Rail transport is many things. It’s the infrastructure that takes us to work, helps us meet up with friends, connects us to major cities and small hamlets, and it gets us home at the end of the day.
For all its triumphs and faults the mode of transport is more popular now than it has been for the last fifty years. Around 10 per cent of all UK journeys in 2016 happened over rail, with the British public travelling a collective 80 billion kilometers in a train that year.
For many people, spending more time on the train might seem like a nightmare. However, for some, the system of carriages, connectors, signals and steel is more than an A to B. For some, it’s a moving boardroom – providing a creative meeting space with an ever-changing view. Once the commuters have made their way to work, it becomes a very different experience.
For the last few years two entrepreneurs have been ditching the office and boarding a train, where they hold day-long mentoring and training sessions, whilst taking in the sights of the great British countryside.
Gareth Jones is the founder of Town Square Spaces, a company that offers space and support for people developing and growing businesses. Beyond that, the company’s aim is to get more people involved in the modern economy, through events, programmes and activities. Gareth also founded a startup centre called Welsh ICE and holds positions on the Strategic Group for Innovation on the Cardiff Capital Region City Deal, Cardiff Start and Cardiff University’s Impact Accelerator.
Georgina Jones is a TEDx Speaker, Author and founder of Turn Lights On, a consultancy that engages businesses in the UK to create a working environment of connection, energy and inspiration, aiming to boost company culture and support leaders to inspire.
The idea for these training trips first began five years ago, when Gareth and Georgina were both due to participate in a Big Ideas Wales event (a Welsh Government service aimed at supporting young entrepreneurs) in North Wales. The journey from Cardiff to Colwyn Bay is a scenic four hours, with passengers able to take in the rolling fields and farmyards as well as criss-cross the English and Welsh border before finally landing in the seaside town.
In that time, Gareth and Georgina found that they got quite a lot of work done. There was something about the journey that inspired the pair and they found they had more time to reflect on the issues that they were finding difficult in their businesses. They decided to try it again, this time with an agenda.
So far, they have travelled to Bath, Gloucester, Cheltenham, Shrewsbury, London, Carmerthen, Weston Super Mare and Bristol. Once there they stop for a spot of lunch and travel back again. The reason for the trips? Inspiration. The entrepreneurs use the travel time to discuss burgeoning issues within their businesses, with each participant bringing a select agenda of challenges or topics they wish to get through.
Why a train?
“There’s something about trains,” says Georgina Jones. “The changing scenery, constant movement toward a destination – it’s surprisingly different and engaging. Anyone who has worked in a business and had long or difficult board meetings will have periods where they find it tough to focus, but that’s not something I’ve ever experienced on our train sessions.
“Perhaps it’s the new perspectives around you. Sometimes when you are deeply embedded in your business, you can lose sight of the everyday life that goes on. On the train, you see all sorts of people and places, it helps you take a step back and see the wood for the trees a little. This means there’s less chance of getting stuck in a mindset or a rut and leads to a more present conversation where each party is fully engaged. I know it can sound a little quaint, but this really does lead to a higher quality chat and some of my most troublesome issues have been solved aboard a train carriage.”
This sense of focus is also something Gareth Jones feels sharing a journey on a train gives him: “It feels a lot like a board meeting, except there are only two of you. I’m a big advocate for companies getting a board as early as feasible, as it gives a certain level of accountability that helps drive businesses forward. These meetings act in the same way, in that you are working with someone who inspires you and therefore their support and opinion carries a lot of weight.
“The isolation of the train carriage is a good way to close yourself off from other issues and concerns. You can say ‘this is my priority today, I can’t be distracted by anything else’. As a result, you find that you address topics in much more detail – which helps scale and grow your business,” he says.
“There’s no other meeting you have to dash off to. You’re not thinking about that task you have to complete right after the meeting – you are on a train – there’s nowhere else to go, but to be present in the moment, and that leads to some real quality sessions.”
Before heading off for a day of travel and training, it’s important to set out what you want to achieve.
