© 2009-2010 Data Mountain LLC | All Rights Reserved.
How The HITECH Act Raises the Ante for HIPAA Security Rule
Compliance
Discussion
1
Bob Chaput615-656-4299 or [email protected] Mountain, LLC
…Welcome to …
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Top 10 List… …things heard in audience during my talks…1. Today's dessert was really good except for
that guy yakking in background?2. Didn’t the AMA make this go away yet?!#? 3. Does this guy really have a dog that ugly?4. I think he’s talking about that HIPAA thing
again…5. The way he talks, he must be Kathleen
Sebelius' first cousin6. Doesn’t this guy know we have patients to treat?7. Did he really say $1.5 million in fines?8. HITECH-SMITECH!9. How do you pronounce his last name again?10. What’s he saying? My doctor told me we have the best
healthcare system in the whole wide world!2
© 2009-2010 Data Mountain LLC | All Rights Reserved.
HIPAA, HITECH and Healthcare Reform together are __________________________________:
A. A Communist (a.k.a., Democratic) plot to ruin the best healthcare system in the world
B. Driving me crazyC. A reasonable start at improving our healthcare
systemD. A good way to get government moola to fix
our messed up computer systemsE. None of the aboveF. All of the above
3
Before we begin…Pop Quiz 1 Time
© 2009-2010 Data Mountain LLC | All Rights Reserved.
A. Projected 2010 Total US Healthcare Expenditures
B. US Ranking of life expectancy at birth in the world
C. Number of Americans who die from medical mistakes each year
D. US Global ranking of health care costs per person per year
E. US Ranking in lowest Infant Mortality in the world
4
Before we begin…Pop Quiz 2 Time
1. ____100,0001
2. ____43rd in the world2
3. ____1st in the world3
4. ____47th in the world4
5. ____$2.5 Trillion5
1Institute of Medicine2CIA Factbook3U.S. Centers for Medicare & Medicaid Services2CIA Factbook5U.S. Centers for Medicare & Medicaid Services
© 2009-2010 Data Mountain LLC | All Rights Reserved.
A. Projected 2010 Total US Healthcare Expenditures
B. US Ranking of life expectancy at birth in the world
C. Number of Americans who die from medical mistakes each year
D. US Global ranking of health care costs per person per year
E. US Ranking in lowest Infant Mortality in the world
5
Before we begin…Quick Quiz
1. 100,0001
2. 43rd in the world2
3. 1st in the world3
4. 47th in the world4
5. $2.5 Trillion5
1Institute of Medicine2CIA Factbook3U.S. Centers for Medicare & Medicaid Services2CIA Factbook5U.S. Centers for Medicare & Medicaid Services
© 2009-2010 Data Mountain LLC | All Rights Reserved.
• We have a broken healthcare system…
• In fact, it’s more or a “sick care” system
• Every President since Eisenhower has vowed to “fix” healthcare
• Too many special interests for any “quick fix”
• It’s people, process and technology and, with the latter, a big Rx for Privacy and Security 6
So what?
• Like it or hate it, first HIPAA (Kennedy-Kassebaum bill) and now HITECH are taking aim to fix healthcare…
© 2009-2010 Data Mountain LLC | All Rights Reserved.
HIPAA-HITECH is Not About Technology!
It’s about health outcomes improvement in the US…
1. Improving quality, safety, efficiency, and reducing health disparities.
2. Engaging patients and families in their healthcare
3. Improving care coordination
4. Improving population and public health
5. Ensuring adequate privacy and security protections for personal health information
7
Five health outcomes policy priorities in Meaningful Use Stage 1 guidelines…
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Better Outcomes …1. Quality, safety, efficiency, and
reduction of health disparities….
2. Engaging patients and families in their healthcare
3. Improving care coordination
4. Improving population and public health
…through… better processes and use of technology while ensuring protection of individuals’ private health information…
8
“To improve the health of individuals and communities, health information must be available to those making critical decisions, including individuals and their caregivers. While health information technology will help America move its health care system forward, the privacy and security of personal health data is at the core of all our work.”
© 2009-2010 Data Mountain LLC | All Rights Reserved.
