NIST refines Cybersecurity Framework 

The latest version of the NIST Cybersecurity Framework addresses supply chain cybersecurity and offers a more comprehensive treatment of identity management.

As a first line of defense, the National Institute of Standards and Technology’s Cybersecurity Framework helps federal, state and local governments — as well as organizations across all industry sectors — manage cybersecurity-related risk.

Version 1.1 is an update to the original released in February 2014 and is meant to serve as a living document where changes can be made as cyber environments and risks shift.

The two versions are fully compatible. The additions, including new categories and subcategories, do not invalidate uses or work products in the first version of the Framework. “We didn’t want to change the framework substantially so the two frameworks could work with each other,” NIST Cybersecurity Framework Program Manager Matt Barrett said during an April 27 webinar on the Framework update.

The changes to the framework are based on feedback collected through public calls for comments, questions received by team members and workshops held in 2016 and 2017.

Changes include adding a new category for managing supply chain risk, that includes an assessment process for commercial off-the-shelf IT products and services.

Eight subcategories were added, and language was refined in several places, such as clarifying what “compliance” means for various stakeholders. A new section on self-assessment for cybersecurity risk was added, and the access control category has also been changed to better account for authentication, authorization and identity proofing.

In addition, information has been added to implementation tiers and profiles to reflect considerations within an organization’s risk management program. Another subcategory has also been added to address coordinated vulnerability disclosure.

NIST refines Cybersecurity Framework Read Version 1.1 of the Framework click here.


Source: NIST refines Cybersecurity Framework — GCN

EHR Interoperability Issues Plague 36% of Medical Record Admins

A recent Black Book survey found that 85 percent of physicians depend on their core health system to enable EHR interoperability.

EHR Interoperability Issues Plague 36% of Medical Record Admins

Physicians who are not on the same EHR platform report having EHR interoperability issues and that they cannot use patient data from external sources.

ehr interoperability physician ehr use


 – There has been small improvement in medical record administrators being able to exchange patient health records with other providers, with 36 percent stating they have EHR interoperability issues with that task, according to recent Black Book research.

Forty-one percent of medical record administrators reported the same data exchange issues in 2016.

The majority of network physicians – 85 percent – said they depend on their core EHR health system to enable interoperability, Black Book found. This helps providers as they work to improve initiatives in population health, precision medicine and value-based payment models.

For the report, Black Book interviewed just over 3,000 crowdsourced, current hospital EHR users.

“In 2018, 57 percent of hospital network physician practices operating on assorted EHRs report they continue to lack the financial and technical expertise to adopt complex interoperability which are compulsory to attain higher reimbursements built into value-based care initiatives by both public and private payers,” Black Book Research Managing Partner Doug Brown said in a statement.

Approximately one-quarter of surveyed physicians said they still cannot utilize a lot of meaningful patient information received electronically from external sources as currently shared outside siloed EHRs.

For Q1 2018, 62 percent of hospitals are not using information outside of their own EHR because external provider data is not available in their EHR systems’ workflow. One-third of respondents also said that the data that they can view cannot be trusted because of the disparate systems between providers.

Just over one-quarter – 27 percent – of medical record administrators said transferred patient data was not presented in a useful format. In 2017, 22 percent reported the same issue.

Another Black Book survey indicated that EHR technology and the way providers use that technology can impact numerous healthcare stakeholders.

Seventy-eight percent of hospitals said they have not prioritized or budgeted more meaningful improvements in patient engagement, interoperability or patient communications for 2018.

However, 92 percent of younger healthcare consumers were dissatisfied with their inpatient provider experience where complete medical records were not offered. Eighty-five percent of younger healthcare consumers reported dissatisfaction when telehealth options were not offered.

Healthcare consumers under the age of 40 were also more likely to desire reliable technological options at their provider, the report found. Eighty-nine percent of those respondents said they are unsatisfied with an organization’s technology capabilities, while 84 percent said they are looking for the most technologically advanced and electronically communicative provider.

“Healthcare consumers more frequently interact through electronic media in 2018, and while they value contact with their providers, they don’t have the patience for lacks in hospital interoperability, incorrect billing and access to scheduling and results,” Brown explained.

The majority of consumers – 80 percent – were also more likely to blame the hospital system itself instead of the EHR systems or financial technology for a lack of patient record portability and access.

Black Book also found that 69 percent of healthcare consumers cited business office and insurance processes as the most important moment when overall satisfaction of a hospital organization is concluded. This was for cases when patient care met patient expectations.

“Part of this is probably due in part to patient expectations that have been set beyond most hospital’s technological capabilities for interoperability with both other providers and payors,” Brown stated.

He added that healthcare IT systems’ revenue cycle management channels had the lowest positive experience.

Earlier this year, KLAS research found that Epic and athenahealth were found to be the most successful EHR platforms for removing EHR interoperability issues.

