I have had Vonage for 6 months and just cancelled today.
Very cool concept, and I'm a big fan of the company. Great product offering, great customer service, and super convenient in many respects.
But, I discovered a few limitations, and eventually decided that I just didn't need the service anymore.
The latency was a big problem for me. The latency for calls when using Vonage on my cable Internet connection (Cox in So. Cal.) was typically almost 1 second. I estimate that because I could hear the slight echo when the signal finally made it to the other end of the call, and because my friends would ask me what was wrong with my phone. After a few frustrating business calls, I stopped using it for important phone calls and only used it for a few evening calls to friends that were willing to tolerate the latency that reminded me of an international call. The actual quality of the sound was fantastic--no gripes there, but when you are stepping over the sentences of the other person constantly and having to wait for one another to finish sentences, it became very frustrating. I literally used my cell phone with 50% signal strength for important calls, since it had very little latency compared to Vonage on my Internet connection.
I did not tried Vonage on my DSL service at my new residence (due to wiring issues mentioned below), so unfortunately I can't offer a comparison of cable vs. DSL in terms of the latency. (And yes, I followed all of their tech support recommendations and opened up the swath of ports that they recommend to incoming traffic.)
The second issue that I had is that the phone must effectively be located next to the Internet connection (cable/dsl modem/router, etc.). You either have to run an Ethernet cable if you want to locate the Vonage device and phone elsewhere, or you have to run a long phone cord if you want to locate the phone elsewhere. Maybe there is some means of routing the signal into the copper wiring in the house, but I wasn't going to bother. My cordless phone crapped out, so I just gave up. My new location offers the huge benefit of actually having solid cell signal, so I now rely exclusively on my cell, and had no need for Vonage.
But, I give them tremendous credit for a great product (for those that can get acceptable call latency/quality) with a ton of features for an amazingly economical price.
I don't have a mac nor have I looked at iTunes, but don't they have a user agreement that stipulates your rights as a buyer on the site? I would be surprised if the agreement doesn't lay out terms such as non-transferrability, etc., just like a software license.
Can someone post the terms and conditions or click-through agreement?
Since this application was critical for this business, I would imagine that they would have a very different opinion regarding legality. Just because you have a dispute over an invoice does not mean that you can shut down their business.
If you stop supporting an application or providing enhancements due to a dispute, fine, but causing an existing, functional app to stop working, to me, seems right up there with disgruntled employees that plant logic bombs after they are fired. If would imagine the client's first phone call would be to their lawyer.
And the first time that the app stops working, you likely have ruined the relationship with the client, especially since they were never told about it, and the contract has no clause or terms that layout the terms of such a poison pill arrangement.
It just seems like bad business to do it surreptitiously.
When I was a consultant at a Big 6 firm (back in the day), a colleague of mine wrote a Windows app for a client. He added code that would cause the application to stop working after a certain date, so that if the client doesn't pay their invoices, he won't update the code, and the app will simply stop working.
I personally considered this to be very unprofessional, and probably not legal, but he claimed that it was perfectly legit. Of course, the client didn't know this, and he never told them (they did pay their invoices on time).
Definitely not my style, but it is evidence to me that it is done on a regular basis.
I have the original Linksys WAP11 access point and use Linksys WPC11 PCMCIA cards. I have a small 1-bedroom apartment, and can barely maintain a signal when I lay in bed with my laptop (the access point is on the other side of my apt in the living room--total distance
I was shocked and seriously disappointed with the horrible signal strength, but there doesn't seem to be a whole lot that I can do without modifying the equipment. I know that rotating my laptop so that the PCMCIA card is pointed towards the AP helps, but of course, when I am in bed, the antenna is on the 'wrong' side.
Raising the height of the AP, along with rotating the AP (so that the antennae are towards the center of the apt.) seems to help a little, but it is marginal.
A friend (also with a WAP11) purchased an antenna that claimed to boost the signal, but it simply didn't work with the WAP11. They also refused to reply to his e-mails asking for a refund. So I've been reluctant to purchase a replacement antenna that claims to increase AP power.
At this point, I would say that making my own is the only thing I would be willing to try.
One correction--I don't have a magical list of URLs that will provide you with any HIPAA secrets.
The two I have already listed serve as my sole sources of HIPAA information. Nearly every other site that I have read either has unreliable info or is out of date.
Start with a thorough reading of the regs and I think you will find that you only need to scour the web to find others in your specific industry to help you tackle some detailed issues that you will run into.
The focus of my HIPAA compliance was to serve middle-market healthcare clients. Although we worked with a few clients, we found that the market tended to consist of very big organizations, and relatively small organizations. The big guys used Big 5 and other very large healthcare consultancies and were out of our scope.
