With small practices largely outsourcing tech support, it’s critical they take steps to be prepared
When an IT emergency strikes medical practices, there’s a small window to avoid big losses of time and money, so it’s best to have a plan in place.
But for many small practices, there’s the added wrinkle of getting in touch with their IT professional in the first place. According to the Medical Economics 2017 EHR Report, 35% of respondents indicated they outsource their IT services. Of that group, 47% of solo and small practices said they rely on someone not on staff to deal with technology issues. And 31% of solo practices said they have no designated IT department or employee at all.
Joe Capko, senior consultant and partner of San Francisco-based consulting firm Capko & Morgan, says there are steps smaller practices can take to be proactive to ensure when the time comes, they are prepared.
Even if a medical practice outsources its IT services, it needs a person inside the practice who knows the ins and outs of the systems, Capko says. The practice should find someone eager to expand their role and take on more job responsibilities who can shine in a role dedicated to developing procedures, working with technology vendors and related tasks. This is the person who will not only put together the practice’s action plan, but ensure everyone knows about it.
Technology vendors, from electronic health records (EHRs) to billing and collections, have experience in dealing with outages and answering related questions. Have the point person get in contact to gather the adequate information of what to do for a short-term or long-term emergency.
Many software applications, including EHRs, have user groups online or in the same state as the practice. Seek answers from those using the same systems and who might have had experiences with outages before. “Seek the most knowledgeable people on your technology,” advises Capko.
When an emergency occurs, practices don’t want to spend time trying to reach a call center. Get multiple contacts and multiple numbers for assistance.
Back up everything. That includes the practice’s emergency IT point person, who should have a stand-in who also knows the ins and outs-or simply just the location-of a plan. Explore backups to the practice’s internet connectivity just in case. A practice won’t be able to access its cloud-based record without a stable connection. And if practices make physical copies of vital data, it’s a good idea to store them somewhere safe, perhaps away from the practice’s physical location.
A binder that sits on a shelf collecting dust won’t help anyone, says Capko. At least twice a year, have the practice point person revisit the plan, ensure contact names and numbers are still accurate, and update if needed. It’s also a good time for practices to review the plan in a setting like a staff meeting, so everyone knows what’s expected of them when the time comes.
Secure your passwords
Recent cyberattacks have proven that even the smallest medical practice can be a target for thieves seeking personal data. Make a schedule to change practice passwords (perhaps every six months) and make them complex.
Don’t bypass updates
Capko says hackers seek out vulnerabilities in software. Patch your system as soon as you are able to protect patient data.