Office 365 in Healthcare

Transcription

1 Office 365 in Healthcare Carlo MacDonald Former Interim CIO UT Medical Group President Exigo Technology Services Mohamed Ayad, MD, MBA, MSIS Sr. Industry Specialist Microsoft Health & Life Sciences

2 Our Speaker In June 2013, UT Medical Group brought in Carlo MacDonald, President of Motion MSP /Exigo as Interim CIO to lead IT transformation. Motion MSP /Exigo is a 23 Year Old Microsoft Partner specializing in Managed Services to healthcare providers with emphasis on MS Solutions. Services include Cloud Services, Managed Security, Managed Backup, and Help Desk. 150 Employees, corporate offices in Jackson, and satellite offices in NY, Atlanta, Baltimore, New Orleans, and Denver.

3

4 Introducing: Office 365

5 Access documents, , calendar, and contacts from a wide range of web browsers or with Office applications optimized for your PC, Mac, Windows tablet, or smartphone. Office for ipad, March Per user license can be used on up to 5 devices AND 5 tablets.

6 Journey to The Cloud UT Medical Group, Inc. Ambulatory Teaching Practice Memphis, TN

7 Business Situation Memphis Ambulatory Clinic supporting Methodist and Regional One Hospitals. UTMG Provides teaching services to UT Medical Students. 300 providers covering various types of practices. In 2012, decision made to move 2/3 rd of the providers to Hospital partners and provide a CBO Central Business Office billing for hospital and UTMG. This company and it s employees have gone through major changes affecting all aspects of our business. Our IT had to be able to accommodate those rapid changes. Michael Ryan Executive IT Director, UTMG UTMG needed to split the company into two organizations, one for billing and one for clinical operations. Exigo was asked to Rightsize the IT staffing and costs which in 2012 consisted of 40+ employees and a $10 million budget. All to be completed by October 2014 and to split IT environments into two self contained organizations. In addition to the changes above, UTMG had to implement 3 new EMR s to meet M/U deadlines and upgrade GE IDX to GE Centricity.

8 Old Environment (in 2012) Mixture of Virtual and Physical Servers NETAPP Storage GE IDX and Allscripts Windows 2003 and SQL 2005 Servers XP on All Desktops Office meg attachment 2 week active s before archived Proof Point DLP and Filtering Voltage Secure Server Symantec evault Archiving (Terabytes of storage) Microsoft Communicator Server for IM No Mobile access to No Web Access to No Forwarding Allowed for providers who use UT address. Access to information only allowed through Citrix XenAPP. Some Sharepoint 2010

9 We needed to improve our communications among our providers and staff. Due the complexity of our systems, most providers just opted to not use it. Dr. Robert Canada UTMG CMO Our Goals Cut IT Costs Improve IT Systems Do More with Less. Automate! Improve Disaster Recovery Improve Communication in Clinics Better Collaboration Ensure Compliance, without restricting work flow Easy Expansion or Downsizing

10

11 Is the Value there? On Premise vs Cloud Costs? What is the Value Proposition? Where are the cost savings?

12 New Economics Pay for what you use - healthcare organizations often work within tight budgets - select the cloud offerings you need now and pay for subscriptionbased access Lower TCO over time

13 13

14 On Premise Exchange 2013 vs Office User Comparison On Premise In Cloud New Yearly Fees New Yearly Fees MS Licenses (Servers & PCs) $415,000 $429,000 Quote Secured (Voltage) $4,200 $0 Archiving (Enterprise Vault) $27,480 $0 Blackberry Server/Licenses $2,292 $0 PHI Scanning (Proof Point) $16,608 $0 $225,080<----Savings first year Hard Costs Per Year $465,580 $429,000 $327,240<---3 Year cost savings! Server Cost Estimates (4 Servers) New Hardware Equipment $67,000 $0 Yearly Management Costs $9,000 $0 Power consumption/bandwidth $3,000 $0 Backup Costs $2,500 $0 Installation (MS Consultant) $50,000 $50,000 Microsoft Service Promo Credit $0 -$30,000 Reclaimed Storage Going To Cloud $0 -$77,000 New Mail Server/Mobile Access $131,500 -$57,000 *software included with MS Licenses Total First Year Costs $597,080 $372,000

15 Value Proposition Mailbox size 10MB to 50GB, 25MB attachments Unlimited archiving went from a separate cost to included with E3 Lync mobile clients for ios, Android, Windows Phone, Windows 8 Remove Blackberry system. Security Office 365 Message Encryption added at no cost to E3 plan Multi-Factor Authentication added to all plans at no additional cost Office for ipad, Enhanced Office 2013 features Reduce our On Premise Sharepoint footprint, improve our portal