The small guys were lazy, procrastinating, too busy, and lacked the funds to pay for consulting services, despite the fact that they desperately need help and will never meet the compliance deadlines by themselves. They just didn't seem to care enough to take it seriously, and were largely hoping to just stay off of the radar until some magical time at which point they might become compliant.
A few of the mid-sized guys tended to do it themselves or use existing relationships with consultancies, even if those vendors had no HIPAA experience.
It was a strange situation, and we eventually shut down the practice due to lack of motivation from the prospects that we spoke with.
As far as your e-mail question, based on what I have seen, there is extremely limited use of e-mail for doctor-to-patient communications. There are obviously a few leading edge adopters, but they are apparently the exception. Electronic delivery of information between healthcare organizations is growing rapidly, but those communications tend not to have the sticky issues of communication with patients.
The technical challenges of any type of secure e-mail are much greater than those surfaced by HIPAA, and managing those communications is yet another huge issue, both of which have been around since e-mail was 'invented'. Until the IT industry can solve the issues in a reasonable manner, I don't see e-mail becoming a popular means of confidential or private communications.
This only applies to the Transaction Rule and is just a tool to facilitate transaction mappings to the ANSI X12 EDI transactions.
You still need to develop trading partner agreements, work with all of your partners, work with a transaction validation firm, work with any clearinghouses that you may use, etc, etc, etc.
Lotsa work.
Oh, and the BizTalk HIPAA Accelerator is quite pricey depending on your needs and your systems. Also consider that as the HIPAA Transaction standards change and evolve, your systems need to be flexible enough to change with them. MS may end up charging for 'subscription updates' for their mappings--not sure about how they plan on supporting the product long term.
Well, it isn't quite that simple. The regulations are relatively clear on which organizations must take what steps to be compliant.
Documented policies and procedures make up a large portion of Privacy compliance, but so do training and changes in organizational practices (adhering to the procedures).
The Security rule is a bit different, where the technical implementation of a solution may differ dramatically from one organization to another.
This is correct--the HIPAA Privacy rule and the Security rule are two different regulations that are quite different (although somtimes complimentary) with their requirements.
READ THE ACTUAL REGULATIONS.
http://aspe.hhs.gov/admnsimp/
They are well written and will give you a very good working knowlege of the requirements. "Experts" can be helpful at clarifying some details regarding how a particular requirement applies to your organization, but after reading the actual regs, you will have a very strong understanding of what needs to be done for Privacy and Security rule compliance.
HR 3323 was passed a while back and allowed organizations to apply for an extension to the TRANSACTIONS DEADLINE ONLY. Unfortunately, the deadline for submitting the extension was October 16, 2002.
I haven't checked lately to see if they extended that deadline--they previously said that no late submissions would be considered.
Again, that extension DOES NOT apply to the Privacy rule or Security rule.
I worked as a HIPAA compliance consultant and have contributed a chapter to a CIO-level book to discuss HIPAA compliance.
If you can read and have a general understanding of the healthcare industry, you can easily understand HIPAA.
First, and foremost, you MUST read the *actual* HIPAA regulations (Privacy and Security) in order to properly understand the HIPAA requirements. They are NOT difficult to read--they just look intimidating, but are actually VERY well written, generally easy to understand, and are accompanied by a ton of background and explanations. Do NOT, under any circumstances, rely on the claims of vendors or any other "HIPAA Analyst" etc. regarding HIPAA compliance issues unless you have read the regs and can validate the claims, and ensure that they are even relevant to your organization. Educate yourself and you will be amazed at how much simpler HIPAA becomes. (If you need to implement HIPAA transactions, there is very little to read--just the transaction specs.)
Second, after you have personally read and understand the requirements, put them in the context of your organization. I believe that you will find that the reality of HIPAA compliance is relatively simple, and consists primarily of policies, procedures, and general best practices. Any time you hear someone saying "You HAVE to do X, Y, and Z" to be compliant, and those steps sound unreasonable or very difficult, you should be skeptical and verify that 1) that interpretation of the requirements is valid, and 2) they actually apply to your organization.
After doing these two things, you will be in control of your HIPAA compliance effort. There may still be some hot items with short deadlines depending on which rules (Transactions, Privacy, and/or Security) apply to you, but it should not be a crisis.
I no longer do HIPAA compliance consulting, but if you want some URLs to start with or general recommendations, feel free to e-mail me at leftism11@yahoo.com.
You can start here by downloading the PDFs of the Privacy and Security HIPAA regs:
http://aspe.hhs.gov/admnsimp/
A site to check for updates and HIPAA news is:
http://www.hipaadvisory.com/
(They have good news updates, but again, use your knowlege of HIPAA and understanding of your organization to filter any opinions you get from their site.)
Slashdot Mirror
I expect that The Government will brand such actions as "domestic Internet terrorism". Off to Gitmo!
I have had Vonage for 6 months and just cancelled today.