• Perfect storm is brewing…
• Many Covered Entities and Business Associates and Subcontractors are unaware of and unprepared for Security Compliance!
• HITECH = Hey It’s Time to End your Compliance Holiday 9
What’s the Story?
• Help you mitigate the huge risks of being out of compliance with HIPAA Security Rule requirements
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Session Objectives
In this session, we will:• Review the HIPAA Security Final Rule
• Learn about major changes brought about by The HITECH Act
• Learn about the new Civil Monetary Penalty System
• Learn practical, actionable steps to take today to mitigate risk and help assure compliance
10
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Disclaimers
1. Information about and around HIPAA and HITECH continues to evolve.
2. HIPAA rules and regulations are subject to lots of different interpretations.
3. Every effort has been made to insure that the information presented is correct, but we can cannot offer such assurances.
4. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
5. We are not attorneys! Consult with your own legal counsel or advisors.
11
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
12
© 2009-2010 Data Mountain LLC | All Rights Reserved.
About Your Speaker – Bob Chaput
13
• President – Data Mountain LLC• 30+ years in Business and Technology• Executive | Educator |Entrepreneur• Global Executive: GE, JNJ, HWAY• Responsible for largest healthcare datasets• 25 years DR / BC experience• 20 years Regulated-Industry Experience• BA, MA – Mathematics; GE – FMP; Vanderbilt; HPI• Numerous Technical Certifications• Serve customers of all sizes in all industries• 6 years - Channel Partner/Reseller for Iron Mountain Digital• Expertise and Focus: Healthcare, Financial Services, Legal• Member: ACHE, NTC, Chambers, Boards
• Passion: Helping business owners and managers manage risks: Risk of being out of regulatory compliance Risk of going out of business Risk of throwing money away on phony/ineffective solutions
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Meet Healthcare’s Perfect Storm
14
Rigorous enforcement
- HIPAA Security Rule
Historical Behavior of
Ignoring HIPAA Security Rule
Healthcare Reform
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Meet the HHS Data Breach ‘Wall of Shame’
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
15
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health and Human Services “Wall of Shame” – Data Breaches
16
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
HHS is not kidding!
110 Postings as of
7/23/2010
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
17
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health Insurance Portability and Accountability Act of 1996
• HIPAA = High Income Potential for Aggressive Attorneys ?
18
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health Insurance Portability and Accountability Act of 1996
19
Preamble to The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
"Public Law 104-191, 104th Congress -- An Act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health Insurance Portability and Accountability Act of 1996
20
HIPAAHealth Insurance Portability and Accountability Act
Title II Title III Title IV Title V
Security
Fraud and Abuse and Medical
Liability Reform
AdministrativeSimplification
Group Health Plan Requirements
Revenue Off-sets
InsurancePortability
Tax Related Health Provision
Title I
EDI IdentifiersPrivacy
Transactions Code Sets
© 2009-2010 Data Mountain LLC | All Rights Reserved.
• Privacy Rule (protect privacy) 11/2003
Administrative Simplification
21
Three Key Components of Administrative Simplification in HIPAA…
• Transactions and Code Sets (EDI) 11/2002
• Security Rule (safeguard information) 4/2005*
© 2009-2010 Data Mountain LLC | All Rights Reserved.
How Security and Privacy Relate
Privacy Rule Reasonable Safeguards for all PHI
Physical Safeguards for EPHI
Technical Safeguards
for EPHI
Administrative Safeguards for EPHI
• Security Management Process• Security Officer• Workforce Security• Information Access Mgmt• Security Training• Security Incident Process• Contingency Plan• Evaluation• Business Associate Contracts
• Access Control• Audit Control• Integrity• Person or Entity Authentication• Transmission Security
• Facility Access Control• Workstation Use• Workstation Security• Device & Media Control
22
HIPAA Security is
NOT a “techie” project
18 Standards
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
23
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health Information Technology for Economic and Clinical Health Act
• HITECH = Hey It’s Time to End your Compliance Holiday
24
© 2009-2010 Data Mountain LLC | All Rights Reserved.
HITECH Act is Not About Technology!