Respondents said Epic and athenahealth offer equally efficient health data exchange, but Epic EHRs were much easier to use than athenahealth EHRs once retrieved.

Both Epic and athenahealth let users share EHRs without investing as much effort, the report showed. Epic clients have to put forth the least amount of effort, as it has a quick verification process and users can take advantage of Care Everywhere, eHealth Exchange, and Carequality.

In comparison, eClinicalWorks, GE Healthcare, Greenway Health, MEDITECH, NextGen Healthcare, and Allscripts reportedly provided interoperability experiences that require “heavy lift, custom connections to external EMRs and HIEs.”

“Traditionally, patient-record sharing has been accomplished with expensive, custom-made point-to-point connections between healthcare organizations as well as local and regional HIE networks,” report authors explained.

“Fortunately, additional options are taking shape where EMR vendors build ‘plug-and-play’ connectivity into their EMR products, enabling quick, easy, and inexpensive connections between providers across national networks.”

Source: EHR Interoperability Issues Plague 36% of Medical Record Admins

Cloud-based office solutions under increasing attack – Beazley Breach Insights

Beazley breach insights – April 2018 Cloud based office solutions under increasing attack

Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365, the popular cloud-based solution for Office applications and other Microsoft productivity services. These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.

In BBR Services’ experience, these incidents are usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey. After clicking on the link, the employee is redirected to a legitimate-looking website and asked for email credentials. The hacker then harvests those credentials and logs into the mailbox undetected.

In general, email compromises are on the rise because they are relatively easy to carry out and threat actors are able to use the email accounts for a variety of purposes. Once in the mailbox, the attacker may run searches to steal personally identifiable information. The attacker may also steal bank information to send emails requesting fraudulent wire transfers. Additionally, attackers frequently search the inbox to determine what HR and benefits self-service portal the employer uses, and then requests a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts. Finally, the attacker often sends spam emails to all of the user’s contacts in an attempt to get others to give up their credentials as well.

Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”

A large majority of breaches that the BBR Services team has worked on have involved Office 365. The default settings on Office 365 do not typically include the logging necessary to rule out a compromise of all emails in an inbox. Fortunately, BBR Services has identified several forensic partners that have created a tool to gain access to additional logs through Microsoft. With this additional insight, the number of affected individuals often drops, along with forensic and notification costs. Organizations can protect themselves against these attacks by doing the following:

  • Require two-factor authentication for access to Office 365.
  • Microsoft provides a tool called Secure Score that can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
  • Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
  • Alert employees who have access to accounts payable systems or wire transfer payments about these types of scams.
  • Train all employees to beware of phishing attempts.
  • If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
  • Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Higher Education Incidents, Q4 2017

The top two causes of data breaches reported to BBR Services in Q1 2018 were hack or malware (42%) and accidental disclosure (20%), consistent with incidents reported in Q4 2017. Social engineering and disclosure by insiders were the next highest cause of incident, each at 9%.

Higher Education Incidents, Q1 2018

Hacking and malware incidents were up from Q4 2017 to 47% of the total number of incidents for higher education establishments. Also compared to Q4 2017, accidental disclosure recorded a 5 percentage point drop to 20% while social engineering plateaued at 9%.

Financial Services Incidents, Q1 2018

Over half (55%) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53% recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20%) in Q4 2017, almost halved to 12% of the total in the quarter.

Healthcare Incidents, Q1 2018

Accidental disclosure (29%) and hacking or malware (29%) endured as the most frequent causes of data breach in the healthcare sector in Q1 2018, at a combined 58% of the total. A slight reduction in the number of breaches caused by insiders from 19% in Q4 2017 to 15% in Q1 2018 is to be welcomed.

Professional Services Incidents, Q1 2018

There were two striking features of data breaches reported by professional services firms to BBR Services between Q4 2017 and Q1 2018: the number of breaches due to the loss of portable devices and due to accidental disclosure both doubled, while the number of social engineering incidents almost halved.


Source: Beazley breach insights – April 2018

Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

Digitizing core systems and processes may not get the same attention—or levels of investment—as customer-focused transformation. However, smart CIOs are leading the charge to re-engineer how back-office work gets done, harnessing emerging technologies and building the foundation for a more dynamic enterprise ecosystem

It’s no surprise that the first wave of digital transformation focused on the most visible customer-facing functions, but IT leaders are now turning their attention to reinventing heart-of-the-business operations.

For many in the business and tech worlds, the word digital conjures thoughts of the marketing, sales, and customer experience initiatives that have dominated business mindshare—and investments—to date. It only makes sense given the imperative for organizations to improve engagement with their key constituents, be they customers, patients, citizens, or business partners.

However, savvy CIOs quickly realized that any effort to transform their customer-facing systems and processes would be limited without equally effective and integrated back-office operations. That digital interconnectedness is required to make key data and intelligence residing in the core—related to pricing, product availability, logistics, quality, financials, and more—available to customercentric operations.

