Fast forward Georgia, Vol. 1, no. 4 (Oct./Nov. 2002)

A Publication of the Georgia Technology Authority

Monitoring center tracks problems before they affect state, local agencies

Anew monitoring center at the state data center is making it possible for GTA to identify potential data processing problems as they develop so technicians can intervene before state agencies experience slowdowns or even service interruptions.
"Prior to establishing the monitoring center, there wasn't a single source of consolidated information about how the various information systems were running," said Derrick Wheeler, director of GTA's Information Resources Management (IRM) Division.
Now, thousands of routine operations throughout the data center are carefully monitored at a single location during routine production hours. Efforts are underway to expand coverage to 24 hours a day, seven days a week.

Photo by Keith McWhorter

Staff in GTA's new monitoring center carefully watch computer screens that show the current operating status of various systems at the state data center. L-R: Donna Burks, Elizabeth McCain and Louis Fields.

See Monitoring Center, page 3

Security policies set framework for protecting state information

Georgia Technology Authority

New security policies issued by GTA aim to protect information held in the thousands of computers operated by the state. The enterprise information security policies were approved by the GTA Board of Directors in September.
GTA developed the policies as part of its responsibility for setting technology security standards to safeguard confidentiality, availability and integrity of state information.
Larry Singer, state CIO and GTA executive director, said Georgia state government is following an internationally accepted approach to defining security standards. "These policies form a framework for developing enterprise security standards and guiding agencies in creating their own even more stringent standards based on their individual business needs," Mr. Singer said.
Enterprise standards will guide consistent implementation of the policies. Agencies will work together to review proposed standards through the Georgia Information Technology Leadership

Forum (GEITLF). The policies and standards will be the basis for periodic security reviews and audits by the State Department of Audits.
According to Bob Wynn, Ph.D., Georgia's chief information security officer, the policies raise
See Security Policies, page 4

October/November 2002

Volume 1, No. 4

Inside this issue

HIPAA: "It won't be fun, but it will be worth it." . . 2
Money matters: Improving financial management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Portal business cards will make it easy to find state agencies . . . . . . . . . . . . . . . . . . . . . . 5
Women in Technology in Government holds inaugural meeting . . . . . . . . . . . . . . . . . . . . 6
Software agreement benefits state. . . . . . . . . . . . 7
State saving millions with IT temps contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Fast Forward

Georgia

HIPAA: "It won't be fun, but it will be worth it."

That's how Gartner's Jim Klein summarized both the magnitude and benefits of implementing the federal Health Insurance Portability and Accountability Act, commonly known as HIPAA. Mr. Klein recently addressed a group of more than 40 state agency representatives working to implement HIPAA's far-reaching regulations in Georgia.
The legislation, passed in 1996, fills several hundred pages. In short, according to Gartner, HIPAA:
aims to save billions in federal funds by standardizing health care transactions, such as claims and payments;
limits how patient information may be used or shared;
gives individuals the right to a copy of their medical record and the right to challenge and amend its contents; and
requires organizations to follow standards in maintaining the security of patient information.
At least 13 state agencies are affected by HIPAA and are participating in meeting its requirements within federally mandated timeframes. GTA is coordinating the state's effort.
Cigdem Delano, GTA's assistant director, is leading a multiagency steering committee (see sidebar) in coordinating compliance activities involving technology systems, privacy and security policies and procedures, contracts, and education and training programs.
"We are fortunate to have strong executive representation from agencies throughout state government which are directly and indirectly affected by HIPAA," Ms. Delano said. "We are working together to keep Georgia's implementation plans on track."
Tight timeframes
The federal government has set aggressive deadlines for organizations to comply. Regulations dealing with privacy of individual health information must be implemented by April 2003. The deadline for electronic transactions is October 2003. While a firm date has not been set for security standards, it is expected that organizations will have to comply by 2005. The schedule itself compounds the complexity of implementation. Although security must guide how privacy is implemented, the deadline for security comes two years after privacy provisions must be in place.

