Quarterly IT Checkups

Operating a small- to mid-sized medical practice in today’s economy, we often find ourselves scrutinizing every expense. Toner cartridges? Bought them refilled. Cell phones for staff? We don’t reimburse for those any more. Pens? Employees should bring their own. Anywhere we can pinch a penny, we do. For practices without permanent IT staff on site, regular IT support and maintenance agreements, however, are not the place to cut corners.

In addition to my nine-to-five job as an IT professional, I support several local offices that are too small to require a full-time IT staffer. All of my steady clients began as calls when the office was in dire straits and an avoidable computer catastrophe had befallen them. Had these clients already been maintaining regular maintenance visits with a qualified IT resource, their problems could have likely been mitigated - or avoided all together.

Technology failures in a small practice often have warning signs that start long before something breaks in the technology infrastructure. Even in cases of system problems which present no early warning signs, a little prevention can go a long way in easing the impact of such problems. Regularly scheduled IT checkups with a reputable expert or organization can mean the difference in system downtime of a few days versus a few hours.

Although everyone is becoming more tech savvy by the day, using your office billing staffer to also maintain your server in her free time is simply asking for trouble. Your data is arguably the most valuable asset of your practice, and ensuring the integrity and safety of that data should be paramount.

Choosing a professional

Probably the hardest part of getting started is choosing a professional whom you can trust. Take caution: Just because someone you know works on computers does not make him a fit for your organization, and assuming that someone who works on computers can provide the service you need at your office is not sufficient. IT professionals are so often generalized and grouped together that specific skill sets can get confused. In addition, clients are not always clear on what skills to look for in a support vendor. You must select an expert who has real experience in the part of IT that affects your practice. Hiring a programmer to manage your backups isn’t going to work. Start by asking your colleagues at other practices, and at other local nonmedical businesses that you deal with, about how they handle their IT infrastructure. Find out what IT resources they utilize and contact those resources to request a free consultation.

Before you meet, have a prepared listing of the details of your organization, including: number of locations, number of staff, number and type of PCs, server location, phone system type, and software (EHR, medical billing, office productivity suites, etc.). Explain that you want to have a part-time IT resource available, to keep your IT infrastructure reasonably current, and to avoid common pitfalls that result in data loss and/or system downtime. Explain that you would like a standing on-call arrangement at a fixed (prenegotiated) per-hour rate; to have quarterly IT checkups taking four to eight hours per quarter (dependent on organization size); and to ensure you have reliable backup routines and disaster recovery plans in place so you may recover seamlessly from major system failures. Be sure to point out that if the individual has no experience in medical IT, he may be expected to work with your vendor to resolve some types of problems.

Outline your expectations

Here’s an example of a checklist of responsibilities for the chosen vendor during the quarterly visit:

• Review backup schedules and reports to confirm backups are running successfully and backup failure notifications are working.

• Confirm someone on staff is checking the backup notices daily.

• Check to see that backup tape media (the tapes themselves) are healthy and that tape rotations are being taken offsite by staff.

• Update virus and malware detection systems and ensure they are working on all PCs and servers.

• Apply critical Windows updates, in coordination with software vendors. (Occasionally, Windows updates can introduce problems to older software, so such updates should be tested before being applied to all PCs and servers.)

• Ensure disk space (particularly on servers) is adequate, calculate consumption rate since last visit, and project anticipated date when disk capacity might be exceeded.

• Inspect backup power supplies and associated soft shutdown software and test as appropriate.

After reviewing your expectations and routine responsibilities, you will need to discuss some other details. These include:

• Rates for on-call costs: What are the 8 a.m. to 5 p.m. rates versus after-hour rates?

• Expectations for time to respond: Do you expect them to be there within the hour or the same day as you call? Be overly clear up front about this issue.

• Vacation: Who do you contact in an emergency when the consultant is on vacation? Should the consultant notify you before going out of town or similar?

• Billing increments: Will you be billed in 15-minute increments, 30-minute increments, or by the hour? Is travel time billable? What about the occasional quick phone call?

Lastly, after you have settled all of these issues, put everything in writing in the form of a contract, being sure to include every detail. After executing the contract, you should feel better already. You should have the expectation that the initial few visits may require more work than subsequent visits, as the vendor may need to tidy up some long overdue tasks up front if you have not maintained your systems adequately. After a few visits, your organization’s data and livelihood should be much safer - and you can sleep better at night.

Jonathan McCallister is a client-site IT manager for a major healthcare consulting firm, and he is currently assigned to a 140-physician practice. He has worked in healthcare IT management for more than eight years and in general IT management for more than a decade. He can be reached via physicianspractice@cmpmedica.com.

This article originally appeared in the September 2009 issue of Physicians Practice.