Personal productivity devices, such as desktops, laptops, smartphones, and tablet PCs, and the data they generate and retrieve have contributed to a wealth of information and…risks for Long Term Care. If Information Technology (IT) managers are unable to monitor, manage, and protect productivity devices, software distribution, and how information is exchanged and filed, providers run a considerable risk of data loss, non-compliance, and potentially fatally damaging their operations. Implementing sound hardware and data management practices is the responsibility of all providers. IT Asset Management (ITAM) embraces the technology and best practices that can help IT Managers with this critical task.

What is asset management?

ITAM encompasses mostly the hardware components of the IT infrastructure and its interconnected computers - in other words, everything that supports the flow and processing of information. Consider, for example, data and computers. What IT assets do you have? Where are they? Who has access to them and who is using them? What is the lifecycle of each? What are the procedures for safeguarding each? What is the most cost-efficient method for tracking and maintaining them? One way to look at this challenge is to consider that IT is a business within a business. ITAM is the specific method and tools you employ to manage that business. It is 80% systems and 20% tools.

Why ITAM?

A few years ago, Patricia Adams, Research Director, Gartner Research, identified five drivers toward IT asset management:

• Software license compliance. Most vendor contracts authorize compliance audits. The Business Software Alliance (BSA) is now offering rewards of up to $200,000 for qualified piracy leads.
• ITIL (IT Infrastructure Libraries). ITIL outlines an extensive set of management procedures that are intended to support businesses in achieving both quality and value, in a financial sense, in IT operations.
• Cost control. This includes the cost of IT labor, purchasing, and managing device complexity.
• Asset security. This involves monitoring and managing asset displacement and network assets.
• Operational efficiency. With ITAM, most facets of your business run more smoothly.
  Neglecting ITAM can be risky?

In the absence of ITAM, LTC providers are at risk. They may suffer unauthorized access to or the loss or corruption of critical business information and EPHI (electronic protected health information). The impact of such could include liability risks, poor public relations, including diminished shareholder value and goodwill, exposure to and during law suits, and a significant disruption in the conduct of business.

A disruption in business, for instance, will likely involve non-productive time, even downtime resulting from non- or mal-functioning equipment, critical documentation missed or erroneously recorded, missing files, emails not received, and an inability to send MDS or other claims. Providers may also experience loss of continuity in the form of missed deadlines or poor communications. By not managing computing devices, users may download unauthorized applications or updates which can introduce software incompatibilities, even viruses or other malware.

The risks can be costly

Providers also risk increased or unnecessary costs. Malfunctioning IT assets mean upset users; upset users mean increased support calls, which can be costly in terms of needed help desk resources to handle such calls. In the absence of ITAM, providers may have to unnecessarily search out and recover lost data/files. In recovering lost files, providers experience down time and fees associated with archived data retrieval, assuming the data/files can be found. Additionally, lost/misplaced inventory, unnecessary repairs, or necessary repairs not addressed, can also disrupt the day-to-day flow of business.
Other risks include exposure to software licensure and regulatory non-compliance which may result in significant fines/penalties.

Conclusion

An organized and well executed ITAM program is a sound business investment – a practice that should not be ignored.

Question

• In the absence of ITAM, what other risks do businesses/providers run?
• What have you implemented to manage your IT assets?

Next Time

In future blogs we’ll discuss ITAM best practices and tools available today through the cloud. Until then, write, if you get a round to IT.

I argue that Accountable Care Organizations (ACOs) do not represent a health care delivery revolution, but an evolution. Based on my experience in LTC and what I’ve been reading on the Internet, ACOs appear to be an evolutionary variant of the species known as HMOs. Regardless, ACOs represent a significant change to health care delivery. The ACO model will have a sweeping impact on how health care is planned for, delivered, documented, reported, and paid for. It follows that for an ACO to work, information technology serves as the glue that holds it together; those providers who have successfully worked with HMOs can attest to the critical role IT plays. Participation as ACO members will require providers to carefully evaluate what such participation will have on their respective IT systems.

Let’s explore this in more detail.

An ACO is a group of providers and suppliers of services that cooperatively deliver seamless, high-quality care to Medicare beneficiaries while reducing costs. Therefore, ACO providers must coordinate, deliver, document, monitor, and report patient care not only in terms of the quality of the care delivered, but the costs related to that care. The key word here is “interoperability.” This means the ability of health information systems to work together within and across organizational boundaries in order to advance the cost-effective delivery of healthcare. Interoperability involves seamlessly integrating data and information within each organization and among all providers who participate in an ACO.