Tying together enterprise functions and the core is a start, but it only scratches the surface of the digital transformation opportunity. Over the next 18 to 24 months, CIOs, CFOs, and supply chain leaders will begin developing new digital capabilities in their core systems—and not simply new point solutions or shiny digital add-ons. They will begin constructing a new core in which automation, analytics, real-time analysis and reporting, and interconnections are baked into systems and processes, fundamentally changing how work gets done.

More Meaningful Change

Efforts to digitize core business processes are hardly new. Over the last two decades, companies have invested in ERP implementations, large-scale custom systems, and business process outsourcing to transform their core operations. Some of these investments delivered tangible benefits, such as standardized workflows and automated tasks. Others created unintended side effects, such as subpar user experiences, rigid operating procedures, or even stagnation because needed changes were too costly or difficult to implement.¹

This time, it’s different. In the coming months, CXOs will target core business areas such as finance and supply networks for meaningful change. Rather than focusing on discrete tasks or individual tools, they will broadly explore digital technologies capable of supporting global ecosystems, platform economies, complex operational networks, and new modern workplaces.

Individual emerging technologies will still have a role to play as essential enablers. Blockchain’s distributed ledger, for example, has promising implications for trade finance, supply chain validation processes, and other areas. Yet blockchain alone is only one component in a more dynamic, interconnected core stack. As companies begin their core transformations, it will be critical to understand how individual innovations can work in concert with existing capabilities to drive business value.

The Future of Digital Finance

New core principles can be applied to all heart-of-the-business functions and processes. However, focusing on a couple of areas with long histories of technology-enabled transformation, such as the finance function, can help to illustrate the changes ahead.

For finance organizations, the digital revolution presents both significant opportunities and nagging challenges. Exploding volumes of structured and unstructured data contain insights that could transform business and operating models. By harnessing digital technologies and enhancing existing analytics capabilities, finance could become the enterprise’s go-to source for strategic advice. At present, however, many finance organizations struggle with the data they have, lacking the technologies and skill sets to capitalize on this opportunity.²

Nonetheless, forward-thinking CFOs and CIOs are charting a course toward a digital future built on interconnected and automated systems, unified data sets, and real-time analysis and reporting. Though the specifics of the digital finance organizations will vary by company, they will share the following characteristics³:

Agile and efficient. New product integration and upgrades are faster and more effective thanks to the utilization of public, private, or hybrid clouds.

Increasingly automated and intelligent. Robotic process automation (RPA) enables increased efficiencies and lowers operating costs. Cognitive computing capabilities simulate human intelligence, grinding through mountains of data to automate insights and reporting in real time.

More detailed and accessible insight. Predictive algorithms and visualization technologies enable more seamless oversight, planning, and decision-making by planners and analysts. Advanced analytics illuminates connections and trends buried within data for more detailed, accurate, and efficient reporting.

Built for big data. Next-generation technical architectures can handle massive data sets without sacrificing availability, timeliness, or the quality of books and records.

Dynamic Digital Supply Networks

The digital revolution is driving profound change in every core function, but perhaps none more so than the supply chain. The traditional supply chain was built to support a linear progression of planning, sourcing, manufacturing, and delivering goods. Supply chain systems enabled large numbers of transactions for each of these functions and their dependencies.

With the rapid digitization of the enterprise, this model is giving way to a more fluid system in which data flows through and around the nodes of the supply chain—dynamically and in real time. This interconnected ecosystem economy calls for more efficient and predictive digital supply networks (DSNs) with the following characteristics:4

Always-on agility and transparency. Integrating traditional data sets with data from sensors and location technologies provides visibility into all aspects of the network. DSNs can dynamically track material flows, synchronize schedules, balance supply with demand, drive efficiencies, and rapidly respond to changing conditions or disruptions.

Connected community. Multiple stakeholders—suppliers, partners, customers—can communicate and share data directly.

Intelligent optimization. By connecting humans, machines, and analytics, DSNs create a closed loop of learning, which supports on-the-spot human-machine decision-making and solving challenges such as commodity volatility, demand forecasting, and supplier-specific issues.

Holistic decision-making. More transparent supply chain processes result in improved visibility, performance optimization, goal setting, and fact-based decision-making.

Where to Begin

Creating a new core is neither a marathon nor a sprint—rather, it’s a series of sprints toward a long-term goal. As you begin exploring digital possibilities, the following steps can help you get off to a good start.

Study the masters. If you haven’t already, create a small cross-functional team to help you understand digital transformation possibilities. Chances are, peers in other parts of the company are already leading digital initiatives. Talk to your colleagues and learn from their successes—and their failures.

