Automation Isn’t Always the Answer, Warner Bros. Will Tell You

Image result for copyright lawsuit

It was recently reported that Warner Brothers film studio filed a request with Google to have its own material removed from the search index.  Warner claimed that the material–kept on its own web sites–was in violation of copyright law.  Of course, Google complied with the request and removed the material–links to films like The Matrix and The Dark Knight.

Naturally, this didn’t go unnoticed. The BBC reported the gaffe and charged an anti-piracy consulting company called Vobile with making a mistake by reporting the legitimate Warner content as pirated.

Turns out, this isn’t the first time it’s happened. In fact, the culprit in most of these mistaken identity cases is automation. Companies like Vobile use automated algorithms to spot smoking guns online–except, in these cases, their algorithms weren’t as keen as they would’ve been if aided by the judgment of a human review.  This lesson is something being learned in the self-driving car business, too.

Best Technology also uses automated systems to monitor and maintain our clients’ computer systems and networks–however we pride ourselves on a rigorous commitment to manual, human-conducted maintenance. The reason for that commitment is underscored in the Warner Brothers copyright story.

Computers and software can be used to speed up content analysis, and even to speed up decision-making. But ultimately, the holistic, organic, situational judgment of our team of people is what sets us apart from other managed I.T. services companies. Best Technology combines the process of escalation with team-based troubleshooting and good judgment guided by best practices.

Yes, we use automated tools in our own private cloud, but we also practice critical thinking and perform serious analysis on our clients’ behalf.  One such example of this is our Managed Security Controls program, which offers security auditing as a managed service. Could we offer this using only automation? Yes, but the real value is in the brainpower provided by our consulting team.

What Non-medical Businesses can Learn from HIPAA

By Ted Wallingford, CEO, Best Technology

Ted Wallingford, CEO

Ted Wallingford, CEO

Most of us are familiar with the HIPAA security rule–a law governing how businesses are able to use, share, and divulge data about medical patients–because we’ve been a consumer of medical services at one point or another. So we’ve all signed that “HIPAA Compliance Statement” before seeing a doctor when we have the sniffles.

But HIPAA is more than a simple disclosure that requires a signature. In fact, HIPAA is a set of best practices that you should be paying attention to–and implementing–even if you aren’t in the medical field.

Why? Because this set of best practices is really just a fantastic way to protect all sorts of consumer data, from credit card numbers to legal correspondence to credit information.  While the data protection requirements of the law pertain specifically to medical information of a personally identifiable nature–that is, info about a specific person–those same protection requirements can be applied to sensitive non-medical data, too.

Let’s examine how HIPAA mandates can be applied in both medical and non-medical environments to reduce risk, increase compliance, and protect your organization.

To start things out, let’s talk about the dual nature of HIPAA.  The acronym actually stands for Healthcare Information Portability and Accountability Act. The two main concerns of the law are Portability and Accountability.  The Portability portion, spearheaded by Congress as far back as the sixties, is designed to ensure that  physicians and medical staffers can access patient records during the course of care, and transmit them to other physicians and staffers as needed.  This would yield higher quality care.

But, with portability comes a security risk. Electronic data systems of the 1960′s were relatively primitive (hospitals were using carbon forms and didn’t have computers yet), so the risk was one that could be contained primarily with lock and key. After all, just about every medical record then was stored on paper, in a file cabinet somewhere.  That all changed when computers and high-speed networks became standard in healthcare during the 70′s and early 80′s.  The emergence of electronic patient data magnified the risk associated with portability.

In the old days, a courier or postman could transport a patient chart in a sealed envelope, and the security of that transportation was backed by either a private contract or an assumption of best practices (ie. mailmen never open the mail they transport). But now, with electronic data transfer disrupting the industry, a new set of best practices had to be defined, to make sure that the portability of patient data didn’t occur at the expense of its privacy.

The answer was Congress’s HIPAA Security Rule–one of the most sweeping best practice documents in history, and an excellent guide for how to protect ANY kind of data by using daily, habitual practices.  The Security Rule requires, among other things, that encryption to be employed whenever personal medical information is stored or transmitted.  The idea here is that, even if the data were to fall into the wrong hands while being transported or stored, it would be unreadable.

This is also a best practice for the rest of us, even outside the field of broken legs and whooping cough, because we need our business data to be both portable and secure.  HIPAA provides an awesome model for ensuring both.

Other industries are governed by other regulations, including Gramm-Leech, Sarbanes-Oxley, and PCI-DSS. But all have been shaped by HIPAA.  The Cloud factors into HIPAA compliance, and you might be surprised to learn the truth about the security of cloud services. In a future post, we’ll talk about that.

Ted Wallingford is the founder of Best Technology and the author of two O’Reilly Media books about Data and Voice Networking. He can be reached at ted@btstrategy.com.

Continue Reading>> What Non-Medical Businesses can Learn from HIPAA, Part 2