More expansively, “interoperability” includes:
• Moving data among all providers
• A consistent data presentation
• A uniform user interface or controls
• Data security and integrity
• Uniform protection of patient confidentiality
• Consistent system service quality

In other words, each provider must at least have a fully-integrated clinical and financial system in place. This system must reliably, securely, and with interoperability communicate with other ACO members’ systems.

So, what’s the impact on a provider’s IT infrastructure? In general, the IT infrastructure will need to include:

So, if ACO’s are in your organization’s future, will you be ready?
• Do you know where IT is today and what you will need?
• How much will it cost to get IT up and running quickly, securely, and affordably? With outsourcing* - sooner than you think and with little to no capital.
• How much will it cost to maintain it? It’s less expensive than you may think.

If ACOs are not in your future, is the IT infrastructure checklist relevant? We’ve found that if you think it is, you’re ahead of the curve. However, if you think not; we urge you to think again.

*Cloud-based managed hosting infrastructure, services, and solutions have helped LTC providers leverage any and all such opportunities, such as ACOs offer, quickly and affordably.

Questions:
Are ACO’s in your future?
What impact do you think ACOs will have on IT?

It’s that time of year again.
In 2011, the desolation and loss of life in the wake of the massive tornados in Joplin, MO, in Tuscaloosa, AL, and other states have captured the attention of LTC providers across the country with the realization that disasters can strike anywhere, at anytime. They recognize the need for a real-world, workable, and well-rehearsed disaster preparedness and recovery plan that at least minimizes, if not prevents, injury and loss of life during and after a disaster.

Post-disaster recovery, however, must also encompass access to resident information, because in the world of EMR, electronic data can be lost if the servers or other storage devices are damaged by fire, flooding, or building collapse. Fortunately, there are steps which you can implement now to protect that vital information before a disaster strikes.

Backup procedures (a good start) - A basic IT disaster preparedness plan must include a regularly-scheduled daily back-up of data with off-site storage and I don’t mean in an employee's home. Tip: One important thing to remember about backups: they should be regularly tested. Nothing is more frustrating than to need a backup and find that the data is corrupt or non-existent.

Fault tolerance - The next step up in disaster recovery is to build fault tolerance into all of your critical systems. This means installing Redundant Array of Independent (or Inexpensive) Disks (RAID) drives (disk drives which are redundant copies of each other), clustered systems, and other types of local recovery procedures.

What happens if - Once you have a good backup and archiving procedure with critical fault-tolerant systems in place, the next step is to put together procedures for remote disaster recovery.

Option: Co-location

You might, for example, make arrangements with another company to share equipment and space if either is struck by disaster. Such an arrangement also requires agreements with critical computer vendors to quickly ship new systems in the event of an emergency. Although recovery would be slow, this kind of planning is a good first step.

Option: A Split Site

Some companies are large enough that the IT department could be staffed at more than one location. In the event of a disaster to one site, operations would simply shift to the other.

Option: A Cold Site

This is a site (often managed by a third party and shared among multiple clients) which is stocked with equipment and ready to go. The remote servers are generally not “live,” and time is required to activate the off-site system should the need arise. This is a popular disaster recovery method, because it tends to be less expensive than other options and gives a company the ability to be up and running with a brief delay.

Option: A Warm Site

If a company has the resources, then a warm site is a viable alternative. This is a site which is pre-positioned with equipment, software, and other necessities ready to go in the event of an emergency. The equipment is idle, often turned off, but can be quickly restored and brought online. Data is available quickly and can be restored without much difficulty. However, a high level of competence and forward thinking is required to plan, build, and maintain it.

Option: A Hot Site

In this scenario, a duplicate computer center is available in a remote location from as little as a few miles to hundreds of miles away from the primary computer facility with communications lines set up and actively copying data at all times. At a minimum, the site has a duplicate of every critical server up and running with data that is up-to-date.

Option: The Cloud

By its very nature, the cloud is designed to handle business continuity; high availability; and disaster recovery. So that in the event of a disaster, management and staff can access business-critical applications and data anytime from anywhere. Cloud Services Providers (CSPs), like PCT, provide pooled resources, flexibility, scalability, security, and reliability to businesses of all sizes so that businesses can store their data, applications, systems, and services.

Don’t wait! Act!

Regardless of the option you choose, having a viable systems and data disaster recovery system is critical.