Specializing in IT Management for Medical Offices

If you are looking for an IT partner that truly understands the needs of your medical practice, you’ve come to the right place:

  • I have finely tuned my methods, services and procedures while providing IT support for my wife’s successful physician practices over the last fifteen years.  (The toughest critic you’ll ever find is the one you are married to.)  While I am happy to handle IT for most businesses, my offerings and expertise are fine-tuned for clients with real concerns about privacy and compliance.  My base package includes a lot of security and privacy controls that might be overkill if you have a lawn care business, but if you’re a legal or accounting firm I might be a great fit.
  • While I’ve worked as a Managed Service Provider for 22 years now, I’ve also got an MBA that shapes my approach to your business.  My goal is to help you succeed as a business by making wise investments in information technology while minimizing waste.
  • You need to be an efficient business. You also need to insure you’re in compliance with abstract frameworks like HIPAA.  I understand your constraints and can make recommendations for solutions and methods that are compliant, reasonable, and justifiable.

How This Works

This all starts by aligning our incentives:  you need a functional, reliable, compliant IT infrastructure and you don’t want to pay more than you need.  I want a consistent revenue stream that requires as little effort as possible.  Combine these, and you end up with my business model:

  • Standardization.  Standardization allows us to offer affordable and high quality IT services.  As a new client you will choose the level of service and protection that you feel is appropriate for your business, and all machines in your organization will be brought to that standard. 
  • Preventative maintenance.
    • Software and operating systems will be patched promptly to protect against malware and ransomware. 
    • The performance of your computers is monitored so we know when it’s time to upgrade.  This gets you the longest service life without slowing your employees down. 
    • Backups are performed daily.  These are encrypted and stored off-site. 
    • We proactively monitor the web sites your employees visit and block websites that are risky or malicious.  If desired, we block sites that you don’t think should be visited at work. 
    • The security software we install on your desktops uses AI and machine learning to protect you from files that are malicious before you try to open them. It also protects your computers from programs that start to act suspiciously after you’ve run them. 
    • All computer, storage, network, and e-mail logs are compiled and processed in one place to provide an additional level of protection and alerting.
    • All irregularities and anomalies generate an alert that we review to make sure nothing unwanted is happening.
  • User Support.  The standardized software we install makes it simple to submit support tickets, request a web page be unblocked, or receive immediate assistance by allowing a technician to remote control your user’s desktop.  Support offerings differ based on the service level you request.  With our most comprehensive package, your users will still be encouraged to route most requests through the help desk system, but for urgent issues your users can call and get immediate assistance.  

What else comes standard?

Most of the things that growing practices need:

  • Secure remote access for your employees.  Your HIPAA Security Risk Assessment probably prohibits access to PHI from home computers because those are out of your control and you can’t guarantee that PHI won’t be stored (even temporarily) unencrypted.  We offer secure remote access for your employees in our base package.  This allows you to delegate which user has access to which computer(s), and protects this access behind both a good password and 2 factor authentication.  Remote user access is tracked.
  • Better understanding of Employee Behavior.  Do you have a new hire who is not as effective as you expected?  Is your new hire having a hard time catching on?  Would be it helpful to see a breakdown of what applications that employee used during the day, and for how long?  What about a user who isn’t performing as well as she used to perform?  Would a breakdown of web sites visited and the time on each help you better counsel this employee?  We non-intrusively collect this data for you.
  • Rational hardware upgrades.  Larger companies typically upgrade their desktops on a 3-year or 5-year cycle.  This means each year they replace the oldest 20% or 33% of their desktops so they are always reasonably up-to-date.  This is impractical and expensive for small offices.  Therefore, we measure usage on each machine, identify when resource limits are affecting users, and make recommendations on upgrades when they are actually needed.  This means your users are not negatively impacted by slow computers, and you are not spending more than you need to on upgrades.
  • Growth and capacity planning.  Are you planning to offer more telehealth?  How much internet bandwidth do you need?  How will you plan for growth?  Are you seeing slowdowns with wireless devices, and are unsure what to do to fix it?  Do you need to store PHI on-site and you need to do so in a secure way that has adequate access controls and monitoring?  What’s the best way to do this?  We can use actual data and our experience to help you answer all these questions, and give you options that are practical and affordable.
  • Increasing Efficiency.  Are there tasks that consume lots of time and effort that you think automation can help with?  Is the old way of doing things slow and you suspect there is a better way?  Would it be nice to talk to an MBA who understands both the technical solutions that exist and medical practices?
  • Annual In-Person Review of your Security Risk Analysis.  We will help you assess whether last year’s Security Risk Analysis is still meeting your IT needs.  We will also suggest modifications and improvements based both on the needs of your practice and the security landscape.

