Archive for the ‘Healthcare’ category

Gartner recognized SnapLogic as a Visionary in its Data Integration Magic Quadrant

August 7th, 2019

Gartner recognized SnapLogic as a Visionary in its Data Integration Magic Quadrant! This comes on the heels of being recognized as a Leader in three top analyst reports for the best integration platform as a service (iPaaS) solutions – the Gartner Magic Quadrant, Forrester Wave, and G2 Crowd Grid.
We believe these collective recognitions testify to the fact that SnapLogic is unrivaled when it comes to integrating cloud applications and on-premises data in one unified platform.

Gartner commended SnapLogic for:
• Our powerful integration convergence and augmented data integration delivery
• Our easy accessibility to diverse user personas
• Our pricing model simplicity and trial version

Synergy Software Systems is a Middle East partner. . This solution speeds up deployment of complex solutions with multiple jntegrations and significantly improves and simplifies the management and maintenance of integrations.

Whether for EDi to Odette standards for the automotive sector, or for streaming high volumes of data, or for ETL processes to bring data from multiple, enterprise systems into a data lake or Enterprise BI or Corporate performance management system, Snap Logic provides a multitude of pre built “Snap integrations: for a low code, configuration approach to integration.

Synergy Software Systems has provided integrated solutions in the region. Digital revolution is proving new opportunities and challenges. Robotic Processes Automation, Predictive analytics, ML AI, IoT, RFID, cloud services, data lakes, and mobility are now standard components of any solution. However digital revolution also requires agility and rapid robust deployment and ease of update and maintenance. Integration ETL, and streaming data from multiple systems at enterprise scale needs a new ‘productized’ low code approach to integration.

Snaplogic is a key tool for successful agile deployment of Enterprise integration, Corporate Performance management, EDI, BI and RPA solutions.

There are already major clients deploying Snap Logic in the UAE.

To learn more . Call us on 00971 43365589

SQL Server 2016SP2 Cumulative Update 8

August 3rd, 2019

The urgent security update earlier this month is not the only patch for SQL Server 2016 in July,
Microsoft has released SQL. SP2 CU8 (build number: 13.0.5426.0)
• Restores of compressed encrypted backups fail
• Data masking doesn’t
• DAXquery needs memory 200x larger than the database size
• Peer-to-peer replication fails when your host name isn’t uppercase
• QueryStore cleanup can fill the transaction log and cause an outage
•DistributedAvailability Groups cause memory dumps when automatic seeding
• AGreplication stops working due to internal thread deadlocks
•The deadlock monitor can cause an access violation
• Query a view with a union on a linked server,
• Concurrent inserts into a clustered columnstore index can deadlock
•Infiniteloop when FileTable is used for a long time without a restart
•SSAS2016 randomly crashes ( maybe not completely random if they fixed it)
•TransparentData Encryption doesn’t encrypt if it’s restarted mid-encryption

And much more.https://support.microsoft.com/en-us/help/4505830/cumulative-update-8-for-sql-server-2016-sp2

I guess we will get a similar patch for Sp1 but by now you should be on a later patch

“Disbursements & Reimbursements’: U.A.E. – VAT clarification

July 31st, 2019

The Federal Tax Authority (‘FTA’) has released a Public Clarification on “Disbursements & Reimbursements” which addresses how to distinguish reimbursements and disbursements, and to clarify the applicable VAT treatment.

U.A.E. businesses incur expenses and subsequently recover such expenses from another party. The VAT treatment of the subsequent recovery of expenses depends on whether the recovery is a “disbursement” or a “reimbursement”.

The first step to determine whether a recovery is a disbursement or reimbursement is to establish whether you have acted as a principal or an agent in purchasing the goods or services

General principles to determine the VAT treatment of such recoveries:
Where a taxable person acts in the capacity of an agent, the recovery would generally amount to a disbursement.
A disbursement does not constitute a supply and is,therefore, not subject to VAT

Where a taxable person acts in the capacity of a principal, the recovery would generally amount to a reimbursement.
A reimbursement is part of consideration for the supply and follows the same VAT treatment as the main supply.

Principles

* The other party (from who you are recovering such expenses) should be the recipient of the goods or services;

* The other party should be responsible for making the payment to the supplier;

* The other party should have received an invoice or tax invoice in their own name from the supplier;

* The other party should have authorized you to make the payment on his behalf;

* The goods or services paid for should clearly be additional to the supplies you make to the other party;

* he payment should separately be shown on the invoice and you should recover the exact amount paid to the supplier, without a mark-up.

* You should have contracted for the supply of goods or services in your own name and capacity;

* You should have received the goods or services from the supplier;

* The supplier should have issued the invoice in your name;

* You have the legal obligation to make payment to the supplier;

* In case of goods, you should own the goods prior to making any onward supply.

Examples

Company A procured group medical insurance from a local insurance company and received an invoice directly from the insurance company.

