Most healthcare professionals went to school for years to learn their craft. They take pride in running an efficient practice and helping to provide excellent patient care. It’s no surprise that maintaining the computer network their clinic needs to run isn’t on the top of their priority list. Even further down the list is strategic IT planning for medical clinics. We want to help make IT simple, so here are some of our top strategy considerations.
Electronic Health Records
One of the biggest strategy questions when it comes to EHR software is whether it stays on premise, or you use a web-based application. Another consideration is what specific software to use. There are a lot of good EHR software out there. Finding the right one for you will depend on what type of medicine you do. We find that healthcare providers that have an HER that is more tailored to their specific practice needs generally have a higher satisfaction.
Most of our medical clinics have moved to a web based EHR system. This is for a few reasons. They are available anywhere you can access a web browser. They don’t require investment in a server. The software provider typically manages backups of any PHI, and secures that data, so it can simplify HIPAA compliance.
One strategy consideration with a web based EHR software is availability. Since you need internet to connect to the EHR, you’ll want to think about what happens if you have an internet outage. Our recommendation where possible is to get a secondary intent connection. Then set that connection up on your firewall so that if the primary goes down it automatically fails over.
That allows you to have continued access to critical EHR software even in the case of an internet outage.
IT Security and HIPAA Compliance
This is probably one of the biggest areas to talk strategy for medical clinics. HIPAA mandates that you have certain security controls in place protect PHI. There’s so much detail in that discussion that we wrote some separate resources to help with it.
The current world we live in has more cyber security threats than ever before. You need to have a strategy to train your employees and secure your patient data.
There are 3 different sections to HIPAA compliance. You need a strategy for each. How are you going to meet the requirements for the administrative safeguards? What solutions do you have in place for physical security safeguards? Do you have all the right technical safeguards in place. Each is it’s own discussion. The attached resources are excellent primers on what you should be thinking about and recommended strategies.
Backups
Having a solid backup solution is a requirement of HIPAA and best practices for a medical clinic. We typically recommend having both a local and offsite copy of your data if you have servers on premises. There should be a written plan in place of how you would recover if there was an outage and how long you expect it would take. You’ll want to make sure that all PHI has a backup, but also other important data such as accounting and financial information.
If your EHR is web based, you should find out what backups are being done by the software provider. Do they have a plan to restore if there was an outage or security incident? Most have written policies, but it’s important to ask so you know what to expect in case of an emergency.
Hardware Cycle
All hardware has an expected lifecycle. Most laptops live for 3-4 years, and most desktops can run about 5. When your hardware ages past that a couple of problems can start to crop up. They can become old enough that the operating system is no longer supported. This means that they no longer have security patches and are then a HIPAA violation. Older workstations also can bog down. This causes frustration on the part of your staff as well as lost productivity.
To solve these problems, we recommend a simple strategy. Keep an inventory of all your machines. It should have the age of the machine, make, model and pertinent info. Review that inventory regularly, and plan based on the age of machines as to how many should be cycled each year. Divide that by 4 and purchase new machines on a quarterly basis. This makes it easy to budget for hardware and ensures that you never end up running on older machines or outdated operating systems.
i.t.NOW provides this as a service to all our clients to make management simpler.
Regular Maintenance
You’ll also need a strategy to take care of regular maintenance needs such as security updates, patching, 3rd party patching, and firmware updates. Microsoft releases patches and updates every single week. For security and HIPAA compliance those need to be applied regularly. You’ll also have 3rd party patching that needs done and firmware updates on occasion.
The very best strategy for making sure this happens in a timely manner is to leverage a software tool that allows you to automate those updates. Unless you have full time IT staff to administer this for you, it likely isn’t in place. If you set windows to auto update it can happen at inconvenient times, or sometimes will push a bad update that causes problems.
Work with your IT team to make sure you have a strategy in place to take care of regular maintinenece needs.
Quarterly Strategy Sessions
IT is not a one and done prospect. There are new security threats and compliance requirements that come up, and you need to check in on regular maintenance. Budget planning is also important.
We recommend meeting quarterly to review all your strategy items, get updates on security, and give any needed feedback to your IT team. This allows for clear communication and success.
Conclusion
There is a lot to think about when planning IT strategy for your medical clinic. EHR, Cyber Security and HIPAA compliance, backups, regular maintenance, hardware cycle, and more. You need to have an IT team that is on point helping you to manage all these items.
i.t.NOW has years of experience helping healthcare providers make IT simple. Our done-for-you solutions allow your team to get the help they need when they need it.
Photo by National Cancer Institute on Unsplash