What about Hardware and Licensing Costs?

We do not make money on hardware or licensing.  We will NEVER encourage you to buy anything that we do not believe is necessary.

  • When it’s time for a new computer, you decide who to buy it from.  We can provide one from our preferred vendor or you can purchase hardware that meets the specifications we give you.  If we order the hardware then we will mark up the cost by 10% to cover our time, and we will use a vendor that provides solid, no-frills hardware with an outstanding warranty.  If it breaks, our vendor will overnight replacement hardware immediately, then give you up to 2 weeks to return the original hardware.
  • We manage your Microsoft licenses and only charge you our cost. We do this as a value-added service so you don’t need to create new email accounts, reset passwords or diagnose licensing issues.  The time we spend on these activities is built in to your monthly fees.

How Does the Process Start?

  • We start by making an inventory of your current IT infrastructure.  Then we make the updates and upgrades required to get you up to current standards. 

You may have 20 computers, each of which is different because you bought the most affordable computer that Costco was selling each time you bought one.  Even if you were a little more systematic with computer purchases, we will still need to perform the following tasks on each computer:

  • Desktops will need to be upgraded from Windows Home to Windows Pro to support encryption.  
  • Each machine will then need to be encrypted, which will require us to sit at each computer to update the BIOS settings to support encryption.  By default this is done after-hours and on the weekend to not affect your business.  
  • Each computer will have a mix of software that users have installed over time.  Each program needs to be identified as essential and be patched, or identified as something you don’t need and be uninstalled.  
  • Computers lacking enough memory will need to be upgraded, as will computers with small hard drives.  
  • Weird performance issues will need to be identified and resolved.  
  • Local administrative access will need to be removed.  
  • Years of operating system and software patches will need to be installed, requiring numerous reboots and diagnosis when upgrades fail.  
  • Every computer will need to have a modern security solution installed which requires removing the old antivirus software, scanning the computer, and addressing every security issue identified.  
  • We will install software that controls which web sites computers can visit, and which ones are blocked.  Doing so will require multiple days of my 100% availability during your business hours so we can immediately unblock sites that are critical but only used periodically, to keep your business running smoothly and without undo interruption.
  • Logs generated by your computers and devices will be compiled securely in a single location, and these logs will be continually scanned for any irregularities that suggest something malicious may be happening.  As your practice is different from every other practice, there are guaranteed to be false alarms that we will need to analyze, identify, and filter out.  This will be weeks of work as well.

Your firewall will likely need to be upgraded or replaced.  There are at least a dozen reasonable choices for firewalls out there; we support three of those.  We will insure a firewall appropriate for the level of security your network requires is installed and configured properly, with secure reporting enabled so alerts are triggered whenever something abnormal occurs.

Your WiFi network may need to be upgraded as well.  If so, this also might be a good time to introduce a guest network for your patients that’s also filtered, secured, and segmented from your normal network for security reasons.

Unlike other vendors you likely deal with in your practice, we invest a significant amount of time into your business up-front as part of our service.  Doing so leaves your practice in a state where it’s more secure and efficient than it’s been previously, but it’s a lot of work to get you to that point.  We don’t charge for this set-up time – it’s built in to the monthly fees you pay – but my business model requires you to be a client long enough to make up the up-front investment in your IT infrastructure I provide.

How long must I commit?

Month-to-month contracts are standard.  If you want to move to someone else we can terminate your contract at the end of the current month.

The exception here is with your initial term.  As your can see in the previous section, there is a lot of work involved in bringing a computer network that’s been neglected up to our standard, and this often means weeks of work. 

These weeks of up-front work will be reflected in your initial contract term, and if you choose to cancel early there will be an early termination fee if you do so.  This initial term may be two months for a new practice without a lot of technical debt, or most of a year for a practice that is suffering from years of neglect.