11/04/2024 | Press release | Distributed by Public on 11/04/2024 22:46
Federally Qualified Health Centers (FQHCs) occupy a unique place in the healthcare ecosystem, serving the needs of underserved populations - often in rural areas.
But like every healthcare organization from a single practitioner to a multistate health system with multiple hospitals, FQHCs must maintain tight security on their patient and clinical data. In that regard, FQHCs compete with every other healthcare facility (and companies in every other industry, for that matter) for scarce cybersecurity and IT talent.
A 2022 cross-industry survey from Deloitte shows that talent acquisition is the top internal challenge for 50% of organizations. Beyond finding top candidates, 30% report employee retention as a challenge, while 28% point to a skills deficit among workers.
Looking at external challenges, executives identified cybersecurity as the top issue, with less than one-half saying their organizations were adequately prepared. To surmount this disconnect between finding the right job candidates and keeping data secure, an overwhelming number of companies have turned to outsourcing cybersecurity and other IT functions.
According to Deloitte, 81% of companies outsource cybersecurity; 77% outsource IT infrastructure services; and 68% outsource helpdesk and user computing functions.
When even top companies struggle to maintain adequate IT staffing levels, FQHCs will have difficulty competing, which makes outsourcing IT and cybersecurity functions a logical choice. Here are several reasons why FQHCs should consider outsourcing to a firm experienced in the nuances of healthcare.
Estimates differ widely on potential cost savings, but the minimum estimated savings is 20%-30%. This makes sense when one considers the number of employees needed to run an IT department. Each position in an FQHC's IT department needs to be overstaffed somewhat to cover for vacations, holidays, medical leave, training, conferences, and other contingencies. Besides each worker's salary, there are costs for benefits such as health coverage, disability, life insurance, and more. Don't forget payroll taxes.
When a worker leaves for other employment, someone will need to cover that person's responsibilities until a replacement is identified, hired, and sufficiently trained, which could take many months. Healthcare organizations often have highly individualized technology implementations that require special skills to monitor and patch.
Nevertheless, some IT departments are overstaffed. Before starting any outsourced engagement, have the vendor evaluate current staffing levels to identify any potential overstaffing issues.
As mentioned above, turnover can upset the skills balance within IT. While some positions may require a general knowledge of technology, others require specialized skills. Cyber criminals don't care whether Joe is on leave or Sally just took a job at another company - they will exploit any weakness to steal patient credentials or lock files and demand a ransom. Turnover can also disrupt institutional philosophies and initiatives that keep facilities protected.
Outsourcing can allow uniform coverage of contracted IT functions and keep the department on track for special projects, initiatives, etc. Some organizations outsource certain IT functions, while others outsource the entire department, including IT leadership. The level of outsourcing likely depends on the comfort level of the C-suite.
It's entirely possible that Sally left the organization because she wasn't challenged enough in her job or couldn't continue to grow her skillset. Engaged workers crave additional training and opportunities to strengthen their skillsets. But not all organizations can offer that level of engagement.
While an internal employee may learn a new skill, is that person sufficiently proficient to perform the task without introducing an error that brings the IT infrastructure down or exposes the organization to hackers? Outsourcing firms can create career paths for workers, allowing them to become proficient at one skill before introducing others.
When vetting potential IT outsourcing partners, ask about employee longevity of the people who will service the account. What specialized training and/or certifications has each person achieved?
Be wary of any company offering point solutions to cybersecurity challenges. Healthcare technology systems are intricately connected, and any change in one area may have negative impacts in other areas. A competent outsourcing firm will take a modular approach, "owning" a particular function and employing a framework approach that ensures that every potential scenario has been addressed.
Any engagement should begin with an assessment of the current state of software and people. The vendor will then create a roadmap to close critical gaps and establish standard operating and reporting procedures going forward. When performed properly, outsourcing can give FQHC leaders peace of mind that a critical function is no longer a source of worry.
There's no doubt that healthcare IT is highly specialized. In addition to normal privacy and security issues, healthcare organizations also must abide by HIPAA requirements for protected health information. Any potential vendor must speak the language of healthcare fluently and possess the ability to secure a wide variety of technology aspects. This isn't a one-size-fits-all scenario.
Even the smallest FQHC may have dozens of technology connections from the EHR or practice management system that link to laboratory systems, pharmacy, imaging, billing/claims, medical devices, telehealth, facility management, and many more. During the vetting process, get references from current healthcare clients. Ask them tough questions about staffing levels, new implementations, and how the vendor handled any blips or difficulties during the engagement.
In 2023, the number of healthcare data breaches reported to the Office of Civil Rights held steady. However, the number of breached records set a record at nearly 158 million, three times the figure from 2022.
Through mid-August of this year, more than 450 healthcare providers reported breaches affecting nearly 48 million records. And that doesn't include catastrophic breaches reported by Change Healthcare that could affect more than 100 million records or the Ascension breach that will likely be significant as well.
Cybersecurity is a critical challenge for any healthcare organization but can be particularly challenging for FQHCs, which often run leaner and have fewer resources than other healthcare organizations.
Outsourcing particular IT functions or the entire IT department makes sense for organizations that want to maximize their technology assets and their protection from cyber events.
This article was written by Lance Reid fromMedCity Newsand was legally licensed through theDiveMarketplaceby Industry Dive. Please direct all licensing questions to[email protected].