* Company A requested Company B to make the payment on its behalf.

* The subsequent recovery of the amount by Company B from Company A will amount to a disbursement, and would not be subject to VAT.

* Company A should ensure that the Tax Invoice is addressed to it from the insurance company and should recover the input tax through its UAE VAT return, subject to the normal input tax recovery rules.

Company A entered into a contract with Company B to provide marketing services.

* The contract stipulated that Company A would be eligible to reimburse the expenses from Company B.

* Company A incurred the expenses in its own name and subsequently recovered the amounts from Company B as per the terms of the contract.

* The recovery of expenses from Company B would follow the same VAT treatment as that of the main supply.

We recommend;

* Identify the nature of your contract and agent/principal relationships (if any) based on the above principles;
* Ensure that all disbursements have proper authorizations (contracts); and
* Re-view all inter-company disbursements/ reimbursements (cross-charges).

Calorie counts on menus in Dubai deferred.

July 22nd, 2019

Khalid Mohammad Sherif Al Awadhi, CEO of the environment, health and safety control sector at Dubai Municipality recently said that displaying calories in menus will be optional for next two years and that the Municipality decided to postpone the implementation of the rule,, “to allow enough time for the industry to prepare itself.”The Food Safety Department will continue to encourage food establishments to declare calorie content.

(In May it was announced that restaurants, cafeterias and cafes with more than five branches were expected to mandatorily display the caloric value of each and every food item from November this year. All other restaurants, catering establishments and hotels were given the deadline of January 2020 to implement the rule).

A similar postponement happened in the USA ( part of the 2010 Affordable Care Act) due to industry lobbying. For example grocery store and convenience store industries argued that the rules didn’t take into consideration the vast differences between how the various types of affected establishments operate (think fast-food restaurants versus pizza delivery chains versus gas stations). They protested the legislation would place unfair burdens on businesses that sell food and drinks that aren’t displayed on a centralized menu board, such as gas stations that may have multiple drink stations where customers can get self-serve sodas, frozen drinks, or coffee.

A number of chains, including McDonald’s and Starbucks, had already put menu labeling into effect in recent years in anticipation of the new guidelines.

Arguably one reason a lot of restaurant food tastes so good is because it’s full of fat and salt — and no restaurant wants to broadcast to its diners that they’re serving 2,000 calorie salads or 1,200 calorie milkshakes. However, In light of the global epidemics of obesity and diabetes, some believe it’s simply irresponsible for restaurants to serve burgers with more calories than an average adult human needs in a day, or lattes that have more sugar than a chocolate bar.

Whether displaying nutritional information on menus actually causes consumers to make healthier choices or not is still up for debate: Some studies indicated that calorie counts on menus don’t ahave much of an effect on what people order — but they may be somewhat effective in encouraging the restaurants themselves to offer lower-calorie foods. However, many worry about nutritional data, like eating the ‘right calories’, not eating gluten products etc.

Food establishments are free to choose the services of qualified professionals or compute the caloric value of ingredients by using third-party software. It is likely there will be a future requirement to add additional nutritional information to help customers to make informed, healthy eating choices.

If you are seeking a specialist solution to provide and manage and compute nutritional information then contact us on 097143365589

SQL Server 2008 and SQL Server 2008 R2 -OUT OF SUPPORT today

July 13th, 2019

SQL Server 2008 and 2008 R2, both of these versions of SQL server go out of extended support with Microsoft today 9th July 2019

Many companies and businesses are still SQL Server 2008 R2 and below. There can be a number of reasons for this, maybe the applications the databases support require an older version of SQL Server, maybe the applications are also coming to the end of life, but the end dates do not match up with the data platform end of support dates.

Sometimes applications are critical to the business and everything works just fine. The business doesn’t want to disrupt the application or introduce any risk by performing a migration to a new version so why change it?

In this situation your data platform is out of support completely. Out of support system attract hackers. Note the previous articles about fines for loss of privacy data to realise how serious this can be

So you should be making plans to migrate your legacy SQL Servers off the unsupported versions. It is likely if you are still on an old database that you are also on an old server and on an old version of Windows. That gives additional risk of failed hard disks, other system vulnerabilities – Meltdown, Spectre? Phishing…….
Investors and insurers are not likely to be sympathetic in such circumstances.

There are many performance and security benefits of upgrade.

If you decide to run on out support software and take the risk associated with running on out of support software. The main advantage of this approach is there is nothing immediate to do. The longer you run on the platform the greater the chances of you encountering a security vulnerability or failing a compliance test.
If anything does go wrong you’ll have no support from Microsoft.
Other software vendors support contracts may also require that you be on a currently supported database

Modernise and upgrade is one of the options that you have available.

