Why Should HR Managers Know About VPNs

Data Safety Challenges Of A Company

If you are working as an HR manager in a small company, you are likely to occasionally assume a few other roles less related to your qualifications. In particular, as the person chosen to carry face-to-face interaction with employees prior to their job commencement, you might be in the position to convey certain important messages and practices important for the normal functioning of the company.

One such practice has to do with online privacy. In particular, if your company lacks a dedicated cybersecurity specialist, you might be required to inform the employees that they need to respect certain online safety procedures when accessing sensitive online content in order to avoid being exposed themselves and exposing the company.  The situations involved can range from accessing torrent platforms like the Pirate Bay, as described here, to typing sensitive personal details or business-related details using chat platforms.

screenshot

The employee should be instructed to maximally refrain from unsafe activities or to ensure maximum prudency in the process. The company would not be physically able to scrutinize the entire traffic of each employee at any given moment. Nevertheless, online activity leaves footprints all over the Internet that can survive years and decades and be accessed by those that have an interest in them.

There are a number of vulnerabilities to the regular use of Internet. First of all, the ISP provider can see the list of websites accessed by its subscribers as well as the content and they can also accidentally leak such information. In addition, companies are often the targets of hackers, given that these are more resourceful and generally operate with more sensitive data (starting with primary information about potential customers and ending with financial information). The recent wave of ransomware attacks is a perfect demonstration of this simple truth. Combined with irresponsible online behavior of employees, all the vulnerabilities listed can backfire monumentally.

screenshot vpn

How VPNs Can Ensure Safety

VPNs come with several benefits that help to address the challenges listed:

  • They create dedicated communication tunnels between the users and the Internet. All the traffic in these channels is encrypted, making it very hard for any third party (like the ISP or hackers) to intercept, decrypt, and make sense of the information;
  • VPNs hide the physical IP address of the users and assign them the IP address of the VPN server through which the data traffic is routed. This effectively conceals the online identity of the users;
  • Certain VPN providers do not keep logs of the activity of their users – if sensitive information is not stored, it cannot be stolen or hacked;
  • By routing the data traffic through dedicated servers with advanced security tools, any attack on your company, rather than hitting you in the first place, would likely hit these servers and be deflected.

Thus, deploying VPNs throughout the company can allow the employees to surf the web safely but also comes with additional larger-scale security benefits.

 

Understanding HIPAA and HITECH Violations

The HITECH Act stands for Health Information Technology for Economic and Clinical Health Act which is under ARRA or the American Recovery and Reinvestment Act of 2009. It was enacted to encourage the execution of EHR (electronic health records) and assist technology in America.

This act expected the step-up in ePHI (electronic protected health information) exchange between hospitals, doctors, and other healthcare entities that keep ePHI in order to reduce cost of healthcare through sharing. Hence, the HITECH Act dilated security and privacy scope under HIPAA through increased legal liability in terms of non-compliance.

Both HITECH and HIPAA regulations are designed to provide more rigorous enforcement of healthcare data security. Moreover, HITECH Act stated that healthcare providers should be compensated, starting in year 2011, if they can prove substantive use of EHR. The monetary incentive was given until 2015, which subsequently charged penalties for those who fail to prove such use.

Auditing Entities with Willful Neglect

HITECH compliance strictly enforces data protection of healthcare providers. Audits are performed on healthcare entities that willfully neglect duties in terms of ePHI data security. Mandatory penalties are given to any entity that has been reported with willful neglect.

Willful neglect is not being able to present Privacy and Security certification to the investigators. The documents must cover every aspect of the regulation or else, entities will charged with willful neglect. According to the HIPAA-HITECH Act, violation penalties amount to $250,000 while repeat violations can extend to $1.5 million.

Depending on conditions, criminal and civil penalties of HIPAA can extend to the entities’ business associates. As a matter of fact, the HIPAA rule states that if an entity is covered by the rule and shares information with other business associates, they must guarantee data protection.

This only goes to show that the Health and Human Services is sincere about mandating healthcare entities to comply with the regulations. HIPAA defined the guidelines to make sure covered organizations understand what type of information can be or cannot be shared without patient permission.