Map the journey. Make a transformation plan for your function, focusing first on applications that have proven clear winners in other organizations. This can serve as a master blueprint, but remember to execute it one step at a time. Things are changing fast in the digital world.

Be realistic. Before committing to bold visions of digital grandeur, consider the hardest part of the equation: Where do your people, organizational structure, processes, and technology fit in this brave new world? Many established assets can serve as building blocks for the new core, but make sure any modernization needs are well understood before provisioning budget and locking down milestones.

Start cleaning data. Data is the lifeblood of the digital core—and a potential source of trouble in any new core initiative. The data needed for use cases may be siloed and rife with misspellings, duplicate records, and inaccuracies. Consider creating a cognitive data steward to automate the tedious process of resolving data issues.


Many boardrooms may lack the appetite to fund expansive—and expensive—transformations, particularly when the focus is back-office operations. Nonetheless, as digital’s disruptive march across the enterprise continues, digitizing the core presents a host of potentially valuable opportunities to redefine heart-of-the-business work and establish a better foundation for customer-facing innovation and growth.

—by Bill Briggs, chief technology officer, Deloitte Consulting LLP; Steven Ehrenhalt, principal, Deloitte & Touche LLP; Doug Gish, leader, Deloitte Consulting LLP; Adam Mussomeli, principal, Deloitte Consulting LLP; Anton Sher, principal, Deloitte Consulting LLP; Vivek Katyal, principal, Deloitte Advisory; and Arun Perinkolam, principal, Deloitte & Touche LLP

Source: Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

The rise of the exponential professional – Deloitte

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future. Posted by …

The rise of the exponential professional

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future.

Posted by Darryl Wagner and Caroline Bennet on March 1, 2018.

AI. Automation. Machine Learning. Natural Language Processing & Generation. New technology is rapidly disrupting and transforming the nature of work and the identity of professions by enabling humans and machines to work together, side by side. A new breed of professional is rising to navigate this shifting landscape by embracing technology, leaving behind traditional tasks, and applying a uniquely human skill set to focus on higher-value, strategic roles. Enter the exponential professional.

The professional of today might assume that automation only affects nonprofessional workforce segments. Certified professionals such as lawyers, doctors, actuaries, and accountants may feel especially immune to these effects. However, exponential technologies are ushering in sweeping changes for professionals across all levels and industries.

For example:

  • Cognitive computing – Machines will analyze data sets, identify and apply new algorithms to process data, make decisions, and flag exceptions.
  • Process automation – Push a button and maintaining process will become a thing of the past
  • Image processing – Assessing hazards and risks such as determining if properties are made of stone or glass
  • Natural Language Generation – machines writing intelligent memos and communicating findings
  • Virtual reality can give professionals a better understanding of their colleague’s jobs. A call center representative could virtually follow people or processes, transforming their scripts into experience

Getting beyond fear
Professionals’ first reaction to realizing that technology can replace human tasks in their workplace may be fear—the fear of job insecurity coupled with anxiety over their place in the workforce. A look back at a major revolution of the past, the computer revolution, may help alleviate such concerns. During the computer revolution, bank usage of ATM’s exploded. However, instead of reducing the headcount of employed bank tellers, banks used the new technology to open more branches, which led to more jobs. From 1970 to 2010, the number of bank tellers in the United States increased from just under 300,000 to around 600,000.1 This widespread rollout also enabled tellers to take on more complex customer requests, such as new product inquiries.

While technology reduces the need for certain roles, it is often a catalyst for growth in other areas. Upon reviewing UK census data, Deloitte UK discovered that technological advances between 1992 and 2014 caused decreased agriculture and manufacturing employment that were offset by rapid growth in the health care, creative, technology, and business services sectors. The net change was a 23 percent increase in jobs.2 Additionally, there are countless other examples of jobs created in the last decade that are a direct product of technology revolution: mobile app developer, rideshare driver, social/digital media marketer, social media manager, data scientist, chief sustainability officer, drone operator, blogger. While each of these is new and different, each has roots in “old world” jobs with transferable skills: software developer, taxi driver, print marketer, publicist, actuary, environmental activist, pilot, freelance writer. Research suggests this pace of change is set to accelerate with nearly 65 percent of children entering primary school today predicted to end up working in completely new job types that do not yet exist.3 As such, the professional of today should recognize that just like the introduction of computers, the introduction of exponential technologies expands the frontier of opportunities for the business professional.

Just as robots changed the look and feel of a factory, new technologies and the digital revolution will impact the future of the workplace for many professions. For example, augmented and virtual reality will upend learning in the workplace by enabling learners to experience near real-world scenarios in the safety and methodical manner of a simulation.4 This is already being applied in the training of mining personnel where virtual environments can be used to build experience without the need to navigate hazardous environments.5

Similarly, finance professionals can harness cognitive data analytics technologies to automatically prepare and cleanse data, evaluate or identify drivers of results, and document findings. This will enable these professionals to focus their attention on higher cognitive activities.6 By replacing manual processes with machines, talented business professionals can focus on processing exceptions, interpreting and communicating results, and driving forward-looking strategic actions. Integrating machines with people and process can improve the quality of basic data processing, but can also significantly shift the strategic output capacity of any process by focusing talent on more strategic objectives.