It’s about health outcomes improvement in the US…
1. Improving quality, safety, efficiency, and reducing health disparities.
2. Engaging patients and families in their healthcare
3. Improving care coordination
4. Improving population and public health
5. Ensuring adequate privacy and security protections for personal health information
25
One of five health outcomes policy priorities in Meaningful Use Stage 1 guidelines…
© 2009-2010 Data Mountain LLC | All Rights Reserved.
The HITECH Act, Money & Teeth
26
• Part of American Reinvestment and Recovery Act (ARRA)
• ARRA contains incentives related to health care information technology
• Legislation anticipates a massive expansion in the exchange of electronic protected health information (ePHI)
• Widens the scope of privacy and security protections available under HIPAA
• Largest and most consequential expansion and change to the federal privacy and security rules ever
• Bob’s opinion: Healthcare industry (and Business Associates) remain woefully unprepared for security provisions
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
27
© 2009-2010 Data Mountain LLC | All Rights Reserved.
The HITECH Act – Major Changes - 1Enforcement is strengthened significantly• Penalties are increased in the new Civil Monetary Penalty (CMP) System• Enforcement is more proactive, more punitive and by more parties• Additional audit authority is now provided to HHS to audit CEs and BAs
Business Associates and others are fully and completely “in scope”• BAs are now statutorily obligated to comply with the relevant
regulations
Business Associates’ subcontractors now must enter into BAA-like contracts**• BAs are now statutorily obligated to comply with the relevant
regulations
28
© 2009-2010 Data Mountain LLC | All Rights Reserved.
New Civil Monetary Penalty System
• Tier 1 (Accidental)– $100 each violation– Up to $25,000 for identical violations, per year
• Tier 2 (Not Willful Neglect, but Not Accidental)– $1000 each violation– Up to $100,000 for identical violations, per year
• Tier 3 (Willful Neglect, but Corrected)– $10,000 each violation– Up to $250,000 for identical violations, per year
• Tier 4 (Willful Neglect, Not Corrected)– $50,000 each violation– Up to $1.5 million, per year
29
Key Question: what is a
“violation”?
Key Question: what is “willful
neglect”?
© 2009-2010 Data Mountain LLC | All Rights Reserved.
The HITECH Act – Major Changes - 2Security Provisions are strengthened and clarified• Data protected is expanded beyond EPHI to include other personal information • More specific guidance on technical safeguards is provided by HHS annually• New data breach notification requirement is first-time Federal legislation
Privacy Provisions are strengthened and clarified• Individual right to request restrictions on use and disclosure of PHI is now
mandatory • The definition of “minimum necessary” PHI to use/disclose is clarified• Disclosure accounting is strengthened• There are now tighter restrictions on use of protected health information for
marketing purposes• Individuals must be offered clear and conspicuous opt-out opportunity for fund-
raising communications • Consumers now have the right to receive an electronic copy of their PHI• Prohibits a CE or BA from receiving payment in exchange for any PHI
30
© 2009-2010 Data Mountain LLC | All Rights Reserved.
The HITECH Act – Major Changes - 3From a Privacy and Security perspective, here are five absolute “game changers” under HITECH:
1) Mandatory audits (Subtitle D, Part 1, Section 13411)
2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds
3) State AGs can now bring civil actions on behalf of their citizens
4) Business Associates are now statutorily obligated5) Subcontractors , soon, contractually obligated6) Data Breach Notification requirements
31
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Reporting heating up for Docs
32
• Arcane provision protecting names of private practice physicians rescinded
• Soon, Doctors’ names will appear on HHS Data Breach “Wall of Shame” rather than “Private Practice”
• Case cited discusses data backups kept in bag, similar to purse, taken offsite each night…
© 2009-2010 Data Mountain LLC | All Rights Reserved.
CT State Attorney General Lawsuit
33
Goodwill Industries of Greater Grand Rapids, Inc.State: Michigan Approx. # of Individuals Affected: 10,000 Date of Breach: 12/15/09 Type of Breach: TheftLocation of Breached Information: Backup Tapes
Blue Island Radiology ConsultantsState: Illinois Business Associate Involved: United Micro Data Approx. # of Individuals Affected: 2,562 Date of Breach: 12/09/09 Type of Breach: LossLocation of Breached Information: Backup Tapes
HITECH creates new jurisdiction
for State Attorneys General
© 2009-2010 Data Mountain LLC | All Rights Reserved.
