To get a general idea of what you can expect to spend on IT in 2015, analyze your expenses for 2014. Understand that this is just an estimate, and likely a rough one at that. As with the other areas of your budget, IT expenses are rarely consistent each year, and may even be significantly different from one year to the next depending upon whether your practice undergoes any substantial changes.
Here are eight areas of focus when putting together your IT budget.
1. HIPAA compliance
2014 was a year of significant HIPAA developments. There were several high-profile data breaches, both in healthcare settings and businesses in other sectors (e.g., Home Depot, Sony). An individual healthcare record is now worth more on the black market than a U.S.-based credit card and personal identity with social security number combined, according to Dell SecureWorks, making healthcare data even more appealing to hackers. In April, Microsoft ceased providing automatic fixes, updates or online technical assistance for Windows XP and Office 2003, leaving them both vulnerable to security issues. It's now been more than a year since the HIPAA Omnibus Final Rule went into effect.
Regulators are more aggressively pursuing audits. It is critical for providers to conduct at least annual HIPAA and HITECH security risk analysis and remediation to help ensure protected health information (PHI) is secure. Practices should budget for this accordingly.
2. Windows 2003
As with Windows XP and Office 2003 in 2014, Microsoft is ending support of Windows Server 2003 on July 14, 2015. As of that date, Windows 2003 will be considered vulnerable to security issues, and a practice using it for anything involving PHI will be technically out of compliance with HIPAA.
Practices need to identify whether they have machines using this operating system, and then determine which machines have hardware capable of running a newer operating system and which do not. For those that can, practices should budget for a license upgrade plus the fee to configure the computer for its use. For any machines that cannot, they will have to either be replaced or have their technology inside upgraded.
3. Disaster recovery and business continuity
Practices rely heavily on technology to power their operations. So when an IT disaster occurs, which can be at any time, it can very easily have a substantial, negative impact on finances and operations. Your practice will likely experience at least a small IT disaster every few years, but nearly one in five businesses suffers a major disruption to its data or voice networks or communications systems every year.
It is critical that practices have a comprehensive, HIPAA-compliant IT disaster recovery and business continuity plan. Such a plan should detail not only the steps a practice will take to recover from any type of IT disaster, but also how to maintain business continuity during and after a disaster to help limit the short- and long-term effects.
If you do not already have such a plan in place, it is important to invest in its development — and complete development as soon as possible. If your practice has a plan, it should be tested in 2015, so budget for this accordingly. If there are changes made to IT systems next year that will affect the plan, it will need to be updated and should be retested in order to help ensure a seamless business continuity strategy in the case of catastrophic event.
4. Plans for growth
If you have plans to grow your practice next year, you'll want to take into consideration the IT costs associated with the changes. Moving into a larger building or adding locations? Expect a significant investment in IT. Even just adding physicians or new staff can incur IT-related expenses that quickly add up, as you will need to take into consideration new computers and workstations, software licenses, and telecommunications (voice and data services).
5. New systems
If 2015 will be the year when you take the plunge and add an EHR or another significant electronic system to your operation, it's important to determine not only how much the system itself will cost but also associated costs, including installation, hardware needed to run the system, licenses for users, and training. Always give your IT point person plenty of notice if you intend to invest in a new system to allow ample time for research and planning.
6. Software maintenance
Some of the software your practice may use, including an EHR and practice management software, have maintenance costs associated with them. Maintenance for these mission-critical solutions typically run between 17 percent and 23 percent of the original licensing cost for the software; not pocket change if a system costs $100,000.
Ask these system vendors if any significant upgrades are planned for 2015. If so, you need to determine whether your existing hardware can support such upgrades.
7. Contract renewals
It's likely that at least one of your IT-related contracts will be up for renewal in 2015. Such contracts can include IT managed services agreement, telecommunications, and phone system. Use the end of this year as an opportunity to review all of your contracts and note those up for renewal next year. Try to determine well in advance whether you need to make a change to the contract (such as number of computers and users accessing a service) or intend to change service providers, and how such a change will affect the rate you pay for these services. It's a good time to research options to see if there are worthwhile alternatives available, and whether you can leverage other options as part of contract negotiations.
As with contracts, it's likely that some of the warranties on your practice's major IT equipment, such as servers, switches, and firewalls, will expire in 2015. You should determine whether this will be the case for your practice, both for initial and renewed warranties, and determine whether it's worthwhile to renew the warranty, if you have the option. Take into consideration the age of the equipment, and whether you're better off simply replacing the equipment.