The common mentality of IT in small to medium healthcare organizations is “if it ain’t broke, don’t fix it,” which can cause serious problems down the road. This way of thinking could be harmful but it’s doesn’t stem from bad intentions.
Small to medium healthcare organizations are often confronted with tight budgets making adopting new tools difficult. Many IT upgrade solutions will give these healthcare organizations a higher ROI over time, but fronting the cost to implement them can be a tough pill to swallow.
HIPAA compliance also contributes to this mentality. Healthcare organizations know that their current IT systems are already compliant and replacing them requires certification that takes time and resources.
Changing health IT systems may also take a toll on staff. Many advanced IT solutions, like cloud or virtualization, function very differently than what the staff may be used to working with. This may require additional training for their staff or having to hire new staff with specific skillsets to manage and monitor new systems. IT experts in the healthcare space can be expensive to hire because they are in high demand. This added expense can be hard to justify especially when there isn’t anything technically wrong with the current system.
While the above viewpoints may make a compelling enough reason to leave outdated systems in place, they can cause very serious security vulnerabilities. Taking the “wait and see” approach until a system is broken before fixing it puts your patient data at risk. This reactive approach compromises data, interrupts workflow, and is potentially avoidable.
Small and medium healthcare organizations should take a proactive approach rather than wait for something to go wrong. When staff are unable to do their jobs because an outdated system failed, it hurts the healthcare organization as a business and can potentially harm patients.
Outdated systems are not restricted only to hardware. Outdated and unpatched software can cause just as much or even more damage because it tends to have a wider reach across the organization. The recent WannaCry ransomware attack is a perfect example of a breach that affected healthcare organizations. The WannaCry ransomware attack exploited vulnerabilities in outdated health IT infrastructure systems, infiltrating networks around the world practically bringing hospitals and healthcare organizations to their knees.
Let’s face it, change is hard to do. Having to change applications, upgrade software, and upgrade systems takes time and effort.
The problem is that small and medium healthcare organizations try eat the entire cake instead of breaking it down into smaller slices that are easier to digest. IT systems do not have to be upgrade in a single swoop and should be planned in smaller upgrade projects that can be easily implemented.
Healthcare organizations that don’t upgrade their outdated IT system on a periodic basis and wait until the last minute to move on to more advanced systems can be their own worst enemy. For example, if a healthcare organization moving to a new picture archiving and communication system (PACS) did not perform the proper maintenance and patches through the lifecycle of their outdated PACS, can end up breaking the system when they finally do go to upgrade.
Small and medium healthcare organizations owe it to their staff and patients to try and provide the best patient care possible using the best IT tools possible. Coming up with a plan to replace outdated systems with more modern ones will allow small and medium healthcare organizations to become more efficient and offer a better clinician and patient experience.