The unsynchronized timetable is not the only challenge. Georgia has no additional funds for HIPAA compliance, and staff are working on the project in addition to their regular duties. More than 60 agency representatives are participating in the steering committee as well as work groups focusing on privacy policies, electronic data interchange and technical security.
Agencies also are conducting their own assessments to determine what needs to be done to implement the new regulations. Collaborating makes the best use of state resources, Ms. Delano said, since about 80 percent of the compliance effort is common to all agencies and 20 percent is unique to individual agencies.
HIPAA most directly affects agencies that handle health care information, such as in the administration of Medicaid and employee health benefits by the Department of Community Health (DCH) and in the Department of Human Resources.
DCH has already made considerable progress. DCH's Barbara Prosser, Ed.D., who is responsible
See HIPAA, page 6
Georgia's HIPAA Steering Committee
The HIPAA Steering Committee is coordinating Georgia's implementation of the federal regulations. State agency representatives include:
Rod Coggin, Governor's Office of Planning and Budget
Corlis Cummings, Board of Regents Cigdem Delano, Georgia Technology Authority Joe Ferrero, Department of Corrections Dan Holtz, Department of Veterans Services Laura Hyman, Department of Law Mike Johnson, Department of Audits Steve Kiemele, Department of Administrative
Services Gail Love, Georgia Merit System Kathy Oliver, State Board of Workers
Compensation Glenn Pearson, GHA: An Association of
Hospitals & Health Systems Holly Pounders, DeKalb Community Service
Board Barbara Prosser, Department of Community
Health Frank Ruzycki, Department of Labor Jack Senterfitt, Department of Human
Resources Gwen Skinner, Department of Juvenile Justice

Page 2

Monitoring Center, from page 1

Mr. Wheeler and Keith Wise, IRM assistant director, envisioned the new center as a critical resource for improving performance and dependability. It's part of a larger push to make the state's computing infrastructure as reliable as a utility.
"When you flip a wall switch, you know the lights will come on," Mr. Wheeler said. "We want our customers to have the same level of confidence in our data center operations."
Technicians ready to act
Staff members spend their day carefully watching banks of computer monitors. Each bank is linked to a different information system or platform, and the data displayed on the monitors change constantly to reflect the current operating status of each one.
"We can see a problem developing," said Bob Simpson, who took part in efforts to establish the monitoring center. "This allows us to intervene before it affects a customer agency."
For example, if technicians see activity increasing beyond certain levels on a particular processing platform, they can redirect or reschedule some of the work to balance the load and avoid a slowdown.
Customer agencies can experience service problems for many different reasons, and they report these problems by e-mail or telephone to service desks at the monitoring center.
Representatives from each of IRM's four primary work units gather in the monitoring center every weekday at 8:30 a.m. to review all unresolved service problems.
"During these meetings, we look for trends and chronic problems that might indicate a flaw with systems architecture or engineering," Mr. Simpson said. "If a problem is found, it's referred to a problem resolution team."

monitoring these systems supplement the traffic

lights with regularly updated notes providing

operational details.

Bar charts indicate the amount of time specific applications have been running without interruption. Users can also view an "Enterprise Up Time" bar chart to learn if service

"When you flip a wall switch, you know the lights will come on. We want our customers to have the same level of confidence in our data center operations."

interruptions occurred

within a specified period, and detailed notes

describe what caused them and how long they

lasted.

Operating principles guide staff actions
The monitoring center is guided by operating principles that call for
immediately notifying customer agencies about operating problems and keeping them informed about efforts to resolve them;
minimizing service disruptions by carefully scheduling maintenance or upgrades;
thoroughly testing system changes before moving them into production;
carefully analyzing service problems to find and correct their root cause; and
finding an alternative way to continue providing information services to customer agencies while working to resolve their service problem.

