Are You Ready for the Cloud?

With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.  

Let’s walk through the 5 W’s + How.

• Who?
• What?
• When?
• Where?
• Why?
• How?

No, this isn’t an intro to journalism course. Instead, we’ll use this formula to break down your options for finding the best IT outsourcing firm to help you move your health care practice to the cloud.

What Should You Be Looking For?

Clouds are private, public or a hybrid of the two. These labels can be confusing. Public clouds aren’t open to the public and private ones serve as remote data centers for a single health care provider.

To decide the best cloud for your organization, determine what you’re actually looking for. Choose from a service that supplies platform, infrastructure or software as a service — PaaS, IaaS or SaaS. Relevant considerations include company size, HIPAA impact and what you wish to accomplish.

Who Is the Best Cloud Provider?

Healthcare IT News identifies seven top providers:

• Amazon Web Services, who developed these services first, has aggressive pricing and releases new features regularly. Their main service is IaaS.
• CDW Cloud Solutions, familiar to many healthcare organization, offers a variety of services, such as migration planning and project support.
• IBM Cloud, ClearDATA, Google Cloud Platform, Microsoft Azure and VMWare receive honorable mention.

It’s best to look into several services to determine the best one for your IT needs.

When Is it Time to Switch to the Cloud?

Most companies have some kind of cloud-based functionality already. For those still deciding whether to switch, the following questions can help clarify your thoughts.

• Who can help us with the migration plan?
• Is the management team stable?
• What’s the strategy driving the move?
• Are local providers reliable?
• Is it in the budget?
• Will we net a positive return on our investment?

These questions get right to the heart of the matter and help you find out if your team is ready, able and willing to make the switch.

Where Should the Data Centers Be Located?

The physical location doesn’t matter that much. It’s more important to replicate data and applications in distinct regions for redundancy and to ensure access to your data. Where you locate or have your IT consultants locate your backups is determined by the technology and configurations that work best with your systems. In fact, if you’re paying for around-the-clock monitoring, location becomes irrelevant.

Why Are You Thinking About Moving to the Cloud?

This question is a bit outmoded. A better question would be, “Why wouldn’t you move to the cloud?” That’s a question most companies have or are asking themselves right now. Cloud systems scale easily and they’re cheaper than the cost of maintaining your own local data centers. In the cloud, critical processes, such as data replication or disaster recovery are more straightforward.

Cloud services also offer a pay-as-you-go model that fits the budget of more practices and startups. While data security used to be considered a risk on the cloud, new technology has helped ensure the security of your systems and client data.

How Can You Get There?

Vet out an experienced healthcare IT provider that’s handled multiple cloud implementations and integrations. Reputable providers should be able to share their own cloud models, provide references, and ensure that you start and end with a reasonable budget.

Scalability is key in the cloud. It’s one of the major benefits, so make sure your organization is in a position to leverage it. With the right cloud set up, scaling up your user base should be easy and hassle-free. The documentation your IT consulting provides should include detailed plans regarding the tools and features needed for HITECH and HIPAA requirements. With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.

Finding the right scheduling software can make everyone happier, and thereby make everything run a bit easier and a bit more smoothly. Here is what you need to find in the optimal scheduling software program, and where to find it.

The medical field has always been an industry in which accuracy is key. From the moment a referral is processed to the moment that a patient leaves the office after visiting with their physician, accuracy, privacy, and efficiency are all fundamental components of what drives the medical experience. Even in a small doctor’s office, it is common for a single physician to have several hundred patients that they care for regularly. Therefore, the task of managing the caretaking of patients and their private information largely falls to the support staff. While scheduling appointments may at first sound like the least complex task to manage within a physician’s office, efficiency and accuracy in scheduling are pivotal in ensuring the success of the entire office. Taking advantage of a quality scheduling software can help to streamline the scheduling process, thereby helping to ensure that patients are scheduled when they ought to be, with the doctor they need to see, and all pertinent information is managed accordingly.

