Webinar - Containing the Chaos - Overcoming SAP BI Administrative Challenges

Developing and implementing an agile content storage strategy for your SAP BI deployment is critical to the health of the system and to your ability to respond effectively to administrative challenges and compliance requirements.

The content in your BI deployment is an important asset, but it can also become a liability if there isn’t a strategy in place to control its growth, but often there is a significant volume of unnecessary content in the system, resulting in ‘content chaos’. This chaos only deepens as BI deployments grow and become more oriented toward ad-hoc, self-service reporting.

This potential for content chaos requires development of an agile approach to system storage, retention, and purging, including assessment of storage requirements, distillation of those requirements into rules, and organization and application of those rules within an agile system storage strategy.

In this webinar, we will look at the various challenges and costs of content chaos within the BI environment, how to develop a system storage strategy for overcoming that chaos, and how to make effective use of technologies which target the reduction and containment of chaotic content growth.

Register for the webinar.

Oregon Health & Science University (OHSU) - Taming the Healthcare BI Administration Beast

What: Webinar - BI System Management Successes at
Oregon Health & Science University (OHSU)
When: October 14, 2015, 10 am / 2 pm ET
Guest Presenter: Ken Vincent, Senior Systems Analyst, OHSU
APOS Presenter: Fred Walther, Solution Consulting Manager, APOS Systems

If you didn't get a chance to see Ken Vincent tell his story at SABOC 2015, here's your chance to find out how OHSU achieved BI system management successes in:

•  Migration & Technology Adoption
• Meaningful Use & EHR Updates
• Governance & ICD-10
• Monitoring & Auditing

These areas have presented challenges for most SAP BusinessObjects platform managers and administrators in the healthcare sector, as they try to manage rapid change effectively, often with limited resources and short timelines.

How does OHSU measure success in BI system change management? Find out from Ken how rapid impact analysis, bulk administration, and robust monitoring and auditing led OHSU to significant time savings, efficient resource management and cost control, and fast BI system management ROI.

If you're like many healthcare BI platform managers and administrators, you have more BI system management questions than answers. Have your questions ready, because this session will include a live Q&A with Ken and APOS Solution Consulting Manager Fred Walther.

Can't attend the live webinar at either of the scheduled times? Register for the webinar and we'll send you a link to a recording of the webinar, so you can view it at your leisure and share it with your colleagues.

Register for this webinar...

SAP Design Studio Update Webinar

When: Thursday, Sept. 17, 2015 - 10 am / 1 pm EDT
Guest Presenter: Ian Mayor, Product Manager, BI, at SAP
View other webinars in this series

SAP BusinessObjects Design Studio lets you create scalable, multi-faceted visualizations for dashboards and BI apps, putting timely and actionable information at your decision makers' fingertips. SAP's Ian Mayor joins us to discuss new features in SAP Design Studio 1.5, including:

• Parallel queries
• Data Binding (lessening the need for sc ripting)
• New filtering components
• Export to Lumira

This webinar will also provide brief introductions to APOS Data Gateway and APOS Semantic Data Driver, two APOS products to help your organization in its adoption of Design Studio.

Please join us for this informative webinar.

Register for this webinar...

ICD-10 and Beyond - What Are the Key Drivers for Healthcare BI in mid-2015?

There are some consistent themes arising among our US healthcare customers. A common one is that BI platform managers and administrators in the healthcare industry are becoming more proactive in order to resolve numerous pressing issues.

There are regulatory issues (HIPAA, HITECH) and ICD-10 adoption issues There are issues with BI/EHR integration and with change management. And, of course, there is the ever-present issue of resource constraints.

One of our larger healthcare customers recently said they have managed to complete ICD-10 testing and adoption well before the October 2015 deadline, but I wonder, how is the rest of the industry doing? What is the current state of ICD-10 readiness?

In a 2014 survey on ICD-10 readiness by the American Health Information Management Association (AHIMA):

65% of respondents indicated that they could begin end-to-end testing prior to the fourth quarter of 2015, when compliance is set to begin. Of these, a majority (63%) will be ready to conduct testing in 2014, while the rest will wait until 2015.  Ten percent of all respondents currently have no plans to conduct end-to-end testing, and 17 percent don’t know when their organization will be ready for testing.