Gareth says that preparation is the key to getting the most out of the sessions: “First we decide on the location. There are so many fantastic places across the UK all within a few hours of each other. You could easily spend £150 to book a boardroom out for a day and be stuck in the same place with the same four walls. Instead of being sat in one spot all day, you can spend less money and see all these different places. For £30 each from Cardiff we can get a return to Weston-super-Mare, with two to three hours of uninterrupted discussion time.”
In that time, the pair go through their agenda with each person responsible for setting out the issues and challenges they would like to discuss.
Georgina says the timetable adds focus: “The train time is limited, and there is something motivating about that. There’s a freedom in the fact that for the next three to four hours you have nowhere else to be, but at the same time you know if you don’t get through your topics, time will run out and you won’t have made the most of it.”
Though it would seem the captivity of the train and the interesting scenery tends to increase the focus and the quality of discussions, it’s still public transport. Privacy will always be a concern, so just what kind of challenges can be tackled aboard the entrepreneurial express?
Gareth said the sessions are a perfect opportunity to discuss all manner of business -related issues: “Anything from staffing issues, to resources can be discussed. Should I go for that project or not? Should I look to grow my team yet or is it too early? Anything that’s causing a lot of stress is up for debate. Being able to talk to someone who gets the context of running a business, but also understands your background, and why things are important to you is crucial.
Georgina said that the sessions can be surprisingly emotional: “It’s a great place to discuss the difficult decisions anyone who runs or manages a business will encounter. The fact that it happens face-to-face on a train; there is a sense of ‘it stays here’, and you can often work through some emotional problems.
“Entrepreneurs are some of the worst for actually talking about how they feel or how difficult they are finding things – these train sessions are a perfect place for those kinds of discussions. The feeling of being somewhere new on a journey – it feels somewhat like a business retreat, but it can be done in an afternoon.”
The mental health aspect of these discussions is an interesting one. The autonomy of running your own business can be freeing, but the stress, uncertainty and isolation can also be difficult to deal with. After all, who do you confide in? You can’t regale your clients with tales of how you spent your evening drafting invoices because you were doing actual work all day.
The sense of being overwhelmed is common, and it’s something Gareth feels these journeys help address: “Every entrepreneur I speak to, almost without fail, feels they have fallen into the trap of spending too much time working in the business rather than on it. There never seems like a good time or opportunity to break away and think strategically about where they are heading.
“These sessions are a great way to really work through the issues of your business and help plan how you can grow to a position where you are in control, being more reflective than reactionary.”
So, who can this benefit the most? For Georgina, it’s all about the shake-up from the norm: “Anyone who is office-bound or works from home will get a lot out of being somewhere new. It breaks things up and can really help get those creative juices flowing – especially if you are someone who values adventure or fresh perspectives.
“I think it could benefit people of any business stage, but I would say choosing the partner is key. You should aim to be each other’s mentors, so make sure it is someone you trust and admire. It’s also important to see each other as equals – I don’t think a boss-employee relationship would work well for the kind of issues you want to tackle.”
For Gareth, it again comes down to trust: “Anyone looking for peer-to-peer support will benefit. Familiarity is useful, and the more sessions you have with someone, the more you will get to understand how to motivate and support each other. Working with someone you trust, who inspires you and importantly, understands the issues you are going through, will help you grow as a person and as an entrepreneur.
“There will be people who say ‘well, it’s alright for you but I couldn’t afford the time to do that,’ and my reaction is that it probably just isn’t a priority for them. For me, this is a crucial part of my planning process, I prioritise it.
“When it comes to picking the destination, pick somewhere you haven’t been before, or at least somewhere you don’t go often. Find a nice place to eat ahead of time and reward yourself with a special lunch when you get there. If you can, pick off-peak times so that you know you will get a table, then at the very least, you’ll have a place to rest your notes!”
Take a few minutes I know we are all busy but this can save you a lot of money and headaches.
This explains how we have helped Fortune 500’s and 10 person companies alike.
This is seemingly the easiest to unlock because it relates to quantifying your obvious costs. Work with a vendor to get a quote for all physical elements you need to operate your own data center. This can include servers, RAM, processors, disk, network switches, firewalls, cables, racks, etc.
