Healthcare IT is not an even playing field. Every organization has to maintain HIPAA compliance, and many tools are available that can help. Unfortunately, only the largest organizations can afford them.
“The biggest issue I’ve seen from a compliance perspective in healthcare IT is that most of the tools that could successfully aid small businesses with compliance are priced out of their reach,” said Chris Jones, Owner, Jones Itech.
Jones has been in information technology for more than 20 years. He’s had dozens of healthcare clients, and most of his business comes from small and medium-size doctors’ offices.
He helps these small providers achieve and maintain HIPAA compliance on their networks, and his clients are very grateful. His business has grown almost entirely through referrals over the last decade.
“I've never really advertised my business. It's just grown by word-of-mouth referrals… When you’re getting a referral from a colleague or someone that you have a lot of respect for, it’s better than what I could get if I spent thousands and thousands of dollars on marketing,” he said.
Getting clients for healthcare IT services and keeping them happy (and compliant) is not always easy. Below are four tips Jones shared for other IT service providers in the industry
Tip #1. Be firm on your standard healthcare IT servicesWhen you deliver IT services in healthcare, most times you will work with an office manager. The doctor(s) may have specific needs and demands, but the office manager has to be sure your service will meet the needs of the entire practice.
Hopefully you’ve standardized. When you have a standard set of IT products and services, you can save more time and money when deploying and managing your clients’ networks. And your clients get better service, too.
If a client demands a piece of hardware that is outside of your standard, then don’t be afraid to be firm, said Jones. Doctors are used to getting what they want, but if you explain why nonstandard technology is a bad deal for their office and for yours, then they will likely understand.
Tell the client that nonstandard hardware forces you to deliver slower service that is more expensive and less reliable. It will likely take longer to install and maintain, and it hasn’t been proven in the field. Your standard equipment provides predictable service delivery. Non-standard technology is a question mark.
Tip #2. Explain that “total cost” is more than “price”Everyone cares about price. No one wants to pay too much for healthcare IT services. But you need to demonstrate that the total cost is determined by more than price.
“The biggest sales job I have, almost every day, with my customers is to explain why they do not always want the cheapest piece of equipment. The cheapest piece may save you on the front-end, but after one service call you’re going to lose all that money,” said Jones.
And that’s just for one service call. Multiple service calls will stack the costs higher, not to mention the losses in morale and productivity from employees and less satisfaction from patients.
Also, healthcare data breaches are rising. It makes more sense for providers to have solid, well-supported hardware and services rather than the cheapest device on the shelf.
“Once you explain those things to people in healthcare, their price objections go away,” said Jones. “I’ve never, ever had a customer that demanded to use the inferior quality product when I explained why.”
Jones used to rely on Cisco for all of his network hardware. The parts were high-quality, but he got frustrated by a lack of standards.
“Every time I went out to a client site it was an adventure as to whether or not I was going to be able to configure the piece of equipment, because it was always slightly different than the last piece I used… I can’t even tell you how many hours I’ve wasted with Cisco devices.”
This created a “black hole” in Jones’ schedule. He could tell healthcare IT clients how long it would take to install everything and how much that would cost, except when it came to network hardware like the router and UTM firewall. That made him uncomfortable.
“The last client I charged a half-hour of time for this and I’m charging you three hours for the same thing. I don’t feel right about that. I don’t think that’s the way it should be. I should be able to standardize it and have a good idea of how long it’s going to take,” said Jones.
Once Jones tried Calyptix AccessEnforcer, he was happy to learn that the point-and-click management interface is the same across all models of the device. The installation process is always the same and the device always performs as expected. It’s still a powerful, sophisticated device but now the configuration headache is gone.
“Every Calyptix device that I’ve taken out to a client site has performed exactly the way it should. It’s predictable. That, for me, is like gold,” he said.
Tip #4. Make HIPAA compliance easier with automatic updatesBefore switching to Calyptix, patching the firewall was also a problem for Jones. Every one of his healthcare clients needed a UTM firewall and it had to be patched and maintained with the latest firmware.
But with other firewalls, the patches had to be applied manually. This became a problem for his schedule and for his clients’ HIPAA compliance.
“You’re technically non-compliant after a patch is released and not applied, even if it comes out within days or weeks of me deploying the firewall. If the patch isn’t germane to the practice, not applying it is still considered a risk and one that I don’t want to take with my clients,” said Jones.
One of the reasons Jones switched to Calyptix was that the AccessEnforcer firewall updates automatically. Patching a firewall’s firmware was no longer an issue.
“The Calyptix devices solve that immediately. As soon as they’re put in, these are always going to be up to date. You don’t have to worry about that anymore,” said Jones.
Healthcare IT Security: Compliance nightmare on horizon