In general, the larger the healthcare organization, the more likely it is to be prepared, and to have end-to-end testing either already completed or in their plans prior to the adoption deadline. And the smaller the healthcare organization, the more likely it is to have resource constraints and knowledge limitations:

Organizations with no plans to conduct end-to-end testing often cited a lack of knowledge as the reason to forego testing (36%). Nearly half (45%) of these organizations are clinics/physician practices, possibly indicating a knowledge gap around ICD-10 implementation and testing for those organizations with fewer resources. By contrast, only two of the acute care hospitals responding to the survey had no plans for end-to-end testing.

The pyramids of Egypt are testament to what can be accomplished with a nearly unlimited supply of cheap or free labor, and larger healthcare organizations have been able to apply the necessary resources and the necessary knowledge to meet the deadline, but what about the rest of us? How can smaller healthcare organizations make the transition to ICD-10 comfortably?

When you don't have the resources, working smarter is the only practical alternative, and working smarter requires both a deeper knowledge of your deployment than is commonly available, as well as the ability to streamline and automate many of your BI workflows.

Lamont Parraway of LifeBridge Health joins us this afternoon (July 23, 2015, at 2 pm ET) for a webinar to discuss some of the biggest challenges he faces in managing the LifeBridge Health SAP BusinessObjects deployment. Attend the webinar to find out how he uses automation and deep system introspection to manage change, meet reporting needs, and reduce the load on IT resources.

View the recorded webinar...

(Note: if you register but are unable to attend, we will send you a link to a recording of the webinar, which you can then enjoy and share at your leisure.)

Press Release - APOS Data Gateway for Lumira

APOS today announced the release of its APOS Data Gateway product for SAP Lumira. The APOS Data Gateway is currently available in two editions:

• APOS Data Gateway, Lumira Desktop Edition for Web Intelligence
• APOS Data Gateway, Lumira Desktop Edition for Microsoft Access

Using these editions of the APOS Data Gateway, Lumira users can connect Lumira to alternative data sources, including SAP BusinessObjects Web Intelligence reports and Microsoft Access databases. These initial editions of the Data Gateway allow organizations to leverage the reach and business logic of Web Intelligence reports and instances, as well as the tables and queries in Microsoft Access.

Read the press release...

Ongoing BARC BI Survey 2015 Preliminary Results

Preliminary data from the 2015 BARC BI Survey indicate that use of BI is increasing and becoming more pervasive in departments besides Finance and upper management:

Following rather stagnant numbers in 2014, this year reveals an upward trend across all business departments. The biggest increase can be found in production departments (from 21 percent to 53 percent). The operationalization of BI has progressed rapidly in recent years. This is particularly evident in big data analytics scenarios where ever-increasing volumes of machine and sensor data are being used in the production process – for example for optimizing production processes or predictive maintenance of machines.

The Business Application Research Center (BARC) is an enterprise software industry analyst doing research in data management, business intelligence, customer relationship management, and enterprise content management.

Participation has its benefits. If you take the survey, you will:

• Receive a summary of the results from the full survey
• Be entered into a draw to win one of ten $50 Amazon vouchers
• Ensure that your experiences are included in the final analyses

Sounds like it might be worth the 20 minutes or so it will take you complete the survey.

Take the survey.

Web Intelligence, Lumira and the Road Ahead

Our SAPinsider-hosted Q&A on April 22, 2015 was a resounding success. It featured a cast of SAP luminaries:

• Ty Miller - Vice President, Lumira Product Management, SAP
• Frank Prabel - Senior Director of Product Management, SAP
• Gregory Botticchio - BI Product Manager, SAP
• Sylvain Riboud - SAP BusinessObjects Web Intelligence and Semantic Layer Area Delivery Manager, SAP
• Ian Booth - Director Product Management, SAP

Here's Frank Prabel on the road ahead for Web Intelligence:

SAP has a very large installed base of Web Intelligence customers and is committed to investing in the WebI future.