A changing workforce
Technological advances are combining with generational changes that will disrupt how companies source talent—and even the very definition of an employee. Traditionally, companies have employed legions of full time, “on balance sheet” staff with set benefits and salaries. However, many companies have turned to alternative talent sources, such as crowdsourcing, to solve problems and create new ideas. A recent study by Harvard and Princeton economists showed that 94 percent of net job growth from 2005 to 2015 was in “alternative work,” or independent contractors and freelancers.7 As technology advances, more and more professionals are expected to join the gig economy, where they may negotiate short-term contracts, work for multiple employers, and diversify their project portfolio. The move to the gig economy is only partially driven by technology. The cofactor to technology is a Millennial mind-set shift toward the workplace. Millennials value work-life balance, flexible hours, ability to work from home, sense of meaning, and a variety of experiences.8 These values are often likely to be satisfied in an alternative work arrangement.

Anticipated implications
So, what are the anticipated implications for the professional of today? First, many tasks traditionally performed by humans will be performed automatically. This means that professionals can adjust their focus toward augmenting process with tasks that require uniquely human skill. Second, alternative work arrangements will bring about changes to companies’ organizational structures, operating model, and how professionals interact with their employers. Third, industry views on professionalism will need to evolve.9 Standards for how professionals leverage, trust, rely on, and interact with automated processes will need to be defined. This includes adapting employee training, which traditionally focused on creating technically sound individuals, and rethinking professional standards.

Let’s look at an exponential professional in action: an exponential actuary…

  • Uses Natural Language Processing to autogenerate reports before breakfast
  • Helps save hundreds of hours a year by relying on bots to automatically generate and QA data and perform analysis
  • Focuses efforts on high-value activities such as designing analysis and interpreting results


Exponential technologies are beginning to transform the workplace by efficiently and economically automating many human tasks and facilitating alternative work arrangements. These changes enable the rise of a new adaptive, innovative, and strategic professional—the exponential professional—assisted by and working with technology to create unprecedented value.

Next up: In the second post in this three-part series, we’ll discuss the expectations and responsibilities of the exponential professional.

Darryl Wagner is a principal in Deloitte Consulting LLP and the Global Actuarial, Rewards & Analytics Leader and US ARA Insurance Services Leader.

Caroline Bennet is the National Leader of Deloitte Actuaries & Consultants, the Insurance Leader for Deloitte Australia, and Leader of FSI Consulting, and is a member of the Global Deloitte Actuarial, Rewards and Analytics Executive Team.

Contributors: James Dunseth, Trent Segers, Wes Budrose, Nate Pohle, Ajay Parshotam, Mehul Dave, and Corey Carriker







7 From Deloitte Review, Issue 21. Navigating the Future of Work [Page 36]




Source: The rise of the exponential professional – HR Times – The HR Blog

CrowdCrypto Newsletter – Issue #12

Another great summary of Crypto news from Robin Sosnow (@RobinSosnowEsq). 

🇺🇸 USA Regulatory Spotlight: 

Cryptocurrency Spotlight:

Global Spotlight:

Events Spotlight: 

Equity Crowdfunding Spotlight:

Source: CrowdCrypto Newsletter – Issue #12

Mastering Data Sovereignty – CIO Journal

Amid ongoing concerns over data privacy, ownership, and governance, technology leaders are playing a critical role in making data broadly available throughout the enterprise, while also ensuring compliance with an array of differing data regulations around the globe.

CIOs can take advantage of a holistic data management approach and new cognitive capabilities to increase data accessibility and control.

As data grows in complexity and importance, IT leaders are entering a new era of data management. There is increasing demand to make data freely accessible, understandable, and actionable across business units, departments, and geographies to enable digital transformation efforts. At the same time, many global companies are under pressure to comply with varying country-specific rules about what data may be shared within or beyond geographic borders.

The good news is that CIOs can take advantage of new data management techniques and tools to strike the right balance between accessibility and control. Now is an opportune time for IT leaders, working in partnership with their business peers, to develop an “enterprise data sovereignty” road map to facilitate understanding of data relationships, guide data storage, and manage data rights. And by employing new cognitive capabilities, they can automate aspects of data management, redesign data architecture, and elevate data stewardship.

A holistic approach to data architecture and management can help improve the performance of this business-critical asset, helping to foster innovation and growth. It can also serve as a platform for helping organizations comply with existing and expected national data sovereignty rules around the world.