You can upgrade your on premises SQL Server or migrate the databases to Azure either as IaaS solution where you run the VM in Azure or even the PaaS Azure SQL database offering

There are number of advantages to upgrading your data platform. You’ll be running your database workloads on an in support data platform, with a long support window. There will likely by new features in the latest and greatest version of SQL Server that you can use to add business value to your application – Availability Groups for example. Also you will likely find people with skills in the later technology, those skills will be more readily available in the jobs market.

There will likely be a different licensing model – the licensing model changed between SQL Server 2008 R2 and SQL Server 2012 – it possible you will have to pay more for you SQL Server licences.

The third option is instead of doing nothing you pay for a custom support agreement. The main advantage here is you can continue to get security updates and therefore potentially remaining compliant. The main disadvantage of this approach is the cost involved, which is typically 75% of the full license costs of the latest version of SQL Server and Windows Server.

Migrate workload to Azure. Microsoft allow SQL Server 2008 and SQL Server R2 VMs running in Azure to have the security updates for free for a further 3 years. So you can migrate your database server to azure and continue to get security updates for free until 2022.

The main advantage of this is you get to keep running the same version of the OS and Data platform, the security updates are free so the cost is minimal \. The disadvantages is you would need to move off premises, if this is not an option for you then you can’t exercise this option and there will still be work in involved in ‘lifting and shifting’ the VM to the cloud.

Whatever you do when support ends for SQL Server 2008 and SQL Server 2008 R2 have a plan

Integration as a Service – ask Synergy Software Systems, Dubai about Snap Logic

July 2nd, 2019

Why do companies like Adobe, AstraZeneca, Box, GameStop, OSN, Verizon, and Wendy’s choose SnapLogic?

They have a problem that many other companies are facing today. On one side, business managers rely more and more on SaaS applications and big data for daily tasks yet IT is responsible for integrating the applications. These business managers need daily access to accurate information but can’t always wait for IT. On the other side, IT is managing multiple projects, including integration requests and is working with far fewer resources. Requests can take weeks or even months to complete and business leaders can’t wait that long, so end up making decisions based on less than perfect data.

The Snaplogic Enterprise Integration Cloud comes with Iris Artificial Intelligence built in. Take away he complexity of dealing with multiple applications, big data, complex APIs, and IoT and abstract it into drag and drop components, all in one platform. SnapLogic’s Iris AI further democratizes the use of data by empowering users from all departments and teams to make data-driven decisions quickly and easily with higher accuracy. Business manager can now do their own analysis with minimal support from IT and make informed, data-backed decisions quickly.

IT people can spend less time building routine integrations and more time helping the business grow. SnapLogic is already helping many businesses with these challenges. GameStop reduced the amount of time it took to build integrations by 83%. Business processes cut across functions and applications. Transform business processes faster and stay focused on managing your business with data-driven insights rather than spend time on writing and maintaining code.

General Electric’s (now Suez Water) employees are 4 times more productive when it came to onboarding partners through its multiple systems.

AstraZeneca has more than 500 users around the world who are performing self-service integrations.

Box has connected 40 applications and is processing more than 15M transactions daily with only 1.5 full-time developers needed to support this volume.

Corporate performance management or Big data analytics from multiple, disparate corporate erp and finance systems, hybrid cloud and on premise integration, migrating to the cloud or to new software versions, IoT, T@A, EAM systems, WMS systems, Payroll systems, there are many integration challenges.

To support your digital transformation call us on 0097143365589

Oman and VAT – Ask Synergy Software Systems to help prepare and update your systems

June 30th, 2019

Oman government representatives have said that the state is looking to implement a 5% VAT regime from 1 September 2019. In 2017,
it signed the Gulf Cooperation Council VAT Framework Agreement, which included: Saudi Arabia, Qatar, UAE, Bahrain and Kuwait. Local media reports in March 2019 quoted a senior official from Oman’s Ministry of Finance as saying that the date of implementation of VAT in Oman is under review. The official reportedly indicated that the target date had been 1 September 2019 but that this is not confirmed, although the intention clearly remains to implement VAT as early as possible. Businesses should take this as a cue to continue their VAT implementation plans in Oman, or restart and reinvigorate those if the work has been put on hold.

A key lesson from our experience of VAT implementation projects in UAE, KSA and Bahrain, across more than 100 companies is that companies that started their VAT planning and implementation projects early had a smoother transition to VAT, than those that waited for the final publication of the domestic law and regulations. A ‘wait and see’ approach backfired on many businesses in the UAE, KSA and Bahrain where there was minimal time between the release of the law and regulations and the go-live date for adequate training, data preparation and testing, and a shortage of resources in the market to cope with the backlog.

There are practical steps to take now. the first is to form an internal VAT working group of key stakeholders to monitor developments in VAT and ensure that VAT is on the Board agenda and is included in budget discussions. The working group will be best placed to negotiate professional services to support implementation, to train end users, and to define test scenarios, etc.

Next ensure there is VAT awareness is key – customers, vendors, and staff. Many in the region have never dealt with VAT, and a solid understanding of the mechanics, scope and terminology of the tax takes time, and that is a necessary foundation for the next steps.

