For hospitals and medical practices, there is nothing more important than delivering quality and timely patient care. When a provider suffers an IT outage – whether due to a storm, malware or another cause – quality of care is impacted and that imperils real people’s health and well-being.
As founder and CEO of VersaTrust, one of the leading healthcare IT companies in the Dallas-Fort Worth area, Danny Owens has seen it all and solved it all for hospitals and medical practices. Danny sat down to answer some questions healthcare professionals need to consider when planning how they’ll keep their systems operational while serving patients.
What are some factors that cause downtime for healthcare providers?
Danny Owens: There are controllable and uncontrollable factors. Uncontrollable factors include power outages, internet disruptions, natural disasters and malware infections.
Controllable factors are preventable issues such as:
- Poor internet connectivity
- Overtaxed infrastructure – like using old PCs and incompatible printers
- Staff using computers for personal activities such as watching YouTube
- Having an insufficient backup and recovery plan
An effective IT infrastructure is tailored to your practice and your clinical workflow in order to prevent the controllable factors and be ready to go when something uncontrollable happens.
What does being prepared for the uncontrollable look like in practical terms?
DO: Right, so take, for example, a situation that happened to a client of ours. Malware slipped past their antivirus and firewall on a Friday afternoon around 4:30 or so. Because their MSP at the time – that’s Managed Service Provider – did not actively monitor their network, it wasn’t until Monday morning that they discovered their systems were down and all their data was gone. Incidentally, this was their second hack, and that’s when they decided it was time to come to us for help.
How does VersaTrust handle situations like that differently?
DO: First of all, we actively monitor your network 24/7 which means we probably know when there’s a problem before you do. Second, we maintain hourly backups and that dramatically reduces the data that can actually be lost if an outage or attack occurs.
When it comes to resolving the problem, we never throw darts while blindfolded. We diagnose the outage much like a healthcare practitioner diagnoses an illness. We create a list of symptoms and, through a process of elimination and relying on our intuition gained from longtime experience, we test each potential failure point until we discover the source.
What are some practical steps a healthcare practice can take to prepare for an outage?
DO: You need to create a plan that includes an actionable checklist. A simple, comprehensive checklist is as important for your IT as it is for your patient care.
From there, it’s important to control who logs into your system, how and from where. A secure gateway like Active Directory authentication is an important preventive measure where confidential data and PHI are at stake.
Also, consider where redundancy can help protect you. Having one server, one internet access point and one firewall is better than nothing, but it’s still risky.
Last, I’d recommend that your practice have an uninterruptible power supply, or UPS. This will keep your systems up during an outage, and if it gets to the point that the UPS is running low, your system can shut down in stages to avoid data loss or corruption.
What are some things VersaTrust does to help practices avoid downtime?
DO: We begin by simplifying your systems. This means standardizing your configurations, removing unnecessary links in the chain and building in redundancy behind the scenes where it won’t be noticed but will ensure a more resilient network. All this together makes an outage much less likely and much faster to diagnose and resolve if one should occur.
We also weave security into this fabric rather than bolting it on afterwards. That means establishing access levels for specific users, configuring devices according to their uses and, yes, installing top-shelf antivirus and firewalls that integrate with your applications.
What about steps that practices can take to protect themselves?
DO: So, first, we recommend working with a single hardware provider – like Dell or HP – rather than Frankensteining disparate systems together because this creates unnecessary complexity, vulnerability and risk of failure.
Then, you’re going to want to establish computer use policies and put controls in place to limit what outside applications staff can install or websites they can visit. Once you establish policies, you’ll want to develop a training and continuing education curriculum to ensure staff compliance. For example, we might train your staff to spot phishing attacks and then run simulations to evaluate and improve adherence.
How does a practice get started with all this if they are experiencing downtime or suspect they are at risk?
DO: To truly be effective, IT should be tailored to your practice and clinical workflow. That’s why at VersaTrust we always begin by performing a comprehensive network and security assessment. It’s a launching point we use to determine what interventions might be necessary. So give us a call (817-595-0111) or send us an email, and we’ll schedule your practice for an exam right away!