Shifting to automated online scheduling makes it easier to:

• Provide patients with easy access to schedule appointments
• Simplify the job of office staff workers
• Streamline the functionality of a medical office, regardless of size

There are a few things that every medical office needs if it wants to run smoothly. A strong office manager, highly skilled nurses, and a caring physician are all important factors—but you can’t overlook something that has grown to become even more fundamental to the medical field, the right technology. Without the right technology, you could find yourself losing information, or even worse, making information too easily available to malicious eyes, and spending hours that should be reserved for better caring for patients instead of trying to deal with complications and redundancies in software.

Shifting to an intuitive scheduling platform can help to drastically streamline the appointment process and lead to improved morale among patients, office workers, and medical staff.

What is self-scheduling?

Self-scheduling is quickly becoming one of the biggest technology trends in the medical industry. This sort of software allows patients to use any digital platform, such as their home computer or mobile device, to schedule, reschedule, or cancel appointments at any time. This takes a huge burden off of office staffers, who are typically fielding calls throughout the day to manage appointments, while also providing a level of comfort and support to patients who are now able to schedule their medical appointments more inconspicuously, and without the need to wait on hold until an office staffer is available.

Patients appreciate the 24/7 around-the-clock nature of online scheduling, and office workers appreciate the reduction in time spent on the phone managing those appointments. Instead of speaking directly to all patients, office workers can instead focus on ensuring that incoming patients have ample time to complete their intake paperwork, processing necessary prescriptions, or any other number of tasks that are the responsibility of the medical officer manager, like dealing with the needs of patients with more complex issues.

Automated Waiting List

Putting it in the patient’s hands to schedule their own appointment at their convenience means giving the patient peace of mind to consider their personal commitments as they make an appointment, thereby making it less likely that they will have to cancel or reschedule. However, it also provides the patient with the opportunity to see the next available dates for appointments, and even to sign up for a waiting list for an earlier appointment, should one become available.

Online Scheduling: The Organized Option

The biggest benefit to shifting to an automated schedule is the organizational bliss that comes from putting all incoming information in one place. By utilizing an intuitive scheduling platform it is possible to cut down on wasted hours in the office, to reduce errors in scheduling by limiting overbookings and canceled appointments, and to ensure that all booked appointments are properly prepared for and the medical files necessary for each appointment are processed accurately. Office staff can easily work with the scheduling platform to match patients with the necessary provider, process insurance information, and fill in a provider’s schedule—all in one sitting. For a large medical facility, shifting to an automated scheduling system is a must-do to keep the office above water. For a small medical facility, this simple decision can make a world of difference in the level of functionality and productivity in the office.

3 Shocking Healthcare Business Associate Data Breaches Stories

What the worst that could happen? 3 healthcare data breach stories aren’t for the faint of heart. Find out how to protect your company from similar outcomes  

Breaking news. July 25th, 2019. Northwood, a medical equipment benefits administrator in Michigan had to notify their many healthcare partners that their patient data had been compromised after a hacker bypassed security to access and employee’s email. As a result, over 15 thousand patient records were affected. After spotting seemingly nefarious activity on the email, security was alerted. But they determined that the entity had had access for three days, an eternity to steal patient data. Diagnoses, social security numbers and more were among the causalities.

Alert! Nearly four thousand patient records compromised when Cancer Treatment Centers of America experienced an email hack. If only this were an isolated situation. But unfortunately, it’s the third within a short time as those seeking to do harm deploy email phishing attacks at the company on a regular basis just waiting for someone to take the bait. This time the hacker had access for 11 days.

Not again. American Medical Collection Agency (AMCA) experienced an eight-month hack of patient data that exposed over 25 million patients’ information. Over 20 of their partners were affected, including names you know like Quest Diagnostics and LabCorp. Laboratory Medicine Consultants claims that their business associate, AMCA “downplayed” the incident, leading them to believe that the breach was much less impactful than it was and causing the need for more extensive investigation.

These breaches are recent and investigations ongoing so at this time we can’t quantify the personal casualties, HIPAA penalties or lawsuits that will likely result for both the business associates and the hospitals, labs and other medical providers that trusted them to protect their patients from third-party data breaches.