Document your transaction flows . VAT is a transaction tax, with each transaction triggering a potential VAT consequence. This will help you to identify: software changes, processes to update, training needs, data collection needs, commercial document redesign, financial report redesign etc.

Review Contract to ensure they are ‘future proofed’ for the introduction of VAT. For example, to identify whether they include suitable clauses allowing VAT to be charged in addition to contractually agreed prices. The UAE VAT law clearly mandated that communication be sent to all customers within a specific timeline stipulating whether their contracts will be treated as exclusive of tax, failing which customers can dispute the tax being charged in the contract. Therefore, revisiting contractual obligations for both customers and vendors and determining cutover dates, incorporating tax clauses and revising prices and quotations will play a pivotal role to safeguard the business interests of all parties to a contract.

There will be transactions which are closed before the go-live date, and there will be instances where payment is received post the go-live date or where the supply is scheduled post the go-live date, but where the relevant invoices are paid prior to it. Failure to assess and communicate/agree on the VAT impact between all parties to the transaction on such spillover transactions might increase the cost of such transactions and either of the parties may be out of pocket in such scenarios, and there may be unwelcome friction with trading partners, if not managed.

IT infrastructure will be the ‘backbone’ of the VAT compliance function from issuing VAT compliant invoices to producing the VAT return.

Identify VAT resource requirements, particularly external consultants and auditors. Skilled VAT resources are drawn from a diminishing pool of individuals. Take advantage of the experience gained by service providers implementing in Dubai, KSA and Bahrain. There are many wrinkles, not immediately obvious.

Industry associations can raise common issues and concerns with the Ministry of Finance, particularly in advance of the formal publication of the VAT law.

While you can choose to defer VAT implementation be ready to demonstrate to your owners/investors/respective boards and shareholders, that you have done so only after undertaking an appropriate level of due diligence of the likely preparation of the VAT environment. Some key areas include:

Upgrades to ERP systems and user acceptance testing Reporting
Timely VAT registration, (company by company or at Group level?)
Timely Collection of Tax registration numbers for Trading partners
Timely returns, accrual and and payment of taxes
Scoping the need for professional service and selection/references, time for reaching agreement with partners.
Unforeseen penalties
Cash flow management – how will this change? the delayed inflow on account of receipts from customers; outflow after the discharge of tax liabilities on supplies without consideration/deemed supplies (if any); outflow on account of payment to vendors; and additional outflow due to the payment of taxes (net of input tax recoverable) to tax authorities.

Tracking changes in law/ public clarifications

Some businesses in the UAE and Saudi Arabia faced challenges when ERP systems were not implemented in time to capture VAT on transactions or to generate customised VAT payable or receivable reports. The first quarter of the respective VAT regimes required substantial manual effort to properly account for transactions.

Another hurdle was training staff on the upgraded ERP software as well as new reporting standards

In a test system for financial or erp system, for training and requirement scope you could get early familiarity with the Dubai or KSA framework – there are unlikely to be major changes in the Oman framework.

If you current system is largely manual, or has significant limitations then now be the time to plan for upgrade, or reimplementation or a new system. The UAE VAT law has a penalty provision whereby every incorrect invoice can trigger an AED 5,000 fine (approx. OMR 500), irrespective of the value of the invoice. Exposure to these fines can be significant in industries where high volumes of transactions are made per day, for example the retail, utilities and banking industries. Compliance depends on a robust system and operations preparedness. The audit trail of the process, and other documents, help to ensure correct and timely filing of the returns as well as avoiding any unwarranted penalties.

Businesses across the globe tend to see a fall in demand where the display prices on products do not include VAT, specifically in the case of products which are price sensitive. The implementation of a new indirect tax law will have an impact on turnover and consumer preferences. Some prices ma need to be rounded up or down. You may need to show VAT separately, item by item on a receipt or invoice – is your software able to do that?

Given that the potential VAT rate in Oman may vary between 5 per cent, exempted, non-taxable and zero-rated, businesses should ascertain the price impact of VAT on imports which are recoverable and non-recoverable, final product pricing and alternative sourcing if imports are expensive, and vice versa.

Calorie display on Dubai menus – are you ready? Ask Synergy Software Systems.

June 30th, 2019

It will soon be mandatory to display the caloric value of each and every item in the menu, in whichever form it is. The Food Safety Department announcement is that:
All food outlets in Dubai have to display calorie content of ready-to-eat foods by January 1, 2020.
An early deadline of November 1, 2019 is set for establishments with more than five branches to implement it.

The circular and guidebook is posted on municipality’s portal www.dm.gov.ae and has clear instructions for labelling nutritional value with examples for manual calculation in Excel-sheet templates.

