations are using SharePoint to store and share their most vital electronic records, such as critical intellectual property (IP) records, to strategic corporate planning documents, company financials, employee records, electronic medical records (EMR) and personal health records (PHR). Forty six percent of respondents estimated that the data housed in their SharePoint systems was valued greater than $10 million dollars. Nearly 30 percent of survey respondents valued the electronic records housed in their SharePoint systems at more than $50 million dollars, with 9 percent indicating that their data was valued greater than $500 million dollars.

Other findings in Surety’s 2009 SharePoint Security Survey include:

• The ability to authenticate electronic records is essential in order to prove that these records have not been tampered with (for compliance, intellectual property protection or litigation readiness). Fifty eight percent of respondents indicated that electronic records authentication was either their most important or an important priority for their electronic records. Interestingly, 75 percent of respondents with C-level titles indicated that electronic records authentication is a top-of-mind concern.
• SharePoint users want additional security and document authentication capabilities in their collaborative environments. Nearly 60 percent of survey respondents believe that adding security and document authentication options to SharePoint would result in a “better and safer collaboration environment,” while only 5 percent viewed them negatively.
• The consequences of a SharePoint security breach extend beyond IT. According to survey respondents, the most significant consequences facing their organization include data loss (62 percent), reputation risk (41 percent), intellectual property compromise (35 percent), and non-compliance with regulations and legislation (31 percent).

To receive a full copy of the findings for Surety’s 2009 SharePoint Security Survey, contact surety@speakerboxpr.com.

Survey Methodology
The survey was conducted by eMedia USA on behalf of Surety during the Fall of 2008, and included 336 SharePoint, Network and Systems Administrators, Systems Architects, IT Directors, Security Analysts, Network Engineers, Chief Security Officers and Chief Technology Officers.

This is part four of a four part podcast series.

Podcast Presenter: Michael Elliot of Atrium Research & Consulting.

Curious to know what sort of informatics trends are emerging in the electronic R&D space? And what about the success stories for ELNs? Listen in as Michael Elliot with Atrium Research & Consulting discusses both.

1. Tools and Technology Trends in eR&D
   SharePoint and other records management systems, combined with data integrity protection technologies, will play an increasingly growing role in how electronic records and other digital content are managed and secured. (Michael Elliot only)
   Register to download podcast segment. (6 MB)
2. eR&D Success Stories, A Real Life Analysis
   (Michael Elliot only)
   Register to download podcast segment (4 MB)

(Photo Credit: Ian-S)

Photo credit: ohmygov.com

Electronic health information technology is transforming the delivery of healthcare. Nineteen billion dollars of the economic stimulus package has been set aside for the modernization of health records, and the federal government has set a goal of 2014 for the creation of an electronic health record (EHR) for all Americans . The move from paper records to EHRs —including electronic medical records (EMRs), personal health records (PHRs) and e-prescriptions –can solve a host of problems for medical organizations, allowing them to run more quickly, more accurately, and more efficiently. With complete and immediate access to patient records through EMRs, healthcare providers are able to provide better, faster and more personalized care, raising the level of both medical care and personal attention. As the number of patient charts is reduced, medical organizations are also dramatically reducing the costs associated with creating, storing and maintaining paper charts.

Beyond EMRs, the increasing use of electronic prescribing contributes to patient safety. A 2006 study by the Institute of Medicine reported that 1.5 million people in the United States are harmed each year – and 7,000 killed – by medication errors. E-prescriptions improve patient safety through more complete and accurate prescriptions, direct transmission of the prescription to a dispenser where fill status can be monitored, and elimination of the need for the dispenser to decipher and transcribe, often illegible, handwritten fax or paper prescriptions.

While the increased use of EHRs is integrally related to improving patient care and safety, their adoption introduces new security concerns, including the opportunity for data loss or destruction (both accidental and malicious data tampering), inappropriate corrections to medical records and e-prescription forgery. In order to address areas of potential risk and remain compliant with medical organizations must adopt policies and procedures that are compatible with EHR systems and compliance with regulations like the U.S. Health Insurance Portability and Accountability Act (HIPAA), which contains provisions for the protection of data stored electronically.

