be_ixf;ym_202404 d_12; ct_50

Jerris Heaton

5 Key Questions You Should Ask Your IT Provider Annually

May 3, 2022

EHR, Information Technology, Security IT 4 Minute Read

IT can be a complex and expensive aspect of any healthcare organization. You have unique requirements regarding the collection, use, and sharing of data to remain compliant with HIPAA. While many healthcare entities choose to outsource IT, you must also keep an eye on how your provider delivers these managed services. Each year, you should have in-depth discussions that you can kick off with these five key questions.

What are we doing to keep our organization and our patients protected from growing cyber threats?

Remaining vigilant and proactive is critical. Healthcare is an attractive target for cybercriminals. According to data, there were 642 large-scale incidents (data breaches of 500 records or more) in healthcare in 2020. That number has been steadily climbing.

High-profile events in the industry include phishing and malware attacks as well as ransomware.

These security incidents have major consequences, with the average cost being $9.23 million. Beyond hard costs, there’s also reputational harm.

To mitigate this as much as possible, we recommend annual IT cybersecurity assessments. Those should include:

  • Network scanning to identify all assets
  • Backup and disaster recovery process review
  • Firewall and security settings review
  • Ransomware and network risk evaluations
  • Virus and malware scans and reports for all assets

When was the last time we had an IT systems assessment?

If you aren’t sure your provider has recently completed an IT systems assessment, you should find out. At a minimum, your vendor should be conducting these annually.

In addition to the items listed above relating to cybersecurity, the assessment should cover:

  • Visual inspection of all workstations, network, and servers
  • Device mapping
  • Inventory of all on-premises equipment
  • Bandwidth performance related to your network, wireless, and internet
  • Key practice software review
  • HIPAA SRA survey

Explain our bill; what are we paying for?

Without an itemized monthly bill, you may not know what you’re paying for regarding managed IT services. There may be items that you don’t need or take care of internally.

Depending on your provider, they may be facilitating a variety of solutions, such as:

  • Monitoring and maintenance
  • Help desk support
  • EHR deployment and management
  • Cloud hosting

Some IT services are one-time events like cloud or software migrations. Others are recurring. Be sure that you know what each service costs you monthly or annually. You can view our pricing calculator to estimate what your expenses would be with us.

Do we have an SLA agreement in place, and are you meeting those metrics?

First, you’ll want to determine if you have an SLA (service level agreement). An SLA defines the level of service you expect from a vendor and the metrics they should meet. It also outlines the duties and responsibilities of each party and any exclusions.

Some SLA examples are:

  • Uptime guarantee for your systems and cloud-based applications
  • Timeframes to deliver technical support
  • Security precautions that they consistently provide to protect assets

If you have an existing SLA, it’s time to talk metrics with your vendor. Go through each line item of the agreement and discuss their performance. If they aren’t meeting SLAs, find out why and if there is any redress available. Failure to meet SLAs could jeopardize your IT security.

What solutions would you recommend to ensure our practice’s IT infrastructure is in a compliant, secure, and reliable state?

IT infrastructure is complex. As your practice grows and you add new assets and platforms, your infrastructure must meet these new demands. Without reliable infrastructure, you’ll have difficulties with any technology task.

When discussing next steps or projects, you should have access to an account manager with expertise and knowledge who can make recommendations based on your needs and requirements.

5 questions lead to lots of answers

By starting conversations with IT providers with these questions, you can determine what services you’re receiving, expected delivery, costs, and more. If the answers aren’t what you expect, it’s time to consider a new partner to maintain your IT ecosystem.

Get a free IT assessment and customized quote today 👉

Related Posts