The department will verify the accuracy of the calculations through auditing. It will also at a later stage, provide an electronic-platform for computing the calories

Eateries, including fast food chains, must display caloric value of food items either on the menu or at the point of sale. There are some establishments that already declare calorie content on packaging, flyers, tray mats, websites etc. However, the municipality wants everyone to display the caloric value, against each item in the menu from which diners choose items at the point of sale. When there is no menu, then it should be in the menu boards or the menu displayed on tablets — basically, whichever form of the menu which the consumer checks for choosing the food.

Dubai eateries will have options how to calculate calorie contents for display in the menus to comply with a new regulation that aims to help diners make informed choices. For most a software package will be administratively simplest to ensure compliance.

For online menus displayed for food ordering services, the rule will not be mandatory, for the time being, since the department is not regulating electronic platforms for food delivery.

Dubai Municipality says that Food establishments in Dubai should declare in their menus the calorie content of all ready-to-eat food items.

The primary objective of the rule is to help diners make healthy food choices for reducing obesity and related diseases. The Food Safety Department of Dubai Municipality hopes to make a big difference in food decisions taken by diners just with the knowledge of how much of calories they consume.
The population of Dubai is three million. As per our calculations, we expect more than one billion food decisions to be based on the calorie count displayed in menus in a year,” Iman Ali Al Bastaki, Director of the Department
.
During the six months of the World Expo 2020 starting on October 20, 2020, Dubai expects to welcome 25 million visitors. Hence, the number of food decisions taken based on displayed calories is expected to be multi-billion during the Expo.

For example, a food outlet making a traditional meal with a lot of oil will have to display a high caloric value for the meal. When consumers prefer to go for another meal with less calories or a smaller portion of the same meal, the establishment will encourage its chefs to reduce the use of oil, thereby reducing the calories and providing a healthier meal.

Dubai, is the first emirate in the UAE to implement such a rule. It referred to similar practices in countries like the US and Canada. Dubai already has a system of nutrition labelling that displays all nutritional values in packaged food items e.g.: sugar, sodium, fat.

For cooked or prepared food that is ready-to-eat, the first step in declaration is the basic declaration of calories. The municipality wants to ensure the readiness of the market before moving to the next level of detailed nutrition labelling in cooked foods.

This is part of a holistic approach that Dubai Municipality has been working on to improve health and to reduce obesity and diabetes in Dubai that include healthy meal project in school canteens, an initiative to reduce salt and sugar content in bakery items and verification of claims about healthy food items.

With over 100 branded hotels and industrial caterers, and other food producers as our customers we have more than 20 years extensive experience in the F@B area, and our solution for nutrition data is widely adopted.

If you need, a software solution or to integrate our nutrition data to your erp system or F@B software, then contact us to learn more about our solutions.

Synergy Software Systems: 00917 43365589
Deyafa Systems: 00971 4 3240066

Electronic health data originating in the UAE – Federal Law No. 2 of 2019 (the Law)

June 26th, 2019

Important changes for anyone who collects, processes or transfers electronic health data originating in the UAE.

Besides a host of new data protection measures and new rules around use of a centralized database managed by the United Arab Emirates (UAE) Ministry of Health, a general prohibition on transferring health data outside the UAE has a significant impact on healthcare service providers and life sciences companies operating locally.

Cloud based health solutions which involve collection, storage and processing of health data, such as wearables and health monitoring apps, may be particularly affected. It is imperative for companies operating in the sector to carefully monitor developments.

On 6 February 2019, the President of the UAE issued Federal Law No. 2 of 2019 (the Law) which regulates the use of information technology and communications (ITC) in the healthcare sector. This Law:
• aims to raise the minimum bar for protection of health data and to introduce certain concepts which are on a par with best international practice in information law;
• supports the legislative trend towards localization of sensitive categories of data;
• paves the way for centralized health data capture and analysis to support public health initiatives conducted by the UAE Ministry of Health.

The Law was published in the Federal Gazette on 14 February 2019 and will come into force three months from publication. (May2019). The implementing regulations which will provide further details on its application are to be issued within six months from the date of publication.

The law is the first Federal data/privacy law of its kind in the United Arab Emirates albeit limited to healthcare data.

The law prescribes 31 articles and its application is wide both in terms of geographical spread and industry sectors. The law covers the entire United Arab Emirates (UAE) including its Free Zones and will impact on many sectors including local healthcare regulators in the different Emirates as well as all sectors dealing with healthcare data/information.

The health authorities in each local emirate are empowered to establish the rules, standards and controls for their own electronic data and health information systems, such as the methods of operation, exchange of data and information and their protection, as well as access to and copying of data and information

The Law applies to all entities operating in the UAE, whether onshore or from one of its free zones (including Dubai Healthcare City), which provide:
• healthcare services;
• health insurance services (including insurance brokers or providers of related administrative services);
• healthcare IT services; or
• any other services, directly or indirectly, related to the healthcare sector, or engaged in activities that involve handling of electronic health data.