The investment will be partly incremental innovations such as those planned for BI 4.1 SP06 (global input controls, freehand SQL, etc.), but we are also working on key new innovations (commentary, parallel queries, or HANA direct access). Please refer to this Web Intelligence roadmap slide for additional details:

Read more questions and answers from the event.

Will Your Web Intelligence Journey Lead You into Lumira?

When: April 22, 2015 - 11:30 am EDT

APOS is pleased to present this online Q & A session in conjunction with SAP and SAPinsider. During this session, SAP Product experts will explore the latest capabilities, future roadmap, and product synergies of SAP Web Intelligence and SAP Lumira. The SAP expert panel will include:

• Ty Miller - Vice President, Lumira Product Management, SAP
• Frank Prabel - Senior Director of Product Management, SAP
• Gregory Botticchio - BI Product Manager, SAP
• Sylvain Riboud - SAP BusinessObjects Web Intelligence and Semantic Layer Area Delivery Manager, SAP
• Ian Booth - Director Product Management, SAP

Understanding product roadmaps and capabilities is key to successful SAP BI tool selection and usage. What criteria will differentiate the application and uses of SAP BusinessObjects Web Intelligence and SAP Lumira, now and in the future?

This online interactive Q & A session will give you the opportunity to pose your questions directly to these SAP experts, learn about recent and upcoming Web Intelligence and Lumira enhancements, and explore opportunities to harmonize the use of these tools for better user engagement.

Register for this session.

Healthcare GRC and Social Engineering

There is some debate over whether or not the CHS, Anthem and Premera data breaches were the result of "sophisticated" attacks. The jury is still out, but cautious journalists are using quotation marks to indicate that this explanation is not universally accepted. Regardless of the sophistication of these attacks, attacks they certainly are, and healthcare organizations should be prepared for the onslaught to continue, because healthcare data breaches are so lucrative. They have to assume they are being targeted by criminal hackers for fun and profit.

Maybe former Intel CEO Andrew S. Grove's book title got it right: only the paranoid survive. Perhaps healthcare organizations could learn from their corporate antitheses, the tobacco companies, who have many enemies, but are protected by a culture of hardened security.

There is certainly room for technological solutions to help manage risk, but we must recognize that the most frequent cause of data breaches is human behavior. (According to a Verizon data breach report, about 76% of network intrusions involve weak credentials -- bad passwords.) The biggest risk to the security of your data is your people. No amount of monitoring using sophisticating technology can protect your data from bad decisions by people on your network.

Let's not forget the subtitle of Grove's book: How to Exploit the Crisis Points that Challenge Every Company and Career. The threat to data is also an opportunity to establish a culture of data governance. In such a culture, the value of data is recognized, and human behavior is shaped by this recognition.

Human behavior is a critical factor, because social engineering is how malware and other created vulnerabilities find their way into your network. It is essential that your systems have malware protection, but it is equally important that your people know what not to click.

A strong governance, risk management and compliance (GRC) culture fights social engineering with social engineering.

If healthcare organizations can learn to fend off the cyber attackers, they will be in a better position to fend off the lawyers bearing class action law suits.

Pentagon EHR System Upgrade Contract Said to Be Worth $11 Billion

The U.S. Department of Defense has narrowed the field to three contenders for the estimated $11 billion upgrade to the DoD EHR:

• Computer Sciences Corp., HP, and Allscripts
• Cerner, Leidos, and Accenture Federal
• IBM, Epic, and Impact Advisors

The winning EHR company will certainly benefit greatly, both from the DoD, and in the healthcare sphere in general, but I'm sure the other two will also benefit from the vote of confidence on their ability to deliver EHR capable of achieving Meaningful Use.

Numerous challenges have been noted by the bidders:

• Interoperability - Allscripts senior vice presi dent, sales, Dean Mericka says interoperability will lead to personalized precision medicine and improved telemedicine.
• DoD mission and culture - Cerner Federal VP and general manager Travis Dalton notes that the task goes far beyond bringing a set of tools. The winning vendor will have to adapt to the DoD's culture, philosophy and mission.
• Scalability - Epic U.S. federal and global services executive Leslie Karls indicates the scalability of the solution is key.

