By Cheryl Nelan
IT services in the healthcare industry may be thought of as a commodity for some. Hire an IT company that monitors your devices and makes sure your anti-virus is up to date. That is a commodity these days. How about one that also maintains your backups and manages system patches? OK. One that also provides help desk services and training for your end users? OK, maybe more than a commodity – starting to sound like some valuable services. After all, if you can’t access your patient records, it becomes very difficult to treat your patients. Oh, and what about security? Most healthcare providers have cybersecurity insurance these days, but what would a breach do to the trust and relationship between the doctors and patients? Could the practice even survive?
This is when IT managed services needs to be much more than a commodity. It must be a partnership. Finding the right IT partner for your practice means finding a partner that understands the industry. And serves it. And, advises you so you understand where your risks might be and how to mitigate them.
Consider the HIPAA Security Risk Assessment. New York State requires it be completed annually. Maybe you spent money having a third party assessor complete it. Often, the internal Security Officer (often otherwise known as the Practice Manager or Office Manager) completes it on their own. There are many tools out there and this can be a fine strategy – as long as the controls are understood, the practice partners understand their current risk landscape, and there is a plan in place for continuous improvement. An IT provider who understands the healthcare industry should be able to help here. For instance, at CMIT we are certified to perform the assessments ourselves and assist many of our clients with this critical step. Still, our most important role, is helping the practices we serve understand their gaps and the risks associated with each. Helping them plan for improvement to protect their data and therefore their patients’ data. The IT landscape is always changing so a healthcare-focused IT partner can guide a medical practice to implement the security measures that best protect their business while understanding the budgetary constraints many practices are under.
It’s never one size fits all with Healthcare IT Services, smaller practices have different needs than large healthcare systems. Risks are different – but they are still a major concern. Depending on where your practice is in the spectrum, we can build out a plan that leverages the technology you have in place today while working to close the gaps identified in a HIPAA Security Risk Assessment by leveraging best practices in the industry. That means something different for every practice we serve:
- From working to get business-class firewalls in place and updating all systems to current supported operating systems
- To adding cybersecurity training and help desk services for staff
- To implementing multiple layers of security and monitoring of all systems
- To building a business continuity plan that includes keeping the practice running in the event of a breach or other disaster
- To ensuring policies and procedures are in place and kept up to date.
And, many other elements, depending on your practice and your IT needs.
Critical to our success has been our Quarterly Business Reviews. IT security and services are not a set it and forget it business proposition. It requires on-going strategic reviews. Understanding what is changing in the practices we serve, help us better guide them for their own success and security. Reviewing changes in the industry and making recommendations helps our clients understand what is critical for the success of their practice and plan their IT investments wisely. No surprises. We meet with all our clients at least quarterly to keep this conversation going and be sure our clients know what they have today, understand the landscape as it pertains to their practice, and can make the right decisions to meet the strategy and security levels they require.