Very cool concept, and I'm a big fan of the company. Great product offering, great customer service, and super convenient in many respects.
But, I discovered a few limitations, and eventually decided that I just didn't need the service anymore.
The latency was a big problem for me. The latency for calls when using Vonage on my cable Internet connection (Cox in So. Cal.) was typically almost 1 second. I estimate that because I could hear the slight echo when the signal finally made it to the other end of the call, and because my friends would ask me what was wrong with my phone. After a few frustrating business calls, I stopped using it for important phone calls and only used it for a few evening calls to friends that were willing to tolerate the latency that reminded me of an international call. The actual quality of the sound was fantastic--no gripes there, but when you are stepping over the sentences of the other person constantly and having to wait for one another to finish sentences, it became very frustrating. I literally used my cell phone with 50% signal strength for important calls, since it had very little latency compared to Vonage on my Internet connection.
I did not tried Vonage on my DSL service at my new residence (due to wiring issues mentioned below), so unfortunately I can't offer a comparison of cable vs. DSL in terms of the latency. (And yes, I followed all of their tech support recommendations and opened up the swath of ports that they recommend to incoming traffic.)
The second issue that I had is that the phone must effectively be located next to the Internet connection (cable/dsl modem/router, etc.). You either have to run an Ethernet cable if you want to locate the Vonage device and phone elsewhere, or you have to run a long phone cord if you want to locate the phone elsewhere. Maybe there is some means of routing the signal into the copper wiring in the house, but I wasn't going to bother. My cordless phone crapped out, so I just gave up. My new location offers the huge benefit of actually having solid cell signal, so I now rely exclusively on my cell, and had no need for Vonage.
But, I give them tremendous credit for a great product (for those that can get acceptable call latency/quality) with a ton of features for an amazingly economical price.
I don't have a mac nor have I looked at iTunes, but don't they have a user agreement that stipulates your rights as a buyer on the site? I would be surprised if the agreement doesn't lay out terms such as non-transferrability, etc., just like a software license.
Can someone post the terms and conditions or click-through agreement?
Since this application was critical for this business, I would imagine that they would have a very different opinion regarding legality. Just because you have a dispute over an invoice does not mean that you can shut down their business.
If you stop supporting an application or providing enhancements due to a dispute, fine, but causing an existing, functional app to stop working, to me, seems right up there with disgruntled employees that plant logic bombs after they are fired. If would imagine the client's first phone call would be to their lawyer.
And the first time that the app stops working, you likely have ruined the relationship with the client, especially since they were never told about it, and the contract has no clause or terms that layout the terms of such a poison pill arrangement.
It just seems like bad business to do it surreptitiously.
Hey retard, I worked with him, and we worked on the app together. If this is the stuff of your urban legends, you need to get out more.
When I was a consultant at a Big 6 firm (back in the day), a colleague of mine wrote a Windows app for a client. He added code that would cause the application to stop working after a certain date, so that if the client doesn't pay their invoices, he won't update the code, and the app will simply stop working.
I personally considered this to be very unprofessional, and probably not legal, but he claimed that it was perfectly legit. Of course, the client didn't know this, and he never told them (they did pay their invoices on time).
Definitely not my style, but it is evidence to me that it is done on a regular basis.
I have the original Linksys WAP11 access point and use Linksys WPC11 PCMCIA cards. I have a small 1-bedroom apartment, and can barely maintain a signal when I lay in bed with my laptop (the access point is on the other side of my apt in the living room--total distance
I was shocked and seriously disappointed with the horrible signal strength, but there doesn't seem to be a whole lot that I can do without modifying the equipment. I know that rotating my laptop so that the PCMCIA card is pointed towards the AP helps, but of course, when I am in bed, the antenna is on the 'wrong' side.
Raising the height of the AP, along with rotating the AP (so that the antennae are towards the center of the apt.) seems to help a little, but it is marginal.
A friend (also with a WAP11) purchased an antenna that claimed to boost the signal, but it simply didn't work with the WAP11. They also refused to reply to his e-mails asking for a refund. So I've been reluctant to purchase a replacement antenna that claims to increase AP power.
At this point, I would say that making my own is the only thing I would be willing to try.
One correction--I don't have a magical list of URLs that will provide you with any HIPAA secrets.
The two I have already listed serve as my sole sources of HIPAA information. Nearly every other site that I have read either has unreliable info or is out of date.
Start with a thorough reading of the regs and I think you will find that you only need to scour the web to find others in your specific industry to help you tackle some detailed issues that you will run into.
The focus of my HIPAA compliance was to serve middle-market healthcare clients. Although we worked with a few clients, we found that the market tended to consist of very big organizations, and relatively small organizations. The big guys used Big 5 and other very large healthcare consultancies and were out of our scope.
