Penelope Client Information Management Software for Behavioral Health and Social Services
  • Home - Athena Soiftware
  • Suitability - Athena Soiftware
  • Benefits - Athena Soiftware
  • Technical Specifications - Athena Soiftware
  • Free Online Demo - Athena Soiftware
  • Get Price Qupte - Athena Soiftware
  • Contact Athena Soiftware
Penelope Client Information Management Software for Behavioral Health and Social Services

Greg's Blog - February 9, 2010

With this foray into the "blogosphere" here at Athena, I'd first like to describe the kind of content that I'll try to regularly provide here in this forum. While I am certainly no expert in many facets of this business, my exposure over the years to our global client base and their diverse operations has afforded me a somewhat unique insight into the challenges, opportunities and best practices that prevail across the many sectors of human services with which Athena works. I am fortunate to have the opportunity to work with incredibly talented, dedicated and knowledgeable people from around the world, people who are committed and engaged - in one sense or another - on helping improve the lives of their fellow community members and for this I am deeply thankful. From this perspective, I'd like to share my thoughts about some issues relevant to our field of work and also to offer some thoughts on other non-related matters (just for a bit of a laugh).

Thoughts on Maintaining Data Security

Every agency has a serious responsibility to not only protect the data they store - in electronic or paper format - from unathorized access, but also to ensure that it is not destroyed or lost due to disaster or other causes. In this blog, I'll cover some steps and considerations that relate to the protection of data from unauthorized access and in the next installment, I'll provide some tips on implementing a system with enhanced redundancy and disaster recovery capabilties.

it is important to first be aware of any mandatory requirements that your organization may already by subject to given the accreditation standards and legislated requirements based on the jurisdiction(s) you currently fall under. These requirements, obviously, supersede any comments contained here. Because my area of experience is much more in the field of information technology where the information is stored in electronic format, I will refrain from commenting on the equally imortant area of protecting paper/ hard copy records from unauthorized access. These items below are presented merely as" things to consider" in your own context and of course are not exhaustive nor entirely prescriptive.

  • Staff Behaviour - there are many simple things that staff can do to reduce the threat of unauthorized access to confidential information:
    • Never fax or email any records that contain confidential information- even as an attachment
    • Never count on anti-virus software to protect you from malware/ viruses etc.
    • Never use a home computer for work purposes if there is any chance that the computer has been compromised (eg. via the internet related activities of children/ spouses)
    • Never touch those "chain"/ joke etc emails - delete them without viewing them
    • Never click on an embedded link in an email even if you trust the source - you often can't be certain it will take you to the web address it purports to
  • Workstation Security
    • Never use the "auto-save of passwords" function in a browser
    • Never use Internet Explorer 6 and if possible, only use the most recent version of Firefox as a web browser and perhaps Thunderbird as an email client
    • Have IT staff lock down web addresses to only safe sites (also have them lock down the user rights on the computer to the bare minimum necessary to perform work tasks)
    • Periodically review workstations for signs of compromise
    • Implement workstaiton-level firewalls
    • Maintain the OS and antivirus / security software to be up to date
  • Server Security
    • How secure are passwords? How often are passwords changed
    • Is it patched and up to date?
    • What ports are open ?
    • Is it behind an appropriate firewall ?
    • How is remote access to it facilitated? Who has this access ?
    • What are the vulnerabilities of the OS and the applications installed ?
    • Can incoming remote access be restricted to a specific Ip address or range of addresses (**this is one of the most critical and easy to implement ways to drastically improve server security**)
    • How is the server's performance being monitored?
    • Is there an intrusion detection system in place on the firewall ?
  • Physical Security
    • How is physical access to the server controlled ? Who has access to it and how is this monitored and documented? What happens in the event of staff change-over?
    • How is physical access to the server controlled after hours? In the event of the hardware being stolen, is the disk encrypted at rest?
  • Penelope Configuration Options
    • Have you implemented Penelope's Security Classes and Reporting Classes to create an appropriate matrix of permissions/ access rights for staff consistent with external requirements, internal policies and your client consent / confidentiality documents?
    • Have you implemented Penelope's Password and login features ?
  • Other considerations
    • Do your client consent and confidentiality documents accurately reflect how their data will be stored, accessed and backed up given your current technological infrastructure?
    • How are you regulating how printed copies of electronic data are being controlled and appropriately disposed of?

 

Apple Ipad - the announcement of this new product is very exciting. While we haven't gotten our hands on one yet, we are very intrigued about the possibilities of its use as a Penelope tablet. Once we receive one, we'll pass on our impressions as to its suitability for Penelope use.

Brief Miscellania ( Ok, enough of the work stuff! )

> Recent Movies I would recommend.... Up in the Air (will have some familair echos for those who travel a lot!), The Informant (Matt Damon is brilliant in this funny true tale of pervasive self-deception). For those of you with kids - UP! is a great movie (love those talking dogs!).

> Recent Albums I would recommend.... Phish - Joy - their first album since reuniting features some amazing performances from Trey and Page. An older album I have rediscovered and also woudl heartily recommend is Belle & Sebastian's The Life Pursuit from a couple years back -crisp, pop songs brialliantly executed).

> Guitar Effects I would recommend for your rig .... MXR / ROSS Compressors - provide a useful way to control your tone and standardize your output without gain or distortion, a nice way to smooth out notes as well- a very underrated potential addition to your pedal chain!


Bookmark and Share October 30, 2009

About the Author

Greg Stanley-Horn is one of the founding partners of Athena Software and has extensive experience in a variety of roles in the human services sector including:

  • Front-Line service with High-Risk Youth
  • Community Development planning and advocacy
  • Development of Community Health Centres
  • Fund-raising / Development Campaigns
  • Development of Outcomes Indicators
  • Software Development and Implementations

With Athena, Greg is the Director of Deployment Project and chairs Athena's Strategic Planning and Management Committee.

Greg can be reached at greg <at> athenasoftware.net or by phone at 1.866.806.6014 x 302.

NOTE: the personal opinions and views expressed in this blog are those of the author alone and are not the official positions of Athena Software or its employees. No endorsements or warranties are made with regard to its content and it is offered purely on an "as-is" basis.