By not integrating proper security and authentication controls, the realization of electronic health records faces an uphill battle. As a Feb 16, 2009 Washington Post article reported, these challenges are real:

“Roadblocks include concerns over lack of universal protocols for collecting data as well as rules that establish how, with whom and under what circumstances the data can be shared. Many health-care providers — physician practices, testing facilities, hospitals and clinics — fear liability if private information gets into the wrong hands.

And the risk of tampering is real in healthcare as well. In the summer of 2008, when Esmin Green, a 49-year-old woman died in a Brooklyn psychiatric hospital’s waiting room, the video of her collapsing and lying on the floor for more than an hour until hospital staff responded, made front page headlines.

Among the many allegations leveled at the hospital and its staff after her death was one concerning the authenticity of the electronic records relating to Green’s care. The New York Civil Liberties Union states that hospital staff falsified Green’s records in an attempt to cover up the amount of time she was without assistance.

“Contrary to what was recorded from four different angles by the hospital’s video cameras, the patient’s medical records say that at 6 a.m., she got up and went to the bathroom, and at 6:20 a.m. she was ’sitting quietly in waiting room’ — more than 10 minutes since she last moved and 48 minutes after she fell to the floor.”

Considering the severity of the allegations and outrage over Green’s death and mistreatment, it is not difficult to comprehend the employee’s motivation for falsifying the times on Green’s records. In his blog BizTechTalk, document management analyst Dan Keldsen asked an important question every healthcare organization should ask themselves as they make the shift to electronic records:

“Do YOUR systems support verifiable, tamper-proof audit trails? Are you synchronizing the date/timestamps of related systems, such as in this case, video surveillance?”

Keldsen goes out to ask his readers scary but important questions such as “can people back-date contracts in your organizations? Invoices? E-mail messages? If you need to roll-back your entire systems to a certain point in time to see exactly what offers were made to who and when, could you do it?”

Green’s case, of course, is a dramatic example of the importance of digital time-stamping, but it highlights the ease with which electronic health records can be tampered. The instances where motivated insiders have found a way to manipulate electronic records are too numerous to mention here, but the results often make the headlines and lead to litigation and regulatory investigations.

The message is clear. Organizations must take proactive steps to guarantee the integrity of electronic health records. Healthcare professionals need the ability to irrefutably prove – without question – that patient records have not been tampered (maliciously or accidentally) since their creation.

We’ve developed AbsoluteProof in such a way that it can be integrated seamlessly at any point in the healthcare organization’s business process (including data capture, generation, management and archive), and is compatible with any data source, regardless or format. This gives healthcare IT professionals the ability to reliably and independently prove the integrity of their electronic records and prove that an electronic record existed at a specific point in time and has not been altered since.

If you’re a healthcare provider, what are you doing to ensure the authenticity of your electronic records? If you’re an EMR solutions provider, what are you doing to provide healthcare providers with this critical capability?

This is part three of a four part podcast series.

Podcast Presenters: Michael Elliot of Atrium Research & Consulting and Timothy Carroll, Partner at Loeb & Loeb, LLP.

When it comes to enterprise-wide data-level security controls in an ELN environment, why are organizations putting in more robust controls when it comes to regulation by the Federal Drug Administration than in areas and units that are solely focused on drug discovery? What are the risks in this particular scenario?

Learn this and more on why implementing robust controls in certain silos of an organization’s infrastructure may prove to be more of a hindrance than a benefit.

What about organizations that are proactive versus reactive in electronic content management?

What are the pros and cons of each strategy and which one will come out on top?

1. Risk of Enterprise-wide Disparate Data-level Security Controls: How Much is Good Enough?
   In this podcast, Elliot and Carroll talk through the motives of why organizations choose to use disparate data-level security controls. Just how much (security measures) is good enough?
   Register to download podcast segment. (6 MB)
2. Safeguarding eData Against Tampering, Theft & Misappropriation
   Find out from Elliot and Carroll how disparate record keeping programs and an organization’s lack of safeguarding its electronic records is grounds for data theft or intellectual property misappropriation.
   Register to download podcast segment. (4 MB)
3. Proactive vs. Reactive Electronic Content Management
   Proactive versus reactive security management of your electronic information, which strategy is best for electronic content management? Are there benefits to each? Where does your organization reside on the scale?
   Register to download podcast segment. (3 MB)

(Photo Credit: Leonid Mamchenkov)