Stories like these remind us of the impact of healthcare business associate data breaches and the importance of putting systems in place to protect patients and our healthcare company’s financial interests. Let’s explore the solutions that these companies and their partners, unfortunately, implemented too late to prevent the data breaches but you can proactively employ to prevent a similar fate.

1. Get the Business Associate Agreement Updated

As a healthcare organization, you work with several third parties who have access to varying levels of patient data. And we couldn’t function without them.

You need business associates to:

• Access to expertise you don’t have in-house
• Keep costs low and standards high
• Collaborate with other healthcare professionals

While a BAA won’t completely protect you when business associate data breaches occur, it does outline what your partner is doing to keep patient data safe. This allows you to evaluate their standards and make the best decisions for your organization.

2. Re-evaluate What You Share with a Business Associate

Patient information should always be on a need-to-know basis. For example, a collection agency doesn’t need diagnosis information to collect on a debt. But you could be unwittingly sending this if you simply send over un-redacted patient records. You’ll find many examples of similar cases, so evaluate your exposure and limit the risk.

3. Invest in Your People

You can have the highest level encryption, firewalls and anti-virus, but a phishing email can help a hacker bypass all of it. Typically, an employee receives an email asking them to click a link. That link may lead somewhere that looks familiar, encouraging them to enter a password. Or the link may cause the download of a file that compromises security. Stay informed about the risks and continually update your teams about the types of tricks hackers use to access patient data.

4. Vet Third-Party Software

We all know that there’s an app for that. Apps make our lives easier and can do almost anything. And in a business where time is money, we’re always looking for ways to increase productivity, patient satisfaction, inventory management and more. But any third-party software, even if it’s a trusted name like Microsoft or Google, is an opportunity for those trying to access patient data to do so.

Know who your partners are and what security measures they employ. Some software companies have varying levels of security on their software. And we can assure you that if someone in your company is using the “free version” of a service like Dropbox or Google Drive, it doesn’t have the security you need.

Work with IT security experts to evaluate their security measures. And know that software companies also need to sign a BAA if you will be giving them access to patient data. If they won’t sign it, choose another application.

5. Take Stock of Your Current Security Technologies

Are these technologies high-caliber enough for healthcare? Are they able to reduce the risk of today’s modern security threats, which are often clever and highly convincing?

Once again, if you don’t have the high-level security expertise in-house, consult with experts who can evaluate your risks and recommend solutions.

Consult with Managed IT Security Specialists

The average IT director or manager may be very good at his or her job. But today’s security risks extend beyond the training and knowledge of even the best IT professionals. You need to work with security specialists who understand the risks because they manage and eliminate those risks for healthcare companies every single day.

Working with business associates is essential to the function of any healthcare organization, but you don’t have to take on that additional risk when you work with professionals who can help you evaluate those partnerships and keep patients safe.

Cloud Storage vs. On-Site Data Housing: Factors for Healthcare Organizations to Consider

Internet technology has opened the way for data storage to be far less cumbersome for modern healthcare organizations. After all, handling all the incoming data in a modern practice is not all that easy. Many organizations have jumped on board and went after a cloud-hosting solution, but is it really necessary if you have room for on-site data storage in your facility? Here are a few factors to consider before making the final decision on cloud storage versus on-site data housing for your healthcare organization.

Compliance is a core concern for many healthcare organizations with cloud-hosted data storage.

Cloud-hosted data is great; it is convenient and does not require investments in expensive hardware. However, in a field where strict adherence to privacy regulations is a top concern, off-site data storage can be something that’s a bit off-putting for some healthcare companies. You lose a certain level of control over the data when it is stored off-site with a cloud-hosting provider. The digital records are not on-site at the facility, so you have to have full trust in the host for the sensitive data, and sometimes that sense of trust is hard to foster to provide you with full confidence.

