6 Reasons You Should Worry About the IT Management of Your Medical Practice
When you were in residence, the thought of 20-hour shifts probably gave you nightmares. At that time you never thought that managing a part of your business would trigger similar anxieties. Of the many things you learned in medical school, managing a technology infrastructure that is robust and meets the demands of a maze of federal regulations was not one of them. As a medical practitioner you don’t have experience understanding the inner functioning of your network systems. Also, with additional government regulations there are many reasons to have serious concerns about your IT. Failure to comply with those regulations, caused by mismanagement of your technology infrastructure or anything else, may have far-reaching implications.
There are six reasons you should be concerned about proper management of your IT systems
Data Security: Any business that deals with the private and personal information of the general public has a tremendous responsibility for safeguarding it. Technology has given you the means and tools to manage the flow of information that is generated by your practice. You save vast amounts of data for instant access from different locations. Unfortunately, this also makes security a larger problem. Protecting your client data now goes beyond traditional obligations, especially now that it is regulated by HIPPA. There are serious repercussions for failure to protect personal health information, including fines and penalties running from $100 – $50,000 per violation.
Accessibility: New regulations have been enacted to improve accessibility as well. Now patients must be able to access their own medical information. Patient portals are gaining popularity, which, for health care providers, will be another task to manage.
Major Upgrades and New Programs: Another big challenge is the transition to new coding standards and government regulations. Now there is urgency on your part due to the updated regulation ICD-10, mandated by Health and Human Services, which must be implemented by Oct. 2015, as well as the implementation of HIPPA-mandated regulation ANSI 5010 effective Jan. 2012. This is a major transition that will have an effect on every facet of your business. A smooth transition is going to require marshalling significant technical and administrative forces.
Healthcare versus IT Management: The real reason behind all the uncertainty and apprehension about managing your network infrastructure is a lack of background. You were trained to be a health care provider, not an IT specialist. Given the complexity of IT management and the risks from failure or a data breach, it can be downright intimidating.
Fast Changing Technology and Threats: Growing demand in services and increasing threats from hackers demand new capabilities and safeguards in the form of software and hardware updates. As a health care provider you are unable to keep track of the new threats and viruses that are constantly emerging , and have the potential to threaten your systems and data security.
Downtime and Data Recovery: Another headache is downtime. Systems break. Reservation and scheduling systems can fail leaving you completely handicapped and unable to function. I was recently at a physician’s office where the scheduling system crashed and they had no idea who was coming in—they had no backup of the day’s appointments. Until that system was restored, they were completely in the dark. Given the reliance on electronic systems, your office needs to have plans to quickly restore systems, and also ensure effective data back up procedures.
Cost of IT Management: IT management is expensive, but it is required. The problem is that in-house support is a considerable drain on payroll. Additionally, in-house support, most likely a single full time employee at best, cannot be available or on-call 24/7. Vacations, sick time, and sleep present barriers to that although, of course, all employees should have it! Also, in-house staff may not be able to keep abreast of all the updates and regulatory changes all on their own. One additional cost of IT management is your time. You have to supervise them, and it is unlikely you have the background or desire to do that effectively.
What do you need to do? By now you know that you definitely need help running your IT networks, but whom can you trust with this vitally important task. You have to make sure that you can focus on your core business without any interruptions or worries. You don’t want to be told by your staff that your systems have been hacked or your data is not being backed up properly. You need to make sure that you are in complete compliance with government regulations requiring that security and accessibility of data be maintained. All health records must be maintained electronically. A single solution to all these concerns is to use a Managed Service Provider (MSP). A MSP can provide complete support for a worry free work environment and leave you free to concentrate on more important things. It is a cost effective, 24/7 solution that will give you peace of mind.
Are Managed IT Services Right For You? A Few Things to Consider
How do you get a small business to recognize the value of manages IT services? In the start-up environment, we encounter an eclectic bunch of personality types. There is a reason people become entrepreneurs or C-level execs. When we meet the owners or decision makers at smaller companies and organizations, we can tell right away why they’re where they are. They’re visionaries. They’re risk takers. They’re competitive. They want to be in charge.
Therefore, they aren’t always quick to place the fate of their business technology in the hands of a third party. They’ve come as far as they have by being in control and they’re hesitant to give up that control. But we’ve learned a few things along the way.
For example, the Type A personality is highly independent but also very competitive. So we tap into the competitive advantage that managed IT services gives them.
The Type B personality is creative and doesn’t like static routines. But their ears perk up when they hear terminology like “cutting-edge” and we can then paint the big picture for them once their listening.
But anyone we do business with has to be committed to the efficiency, security, and stability of their business technology to see our value proposition. And they have to recognize that managing their IT infrastructure is an investment they cannot take lightly.
So here are a few things we commonly have to address before any deal for managed IT services is signed.
Is my business large enough to even consider managed services?
There is an old adage that size doesn’t matter (ahem… we’re talking about in a fight) but SMBs must always think big to get big. The truth is, any company, regardless of its size or the number of people they employ, will run more efficiently if its technology is monitored, maintained, and managed properly.
