VARs: How to Build a Healthcare Technology Practice
There is a tremendous opportunity in healthcare technology for VARs and MSPs. With federal stimulus available to medical professionals implementing electronic medical records (EMR) and a wealth of technology and compliance consulting opportunities, solution providers that are equipped to offer these services are experiencing great success. Here’s how to get started.
The momentum resulting from financial incentives may be a key driver, but it is also opening the door to a number of complementary and crucial business services for this market. In either case, savvy solution providers (including our channel partners) are spending the time required to understand the complete organizational needs of these clients, and working with them to implement the best mix of infrastructure and business systems to accomplish their goals. They’ve discovered success requires more than just selling healthcare technology; it demands the delivery of complete business solutions for customers that need IT support.
Life or Death
Besides the critical nature of their operations, each is required to meet a myriad of local, state and federal regulations. These vary from region to region, but the most demanding requirements come from the federal HIPAA (Health Insurance Portability and Accountability Act) rules. More so today, HIPAA has become stricter and affects virtually every procedure carried out in medical facilities, including long-term privacy and security of patient records. Each medical facility (physician offices, clinics and hospitals) must follow HIPAA’s prescribed guidelines to protect health information, so VARs and MSPs who understand those requirements—and offer effective solutions that address them—have the greatest chance of success with a healthcare IT practice.
So here is where it gets interesting
The HIPAA rules include security measures intended to ensure patient information is available to authorized personnel—at all times. Contingency plans must include a way for authorized healthcare personnel to access patient medical records in the event of an emergency; including fires, natural disasters, and system failures.
HIPAA also requires that medical facilities create and maintain detailed disaster recovery plans that guarantee that file restoration process; identifying vulnerabilities in their network and defining the steps needed to restore the patient records in an adequate amount of time. That plan must contain a checklist of the medical facility’s critical data and business systems, the method for restoring any data loss during an emergency, and the time frame to restore essential operations.
Selecting an online backup system is critical
The regulations call for exact copies of patient information to be stored in a separate storage system or facility, but accessible and retrievable at all times. HIPAA also requires healthcare facilities to back up their data real-time and continuously. These data storage plans work in combination with your clients’ disaster recovery procedures, ensuring their patients’ irreplaceable medical files are safe AND secure. Additionally because patients care greatly data security of their medical information and files, compliance and backup measures being taken becomes a large competitive advantage.
Assuring clients of backup and retrieval
Getting medical information to a hospital could literally be a matter of life or death. That’s why an effective offsite backup solution is required for your healthcare IT practice, to ensure ALL of your clients’ patient data is available whenever it’s needed.
The first step
Finding the right online backup service for your medical office and other healthcare customers is to select one that is SAS 70 compliant. Audits of this standard evaluate the controls in place for a service organization, including the logical, network, and transmission security of the offering. The measures for SAS 70 are more comprehensive than the security standards for HIPAA, ensuring that your healthcare clients will be adequately protected when you implement these solutions. Vendors that adhere to the service standard audits provide an extra level of insurance for your healthcare clients.
Note: MSPs and VARs also need to make sure their vendor partner retains exact copies of the information uploaded to their online systems, with continuous access and retrievability of all data. Other features to consider for HIPAA compliance include real-time and continuous backup to ensure all patient and business critical information is captured and retained. That provides security for the patients, medical practices, and providers.
Healthcare IT presents a significant business opportunity for the channel, but only if MSPs and VARs build a comprehensive portfolio of services that meet the specific needs of this market. The implementation of EMR systems may be the first step into doctors’ office, but the success of your practice will require you to become a valued partner for all their business solutions.
Ted Roller is VP of channel development Intronis. Monthly guest blogs such as this one are part of The VAR Guy’s annual sponsorship program.