Data Wants to Be Free

There is no question that the ability to strategically manage ever-growing stores of data will be a competitive advantage in the digital age. In many companies, data collection, access, and management remain siloed by department, business unit, or geography. However, as companies seek to digitally transform, data must be more freely accessible throughout organizations for companies to realize their full potential.

Historically, few companies have been able to master data management—even when much of that data was structured and stored in tables or basic systems. As data has grown in volume and variety, those challenges have multiplied. With many organizations doubling their data every two years, short-term strategies for data computing and storage can quickly become obsolete. New data management architectures and strategies are likely needed to accommodate the big data explosion.

That’s where enterprise data sovereignty comes in: It’s a way for IT and business leaders to develop a holistic data management strategy for the organization, with the goal of making data available, consistent, and controlled throughout the company. CIOs who take this approach know where data is stored; who has access to it; and how or whether it moves beyond business unit, geographic, or company boundaries.

Over the next 18 to 24 months, more companies will likely begin modernizing their data management in this way, working to increase data discipline and availability. Viewing data through the lens of enterprise data sovereignty can help companies solve challenges related to architecture, global regulatory compliance, and data ownership.

Whose Data Is It Anyway?

One of the first issues IT and business leaders confront in developing an enterprise data sovereignty plan is data ownership. In the past, IT owned the systems and, therefore, the data. That’s not necessarily the case anymore.

Going forward, the question of data ownership will be answered differently in different companies. There will be no one-size-fits-all approach. Many organizations will employ a data steward focused primarily on data quality and uniformity. Some organizations are hiring chief data officers, but their focus is less on managing data than on illuminating and curating the insights the data yields. In many companies, there may be no de facto owner at all. In any case, the most important decisions may concern not who owns the data, but rather what principles govern data management and access and how those rules are operationalized.

Organizations that are beginning to master enterprise data sovereignty share some common success factors. First, they bring together key stakeholders to determine goals for data quality, uniformity, collection, storage, and aggregation. They also have a data management function, owned and led by the business, that enforces decisions about management, governance, and consumption. This hybrid approach—having some level of centralization to enforce decisions made by a cross-functional stakeholder group—is typically the most effective way to operationalize enterprise data sovereignty.

Data Architectures for the Future

Creating a modern data architecture is challenging for most organizations. Even for those with a track record of success, traditional master data management, data quality, and data governance processes may fail to keep pace with data flowing in from new places in different formats.

IT leaders who want to build a platform for enterprise data sovereignty consider not only how and where data is stored, but also the sourcing and provisioning of authoritative data, metadata management, master data management, information access and delivery, data security, and data-archiving capabilities.

Thankfully, today’s IT leaders can take advantage of advanced components to build their data management architectures. The following new cognitive capabilities can help organizations better manage data across its life cycle—from consumption to analysis:

  • Ingestion and signal-processing hubs can make sense of structured and unstructured data from public, social, private, and device sources.
  • Cognitive data stewards can help users understand new compliance requirements and augment human data stewards.
  • Data integrity and compliance engines work to enhance data quality and fill data gaps to help ensure data quality and integrity.
  • Dynamic data fabrics understand the interconnectivity of data and can maintain metadata and linkages as data moves through different systems.
  • Enterprise intelligent layers employ machine learning to illuminate deep data insights and help increase confidence in real-time analytics.

Maintaining Global Compliance

National data sovereignty rules, such as the much-anticipated General Data Protection Regulation in the European Union, are also an issue. While the cost of compliance with various regulatory requirements will be substantial, the price of noncompliance is likely to be even higher.

Taking an enterprise data sovereignty approach can help companies deal with the thorny issue of maintaining compliance with regulatory and privacy requirements that differ dramatically by nation. CIOs can also deploy technology solutions for global regulatory compliance. A sophisticated rules engine deployed directly into cloud servers can apply myriad rules to data dynamically to determine which stakeholders in specific jurisdictions are allowed access to what data. IT leaders can also segregate data into logical cloud instances by legal jurisdiction and deploy controls to limit cloud access to those data stores to users in each locale.

At a business level, it can also be valuable to shift the focus from managing and sharing data to managing and sharing insights. Insights, after all, can be transferred freely throughout a global organization even when data cannot.

Where to Begin

The Holy Grail for IT leaders is an enterprise data sovereignty strategy that can handle growing volumes of data in an agile, efficient, and controlled manner. The distance between today’s data management reality and that end state can seem daunting, but there are some actions IT leaders can take to move in the right direction:

  • Pay down data debt. Smart IT leaders can confront the extent of their existing data sprawl in order to understand the magnitude of the issues to be addressed.
  • Begin at the beginning. Many of a company’s data problems can be traced upstream to the information supply chain, where CIOs can focus their efforts to link, merge, route, and cleanse data.
  • Use metadata—and lots of it. Adding metadata to raw data at the point of ingestion is among the best ways to enhance data context.
  • Employ a cognitive data steward. Leveraging advanced AI technologies to assist human data stewards can free data professionals to focus on the bigger data sovereignty picture.