Web site will enable agencies to check systems anytime
This fall, GTA will make a Web site available to state and local agencies so they can check the current status and past performance of various information systems anytime they want. Data center technicians began building and testing the site this summer.
The site uses graphical elements like traffic lights colored green, yellow or red to give users a quick, easy indicator of how some systems are performing. The technicians responsible for

Key staff members meet every weekday at 8:30 a.m. to review service problems. They look for recurring problems that might indicate a flaw in an information system. At the table clockwise from far left: Alp Cinar, John Doughtie, Donna Burks, Sharon Hatlestad, Bob Russell and Bob Simpson (with his back to the camera).

Photo by Keith McWhorter

Fast Forward

Georgia

Page 3

Money matters: Improving financial management

State government veteran Sherrie Southern remembers the days of dumb terminals, 10-key adding machines and green bar paper. Now,

as head of the financial systems group in GTA that

manages PeopleSoft

By the numbers
The GTA financial systems unit manages:
payroll checks for 65,000 state employees
retirement checks for 45,000 retirees
database of 85,000 active members in the Employees Retirement System
benefits processing for over 100 agencies
1099's and W2's for over 70 state entities
processing of payments to 100,000 vendors

and agency billing for technology and telecommunications, Ms. Southern has other tools in her arsenal.
"Today state government needs more than just a back-office business system, and we want to provide the direction and improvements that agencies have been asking for," said Ms.

billings of $192 million annually

Southern. From

for IT and telecom services

paperless billing to

an automated

process for entering and reconciling travel and per

diem payments, the emphasis is on innovative

technology and sharing best practices.

One of the first improvement targets is the financial systems help desk. With more coverage, the help desk will log every call, create a ticket for every problem and follow up on every issue. Financial systems will work with agencies to set expected turnaround times for resolving different kinds of problems. A new knowledge database will help pinpoint problem areas and best solutions.
A redesigned Web site will make content easier to find and allow agencies to access their PeopleSoft reports through Document Direct on GTA's financial systems Web page.
Sometimes individual agencies develop offline systems that other agencies can benefit from. For example, Pardons and Paroles has created a travel expense system through which employees can enter their expenses online and have the form routed electronically to managers for approval. The travel expense data can then be uploaded into PeopleSoft without having to re-key the information.
Enabling other agencies to share this kind of enhancement and to work together on ideas for new applications is one of the goals of the financial systems team, which includes staff with many years of commercial and public sector experience in financial and human resources systems, database design, auditing and financial project management.

Security Policies, from page 1
awareness of potential risks associated with IT and set a clear course that all users of IT resources can follow. "We're seeking to minimize the cost of security incidents, accelerate the development of new application systems, and assure the consistent implementation of controls for information systems throughout state government."
The policies cover several key areas: organizational security personnel security user training physical and environmental security user and network access control systems development and maintenance disaster recovery and business continuity
For example, one of the policies relates to the appropriate use of state IT resources:
"State of Georgia information technology resources are provided to authorized Users to facilitate the efficient and effective performance of their duties. The use of such resources imposes certain responsibilities and obligations on Users and

is subject to state government policies and applicable state and federal laws. It is the responsibilityof Users to ensure that such resources are not misused."
"We all know that, as state employees, we are to use state computers to perform our job duties," says Dr. Wynn. "This policy makes it clear that the inappropriate use of state resources is prohibited. Agency-specific policies and enterprise standards implemented under this enterprise policy will define those uses which are considered inappropriate."
Information about suspected illegal activity will be turned over to the cybercrimes task force for confidential investigation. GTA also will monitor large clusters of activity on Internet sites that seem to indicate a pattern of inappropriate use. In those instances, the agency head will be notified.
Uniform security policies put Georgia in a better position to comply with federal regulations such as the Health Insurance Portability and Accountability Act (HIPAA). "Our objective is to provide consistency among small and large agencies throughout the state," Mr. Singer said.