These are facets of your operations that drive profitability and give our Type A personalities that competitive edge they crave. And they can rest easy whenever business is booming because their technology is built to sustain their growth. That’s the big picture that our Type B personality can appreciate.
How is making another IT investment a cost-savings move for my business?
There are still many SMBs who feel a greater focus and investment should go towards their core operations or marketing and sales. They only worry about technology when it breaks, figuring they’ll just call a service technician to come to the office and fix whatever the problem is. Or buy some new hardware at Office Depot.
There are some very obvious flaws to this strategy.
You’re paying way too much when it’s way too late – An issue that was likely preventable with early detection has escalated into a full blown business disruption and that on-call technician likely charges a high hourly rate, on top of hardware replacement costs, and may not get to your site right away. Being proactive rather than reactive to technology issues is important.
Don’t forget productivity killers – It’s taking your employees too long to boot their computers. Servers and applications are running slowly. Employee devices are full of Malware. Non-technical employees are running around troubleshooting tech problems. If you see this, your present approach to IT management is killing employee productivity and your bottom line.
What happens internally is noticed externally – Don’t think for a second that customers or clients don’t notice outdated or slow internal technology and mismanagement. If your site or applications are down often, run slowly, or your customer service rep tells them “I’m sorry, our system is down”, they’re noticing and it’s hurting your business.
When all is said and done, professionally managed IT services will give you a competitive edge, guarantee your business is always leveraging the newest most cutting-edge technology, and enhance your relationships with customers and clients – all while reducing costs.
Downtime is bad news for any business whether big or small.
A recent two-hour New York Times’ downtime occurrence sent Twitter ablaze and their stock price plummeting.
Google going down for one to five hours resulted in lost revenue up to $500,000 and decreased overall web traffic by 40%.
We know what you’re thinking. Holy crap, Google makes $100,000 an hour? Yeah… insane, huh?
While the hourly cost of downtime for a small-to-medium sized business won’t be nearly as large as that astronomical Google figure, downtime is often more detrimental to smaller companies. Smaller enterprises are more susceptible to downtime and are neither large nor profitable enough to sustain its short and long-term effects.
Downtime Leads to Unhappy/Unproductive Employees
Even the happiest of employees become dissatisfied when they can’t perform basic day-to-day job functions or properly service customers or clients.
While some employees may use downtime as an excuse to lean back, put their feet up, and comfortably collect their hourly pay, we’re talking about those employees who come to work to actually work.
And don’t forget your IT guy or tech crew. They can’t necessarily sit back and twiddle their thumbs when downtime occurs because they’re typically taking the brunt of the storm. They will ultimately grow tired of the daily routine of having to put out fires and having neither the additional manpower nor resources to change things for the better.
These things lead to high employee turnover and the expenses that come with training and re-training a revolving door of employees.
Downtime Leads to Customer Dissatisfaction
Customers and clients grow weary whenever critical components of your operations – or the services they either expect or pay for – cannot be accessed.
Nearly 50% of customers will move on to a competitor if they encounter downtime of five minutes or more. These customers represent significant lost revenue.
While some suggest this is a bigger problem in the retail sector, other types of businesses are impacted as well. Have you ever clicked a link from search engine results only to quickly bolt when the page didn’t load, you couldn’t complete an online transaction, or you were greeted with a “Technical Difficulties – Be Back Up Soon!” message?
Did you give up on finding what you were looking for or did you wait it out? You did neither. You went back to Google and found someone else offering a similar service or product that satisfied your yearning for instant gratification.
Downtime Ruins Your Reputation
One of the most commonly overlooked consequences of downtime is the hit your company’s reputation takes online. In this age of social media, one person’s bad experience is broadcast to dozens or even hundreds of followers. Bad news spreads faster than ever and has lasting repercussions.
“It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” — Warren Buffet.
Protect Your Bottom Line
The challenge for small businesses has always been how to minimize single-point-of-failure downtime using their limited IT resources. This is why downtime kills so many small businesses. They can’t prevent it and they can’t react quickly enough.
Thankfully, there are end-to-end business continuity solutions available today that integrate Remote Monitoring and Management (RMM) software, 24/7 access to a Network Operations Center (NOC), and advanced backup and disaster recovery solutions to alleviate this issue.
Not only do these methods minimize downtime and get businesses back up and running quickly, but they can reduce the cost of technology infrastructure maintenance by as much as 80 percent.
It’s time that small businesses stop being victims to the silent killer that is downtime.
What You Can Learn From U.S. Regulator’s Business Continuity & Disaster Recovery Recommendations
U.S regulators have recommended that all futures and securities firms review and update their current data backup, disaster recovery, and business continuity solutions.