The enterprise data landscape is only becoming more complex, with new and increasingly unstructured data coming online every day and a dynamic global regulatory environment. That’s why forward-looking IT leaders are beginning their data modernizations efforts today.

—by Bill Briggs, principal and chief technology officer; Juan Tello, principal; and Ashish Verma, managing director, Deloitte Consulting LLP


Source: Mastering Data Sovereignty – CIO Journal – WSJ

Flex Expands Digital Health Capabilities, Launches BrightInsight Connected Health Solution on Google Cloud Platform

Advanced medical-grade managed services solution analyzes connected medical device data and therapies, delivering real-time insights within a regulatory-compliant environment

SAN JOSE, Calif., March 1, 2018 /PRNewswire/ — Flex (FLEX), the Sketch-to-Scale™ solutions provider that designs and builds intelligent products for a connected world, has expanded its service offerings for the healthcare industry with a new digital health offering. BrightInsight is a secure, managed services solution built on Google Cloud Platform that can aggregate data and deliver real-time insights to optimize the value of connected drug, device or combination products. The company made the announcement ahead of the annual Healthcare Information and Management Systems Society (HIMSS) conference, taking place March 5-9 in Las Vegas, Nevada.

The  McKinsey Global Institute estimates that applying big-data strategies to better inform healthcare-related decision making could generate up to $100 billion in value annually across the U.S. healthcare system. Medical devices today collect massive amounts of data, which creates enormous potential for a rapid feedback loop that can help improve patient care and enhance drug therapy delivery and management. In order to make an impact, the data needs to be aggregated from a myriad of apps and stand-alone devices, as well as analyzed to provide actionable insights. BrightInsight solves these challenges and helps patients and health care professionals, from physicians to medical device and pharmaceutical manufacturers, to better understand medical device usage and medication adherence, and streamline the product development and certification process.

“We saw the need for a secure cloud platform designed to support highly-regulated connected drug delivery and medical devices, going beyond simple connectivity to deliver real-time intelligence and actionable insights,” said Kal Patel, MD, senior vice president of Digital Health for Flex. “With our 20 years of experience operating in global regulated medical environments, and having deployed more than 75 regulated hardware and software medical products, Flex can combine our cross-industry capabilities to simplify our customers’ digital transformation.”

Flex is partnering with Google Cloud to deliver insights through customizable analytics dashboards fueled by Google Cloud’s advanced machine learning and artificial intelligence (AI) capabilities. Google Cloud Platform enables BrightInsight to securely store, analyze and gain insights from health information, without pharmaceutical and medical technology customers having to manage the underlying infrastructure. Advanced use cases for BrightInsight may include controlling connected devices, drug dosing, decision support, personalized patient interventions, trend analysis and AI-driven insights.

“Google Cloud is committed to leveraging our deep engineering expertise to accelerate innovation in digital healthcare,” said Gregory Moore, MD, PhD, vice president, Healthcare, Google Cloud. “With a partner like Flex, we will enable our customers to develop innovative solutions and leverage machine learning-based analytics that can turn new data sets from wearables, medical devices, therapies and apps into actionable information for patients and providers.”

BrightInsight is designed to support CE-marked and FDA-regulated Class I, II and III medical devices, combination products and Software as a Medical Device requirements, enabling automated interventions. Deployed as a managed service, the BrightInsight platform allows pharmaceutical and medical technology companies to accelerate their time to market, reduce the cost of implementation and maintenance across multiple products, and scale for global markets.

BrightInsight features foundational capabilities for rapid development and a modular platform architecture to support customization and worldwide implementation. It is built from the ground up to securely manage highly regulated medical device data and personal health information, and Flex has put the people, technology and processes in place to monitor security and threat prevention to meet global compliance standards.

BrightInsight eliminates regulatory bottlenecks that can lead to costly delays by offering turnkey regulatory design control and file management of master files with the FDA. This service enables pharmaceutical and medical technology companies to focus on their drug, device or combination product submissions without the burden of documenting the software platform.

Source: Flex Expands Digital Health Capabilities, Launches BrightInsight Connected Health Solution on Google Cloud Platform

Uber is driving patients to their doctors in a big grab for medical transit market – The Verge

Big money, and bigger pitfalls, await the ride-hailing giant

Uber announced the launch of a new digital tool meant to book rides for patients who need assistance getting to and from their appointments. A health care provider can book a ride for patients and caregivers immediately, within a few hours, or with 30 days’ notice. The company is positioning itself as a cheaper and more reliable option than most non-emergency medical transportation.