If you add up the hardware costs and divide them by the period you plan to measure your TCO – let’s say five years – you have your cost. Some other things that are often overlooked and need to be considered in this vault are: capacity (both too much or too little), technology
exposure (such as cheap disk versus performance-grade), redundancy (do you have any?), and the proverbial crystal ball (did you predict the future properly?). All
of this is topped off by the fact that when you buy hardware, you’re already purchasing older technology. We call this a dead-money expense.
The rise of cloud service providers as business associates
As more healthcare providers start to utilize cloud services, the issue of cloud service providers (CSP) as business associates is becoming more complex. Both covered entities and business associates need to understand how they can take advantage of cloud options while still maintaining HIPAA compliance.
HHS released more detailed guidance on cloud computing, CSPs, and business associates in 2016 to help clarify potential confusion.
“When a covered entity engages the services of a CSP to create, receive, maintain, or transmit ePHI (such as to process and/or store ePHI), on its behalf, the CSP is a business associate under HIPAA,” the guidance states. “Further, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate.”
HHS also suggested a service level agreement (SLA) to address more specific business expectations between the CSP and its customer. The provisions could potentially cover the following areas:
- System availability and reliability;
- Back-up and data recovery (e.g., as necessary to be able to respond to a ransomware attack or other emergency situation);
- Manner in which data will be returned to the customer after service use termination;
- Security responsibility; and
- Use, retention and disclosure limitations.
However, HHS noted that a CSP is considered a HIPAA business associate even if it only stores encrypted ePHI and does not have a decryption key. HIPAA regulations still define an entity as a business associate even if that organization cannot actually view the ePHI it is maintaining for a covered entity or other business associate.
Encrypting ePHI reduces the risk of potential exposure, but it cannot on its own “safeguard the confidentiality, integrity, and availability of ePHI as required by the Security Rule.”
“Encryption does not maintain the integrity and availability of the ePHI, such as ensuring that the information is not corrupted by malware, or ensuring through contingency planning that the data remains available to authorized persons even during emergency or disaster situations,” HHS maintains.
Providers will need to seek out secure and compliant cloud service providers on their own. OCR will also not assist healthcare organizations that are trying to find cloud services that are reportedly HIPAA compliant.
“OCR does not endorse, certify, or recommend specific technology or products,” the guidance says.
While HHS and OCR offer guidance on how covered entities and business associates can utilize cloud computing, those healthcare organizations should still perform their due diligence when seeking out secure options. From there, crafting an applicable business associate contract, BAA, or SLA will be necessary to guarantee that all parties understand what is expected in terms of PHI security.
What happens when BAs violate HIPAA regulations?
Business associates can be held liable for PHI exposure. Whether the partners involved lack a business associate agreement or a business associate simply falls victim to a ransomware attack, these organizations must also ensure they stay HIPAA compliant.
In April 2017, the Center for Children’s Digestive Health (CCDH) agreed to a $31,000 OCR HIPAA settlement after it was found that CCDH did not have a BAA with FileFax, Inc., a patient information storage provider.
An August 2015 compliance review was instigated after FileFax had been investigated.
“While CCDH began disclosing PHI to Filefax in 2003, neither party could produce a signed Business Associate Agreement (BAA) prior to Oct. 12, 2015,” according to OCR.
Furthermore, OCR found that the PHI of at least 10,728 individuals was disclosed to FileFax “when CCDH transferred the PHI to Filefax without obtaining Filefax’s satisfactory assurance.”
Minnesota-based North Memorial Health Care also learned the hard way why it is essential to properly identify business associates.
The hospital failed to identify Accretive Health, Inc. as a business associate, and agreed to a $1.55 million OCR HIPAA settlement in 2016.
North Memorial filed a breach report in September 2011 when an unencrypted, password-protected laptop was stolen from an Accretive member’s locked vehicle. The report stated that the ePHI of 9,497 individuals was possibly impacted.
OCR also found that North Memorial did not “complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure.”
Not having a BAA also led to an OCR HIPAA settlement for Care New England Health System (CNE).
OCR determined that Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered entity, and had lost unencrypted backup tapes that held the ultrasound studies of approximately 14,000 individuals.
This led to a $400,000 settlement, along with the requirement that CNE adhere to an OCR corrective action plan.