Patients should be notified when there’s unsecured breach. Notification requirements, however, were created based on government data breach regulations related to personally identifiable business information. Local media are also encouraged to be notified in case of breach.

It’s crucial to understand the rules and regulations of HIPAA and HITECH acts in order to prevent violations or penalized violators. More importantly, healthcare organizations will treat patient data with utmost security at all times.

HIPAA and HITECH Compliance

In order to further more understand HIPAA and HITECH, the Department of Health and Human Services required annual privacy and security training for healthcare organizations and covered entities to ensure the security of patient data. There are different kinds of data breaches that could happen when there’s a lack of knowledge, having your employees’ obtain adequate information on how they could securely handle patients’ data could help prevent data breaches.

With all the penalties awaiting once a negligence in handling patient data was observed, a HIPAA and HITECH compliance training could help prevent such violations. Most authorities believe that a HIPAA and HITECH compliance training must be specially focused on employees since they are the ones who usually access patients data for everyday use and transactions. And most of the time, vulnerable in handling healthcare data. Having them trained under an effective HIPAA compliance course could raise their knowledge on how to effectively secure patient data and to better understand the penalties and violations not only them will face but also the health organization or covered entity they are working for. A well-informed employee is a great asset to prevent data breaches and combat data losses.

It is necessary to comply to all the standard rules and regulations the law has stated to ensure the patients that their data are well-taken care of and will never be compromised to cyber crimes. Health organizations and all covered entities must always keep in mind that they have a big responsibility not only in the lives of their patient but also their personal information.

hr certification courses

Announcement: New HR Certification Materials are Live!

I had a powerful moment last week. I went back and checked some of the statistics on the website for how people find the blog, and there have been tens of thousands of HR pros that found upstartHR via Google because they were looking for help with HR certification content. That truly blew me away!

It’s that kind of support that has encouraged me to work on developing critical study materials that fill the gaps in the HR certification industry. I made a quiet announcement last week to all of our customers so far this year, but today I’m announcing publicly that our new revised courses for PHR and SPHR certification prep are both available.

(read on for how to get a limited time 20% discount on the course you need!)

hr certification courses

Why a new course? What was wrong with the old one?

The changes in this year’s HRCI body of knowledge prompted me and the team to make changes to the content, and I’d already been thinking for some time that I wanted to move away from the old format to a more comprehensive study platform. I have partnered with Thinkific, an online learning system, to transition the PHR and SPHR courses to a new format that helps learners wherever they may be.

Additionally, during the transition I not only was able to weave in some additional content from video, audio, and external sources, but I was also able to pull together hundreds of practice questions to assist with study preparation. Now students that use the course are not only getting the industry’s only study materials that offer a practical perspective—they also get a wide variety of practice questions to help them test those concepts they’re learning.

Is this the end goal?

Not by a long shot. The course has always been designed to be used alongside another study tool. HRCP has been a great partner in that regard, but I also recommend the Reed books on Amazon for anyone that needs something more budget-friendly (even if it’s for an older version of the test, 99% of the principles are still the same!).

However, those resources are highly academic in their approach, and the number one reason people fail the HR certification exams is because they lack the practical insights around application. In other words: you learn the theories, but you fall down when it comes to talking about how they really work in practice.

The content in the upstartHR course is very practical and written from an “in the trenches” perspective, which means students aren’t just memorizing terms with no idea of how they function in the real world. It’s my plan to continue fleshing out the course until it is able to stand on its own, though this is a long-term plan. Additionally, I will be incorporating new resources, research, and information into the course on an ongoing basis to ensure students are always receiving the latest and greatest information.

What about the SHRM exams?

These tools have been used successfully by dozens of students in the last year. I was hesitant to make this claim without some evidence to back it up, because the course was designed for the HRCI exams. However, there aren’t two wildly different ways to practice HR, there’s one right way. The feedback from SHRM-CP and SHRM-SCP students has been very positive and I’m proud to say that it can help those studying for the SHRM exams with key concepts and practical insights and case studies.