1. Regulation of health data

The scope of the Law is broad – it regulates the processing of all electronic health data regardless of its form, including names of patients, information collected during consultation, diagnosis and treatment, alpha-numerical patient identifiers, common procedural technology (CPT) codes, images produced by medical imaging technology, and lab results among other types of data.

2. Prohibition on storage of health data outside of the UAE

The Law formalizes the longtime informal regulatory policy that health data must be processed and stored inside the UAE. Critically it provides that such data may not be transferred outside of the UAE, except where an exception is issued by the relevant heath authority. The Law also prohibits the creation of health data outside of the UAE which relates to health services provided inside the UAE. Accordingly, cloud solutions hosted out of country, outsourcing of IT services to overseas locations, remote IT support from other departments within multi-national Healthcare Service Providers and remote collection and monitoring of patient information within the UAE, such as heart rate, sleep patterns, or steps walked, from outside the UAE through apps and wearables may be significantly impacted.

The Law envisages certain exceptions to the default data localization requirements. These will be set out in subsequent ministerial resolutions or the implementing regulations.

3. Minimum standards for processing of health data

In addition to reinforcing the duty of Healthcare Service Providers to maintain the confidentiality of health data, the Law introduces a number of concepts similar to overseas data protection frameworks. For example:
• Purpose limitation: Patient information must not be used other than for the purpose of the provision of health services, except with the prior consent of the patient;
• Accuracy: Healthcare Service Providers must ensure that the health data processed is accurate and reliable;
• Security measures: Healthcare Service Providers must put in place measures to protect health data and to prevent its unauthorized processing, damage, alteration, deletion or amendment; and
• Non-disclosure/patient consent: The Law reiterates existing obligations not to disclose patient data to any third party without the prior consent of the patient.

4. Retention period

Health data must be retained for a minimum period of 25 years from the date on which the last procedure on the patient was conducted, or as long as is necessary if longer.

5. Centralized data management system

A new centralized data management system (DMS) will be established and operated by the UAE Ministry of Health to facilitate access to, storage and exchange of health data. Healthcare Service Providers are required to register to access the DMS and identify all members of personnel who are authorized to access it.

6. Website blocking for advertisement or licensing violations

The UAE Ministry of Health is entitled to instruct the relevant local or federal health authorities to block any website, whether inside or outside of the UAE that does not comply with the regulations applicable to healthcare advertising or which provides healthcare information without a license or permission from the UAE Ministry of Health.

The only circumstances in which a patient’s information may be used or disclosed without the patient’s consent are:
• to allow insurance companies and other entities funding the medical services to verify financial entitlement;
• for scientific research (provided that the identity of the patient is not disclosed and applicable scientific research standards and guidelines are complied with);
• for public health preventive and treatment measures, for example. in the case of a public health crisis;
• at the request of a competent judicial authority; or
• at the request of the relevant health authority for public health purposes including inspections.

There is a delicate balance to be struck between the potential benefits of this practice and the protection of each individual’s right of privacy. Where to draw the line in this assessment remains a topic of discussion between industry stakeholders and regulators, particularly in light of high profile breaches in recent years such as the collaboration between the Royal Free London NHS Trust and Google Deep Mind to identify patients at risk of kidney disease, or in the context of using health data for secondary research purposes. In January 2019 the European Data Protection Board issued its opinion on the European Commission’s draft Q&A on the interplay between data protection under the EU General Data Protection Regulation and clinical trials regulation. Wewait for the Law’s implementing regulations to see what position the UAE authorities will take on this sensitive issue.

As well as certain penal sanctions for breach of key requirements, such as the data localization obligations, the Law sets out a number of overarching disciplinary sanctions for breach of its provisions. These sanctions range from warnings to fines of AED 1 million and/or cancelling the breaching company’s permit to use the DMS.

Typically, access to centralised systems – such as the planned healthcare system – is facilitated by open APIs (application programme interfaces) made available to third party suppliers of IT systems which access the system. Where those IT systems already exist and are in use (under contracts between healthcare providers and the suppliers), technical changes to the systems will be required.

Some businesses will need to revisit their business procedures to comply with the Law. We recommend that companies affected by the Law:
• Keep up to date with the executive regulations setting out further details
• Ensure IT systems are capable of interacting with the central IT system
• Complete necessary administrative steps to obtain access to the central IT system, such as registration / licensing requirements
• Have technical and organisational processes in place to ensure that all patient data is treated confidentiality, kept secure, kept accurate and uncorrupted, not used for other purposes and retained as required
• Not transfer or store any patient data outside the UAE unless authorised to do so by a resolution issued by the local health authority
• Conduct a data mapping exercise to identify what type of health data is held, where it is processed and with which third parties it is shared.
• Where such third parties are based overseas, take steps to cease the transfer of health data to them, or to anonymize / denonymize the health data transferred;
• for any health data which cannot be anonymized / denonymized due to the nature of the processing activities, source alternative third party service providers to conduct the processing of that data within the borders of the UAE
• review contracts with third party service providers which process personal data and ensure that the contractual obligations for data processing and information security are sufficient to meet the new requirements of the law
• consider contracting obligations on service providers to support compliance with the law, such as annual rights of audit;
• add a step to the existing compliance sign-off process prior to adoption of new operational processes and business lines to ensure that no health data leaves the UAE and that the minimum statutory compliance standards are met.