Those are just the EHR perspectives. The IT and infrastructure challenges present a whole other level of difficulties.

Read more at FierceEMR.

New Case Study - Redevco B.V.

Established in 1999 to manage the real estate investment activities of the venerable Dutch C&A fashion retail chain, Redevco B.V.'s portfolio includes 450 properties at top locations in major cities across Europe, with tenants including many major national and multinational retail companies.
Redevco implemented the APOS Publisher solution to handle invoice publishing after they started creating the invoices in Web Intelligence instead of Desktop Intelligence.

Check out the new APOS case study on Redevco to find out how they re-engineered their invoicing workflow with APOS Publisher.

Was the Anthem Data Breach "Sophisticated"?

Anthem CEO Joseph R. Swedish apologized to Anthem members immediately after the December 2014 data breach was made public, saying "Anthem was the target of a very sophisticated external cyber attack." Swedish continued, in what may become a model for such apologies:

Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.

It's a nice trick to have the CEO of a major healthcare payer -- a man whose total compensation package for fiscal 2013 was $16,979,927 -- come across as one of us, just another victim of cybercrime.

But was the Anthem hack really a sophisticated attack?

Dan Munro at Forbes quotes security analyst Ken Westin:

Because it was clearly pre-meditated and because the attackers spent time identifying the vulnerabilities, it definitely qualifies as well executed, but once the initial intrusion was successful, they didn’t have too far to look. By gaining admin credentials to the database there was nothing ‒ including encryption ‒ to stop the attack. The only thing that did stop it was a lucky administrator who happened to be paying attention at the right time.

There is some speculation that the initial breach at Anthem occurred much earlier than the December 2014 public announcement, perhaps as early as April 2014, and that it was a result of the Heartbleed Bug.

Munro also discusses the earlier CHS and Sony hacks, noting that they too were described as sophisticated or "unprecedented" attacks, and that numerous security analysts had thrown cold water on those descriptions. Let's face it: no board of directors is going to say that they were victims of an attack that a five-year-old could have perpetrated. The PR front likely bears little resemblance to what is going on behind closed doors, where damage is being assessed, and governance, risk management and compliance are being reassessed.

There are always the nagging questions: What should you have known? When should you have known it? Did you exercise due diligence?

I once heard an auditor defined as the person who walks onto a battlefield after the battle is over and bayonets the wounded. I'm not sure that's an apt description of an auditor, but it's a pretty good description of the audited. 

Anthem Data Breach and Due Diligence

Anthem is the second-largest health insurance company in the US, and when they reported being hacked recently, it was estimated that the healthcare information (and identities) of 1 in 4 Americans was compromised -- that's more than 80 million. To put that in perspective, in the decade previous to this breach, the HHS "wall of shame" identifies approximately 40 million identities compromised in breaches. The Anthem breach compromises twice as many identities as all other breaches combined.

The breach was detected on Jan. 27 and announced on Feb. 4. By Feb. 6, there had already been four lawsuits launched against anthem, alleging they "did not take adequate and reasonable measures to ensure its data systems were protected."

I mentioned in an earlier post that healthcare data breaches are quite lucrative for the criminal elements perpetrating or benefitting from them. I should also mention that data breaches in general are quite expensive to the organizations breached as well.

One estimate has Anthem on the hook for $100 million to $200 million just to fix vulnerabilities and/or damage done. However, costs may be much higher depending on whether Anthem can demonstrate due diligence. Most security experts regard data breaches as inevitable, but the investigation of data breaches by regulatory authorities will judge whether Anthem did their best to prevent the breach, and to minimize its impact. If they didn't, HIPAA enforcement come into play. A finding against Anthem by the HHS Office for Civil Rights (OCR) could also open the door to more lawsuits.

In May, 2013, a study sponsored by Symantec and carried out by Ponemon Institute LLC estimated the cost of data breaches in the US to be approximately $188 per identity compromised. I'll let you do the math on that with regard to the Anthem data breach. Let's hope they can find economies of scale.

Of course, performing due diligence and demonstrating due diligence to an auditor are two different things. Whatever your regulatory requirements are, will you be ready for the auditor?