Uber Health is available in two versions: as an online dashboard and as an API for software developers to integrate ride-hailing capabilities into their own health care tools. The service doesn’t require an Uber account; notifications can arrive via SMS text message. The company plans to expand the service so that people with landlines will be able to get trip details that way — or via a mobile phone that isn’t a smartphone. Uber says the billing is simple and easy to manage. It’s also compliant with our most important medical privacy law. Today’s announcement includes over 100 health care providers all across the US.

The non-medical-emergency medical transportation market is worth more than $3 billion, according to the Transit Cooperative Research Program, a federally funded independent research entity. A lot of that money is for people who can’t drive — either because of age or poverty — and so Medicare and Medicaid providers foot the bill. Uber has clearly become interested in the industry. In 2016, Uber partnered with Boston-based company Circulation to provide rides for patients to more than 700 participating health facilities in 25 states. And last January, the company hired a veteran lobbyist in Washington, DC, to pursue the ride-hailing company’s agenda on policies related to health care and medical records privacy. It’s not the only ride-share company looking for a piece of this market: Lyft also teamed up with Circulation and with insurer CareMore Health Systems.

“If there are people who are missing their appointments because they’re using an unreliable bus service to get to and from their healthcare provider, this is a great solution for them,” Chris Weber, general manager of Uber Health, told The Verge. “The types of individuals this is valuable for really is limitless.”

An average of 3.6 million Americans miss their health care appointments every year because of unreliable transportation, according to JAMA Internal Medicine. Missed appointments can trigger a chain reaction of increased emergency room visits, extended hospital readmissions, and higher costs distributed across the industry. Experts estimate the impact of these missed appointments is $150 billion every year.

Uber Health is compliant with the US’s health care rules on data privacy, known as the Health Insurance Portability and Accountability Act, or HIPAA. “We built this service from the ground-up in a fully HIPAA-compliant technology stack,” Weber said. “It was architected from Day One. Everything we built from a technology perspective was built to fit within the constraints and best practices of HIPAA.”

And while being HIPAA-compliant is a good thing, it doesn’t necessarily get rid of all the risk. “Even if a platform is HIPAA-compliant, providers risk potential imposition of stiff penalties for data breaches, and business associate agreements should be implemented between providers and ridesharing companies,” legal consultants from Carlton Fields wrote in a 2016 note entitled “Offering Ridesharing Services to Patients: Uber Risky?”

Uber was hit by a cyberattack in 2016, exposing the personal information of 57 million riders and drivers. Later, the company was accused of trying to cover it up.

Uber also doesn’t have the best track record when it comes to wheelchair accessibility. The company was sued by disability advocates last year, accused of denying equal access to people who use wheelchairs and violating Title 3 of the Americans with Disabilities Act. Weber said, “It’s definitely something we’re focused on making a better, more reliable experience, but as of now this is really focused on reaching out to the existing driver network.”

Even as the ride-hailing company tightens its grip on all forms of transportation, don’t expect this to lead to Uber-branded ambulances in the near future. “Not on our road map,” Weber said.

Source: Uber is driving patients to their doctors in a big grab for medical transit market – The Verge

Nine Big Workplace Changes Enabled By Ubiquitous Voice-Powered Technology

How can Alexa help your bottom line?

Over the last several years, voice-activated technology has gained mass adoption in the consumer world. It’s not uncommon to hear people dictating notes, reminders and appointments to their smartphones, asking their car’s GPS for directions or controlling their home’s systems and ambiance through a console like the Amazon Echo or Google Home.

Smart speaker

The natural progression of this useful technology is for it to be integrated into the workplace. Although many employees already use voice controls for their daily work, it’s only a matter of time before enterprise software and hardware become equipped with voice activation. As we look toward the age of the ubiquitous smart office, members of Forbes Technology Council shared their thoughts on how companies will use voice to empower and improve their workforce.

1. The Rise Of The Smart Office

Voice activation is increasingly running the smart home and driving the future of IoT. These consumer innovations will be mimicked in commercial spaces, where resource needs are higher and more complex. Companies can conveniently optimize energy and comfort at the office with a quick command — just like individuals use personal assistant devices to adjust lighting and thermostats at home. – James McPhailZen Ecosystems

2. Better Reporting

Amazon is one of the first companies to make a serious attempt to get voice activation into the workplace with Alexa for Business. First adopters are using Alexa for meetings and to set up conference calls. I’m looking forward to being able to trigger custom workflows that integrate voice control with my calendar or task list and to get real-time voice reports for important business metrics. – Vik PatelNexcess

3. Supercharged Data Analysis 

Voice-activated tech, utilizing advanced AI like natural language processing (NLP), will eventually integrate with enterprise systems and leverage their wealth of data. With this foundation, these solutions will be able to instantly analyze records, create reports, and search intranets in addition to completing basic recording and automation duties. The search queries excite me most. – Adam Rogers,

Source: Nine Big Workplace Changes Enabled By Ubiquitous Voice-Powered Technology