Windows Server 2008 and 2008 R2, support is coming to an end.

June 23rd, 2019

Sometimes lifecycles end because of age or workload and other times they expire due to vendor support.
In the case of Windows Server 2008 and 2008 R2, Microsoft announced that Extended Support will end on January 14, 2020.

Microsoft provides: Mainstream Support, Extended Support, and Beyond End of Support.

Mainstream Support

Mainstream Support is Microsoft’s first phase of support and lasts five years. It includes the following benefits:
• Incident support (no-charge incident support, paid incident support, support charged on an hourly basis, support for warranty claims)
• Security update support
• Ability to request non-security updates

Extended Support

The Extended Support phase follows Mainstream Support, and also lasts five years. The key features of Extended Support are:
• Paid support
• Security updates at no additional cost
• Ability to request non-security updates (available only via Unified Support, a new model of support that offers comprehensive support that covers your entire organization)
• Microsoft will not accept requests for warranty support, design changes, or new features during the Extended Support phase.

Beyond End of Support

The Beyond End of Support phase is the final phase of the product lifecycle and lasts for three years. Here are the key things to remember.
• Request to change product design and features are not available
• Security updates are available only with the purchase of the Extended Security Update Program for up to three years. This typically costs 75% of the on-premises license cost annually.
• Technical support is provided when you purchase Extended Security Updates and have an active support plan in place on the product that has moved beyond the Extended Support date.

Server 2008 and 2008R2 are moving out of the Extended Support phase on January 14, 2020. From that date on,
non-security updates will no longer be available,
security updates will be available only if you pay for the Extended Security Update Program,
and other vendors will diminish their support of this operating system version.
If you are not prepared, then this will leave your environment open to security holes, application instability, and support restrictions.
If you have not already planned for this then now is the time to get it into your budget for first thing next year.

Dubai F@B – calorie content menus, and QR codes to choose safe hygenic food,

May 24th, 2019

Dubai: Food establishments in Dubai should declare in their menus the calorie content of all ready-to-eat food items, Dubai Municipality has said in a circular last Saturday.

The new rule is applicable to restaurants, cafeterias and cafes with more than 5 branches from November.

All other restaurants, catering establishments and hotels should implement it in the second phase in January 2020, the civic body said in a press release on Saturday.

There are more than 18,000 food businesses in various categories according to Dubai Municipality.

.On Sunday a new QR Code system was also launched by the Dubai Municipality which will allow you to choose food based on hygiene and safety in Dubai-based food outlets. Under this system, Dubai’s Food Safety Department will issue smartphone-readable codes to food outlets through its “Food Watch” digital platform. It will be mandatory for food outlets to display the QR codes in their premises as and when they are issued one.

In the next phase, people will be able to see what kind of a license is issued to an outlet. So, if somebody is making cakes or taking up catering services, you can ask for the code and find out if they are licensed to do it. Accessibility, location, web address, contact details etc. are the other details of food outlets available through QR code scanning. Dubai Municipality’s hotline number to register complaints 800900 is also shown.

If you need a proven software solutions for your F@B operations, then contact us.

Cloud back ups or on-premise?

February 16th, 2019

Pretty scary.
We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9 This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.

Though they’re back up and running, who knows if customers will stick by them, or will sue them.
What impact that had on infrastructure mail servers, backup servers, and SQL Servers for customers is hard to judge.
A large number of people might have lost their mailboxes and previously stored mail that was in IMAP storage.
This is likely an annoyance for individuals, but potentially catastrophic for businesses. Imagine your small business hosted with them and all your mailboxes were lost with customer communications and who knows what else.

Could this happen with a cloud provider like Azure O365, Google Apps or AWS?
Maybe but they will have DR backups,
But what if you store back ups on the cloud but run on premise- how long would it take to mass restore multiple, customers? Do you still have ad3qute on premise test systems to restore on and the staff and the time to do it?

Do you assume that you will always have either a primary server and an online backup server/share/bucket/container and can download data.
The problem is that online systems that connect to the primary can be accessed.
If an attacker were to access one, they potentially could access the second.
The world seems to be moving towards more online storage, or in the case of cloud vendors, a reliance on snapshots. That might be good enough for cloud vendors, but is it good enough for your on-premise system.
It’s likely that an attacker, possibly even with insider help, would wipe out backups first, then primary systems.
Some sort of disconnected offline backup of data, especially database servers gives you a third line of defence.
don’t forget that back up- need to be tested- if the back up software compatible with old versions, does your back up use the same version as the current erp software installed on your primary, or the same SQL version (i.e when you upgrade do you also upgrade your back ups, or maintain an older environment?)

