Practice IT systems require regularly scheduled checkups

What do patients and your practice's health information technology have in common? They both can benefit from regular checkups to ensure they are in good health.

Experts say quarterly or twice-a-year checkups of your health IT systems that go above and beyond routine maintenance will help you identify problems before your entire system crashes in the middle of the day with a waiting room full of anxious patients.

The relatively small price of regular maintenance can help you avoid a complete system failure and the loss of your data, experts say. They also can help you avoid a costly lawsuit if your system is not up to the technical standards set by federal laws.

"Information technology is no longer just a little component of somebody's business, that a little nerd comes by and fixes your problem and moves on, " said Mike Meikle, CEO of Hawkthorne Group, a management consulting group in Richmond, Va. "The issue that a lot of business owners now know, no matter what business they are, is that technology is now an integral component of the business, and it's almost like a utility in that you have to maintain that utility."

Cynthia Dunn, RN, senior consultant with MGMA Health Care Consulting Group in Englewood, Colo., said physician practices need IT support that goes beyond a maintenance agreement for an electronic medical record system.

"You've got to include the hardware, the software, the network, the disaster recovery, the security. Those pieces all have to be managed," said Dunn, whose work includes helping practices develop implementation and maintenance plans for IT adoption.

The first step practices should take is to conduct an inventory of all the technology used in the practice, Dunn said. The list should include the age of each piece, when it was last upgraded or replaced, and any maintenance performed. Smartphones should be included in the inventory, Dunn said. This will provide a road map for each quarterly or six-month checkup.

Larger practices with dedicated health IT staff may have employees for whom the checkups are part of a job description. Small practices typically have a contracted vendor for on-call support or remote monitoring. Regularly scheduled on-site visits should be included in any maintenance contract, Dunn said. Or an independent, third-party vendor can be scheduled and paid an hourly rate to spend a few hours at the practice a few of times a year.

Rates for this type of service vary depending on the region where the practice is located and the size of the practice. But vendors typically charge $150 to $300 an hour.

Check your vendor's track record

The vendor that performs the checkups should have a proven track record of working with all the systems and infrastructure at your practice. In addition to their technical experience, they should have knowledge of any federal laws that mandate what technical standards need to be in place, including regulations from the Health Insurance Portability and Accountability Act.

What types of tasks they do and what they look for will depend on your system -- one that is hosted locally, with the server in the office, or a system that is hosted remotely or online.

Leo Bletnitsky, president of Las Vegas Med I.T., a consulting firm that specializes in IT maintenance for small and medium practices, said practices whose servers store patient data inside the practice need to test them regularly for potential failures. Not only do the main servers need to be checked to ensure everything is running properly, but backup systems should be checked as well.

In addition to making sure backups are running properly, Dunn said, practices need to ensure their disaster recovery plans are adequate. At least once or twice a year, practices should go through a drill of pretending that their systems are down and perform a practice run of restoring data from their backups.

Because locally hosted systems require so much monitoring and usually are more expensive to implement than web-hosted systems, smaller practices generally go with web-hosted systems or software. But even those require some monitoring of the work stations inside the practice.

Morris W. Stemp, president and founder of Stemp Systems Group, a New York-based business technology consultancy that performs audits of the IT needs for businesses, said certain systems should be checked at least every six months.

For instance, practices need to make sure all software at each work station has received all newly released software upgrades and fixes to known problems or software glitches. Stemp said that many times these upgrades are done remotely, so an on-site check will ensure the upgrades took place and are working properly. There also should be a check of the system's security components and firewalls every six months, he said.

Make sure systems meet all regulations

Though checkups should ensure that systems are in good health, they should include an analysis of how the systems meet federal requirements or standards. Meikle said there are technical implications of HIPAA regulations that need to be in place, such as audit controls.

And those rules can change. For instance, last year, HIPAA regulations were revised under the Health Information Technology for Economic and Clinical Health Act. So make sure your vendor is up to date on current laws.

"I can't stress this enough -- information security is paramount," Meikle said. If there's a lawsuit over breached information, and it's found out that your network is unsecure, you could be on the hook, he said.

There are many ways a system gone bad could cost a practice money or open it up to risk. But just as patients have better outcomes the earlier a health issue is caught, experts say the same holds true for IT systems.