CNE was also allowed “to create, receive, maintain, or transmit PHI on its behalf, without obtaining satisfactory assurances as required under HIPAA.”
“From September 23, 2014, until August 28, 2015, WIH impermissibly disclosed the PHI of at least 14,004 individuals to its business associate when WIH provided CNE with access to PHI without obtaining satisfactory assurances, in the form of a written business associate agreement, that CNE would appropriately safeguard the PHI,” OCR explained.
Both covered entities and business associates will benefit from having a current and comprehensive BAA in place. This way all parties understand how they are expected to store, transfer, and handle PHI and other sensitive information.
Additionally, BAAs will help ensure HIPAA compliance and prove to OCR that necessary steps were taken to keep data secure should an investigation ever need to take place.
Identifying BAAs and reviewing the business associate relationship
Healthcare providers should not hesitate in reaching out to a third-party knowledgeable on business associate agreements to ensure that a thorough business associate agreement has been established.
For example, a lawyer who practices in the healthcare IT privacy and security space should understand the intricacies of HIPAA and understand what needs to be in place in a proper business associate agreement.
HHS also suggests the following resources for healthcare providers that want to know more about the HIPAA Privacy and Security Rules in general, beyond just business associate agreements:
A thorough knowledge of HIPAA regulations will help providers understand the business associate relationship. Utilizing available tools and resources can also help organizations create applicable business associate agreements that will work toward PHI security.
One of our national vendors offer a FREE Phishing Security Test (PST) which will help organizations uncover the percentage of employees who are phish-prone; apt to opening or clicking on potentially malicious emails or links/attachments. They can enter up to 100 employees for this free test. This test can be set up from the KnowBe4 website, under Free Tools. Results in a few days.
Another valuable tool is their FREE Email Exposure Check Pro . This test will uncover the number (%) of employees which have visited or reside on potentially malicious websites, if their identities are found, which ones are on sites which were breached, when the breach was and more. This will also inform them if the login credentials are also exposed. This is valuable because these sites are where the bad guys troll to find their information to perform CEO Fraud or launch malicious attacks. This check can be run from the KnowBe4 website, under Free Tools. Results in minutes. #acginfo/biz 877 208 0021
22 is the winner of a $25.00 gift certificate to Nico’s in the Pac Center. Last night was fun, great food and good company. See you next year, be well
One of our vendors, WestUC, was recognized by Cisco. We are happy to represent them as we do our many other vendors that help us find the right solutions for you. Call us at; 877 208 0021 mailto:firstname.lastname@example.org
Cisco Names WestUC Service Provider of the Year, Americas
West Receives Geographical Region Award as Americas Service Provider of the Year at Cisco Partner Summit 2017
CHICAGO, Americas – November 2, 2017 – West’s Unified Communications Services today announced that it is the recipient of a Cisco® Partner Summit Geographical Region award for Service Provider of the Year, Americas. Cisco unveiled the winners during its annual partner conference taking place this week in Dallas, Texas.
Awarded to channel partners who rise to business challenges, the Cisco Partner Summit Global awards are designed to recognize superior business practices and reward best-in-class methodologies. Areas of consideration include innovative processes, architecture-led successes, strategic business outcome-focused programs, seizing new opportunities, and sales approaches.
“Cisco is proud to work together with leading partners to drive the digital transformation, creating powerful solutions and fresh approaches to meet the needs of our customers,” said Rick Snyder, senior vice president, Americas Partner Organization at Cisco. “It is an honor to recognize West with a Cisco Partner Summit Geo-Region award as Partner of the Year, further underscoring its outstanding accomplishments in the Americas.
“We are honored to be acknowledged by Cisco as Service Provider of the Year for the Americas region,” said Randy McGraw, senior vice president of technology and operational services for West’s Unified Communications Services. “We value our relationship with Cisco and we feel that receiving this recognition is further testament to our ability to provide seamless UCaaS to the enterprise.”
Cisco Partner Summit Geographical Regional awards reflect the top-performing partners within specific technology markets across the geographical region. All award recipients are selected by a group of Cisco Global Partner Organization and regional executives.
Cisco and the Cisco logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.