Fast Forward

Georgia

Page 4

Portal business cards will make it easy to find state agencies

Agency Portal Business Cards will soon make it easier than ever for Georgians to find information about state agencies on georgia.gov, the new Web portal to state government.
GTA is creating a business card for each state agency with information provided by the agency. Each card will include the agency's logo, mission and services, legislative authority, contact information and a link to its Web site. After GTA completes the cards, agencies will be able to post their own news, event announcements and press releases, which can then be accessed from their business card or special subject area listings on georgia.gov.
An agency will be able to update its business card at any time without special

software or technical knowledge, and GTA is offering training in the process for up to two employees from each agency.
Finding an agency's business card will be easy. For the Web address, portal users can simply enter an agency's acronym followed by .georgia.gov. For example, GTA's business card will be found at gta.georgia.gov.
Agency Portal Business Cards, which will be available this fall, are just the first step in making every state agency a part of the state's Web portal. GTA is currently working with specific agencies to integrate their Web presence more closely with the look and navigation of georgia.gov.

Here's what a typical Agency Portal Business Card will look like:

Page 5

Fast Forward

Georgia

Women in Technology in Government holds inaugural meeting

"Women...Technology...Government. Those

Association of Georgia and president of its Women

three words hold a lot of promise," said keynote

in Technology society, said groups like WITIG can

speaker Mary Lou Heastings, director of

help women find mentors and cultivate their

Worldspan's E-business initiative, as she addressed leadership style. "Many women believe that they

the inaugural

are still perceived

meeting of

as less competent

Women in

than men, "she

Technology in

said. "I encourage

Government

you to use this

(WITIG). About 80

opportunity to

women attended

make a difference

the August 20

in your career."

meeting.

The meeting's

Photo by Wayne Petty

WITIG is an

second keynote

organization to

speaker, Sandra

bring together

Haga, then deputy

women who

commissioner for IT

work in or with

at the Georgia

technology, providing opportunities for education,

Attending the first meeting of Women in Technology in Government are Sonia Lucas, Women in Technology; keynote speaker Mary Lou Heastings, Worldspan; Sondra Rhoades-Johnson, Georgia Technology Authority; and keynote speaker Sandra Haga, Department of Revenue.

Department of Revenue (DOR), said she wished an opportunity like

networking and mentoring. The group will meet WITIG had been available when she began her

quarterly, with each meeting featuring a speaker career in government technology in 1971. Ms.

from the corporate sector to discuss technological Haga, who was preparing to retire, offered advice

initiatives and a speaker from a government

to her colleagues in technology: "Encourage each

agency to make the connection between industry other, set goals and stay focused. If you feel too

trends and technology in the public sector.

comfortable in your job, it's time to stretch and

GTA is an executive sponsor of the new

grow."

organization. Larry Singer, state CIO and executive Several state agencies have participated in

director of GTA, told the group that government

organizing WITIG, including the Department of

must strive for diversity in leadership. "GTA is

Human Resources, DOR and GTA.

devoted to IT innovation, and that requires fresh

WITIG will hold its next meeting on November 13

perspectives. We're accelerating the careers of

as part of the Southeast Government Technology

people who have the insight, foresight and energy Conference. For more information, contact Sondra

to do the work."

Rhoades-Johnson at sondrarj@gta.ga.gov or Sue

Ms. Heastings, who also serves as a board

Miller at witmiller@yahoo.com.

member of the 5,000-member Technology

HIPAA, from page 2

for HIPAA projects, said the agency has been working toward HIPAA compliance since 2000. "I'm glad that we've been proactive on this project," she said, adding that the timing was right. "HIPAA came along at the same time we were procuring a new claims processing system for Medicaid, PeachCare for Kids, the State Health Benefit Plan (SHBP) and the Board of Regents Health Plan, as well as a membership enrollment system for the SHBP. We were able to incorporate many of the HIPAA requirements into those projects."