16 Benefit: Help Avoid IT Costs

17 Security Reviews BAA and HIPAA Reviews

18 18

19 communications are permitted, but you must take precautions The Privacy Rule allows covered health care providers to communicate electronically, such as through , with their patients, provided they apply reasonable safeguards when doing so. See 45 C.F.R (c) Providers must take steps to protect the integrity of information and protect information shared over open networks The Security Rule does not expressly prohibit the use of for sending e-phi. However, the standards for access control (45 CFR (a)), integrity (45 CFR (c)(1)), and transmission security (45 CFR (e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-phi. A covered entity must implement procedures to verify that a person or entity seeking access to ephi is the one claimed. (45 CFR (d)) provides Health IT the tools to enable HIPAA compliance for

20 Enable Person Authentication Providing an extra layer of authentication, in addition to a user s account credentials, to secure access Verify person seeking access to PHI is the one claimed

21 Securing Integrity of Communications Deliver confidential business and patient communications Allows users to send encrypted easily Recipients receive in their own Inbox, not in a separate web-based portal

22 Avoid Compliance Loopholes Ensure adherence for noncompliant, new to organization, and misclassified users Enforce policies via hold, block, audit, encrypt, and Policy Tip notifications Familiar rule and policy process for an integrated compliance experience

23 Your Protected Keeps traffic off your network. Replaced Proof Point on premise. Quarantines and works in conjunction with outlook spam filtering. Custom Rules, although we have only used white listing of domains at UTMG. We Find Microsoft s responsiveness to a virus outbreak to be fairly quick.

24 Journal ALL for forensics. No checkbox on user settings to place all s on legal hold. Read difference between Archiving and Legal Hold. You have to manually turn this on via Power shell! ediscovery works well!

25 HIPAA Physical, Technical and Administrative safeguards have been implemented since Dec 2011 to support Microsoft s role as Business Associate Microsoft offers a HIPAA Business Associate Agreement that covers all Office 365 services Created collaboratively with academic medical centers, government agencies, providers, and health plans to help ensure broad acceptance In it s sixth revision, to accommodate regulatory changes, customer needs, improved internal processes Over 10M users covered by the BAA to date Implemented Breach Notification as required by HITECH Any breach that Microsoft learns of, regardless of cause, is reportable to the covered entity Without unreasonable delay, but no later than 30 days (half the time allowed by the law)

26 Contractually, Office 365 customer data belongs to the customer No scanning of or documents to build analytics or mine data No advertising products derived out of customer data No secondary use of customer data At termination of the service, customer data is returned and expunged from all backups within a defined timeframe. Full transparency to where customer data is stored, who has access to it, and when it is accessed

27 How do we get this deployed? What are our deployment costs? Who is going to support this? How much is support?

28 28

29 Pilot Program (50 Users) Optimize a move to the cloud with the flexibility of staged deployments or hybrid scenarios Upgraded XP and Office Once the Hybrid Exchange environment was installed, we upgraded XP and Office for a few users in each department. Various degrees of usage. Migrated Moved their boxes to cloud. This broke the current archive solution so we had to also migrate all their current archives. Some archives were 25 gigs in size. Mobile Applications At the time UTMG policy was Blackberry only. New CEO had Android phone. We implemented Airwatch along with access. Migrate Remaining Users Remaining users were migrated in Groups based on department and size of mailbox/archive. Providers were migrated last as many were using UT systems.

30 30

31 Benefit: Focus on Business, by Easing Administration

32 Who will use it? User Case Studies Demo s and Testing Focus Group Meetings Security Testing User Profiling

33 It was very important that we capture each job role in the company prior to configuring the first device. Michael Ryan Executive IT Director UT Medical Group, Inc.

34 35

35 Enhance Productivity Have live/recorded education sessions for up to 250 simultaneous users Connect with mobile clinicians and staff Store to SharePoint Online corporate training site or to user s OneDrive for Business

36 Improve Collaboration Share business files selectively and securely with colleagues, patients, and external business partners Unlimited dedicated space per employee, plus backups As of Today, UTMG is testing security and defining what type of content will be allowed.

37 Licenses? Software Assurance Which Service is Right for You?

38 A Must In Healthcare

39 40

40 Q&A?

41 Carlo MacDonald/President Exigo Technology Services, LLC Mohamed Ayad MD, MBA, MSIS Sr. Industry Specialist Microsoft Health & Life Sciences