At What Cost, Data Breaches?
34http://www.businessweek.com/idg/2010-03-01/data-theft-creates-notification-nightmare-for-bluecross.html
Blue Cross – Blue Shield of TN
• Breach date: October 2009• $10 Million, to date…• 500 full-time workers and 300
part-time employees, working in two shifts, six days a week
• 3 million customer records reviewed
• 300,000 notification letters• Several months to go
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health and Human Services “Wall of Shame” – Data Breaches
35
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
HHS is not kidding!
110 Postings as of
7/23/2010
© 2009-2010 Data Mountain LLC | All Rights Reserved.
What the Initial Postings Tell Us• By law, HHS is very serious• Of the Data Breach Notification postings, “Breach Types”…
• Paper record thefts and losses• Theft of Computers (Desktops and Servers)• Theft or Loss of Laptops• Theft or loss of CDs/DVDs• Theft or loss of USB drives or other external devices• Theft or loss of backup tapes
• Implementing the “OLD”, REQUIRED HIPAA Security Final Rule Administrative, Technical and Physical Safeguards would have avoided ALL these Data Breaches YOU CAN FIX IT!
• YOU CAN AVOID BEING ON THE “WALL OF SHAME” 36
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Health and Human Services “Wall of Shame” – Two Classics
37
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
Goodwill Industries of Greater Grand Rapids, Inc.• State: Michigan• Approx. # of Individuals Affected: 10,000 • Date of Breach: 12/15/09 • Type of Breach: Theft• Location of Breached Information: Backup Tapes
Blue Island Radiology Consultants• State: Illinois • Business Associate Involved: United Micro Data • Approx. # of Individuals Affected: 2,562 • Date of Breach: 12/09/09 • Type of Breach: Loss• Location of Breached Information: Backup Tapes
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
38
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Actions You Should Take Now
1. Build A Data Breach Response Plan 2. Assess Your HIPAA Security Compliance3. Plan For HIPAA Security Compliance4. Tactically, Secure Your Data5. Review Compliance Resources Available
39
Specific Tips
Provided!
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Build A Data Breach Response Plan*1. Identify and protect sensitive data2. Identify the potential H-M-L areas of risk3. Establish processes to reduce unintentional errors4. Plan a layered defense approach5. Empower the response team and ask “What if…?”6. Build a ‘Risk Assessment’ Plan7. Build a Notification Plan8. Develop a Communication plan9. Test your plans religiously and address gaps quickly 10. Establish internal and external relationships11. Provide appropriate tools and training to responders12. Treat your people as your last line of defense
40*Based, in part, on:” Forrester's 10 steps to create a data breach response…” by Khalid Kark
© 2009-2010 Data Mountain LLC | All Rights Reserved.
HIPAA Security – Contingency Plan Standard§ 164.308 Administrative safeguards.• (7)(i) Standard: Contingency plan. Establish (and implement as needed) policies
and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
• (ii) Implementation specifications:• (A) Data backup plan (Required). Establish and implement procedures to create
and maintain retrievable exact copies of electronic protected health information.
• (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
• (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.
• (D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.
• (E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.
41
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Sample HIPAA Security Assessment
42
© 2009-2010 Data Mountain LLC | All Rights Reserved.
HIPAA Security-HITECH Act Compliance Roadmap
HIPAA Security
Assessment(HSA)
Preliminary Remediation
Plan(PRP)
HIPAA Risk
Analysis(HRA)
HIPAASecurity Training(HST)
HIPAA BA
Contracts(HBC)
HIPAA Compliance
Manual(HCM)
HIPAA Security
Evaluation(HSE)
HIPAARemediation
Plan(HRP)
HIPAASecurity Strategy
(HSS)
43
HIPAA SecurityPolicies(HSP)
HIPAA Security is
NOT a “techie” project
… A journey, not a
destination !
© 2009-2010 Data Mountain LLC | All Rights Reserved.