The risks of noncompliance are substantial. Failing to standardize health care transactions may mean that Medicare and Medicaid claims will be rejected, and states will not achieve reductions in administrative costs that HIPAA makes possible. Not following HIPAA regulations may result in monetary fines of as much as $250,000 and other penalties.
"One of the first hurdles we faced was convincing people that you cannot choose to ignore this law," Dr. Prosser said. "HIPAA is not going away."

Page 6

Software agreement benefits state

State saving millions with IT temps contract

Through a unique statewide software agreement, state and local government agencies throughout Georgia are achieving cost savings while making it easier to communicate with government.
Government agencies can purchase Microsoft desktop software through a three-year statewide agreement, which now covers more than 58,000 computers, almost three-fourths of all desktop computers operated by state and local government agencies. The initial enrollment period ended July 31, 2002.
GTA negotiated the agreement, which began in 2001. The agreement provides licenses and upgrades for MS Office, MS Operating System and connection licenses to other Microsoft products. The agreement also includes security enhancements and features provided by Microsoft over a threeyear period at no additional cost.
"Through the Microsoft Enterprise Agreement we accomplish two important goals: obtaining better pricing and making government communication simpler by standardizing its desktop software," said Larry Singer, state CIO and executive director of GTA. "Bringing together diverse state and local government entities is resulting in significant cost savings and better service for Georgians."
GTA chose Microsoft desktop software, already used by a majority of state agencies, as the standard to make it easier for state agencies to share information. The enterprise agreement reduces the cost to purchase and support these data, document and e-mail programs by at least 50 percent compared to other discounted prices. Forty state agencies, 16 counties, eight cities and several other government-related entities are now participating in the agreement. Participants who formerly purchased the same software through other discount agreements are saving $500 to $750 per computer over the three-year period. Without the agreement, participating government agencies would have had to spend an additional combined $28.5 million over three years for the same software.
GTA, Microsoft and Software Spectrum, an authorized reseller, have worked together to offer the discount agreement to state and local government agencies.
For more information about enrolling, contact Sondra Rhoades-Johnson, director of GTA's Office of External Affairs and Business Development, at 404-463-2327.

The state's use of a Web site and automated

system to find and manage temporary IT workers is

expected to save agencies over $2 million during its

first year of operation.

GTA negotiated a contract in 2001 for Venturi

Technology Partners (VTP) to take the administrative

load off state agencies when they recruit temporary

IT workers. Besides relieving agencies of

administrative headaches, the service has enabled

the state to reduce the average cost for temporary

IT workers. From

October 1, 2001, to July 31, 2002, the savings averaged $167,851 per month, or an estimated annualized total of

The service is conservatively estimated to have saved agencies at least 70 work days.

$2,014,212.

Before GTA set up

the statewide contract, state agencies were on

their own in locating temporary IT workers and

negotiating wages.

Both state and local government agencies can

use the service. Agencies visit the Web site at

www.gtasms.com to submit the skills, prior

experience and related requirements they're

looking for in a temporary IT worker. VTP

compares the requirements to a database of ready

candidates and provides the resumes of at least

three for the agency's consideration within 72

hours. The agency can then interview the

candidates or ask for additional candidates if none

meet its expectations. VTP screens all candidates

to verify education, work history and references

before adding them to the database.

Ten months after the service first became

available, 4,442 resumes had been submitted to

VTP. Of those, 1,080 were sent to agencies for

review. Agencies selected 388 candidates for

interviews and hired 121 for temporary

assignments. By reviewing resumes and screening

candidates, the service is conservatively estimated

to have saved agencies at least 70 work days.

The management system reduces administrative

work and its associated costs for agencies in other

ways. Agency managers review and approve

timesheets for temporary IT workers online, and the

agency receives a single, itemized monthly bill.

The system makes it easier for small companies

and individuals to compete for state business.

