By Brian Albright, Business Solutions magazine
STI Computer Services can better serve clients, and do so more profitably, by providing remote security audits and hardware troubleshooting.
For VARs and MSPs (managed services providers) serving the healthcare industry, there’s more to every project than simply providing hardware or software. Industry and government regulations require healthcare providers to meet a constantly expanding set of requirements around patient privacy, security, and reimbursement that most hospitals, clinics, and physician practices are ill-equipped to manage on their own.
Enterprising VARs can strengthen client relationships and generate new streams of revenue by providing assistance with these compliance issues. Such is the case with Eagleville, Pa.- based STI Computer Services, an MSP/VAR that provides practice management systems (PMS), electronic medical record (EMR) systems, and installation and support of network equipment and computer systems to ambulatory care facilities.
As part of the 2009 American Recovery and Reinvestment Act (ARRA), the Health Information Technology for Economic and Clinical Health (HITECH) Act provides financial incentive to doctors’ offices for implementing EMR solutions. In order to receive reimbursement under the program, providers have to show “meaningful use” of the EMR technology in order to improve efficiencies. STI is helping one large gastroenterology practice ensure compliance with these requirements via a remote monitoring and management offering that has helped speed security audits called for under HITECH.
To ensure that its clients meet HIPAA and meaningful use requirements, STI provides a security analysis and audit that includes reviewing access control policies; accounting for disclosures; and supplying data integrity controls, password structures, Windows updates and patch status, status/version of anti-virus software, and network encryption, among other items. “Every doctor’s office has to have these network security assessments in order to get government reimbursements as part of the meaningful use requirements,” says Al Toper, director of technical services at STI. “We have 2,000 medical practices out there using our solution, and these security audits have become a significant activity for us because everyone has to do it.”
More Profitable Managed Services
STI has been working with the gastroenterology client in New Jersey since 2003, when the company installed STI’s practice management software. In 2011, the client implemented STI’s ChartMaker EMR just as STI was transitioning to a managed services provider model.
“There are 10 doctors there, and they are very busy,” Toper says. “We want to get these audits done without disrupting their operation, and each doctor has to attest personally for that meaningful use money. Doing as much as possible remotely helps us minimize that disruption.”
Using AVG Technologies’ Managed Workplace remote monitoring and management platform, STI is able to remotely conduct the bulk of this analysis. That’s good for the end users because it minimizes the disruption to their own networks. It’s also good for STI, allowing them to reduce the amount of time field staff has to spend conducting these reviews. While some of the analysis has to take place on-site (confirming the servers are secure and locked, and that patients can’t see computer screens, for example), much of the work can be done in advance via AVG.
“We can make sure the anti-virus software is up to date; we make sure Windows is up to date with patch management, and the AVG solution helps us answer a lot of the questions involved in that audit,” Toper says. “By the time we send a tech with a form to be filled out, he just has to complete a 30-minute visit and he’s done. I only have a staff of 20 technicians on the road, and 2,000 offices to visit, so being able to do these things remotely has been a huge time saver for us.”
Al Toper, director of technical services, STI Computer Services
The gastroenterology practice was one of the first customers to transition to STI’s MSP offering, and the deployment of the EMR was a key reason it made the switch. “If you’re just doing billing and your computers don’t work for a day, you can get by,” Toper says. “If you have a sick patient in front of you and you can’t look up their medication allergies, that’s something else altogether. You need a model where the MSP can find things before they break, and be more proactive.”
The remote monitoring capability allows STI to see when there are potential failures on the network, determine if the equipment is still under warranty, and if so, contact the manufacturer for service before the client even knows there is a problem.
“That’s been important in selling our solutions because clients don’t have to be on the phone working things out with us,” Toper says. “We can log into their computers remotely while the end user is working and see what their memory usage is, check the CPU, and try to solve the problem. Customers love that feature.”
According to Toper, the remote monitoring capabilities have made the MSP business more profitable since STI has a more accurate view of the hardware it has deployed, and can address customer issues without sending a technician on-site in many cases. “We can see everything that’s out there from a central location,” Toper says. “We know exactly what equipment we have in each office, and we’re billing correctly for our services.”
Remote monitoring has also been beneficial for STI’s clients, and not just from the auditing perspective. “They count on our computers 100 percent, so if there is a disruption, it’s bad for the business and a danger to their patients,” Toper says. “From an MSP perspective, if we don’t know things are going bad until there is a failure, then it becomes an emergency. If a server crashes, it takes forever to rebuild, and the client is potentially going to be down for more than a day. Remote monitoring prevents that from happening. A lot of times we don’t even call them. We go in remotely and fix the problem, and there’s no disruption to their operation at all.”