10-Point Data Protection Checklist1. Backup Data; be 100% confident you
know it and can restore it! 2. Secure Network3. Block Spam4. Stop Malware5. Condition Power6. Patch Software7. Encrypt Data8. Practice Recovery9. Enforce Policies10. Insure Technology / Data 44
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Compliance Resources - 1http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.htmlThis is a summary of key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.
http://csrc.nist.gov/publications/PubsSPs.htmlThe National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, is responsible for developing information security standards for federal agencies. NIST has produced a series of Special Publications which provide information that is relevant to information technology security.
http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10741_848086_0_0_18/SmallPracticeSecurityGuide-1.pdf.The Office of the National Coordinator for Health Information Technology (ONC) has produced a risk assessment guide for small health care practices, called Reassessing Your Security Practices in a Health IT Environment.
http://www.himss.org/content/files/ApplicationSecurityv2.3.pdfThe Healthcare Information and Management Systems Society (HIMSS), a private consortium of health care information technology stakeholders, created this information technology security practices questionnaire.
45
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Compliance Resources - 2http://hitrustcentral.net/filesThe Health Information Trust Alliance (HITRUST) worked with industry to create this Common Security Framework (CSF).
http://www.hhs.gov/ocr/privacy/The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.htmlIn this web page, you will find educational materials to help you learn more about the HIPAA Security Rule and other sources of standards for safeguarding electronic protected health information (e-PHI).
46
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Discussion Agenda
1. Quick Introductions2. HIPAA Security Final Rule – Overview3. The HITECH Act - Overview4. Major Changes from The HITECH Act5. Actions You Should Take Now6. Summary
47
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Wouldn’t It Be Great If……In the event of a Potential Data Breach or Data Loss
event, you could say…
48
• “All ePHI has been continuously backed up (“exact copies…”)”
• “Therefore, we know exactly what data and individuals are affected…”
• “All ePHI is encrypted when outside internal controls, both ‘at rest’ and when ‘in motion’”
• “Therefore, we have ‘safe harbor’ vis-à-vis Data Breach Notification requirements”
• “Any/All ePHI on lost or stolen laptops can be securely quarantined or destroyed, if necessary”
• “Therefore, we have no risk of downstream breach notification and related legal, financial risks!”
© 2009-2010 Data Mountain LLC | All Rights Reserved.
ePHI Breach Types Can be Addressed • Of the Data Breach Notification postings, “Breach Types”…
• Paper record thefts and losses• Theft of Computers (Desktops and Servers)• Theft or Loss of Laptops• Theft or loss of CDs/DVDs• Theft or loss of USB drives or other external devices• Theft or loss of backup tapes
49
• All ePHI Breach Types can be completely addressed or risks of occurrence significantly mitigated with…• Assessment services • Encryption services• Lost Data Destruction services• Secure Online Data Backup Services
© 2009-2010 Data Mountain LLC | All Rights Reserved.50
Passion: Helping business owners and leaders manage risks…
Risk of being out of regulatory compliance Risk of going out of business Risk of throwing money away on ineffective
solutions
How Data Mountain Can Help
© 2009-2010 Data Mountain LLC | All Rights Reserved.51
Here’s What We Do For Free…
© 2009-2010 Data Mountain LLC | All Rights Reserved.52
• Encryption services for Laptops & Desktops• Lost Data Destruction services for Laptops &
Desktops
Here’s What We Do For a Living…Secure Online Data Backup Services for Servers and PCs
• HIPAA Security Assessment ToolKit™• HIPAA-HITECH Data Backup Analysis• Disaster Preparedness Analysis
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Summary
53
HIPAA-HITECH is about improving our healthcare
system… Privacy and Security
Compliance is part of the Law… and,
Simply Makes Good Business Sense…
53
Get started Today!
© 2009-2010 Data Mountain LLC | All Rights Reserved.
Bob Chaputhttp://www.DataMountain.com
http://[email protected]
Phone: 800-704-3394 or 615-656-4299
Connect: www.linkedin.com/in/bobchaputFollow me: Twitter.com/bobchaput
Data Mountain, LLC
54
Contact