The small guys were lazy, procrastinating, too busy, and lacked the funds to pay for consulting services, despite the fact that they desperately need help and will never meet the compliance deadlines by themselves. They just didn't seem to care enough to take it seriously, and were largely hoping to just stay off of the radar until some magical time at which point they might become compliant.
A few of the mid-sized guys tended to do it themselves or use existing relationships with consultancies, even if those vendors had no HIPAA experience.
It was a strange situation, and we eventually shut down the practice due to lack of motivation from the prospects that we spoke with.
As far as your e-mail question, based on what I have seen, there is extremely limited use of e-mail for doctor-to-patient communications. There are obviously a few leading edge adopters, but they are apparently the exception. Electronic delivery of information between healthcare organizations is growing rapidly, but those communications tend not to have the sticky issues of communication with patients.
The technical challenges of any type of secure e-mail are much greater than those surfaced by HIPAA, and managing those communications is yet another huge issue, both of which have been around since e-mail was 'invented'. Until the IT industry can solve the issues in a reasonable manner, I don't see e-mail becoming a popular means of confidential or private communications.
This only applies to the Transaction Rule and is just a tool to facilitate transaction mappings to the ANSI X12 EDI transactions.
You still need to develop trading partner agreements, work with all of your partners, work with a transaction validation firm, work with any clearinghouses that you may use, etc, etc, etc.
Lotsa work.
Oh, and the BizTalk HIPAA Accelerator is quite pricey depending on your needs and your systems. Also consider that as the HIPAA Transaction standards change and evolve, your systems need to be flexible enough to change with them. MS may end up charging for 'subscription updates' for their mappings--not sure about how they plan on supporting the product long term.
Well, it isn't quite that simple. The regulations are relatively clear on which organizations must take what steps to be compliant.
Documented policies and procedures make up a large portion of Privacy compliance, but so do training and changes in organizational practices (adhering to the procedures).
The Security rule is a bit different, where the technical implementation of a solution may differ dramatically from one organization to another.
Just read the regs:
http://aspe.hhs.gov/admnsimp/
This is correct--the HIPAA Privacy rule and the Security rule are two different regulations that are quite different (although somtimes complimentary) with their requirements.
READ THE ACTUAL REGULATIONS.
http://aspe.hhs.gov/admnsimp/
They are well written and will give you a very good working knowlege of the requirements. "Experts" can be helpful at clarifying some details regarding how a particular requirement applies to your organization, but after reading the actual regs, you will have a very strong understanding of what needs to be done for Privacy and Security rule compliance.
HR 3323 was passed a while back and allowed organizations to apply for an extension to the TRANSACTIONS DEADLINE ONLY. Unfortunately, the deadline for submitting the extension was October 16, 2002.
I haven't checked lately to see if they extended that deadline--they previously said that no late submissions would be considered.
Again, that extension DOES NOT apply to the Privacy rule or Security rule.
I worked as a HIPAA compliance consultant and have contributed a chapter to a CIO-level book to discuss HIPAA compliance.
If you can read and have a general understanding of the healthcare industry, you can easily understand HIPAA.
First, and foremost, you MUST read the *actual* HIPAA regulations (Privacy and Security) in order to properly understand the HIPAA requirements. They are NOT difficult to read--they just look intimidating, but are actually VERY well written, generally easy to understand, and are accompanied by a ton of background and explanations. Do NOT, under any circumstances, rely on the claims of vendors or any other "HIPAA Analyst" etc. regarding HIPAA compliance issues unless you have read the regs and can validate the claims, and ensure that they are even relevant to your organization. Educate yourself and you will be amazed at how much simpler HIPAA becomes. (If you need to implement HIPAA transactions, there is very little to read--just the transaction specs.)
Second, after you have personally read and understand the requirements, put them in the context of your organization. I believe that you will find that the reality of HIPAA compliance is relatively simple, and consists primarily of policies, procedures, and general best practices. Any time you hear someone saying "You HAVE to do X, Y, and Z" to be compliant, and those steps sound unreasonable or very difficult, you should be skeptical and verify that 1) that interpretation of the requirements is valid, and 2) they actually apply to your organization.
After doing these two things, you will be in control of your HIPAA compliance effort. There may still be some hot items with short deadlines depending on which rules (Transactions, Privacy, and/or Security) apply to you, but it should not be a crisis.
I no longer do HIPAA compliance consulting, but if you want some URLs to start with or general recommendations, feel free to e-mail me at leftism11@yahoo.com.
You can start here by downloading the PDFs of the Privacy and Security HIPAA regs:
http://aspe.hhs.gov/admnsimp/
A site to check for updates and HIPAA news is:
http://www.hipaadvisory.com/
(They have good news updates, but again, use your knowlege of HIPAA and understanding of your organization to filter any opinions you get from their site.)