They are able to submit information about their

services over the Web and avoid the time and

expense of marketing to individual agencies.

Fast Forward

Georgia

Page 7

Fast Forward

Georgia

GTA receives national procurement award

GTA has been chosen as one of this year's recipients of the Achievement of Excellence in Procurement Award by the National Purchasing Institute (NPI). GTA establishes procurement policy and coordinates the purchase of technology resources for state government.
The award is presented annually to recognize innovation, professionalism, productivity and leadership. Organizations chosen to receive the award are evaluated on how well they meet several standardized criteria.
One of GTA's goals is to consolidate state government's purchasing power to obtain the most favorable pricing possible and reduce administrative burdens for state agencies. GTA's procurement efforts are benefiting state agencies by:
saving as much as $18 million annually by purchasing personal computers through the Western States Contracting Alliance;
saving an estimated $2 million annually by contracting with Venturi Technology Partners to assist agencies in locating temporary information technology workers; and
enabling state and local agencies to avoid an estimated $28.5 million in costs by upgrading desktop software through the Microsoft Enterprise Agreement.
Among other procurement successes are: the Statewide Planning Services Contract, which provides access to planning expertise not previously available to state agencies;

the Portal Development Services Contract, which provides access to private-sector technology experts who can assist state agencies in integrating their Web presence with georgia.gov, the new online portal to state government;
the Chemical Tracking System, the nation's first hazardous chemical tracking system for colleges and universities; and
the Wireless Classroom Pilot Project, which provided laptop computers to students at eight middle schools in Georgia.
Lester named new board chairman
Governor Roy E. Barnes has named James D. Lester III as chairman of the GTA Board of Directors.
Mr. Lester is chief information officer for the American Family Life Assurance Company (AFLAC) of Columbus, Georgia. Prior to joining AFLAC, he was founder and president of Portable Systems Technology, Inc., a software design firm. He succeeded Thomas A. Fanning, who resigned earlier this year after being named president and CEO of Gulf Power, a Southern Company subsidiary in Pensacola, Florida.

Fast Forward Georgia
Published bi-monthly and available online at www.gta.ga.gov 100 Peachtree Street, Suite 2300, Atlanta, Georgia 30303 404-463-2300, FAX 404-463-2370
Michael Clark and Paula Calhoun, Editors; Hettie Smith, Designer
GTA Division & Office Directors
Larry J. Singer CIO & GTA Executive Director, ljsinger@gta.ga.gov Tom Wade Chief Operating Officer & Deputy Director, twade@gta.ga.gov
Steve Nichols Chief Technology Officer & Deputy Director, snichols@gta.ga.gov Cigdem Delano Assistant Director, cdelano@gta.ga.gov Chris Tomlinson Assistant to the CIO for Policy, ctomlinson@gta.ga.gov Roosevelt Council Chief Financial Officer & Director, Financial Division, councilr@gta.ga.gov
Renee Herr Chief Network Officer & Director, Telecommunications Division, rherr@gta.ga.gov Gina Tiedemann Director, GeorgiaNet Division, gtiedemann@gta.ga.gov Derrick Wheeler Director, Information Resources Management Division, dwheeler@gta.ga.gov Joyce Goldberg Director, Office of Communications, jgoldberg@gta.ga.gov Danette Joslyn-Gaul General Counsel, Office of General Counsel, dgaul@gta.ga.gov
Peggy Joyner Director, Office of Program Management, pjoyner@gta.ga.gov Candy Kidd Director, Office of Account Management, ckidd@gta.ga.gov
Sondra Rhoades-Johnson Director, Office of External Affairs/Business Development, sondrarj@gta.ga.gov Beverly Walker Director, Office of Human Resources, bwalker@gta.ga.gov
Robert Woodruff Director, Office of Technology, woodruff@gta.ga.gov Bob Wynn State Chief Information Security Officer & Director, Office of Information Security, gwynn@gta.ga.gov

Page 8