Q&A With Medicus IT's Steve Losefsky
The COVID-19 pandemic has forced many healthcare providers to embrace usage of a remote workforce to complete tasks that do not require on-site, face-to-face interactions to comply with social distancing guidelines and better ensure patient and staff safety. In his work as president and chief executive officer of Medicus IT, Steve Losefsky worked with many such providers to successfully make this transition. In these roles, Losefsky is responsible for the growth and day-to-day success of the company's leadership team as well as the driving of healthcare IT to help deliver upon the overall strategic direction and operational success of the company.
In this Q&A, Losefsky discusses the experience of healthcare providers that shifted some of their workforce to remote work, technologies that are critical to successfully achieving such a migration, and best practices providers should know about if they are going to continue to rely upon telecommuting.
Q: The pandemic forced many businesses, including healthcare providers, to consider using a remote workforce. How did you see practices, ambulatory surgery centers (ASCs), and other types of Medicus IT clients navigating these often uncharted waters?
Steve Losefsky: The initial weeks of the pandemic were extremely challenging for many organizations. Some of the more strategic and larger practices were well prepared as they had already realized the benefits of leveraging a remote workforce from a talent and cost-of-space perspective since clinical space is more expensive then general business space. Their IT infrastructure was already in place to support work-from-home users. In addition, many of those practices already had a telemedicine program in place.
On the other hand, we saw many practices struggle with getting remote workers up and running because they lacked the IT infrastructure and procedures for shifting their employees to home. In some cases, practices were forced to sacrifice security for the ability to work from home. Fortunately, from a regulatory perspective, the Office of Civil Rights temporarily relaxed its enforcement of HIPAA rules during the COVID-19 health crisis.
Q: What technologies have been critical for practices and ASCs that have successfully shifted some of their employees to remote work?
SL: There have been several. Most practices still rely very heavily on their phone systems. Having a system capable of supporting remote extensions was a serious challenge for those organizations that were unprepared.
Establishing appropriate remote access to a clinic's healthcare IT infrastructure has been critical to the successful supporting of a remote workforce. Security is paramount to patient care, considering the highly sensitive data stored in a healthcare practice's network.
Think of security in terms of a castle. From a data perspective, I want to secure all of the data that's inside the walls of the castle and force users to the castle to access and leverage that data. If the data is living in the castle, we can enforce appropriate security and data protection.
If a practice is using remote desktop or virtual desktop technologies, that means they can force end users into the castle to work, and there is no data ever leaving the castle. The only information traveling across the internet is screenshots and keystrokes. No data is being stored locally on an end user's device or home network.
Unless you intentionally take a "bring-your-own-device" approach to your remote IT infrastructure, you want remote workers to work off a company-owned device. We saw many clinics purchase and configure PCs and then have their users bring these devices home. This is a better option than allowing home users to access clinical networks on their PCs. Home PCs are typically not encrypted, have minimal security applications, and are used by multiple people.
We advise clients leveraging telecommuting to encourage their remote staff to use a virtual private network (VPN). This provides online privacy and anonymity through the creation of a private network from a public internet connection. VPNs also establish secure and encrypted connections that deliver enhanced privacy — even more than secure Wi-Fi.
Q: What are some of the best practices healthcare providers should follow if they want to embrace telecommuting employees?
SL: From a technology perspective, here are some worth following:
- Implement multifactor authentication (MFA). This is becoming more commonplace in our daily lives. Sometimes referred to as two-factor authentication, MFA is a security enhancement that requires you to provide two pieces of evidence when logging in to an account. This may be a password and then a numeric code sent to a phone or accessed via an authentication app.
- Encourage usage of a password vault to prevent your end users from using the same password for internal and external use.
- Require employees to have an appropriate workspace.
- Ensure home technology is adequate to support the work remote staff must complete. This includes internet speed.
- Identify what peripherals will be required for remote staff to complete their work and help them secure these peripherals, if necessary. Examples include a phone, camera/webcam, printer, and scanner.
- Leverage internal communication tools, such as Microsoft Teams, to support effective collaboration with other remote and in-office users.
- Establish appropriate technology usage policies for remote workers.
- Provide social engineering training.
- Establish appropriate key performance indicators to measure your remote workforce's productivity.
- Ensure tools are in place to allow end users to share their screens so managers can assist, as required.
- Set up your home users' phone systems to support call recording as well as the ability for managers to coach, monitor, and join calls.
As important as technology is to remote workforce success, success is not predicated solely on technology. You must consider the impact on your culture of moving to telecommuting.
Q: What are critical steps healthcare providers should take to address remote workforce challenges?
SL: First and foremost, it's important to work with an IT partner that understands the unique requirements of healthcare practices and ASCs from a clinical workflow and security requirements perspective. The right partner will ensure that the appropriate technologies and solutions are put in place to balance the workflow, security, and economics of an effective healthcare IT infrastructure.
Providing your remote workforce with corporate devices can alleviate a lot of concerns. Doing so will permit your IT partner to enforce device encryption and local security and audit policies, ensure antivirus and patch compliance, and push application updates as required. Corporate devices also better allow IT staff to remotely and securely access the device to provide any necessary support.
Q: What should providers do to assist telecommuting employees who are not IT savvy?
SL: Keep the experience as simple as possible. You can do so by having telecommuting users securely access a remote or virtual desktop. Strive to replicate as closely as possible the IT experience that staff are used to when they work in the office. As previously noted, provide home users with a corporate device for reliability and security. Finally, invest appropriately in the technology and WAN (internet connections) to better set up your employees for success in their new work environments.