Of course, on-site data housing comes with its own compliance concerns as well. Proper security measures have to be in place for the data itself, the systems you used to house that data, and the physical location of the data center. The primary difference here is that if you choose to go with an on-site data storage solution, you will know what levels of protection you have specifically because you had a hand in implementing those safeguards. With cloud-hosted data storage for healthcare, you are at the mercy of the provider.

Setting up your own data center can be a lot of work and money.

One of the pitfalls of keeping data on-site is the fact that it can involve a lot of effort and quite an investment. There are several factors to consider before this kind of implement takes place. You will have to look at:

• What type of computing hardware your organization is going to need.
• If your organization has the electrical infrastructure to offer full reliability and avoid problems with outages.
• How you will implement a cooling system to keep the data center cool due to high levels of heat generation in the space.
• What type of security you will also implement to keep the physical location secure from outsiders.
• If you are capable of utilizing the right operating systems and software to coincide with the on-site data servers.

The bottom line is, you have to consider if building your own on-site data storage in healthcare is worth it or if it would be best to go with the more modern solution. There can be numerous costs involved and a great deal of planning. Some organizations are more equipped to handle these changes than others. For the most part, small and midsize operations simply won’t have the time or funding in most situations.

Don’t forget that hybrid data hosting is also an option.

If you’re not equipped financially to handle a full investment in an on-site data storage system but prefer to keep some legacy applications private in your own data storage systems, you do have the option to go hybrid. According to Forbes, this setup is quickly becoming one of the most popular in healthcare. In general terms, a hybrid model allows you some on-site data storage and some off-site cloud-hosted storage as well. These models are being used quite frequently in smaller operations because they make good sense, allow the operator that sense of control they want, and are financially appealing.

There’s really no one-size-fits-all data storage solution for all healthcare organizations. The important thing to do is to consider all of the pros and cons of each setup and take into consideration the resources and space you have available before settling on a particular data storage solution.

From wirelessly connected fax machines to network-integrated treatment equipment, the modern-day healthcare facility has a full list of things that must be a part of their network. As convenient as the IoT may be for modern practices, every device adds a potential point of security vulnerability. Each new addition offers incredible convenience and functionality to a healthcare operation, and many of these connected devices have become quite standard in modern practices.

Something as simple as an insecure email generates a new onslaught of security concern, but when you look at the thousands of things that must maintain a network connection, those concerns seem somehow minimal by comparison. Managing privacy and utmost security with every new device has become a challenge simply because these devices have all-out exploded in the medical arena. Here are a few tips to remember where securing IoT in healthcare is concerned.

Supreme reliability generates points of security weakness all on its own.

There is a huge disadvantage with some smart medical devices; these units are created to be far more reliable than something man-operated. These devices are often used for treating severe ailments and are often deemed as “high criticality devices.” These devices, by all rights, maybe keeping a patient alive during treatment. As great as this is for patients, it also means the manufacturers of such connected units are extremely hesitant to make changes to operational functions for fear of compromising reliability.

It is not uncommon for some devices to go for many years without updates, rarely get a new patch for security reasons, and end up being highly vulnerable points of access on an organization’s network. Non-updated legacy software may not be designed to thwart incoming attacks.

You have to have a map of IoT architecture to fight security threats properly.

IoT is not the same as something like a network of computers. These units rely on a network differently, and they all usually have different usage patterns. On the contrary, a system of computers would likely all act and connect in the same way, maybe even at the same times. These variances make securing these devices a little more complicated.

As the operator of a medical organization, it will be critical that you have a detailed map of your IoT devices. This map should show how and when devices are used, where they are located, and what measures have been taken to keep them secure. This kind of mapping process affords an awareness when you need to understand the risks that are apparent and how they can be amended or tended to.

The Future of IoT in Healthcare

If there is one thing that is expected to stay consistent in healthcare, it is how IoT will continue to grow and flourish as a necessary component. Therefore, even if you are steadily ignoring some of the risks now with the few smart devices you have, that will definitely not be wise as time goes by. It is best to fully understand the network of devices you have, fully assess and address all security concerns, and continue to work with an IT security expert to make new amendments with every new device added to your operation.