May 3, 2022
IT can be a complex and expensive aspect of any healthcare organization. You have unique requirements regarding the collection, use, and sharing of data to remain compliant with HIPAA. While many healthcare entities choose to outsource IT, you must also keep an eye on how your provider delivers these managed services. Each year, you should have in-depth discussions that you can kick off with these five key questions.
Remaining vigilant and proactive is critical. Healthcare is an attractive target for cybercriminals. According to data, there were 642 large-scale incidents (data breaches of 500 records or more) in healthcare in 2020. That number has been steadily climbing.
High-profile events in the industry include phishing and malware attacks as well as ransomware.
These security incidents have major consequences, with the average cost being $9.23 million. Beyond hard costs, there’s also reputational harm.
To mitigate this as much as possible, we recommend annual IT cybersecurity assessments. Those should include:
If you aren’t sure your provider has recently completed an IT systems assessment, you should find out. At a minimum, your vendor should be conducting these annually.
In addition to the items listed above relating to cybersecurity, the assessment should cover:
Without an itemized monthly bill, you may not know what you’re paying for regarding managed IT services. There may be items that you don’t need or take care of internally.
Depending on your provider, they may be facilitating a variety of solutions, such as:
Some IT services are one-time events like cloud or software migrations. Others are recurring. Be sure that you know what each service costs you monthly or annually. You can view our pricing calculator to estimate what your expenses would be with us.
First, you’ll want to determine if you have an SLA (service level agreement). An SLA defines the level of service you expect from a vendor and the metrics they should meet. It also outlines the duties and responsibilities of each party and any exclusions.
Some SLA examples are:
If you have an existing SLA, it’s time to talk metrics with your vendor. Go through each line item of the agreement and discuss their performance. If they aren’t meeting SLAs, find out why and if there is any redress available. Failure to meet SLAs could jeopardize your IT security.
IT infrastructure is complex. As your practice grows and you add new assets and platforms, your infrastructure must meet these new demands. Without reliable infrastructure, you’ll have difficulties with any technology task.
When discussing next steps or projects, you should have access to an account manager with expertise and knowledge who can make recommendations based on your needs and requirements.
5 questions lead to lots of answers
By starting conversations with IT providers with these questions, you can determine what services you’re receiving, expected delivery, costs, and more. If the answers aren’t what you expect, it’s time to consider a new partner to maintain your IT ecosystem.