A note about the popular audio course

A final note: the audio course was developed as a tool to help solve a variety of problems (students wanted to listen to materials, study on their commute, etc.), but I’ve heard from some students that the content navigation and user interface is not as easy as they would prefer. I’m working on a solution to this, but, as with the course, it isn’t a quick fix. Some of the audio content is being merged into the PHR and SPHR courses and some will stand alone, but I am working on this to create a better experience for students.

Celebrate with a discount!

Bottom line: this is an exciting time for me and the team. To celebrate, for a limited time I am offering a 20% discount on the new courses if you are preparing for the PHR or SPHR. Use discount code “20launch” at checkout. This code is good until Halloween (October 31st, 2018) so don’t miss your chance! Access to the course does not expire so you can take the exam this winter or any time next year if you’re already thinking about it.

As always, if you have questions feel free to reach out to me in the comments below or via email. It’s an honor to serve the HR community and I look forward to another great year of success with my students!

cheree aspelin

We’re Only Human 41: HR Leaders, Stop Treating the Symptom

“HR should see themselves as the sole source of people exertise in any organization… You don’t go to IT to get ideas on how to formulate product. You go to them for [technical] expertise.”

How many times do you solve a problem only to have it come back around again? Are you treating the symptom instead of treating the root issue? In today’s conversation with Cheree Aspelin, Ben asks about how HR leaders can get beyond this common issue.

In Cheree’s words, HR needs to “buck up” and make some tough choices about how to lead the business and the function. It’s an encouraging conversation because Cheree’s passion and excitement about HR as a profession come through in her words, tone, and message.

Connect with Chereee on LinkedIn: https://www.linkedin.com/in/chereeaspelin

If you enjoyed this episode you’ll want to check out “How to be a Chief Troublemaker in HR.”

What about you? Does this resonate? Are you treating the symptoms or the real problem? 

pay commuting

Should Employees be Paid for Commuting Time?

An interesting piece of research on publicly available WiFi access in England led to a question that made me pause. Should employees be paid for commuting time?

As someone that travels a fair bit for work, I know the value of being able to connect and work from any number of strange locations–restaurants, hotel lobbies, airports, etc. But what about the commutes that make up a significant part of the day for so many workers? From the piece:

Interviews with customers revealed why internet access was as important for commuters as business travellers. Many respondents expressed how they consider their commute as time to ‘catch up’ with work, before or after their traditional working day. This transitional time also enabled people to switch roles, for example from being a parent getting the kids ready for school in the morning to a business director during the day.

Until now, there has been little research to evaluate the impact free Wi-Fi provision has had in the UK, despite government encouragement for companies to provide access on transport networks. The researchers looked to Scandinavia to see how commuting time could be measured differently, and found that in Norway some commuters are able to count travel time as part of their working day.

Dr Juliet Jain told the conference: “If travel time were to count as work time, there would be many social and economic impacts, as well as implications for the rail industry. It may ease commuter pressure on peak hours and allow for more comfort and flexibility around working times. However it may also demand more surveillance and accountability for productivity.”

Continue reading

hr executive ai changing hr

How AI is Changing HR for the Better

Last week I was one of several thousand people that attended the 2018 HR Technology Conference and Expo in Las Vegas. I had the opportunity to share about my take on the HR Technology landscape as it pertains to AI and automation technology that is affecting recruiting, talent management, core HR, and more.

In the video below, I answer a few key questions about how AI is driving value for employers that leverage it to solve HR and people-related challenges. This is from my upcoming book (now available for presale!) on Artificial Intelligence for HR. It’s a very practical look at where HR is today and how technology can enable us to FINALLY be strategic in ways we’ve always dreamed of by automating some of the simpler, transactional components and “grunt work” that we all have to do on a daily basis.

Plus, I grew a mini beard for HR Tech this year. Enjoy. :-)

Continue reading

How to Legally Avoid Paying Overtime Wages [Reader Question]

I’m trying out a new Q&A format for some questions I’ve received in the last few weeks. Let me know what you think in the comments or by emaiing me your own question to ben@upstarthr.com

overtime clockLast week I got a question in the mailbag that was short and to the point.

How can we avoid paying overtime to employees?

My answer was short and sweet: Continue reading