Compliance with federal requirements is a challenge for medical professionals, as new laws, new technologies, and new ways of working continually call for new solutions. Excel Anesthesia, a 26-physician group, found a long-term solution for secure, compliant email in Microsoft Office 365. By choosing Microsoft, the practice also avoided 83 percent of the cost of an on-premises solution.
It can be difficult to meet federal privacy and security requirements for IT when your workforce isn’t just communicating over a protected local area network, but also wirelessly over mobile devices. And it can be even more difficult when your workforce is 100 percent mobile, 100 percent of the time. That’s the challenge that faced Excel Anesthesia and its Head of Compliance, Michael Walsh, M.D.
The company’s 26 anesthesiologists don’t work out of offices; they work in hospital operating rooms and other surgery and out-patient facilities, and travel constantly among those locations. They have to coordinate and update schedules, review patient files, and communicate and collaborate with colleagues, all on the fly. Combine the issues of mobility with those of compliance with HIPAA, the Affordable Care Act, and other regulations, and few healthcare providers face greater challenges than Excel Anesthesia.
For the past 18 months, Walsh has led a practice-wide effort to upgrade compliance procedures. Ensuring secure email—which often contains private health information (PHI)—has been a key focus. That means more than just securing email transmission; it also means securing email storage. Even when messages are transmitted securely—which can’t be assumed with free, public email—those messages remain only as secure as the PC or mobile device on which they then reside. With physicians often using their own computers and phones, standardization, let alone security, can be elusive. And the risk is immense; the cost of mishandling PHI can run into the millions of dollars.
Excel Anesthesia had no computer servers to support email, and it was reluctant to invest in the hardware and maintenance that an on-premises email system would require. While it wanted to keep costs low, it also wanted a solution that was highly reliable and available. Its practice had reached a critical size and was continuing to grow. It couldn’t wait any longer to address the email situation.
Fortunately, it didn’t have to. Its Microsoft Partner introduced the company to Microsoft Exchange Online, the email solution included in Microsoft Office 365. Office 365 for business provides virtually anywhere access to Office applications, enterprise-grade email, file sharing, conferencing, a public website, and more. Varying combinations of service are available through a series of subscription options.
“Given the crucial issues surrounding compliance, we asked our attorney—not just our techies—to evaluate Office 365,” says Walsh. “He told us that we couldn’t do better than to choose Microsoft: it stands behind its products and will likely be around to provide that support for many years.”
Most important from a compliance perspective, Microsoft signed a Business Associate Agreement (BAA) with Excel Anesthesia. That means that Microsoft—not Excel Anesthesia—takes on the risk stemming from compliance gaps in the technology.
The Microsoft Partner helped the company to deploy Office 365—along with encryption and passcodes—on the mobile devices that its physicians already used.
The practice introduced its physicians to Office 365 in phases, starting with Exchange Online, because email is such a common, essential function. Links in email messages provided introductions to SharePoint Online and Lync Online.
With guidance from their Microsoft Partner, the practice used SharePoint Online to roll out a robust compliance program with online policies that replace traditional, often inaccessible, hard-to-update “black binders” containing pages of regulations and policies.
Excel Anesthesia now has the secure, reliable, and cost-effective compliance solution it wants—with a new level of business agility as an added benefit.
Robust Compliance with 99.9 Percent Uptime
The company now tracks compliance tasks automatically and has a central, online location for collaboration among members of its compliance committee. And it spots and corrects chart deficiencies in half the time it used to take. “The Microsoft data centers behind Office 365 provide levels of security, fault tolerance, replication, and backup that we couldn’t afford on our own,” says Walsh. Microsoft also provides a financially backed service-level agreement with 99.9 percent availability. Security in the cloud with Exchange Online means that the practice has no on-premises servers to fail, to be stolen, or to be lost during office moves.
Subscription Avoids 83 Percent of First-Year On-Premises Costs
With Office 365, the practice pays a low subscription fee—US$8 per month per user—instead of buying and maintaining its own servers. That saved it 83 percent of the first-year costs for on-premises email. Excel Anesthesia pays only for what it needs, and can expand its subscriptions to support continued growth.
“Getting compliant email was our priority,” says Walsh. “We were concerned about cost but knew we had to spend what it took. With Office 365, we got compliant email and low cost. We didn’t expect that.”
Agility Supports Broader Collaboration
The practice used to choose only local vendors and professional services firms—people it could meet with frequently and on short notice. But some of the providers that it wanted to work with aren’t in Dallas—such as Anesthesia Compliance Consultants, located hundreds of miles away in Cincinnati, Ohio.
That firm was using Google Docs until Walsh and his colleagues showed them the Microsoft alternative. The consultants made the move to Office 365, and for many of the same reasons that convinced the practice. Excel Anesthesia is now the firm’s client, and the two hold web and video conferences several times each week, without any concern for the vast distance between them.