Reduce the network management burden: healthcare software provider finds low-cost answer to keeping track of data..Delivering quality medical care requires more than well-trained doctors and the latest medicine and equipment. Medicine is an information-based profession and better information technology improves patient outcomes. Headquartered in Skowhegan, Maine Skowhegan is a town in Somerset County, Maine, in the United States. As of the 2000 census, the town population was 8,824. It includes Skowhegan Village and the resort of Lakewood, home of the Lakewood Theater. , Occupational Health Research (OHR OHR Office of Human Resources
OHR Office of the High Representative (in Bosnia and Herzegovina)
OHR Oak Hills Research (Aurora, CO)
OHR Ohio House of Representatives
OHR Office of Health Research ) is a company that works to improve the treatment of injured workers and reduce the cost of their care through the application of information technology.
"We are primarily a software development company for hospitals and clinics that have occupational health clinics," says Barry Gray
Barry Gray (July 18, 1908 in Lancashire, England - April 26, 1984 in Guernsey, Channel Islands) was a British musician and composer who is best known for his work for Gerry Anderson. , OHR's director of information services See Information Systems. . "We write software that helps them track injured workers."
The company offers a variety of services to its client base-nearly 800 hospitals, occupational health clinics and employee health programs serving more than 100,000 employers in 42 states. The primary product is software that runs on a Microsoft SOL database, incorporating patient scheduling, financial management, forms and reports generation, medical records management, and electronic claims submission. In addition, OHR provides training for occupational healthcare providers and acts as an application service provider for the Ohio Employee Health Partnership, a managed care organization serving 8,400 employers.
OHR has about one hundred Windows NT/ 2000/XP workstations at its three offices, both for its internal use as well as for training its clientele. The company's 25 servers primarily run Windows NT/2000, with a couple running Linux. All storage is direct attached.
Due to the simplicity of the company's infrastructure, a full-featured network and systems-management package was considered overkill overkill Vox populi An excess of anything , but OHR still needed to ensure that its systems stay up and secure in order to meet the critical needs of its clients, as well as to comply with privacy regulations contained in the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996 (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ). OHR found that the best solution was to go with low-cost point products designed to address particular problem areas.
Two years ago, when Microsoft introduced its new licensing program, OHR found it needed software that would inventory what was running on all its servers and desktops to ensure that it was not paying for more licenses than were actually being used. To address this issue, it bought OStivity from Somix Technologies, Sanford, Maine Sanford is a town and a census-designated place (CDP) in York County, Maine, United States. The population was 20,806 at the 2000 census. Situated on the Mousam River, Sanford includes the village of Springvale. The town features many lakes in wooded areas which attract campers. .
"We were trying at the time to track Microsoft licenses when they switched over, and it helped solve that problem," says Gray, "but ix is also nice to keep a handle on what is loaded on what machines."
OStivity inventories what versions of Windows is running, as well as remotely scanning all Windows NT/2000/XP boxes for all installed software and versions, and the hardware components. It also works with Red Hat Linux Red Hat Linux, assembled by Red Hat, was a popular, "middle-aged" Linux distribution (not as old as Slackware but older than Ubuntu) upon its discontinuation in 2004.
Red Hat Linux 1.0 was released on November 3, 1994. , Mac OSX See Mac OS X. and Sun Solaris 2.x, though these require the use of agents.
The software scans all machines in the network on a regular schedule and stores the information in a mySQL database. Administrators can then query to see which machines are running what or click on a machine's link to pull up a complete hardware and software inventory.
Among its features, the software includes a module for tracking invoices and licenses to ensure compliance in these areas. Gray found that he did not have any licensing problems, but OHR uses the software for other functions, as well. For example, the administrator responsible for maintaining the desktops and servers uses OStivity to determine which machines need patches. Since all the information is stored in the database, staff can go through the changes log to see any hardware or software changes on the piece of equipment that may be causing problems.
For security issues, OHR primarily uses a combination of two management products, Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS. and Logalot. Snort is a network intrusion-detection system that OHR runs on one of its Linux servers. It performs real-time traffic analysis, packet logging, protocol analysis, and content searching and matching in order to detect such problems as denial-of-service attacks "DoS" redirects here. For other uses, see DOS (disambiguation).
A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. , port scans, OS fingerprinting, server message-block probes, buffer overflows A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. and common gateway interface attacks.
While Snort is a free program, it lacks a graphical user interface graphical user interface (GUI)
Computer display format that allows the user to select commands, call up files, start programs, and do other routine tasks by using a mouse to point to pictorial symbols (icons) or lists of menu choices on the screen as opposed to having to and central management console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. . This limits its functionality in larger deployments due to the increased management costs.
The other security product used by OHR, Logalot from Somix, is an event log manager that aggregates items contained in all the syslogs and Windows event logs maintained by the various equipment and applications throughout the network, storing them in a mySQL database. The administrator has a console to review these entries, set thresholds and policies for what actions to take when the thresholds are crossed.
When an entry arises that requires action, Logalot will page, phone, e-mail or text message the administrator responsible for that particular device or system. Administrators can also write scripts to automatically perform routine actions, such as rebooting a hung machine.
To comply with the HIPAA regulations, OHR needed to ensure that both the software it supplies its clients, as well as its internal systems, meet HIPAA's standards coveting data transaction formats and security. Part of those standards involve controlling system access and mandate that healthcare providers perform an information system activity review, including reviewing the logs to see who is accessing the network. The problem is that the logs are scattered among different network devices.
"Trying to bring all the logs together in one spot was my main concern," Gray says. "I use Logalot for tracking the IP address of anyone who accesses the network and the firewall logs come into it, as well."
Gray notes that the real savings come from the simplicity of the two software programs, which can be downloaded and installed in an afternoon, without extensive training. The base purchase price of OStivity is $4,995 and Logalot costs $1,090.
He notes, however, that the feature sets are limited compared to more expensive management tools, and they do not combine into a single console for ease of management. "For a company that does not require a lot of sophistication so·phis·ti·cate
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates
1. To cause to become less natural, especially to make less naive and more worldly.
2. , though, these tools can provide administrators with the information they need to run their networks," Gray adds.
For more information from Somix Technologies: www.rsleads.com/312cn-259
Maria Piech is a free-lance writer from Silver Lake. Calif. specializing in networking and storage.