Microsoft and other large vendors have had downtime whether self induced by releasing code too early, or due to hardware failure, or malicious attach . What is important to realise is just how infrequent are just issues given the number of clients they have across a range of solutions, and how little was the downtime and how fast they are at in addressing issues that arise. The think about how you would have been able to deal with the same issues in your own server room?

There are increasing risks, and increasing issues of statutory compliance with regard to data protection e.g, GDPR. The cloud generally offers cheap storage nd robust systems, yet it needs to be part of a holistic approach to reduce overall risk and cost, and not the only line of defence.

Gitex 2018- See Filehold DMS with Synergy Software Systems

September 30th, 2018

Meet us with Globalis to see how advanced cheque scanners and a modern DMS solution work together.

Talk to us about how repetitive automation can help you match hundreds of thousands of invoices, or to reconcile claims, or to reconcile multiple bank accounts.

Let us show you how easy it is to drillback from any key field in any application, back to the source doument and all related documents in Filehold.

EAM, field service, IOT and Holo lens -ask Synergy Software Systems, Dubai

February 17th, 2018

The digital world is already here and what seemed science fiction few years back we now accept as everyday. Voice activated commands on our smear phone now also query our databases and update our dashboards, remote medical checks are done at an atm, artificial intelligence and big data influence our live every time we log onto google, amazon, facebook or ring a callcentre.

We have been investigating IoT for over a year, particularly with regard to condition monitoring for asset management and several of our team were involved in recent training that included a hands on session for Microsoft Field Services. This is built on the Dynamics 365 platform as an extension of CRM and offer comprehensive features for field service: help desk, engineer scheduling and mobile operations. Field service is aimed at service companies with a large field force of service engineers and is typically integrated with erp systems and thus the overall project can be quite complex. To reduce the risk and implementation time we offer a proven accelerator.

We also offer a Enterprise Asset Management suite which is successfully deployed in several leading UAE companies for a number of years particularly for asset tracking.

In Dynamics 365/2012 for Ax EAM also needs to consider that both engineers and equipment may be sued is production or on projects. Thus engineering and maintenance scheduling also has to consider in house planned and breakdown maintenance and servicing and more complex overhauls and asset structures, the impact of equipment downtime on production schedules and much more. We offer a Microsoft certified isv integrated suite of EAM modules built on the Ax 2012/D365 platform that covers both field service and mobile as well as in in house maintenance.

Predictive maintenance and SCADA integration and extensive condition monitoring., embedded and Power BI analytics are no longer rocket science.

At a recent client 4 day workshop we demonstrated HOLO lens assisted reality to support engineers. This can for example be used to provide step by step guidance or for collaboration from the field with an OEM a remote manufacturer, or your chief engineer.

VAT key steps – Synergy Software Systems, Dubai.

January 8th, 2018

- Maintain regular accounting books and records

Account maintenance is now mandatory under UAE VAT Law and it facilitates the correct receipt and payment of cash and other transactions entered by a company. Audited accounts will be needed so don’t wait till year end to find an auditor that suits your business.

2- Make changes to the core processes and accounting departments

It is important to change your core processes and adapt your accounting departments to achieve tax compliance. For SMEs, with limited transactions, the task is easier as the transition is less likely to require significant systematic change or they might use an external bookkeeper or tax agent.

3- Train staff, especially financial management

Employees need proper insight around GCC-wide initiatives to implement VAT across the region and how companies should prepare. Help them de-mystify VAT by providing on the job training and a framework to raise and clarify queries. Avoid disputes with trading partners and ensure staff have the relevant information and training to resolve issues that arise.

4- Review your contracts and the contracts and conditions agreed with dealers

Many businesses negotiated contracts at a time VAT was not payable but running across the implementation dates. It is time to now bring contracts into step with the UAE’s economic context.

- Consider accounting software for bookkeeping

Electronic reporting systems are increasingly being used by tax authorities. The ability to produce the required audit file details on demand will be difficult without a system. Companies that use electronic invoicing are likely to improve the timing of VAT recovery on costs.

6- Adhere to VAT deadlines

Register your company to avoid a fine as severe as AED 20,000. The Federal Tax Authority (FTA) has already been extend the deadline to the 1st January and if you don’t complete VAT registrations you will also have to stop sales till you get your tax registration certificate (TRC).

Note initial returns are due 28 January 2018 so time is running out.

7- Study UAE tax legislation

The implementation of taxes in the UAE came with a whole new set of procedures. we recommend to study and get familiar with the different laws in place including the UAE VAT Law and to discuss with your auditor, tax agent and software provider.

8- Keep an eye out for new information

There have been a slew of clarifications in the last month and some details are still not finalised e.g. with regard to free zones, or which companies will report monthly and which quarterly.