Prompted by closures in the equities and options market in the aftermath of Hurricane Sandy, Regulators including the SEC, FINRA, and the CFTC contacted firms to assess the impact Hurricane Sandy had on their operations
The regulators asked each firm for specifics regarding any backup disaster recovery (BDR) and business continuity plan (BCP) they had in place prior to Hurricane Sandy. The responses they gathered were compiled to develop a list of best practices and lessons learned.
The regulators have since gone on to suggest that all firms refer to these best practices and lessons as part of reviewing and improving upon their current BDR and BCP procedures. By doing this, the regulators hope that firms will be better prepared for similar events. Regulators feel that a comprehensive BDR and business continuity strategy will help firms improve responsiveness and minimize downtime.
Managed Service Providers (MSPs) have always stressed the importance of the BDR and BCP solutions they offer to small-to-medium-sized businesses. That said, it doesn’t hurt to see what government regulators recommend to those handling our money. We’ve summarized portions of the full report, addressing only the parts that we feel can easily be applied to SMBs. The full report can be read here at http://www.sec.gov/about/offices/ocie/jointobservations-bcps08072013.pdf.
Widespread Disruption Considerations
True business continuity plans go beyond technology. What is the probability of a widespread lack of telecommunications during a disaster? We’re talking no Internet and no cell phone coverage. Large-scale events can knock out power and limit our access to drinkable water and food supplies. Getting around may be complicated. Roadways might be inaccessible and fuel may be scarce. Part of being prepared for the unknown is to assess how any plausible scenario would impact day-to-day operations and services.
A critical component to business continuity planning is remote access. Every employee should have the ability to efficiently work from home if a disaster strikes or blocks access to the office. If there is no power or no Internet and phone, alternatives should be defined to carry out key operations.
Alternative Location Considerations
The implications of region-wide disruptions must be factored into the location choices for backed-up data centers. Keeping backups within close proximity may seem like a smart strategy to ensure they’re readily accessible, but this does you no good if it’s a region wide disruption.
When it comes to supporting business critical activities at an alternative location, what will be the site’s staffing needs? How about office space, equipment, and available resources? Printed copies of the business continuity plan, contact lists, and other business documents and manuals should also be kept at the alternate site if electronic files can’t be accessed.
Any critical vendor relationships should also have an adequate business continuity plan, as they may be affected by the same event as you. Vendors risk ratings should be considered based on the quality of their BDR and BCP strategies.
Telecommunications Services and Technology Considerations
The telecommunications infrastructure must be enhanced. Consider secondary phone lines, backup mobile phone services with different carriers, emergency Wi-Fi spots, and cloud technology.
Review and Testing
Annual full BCP tests should be conducted. If the business continuity plan changes often, more frequent testing is recommended. All personnel should be trained for their specific role in the plan.
Is That a Business Continuity Plan in Your Pocket or a Bunch of Jargon?
Technology is full of difficult jargon. To further complicate things, certain terms are often used in a different context between one publication or service provider and the next. An example of this is the usage of backup, disaster recovery, and business continuity. These terms are commonly used interchangeably, often resulting in confusion. In an effort to alleviate some of this confusion, let’s describe each physical process. You will see an overlay among all three, although they are each different processes.
Backup – In IT lingo, the most basic description of backup is the act of copying data, as in files or programs, from its original location to another. The purpose of this is to ensure that the original files or programs are retrievable in the event of any accidental deletion, hardware or software failure, or any other type of tampering, corruption and theft.
It’s important to remember that the term “backup” refers to data only and doesn’t apply to the physical machines, devices, or systems themselves. If there were a system failure, disk crash, or an onsite physical disaster, all systems would still have to be replaced, rebuilt, and properly configured before the backed-up data could be loaded onto them.
Disaster Recovery – Backups are a single, albeit crucial, component of any disaster recovery plan. Disaster recovery refers to the complete recovery of your physical systems, applications, and data in the event of a physical disaster like a fire; hurricane or tornado; flood; earthquake; act of terror or theft.
A disaster recovery plan uses pre-determined parameters to define an acceptable recovery period. From there, the most satisfactory recovery point is chosen to get your business up and running with minimal data loss and interruption.
Business Continuity – Although backup and disaster recovery processes make sure that a business can recover its systems and data within a reasonable time, there is still the chance of downtime from a few hours to many days. The point of a business continuity plan is to give businesses continuous access to their technology and data, no matter what. Zero or minimal downtime is the goal.
Critical business data can be backed up with configurable snapshots that are instantly virtualized. This allows files, folders and data to be turned on and restored in seconds. Bare metal restores of hardware, where an image of one machine is overlaid onto a different machine, is also utilized along with cloud replication for instant off-site virtualization.
Many businesses also keep redundant systems and storage at a different physical location than their main site as part of their business continuity process. They may also outline procedures for staff to work remotely off-site. Some businesses or organizations may go as far as to have printed contact lists and other critical data stored off-site to keep their business moving if a disaster wipes out power and their ability to access anything electronically.
This should clarify the differences between backup, disaster recovery, and business continuity solutions. Choosing what works best for your business will come down to your current IT infrastructure, your budget and how much downtime you can reasonably accept.