office 365 in healthcare - cloud transformation technology ... · office 365 in healthcare mohamed...
TRANSCRIPT
Office 365 in
Healthcare
Mohamed Ayad, MD, MBA, MSIS
Sr. Industry Specialist
Microsoft Health & Life Sciences
Carlo MacDonald
Former Interim CIO UT Medical Group
President Exigo Technology Services
Our Speaker In June 2013, UT Medical Group brought in Carlo MacDonald, President of Motion MSP™/Exigo as Interim CIO to lead IT transformation.
• Motion MSP™/Exigo is a 23 Year Old Microsoft Partner specializing in Managed Services to healthcare providers with emphasis on MS Solutions. Services include Cloud Services, Managed Security, Managed Backup, and Help Desk.
• 150 Employees, corporate offices in Jackson, and satellite offices in NY, Atlanta, Baltimore, New Orleans, and Denver.
Introducing: Office 365
Access documents, email, calendar, and contacts from a wide range of web browsers or with Office applications optimized for your PC, Mac, Windows tablet, or smartphone.
Office for iPad, March 2014.
Per user license can be used on up to 5 devices AND 5 tablets.
Journey to The Cloud
UT Medical Group, Inc.
Ambulatory Teaching Practice
Memphis, TN
“This company and it’s employees have gone
through major changes affecting all aspects
of our business. Our IT had to be able to
accommodate those rapid changes.”
Michael Ryan
Executive IT Director, UTMG
Business Situation
Memphis Ambulatory Clinic supporting Methodist and Regional One Hospitals. UTMG Provides teaching services to UT Medical Students. 300 providers covering various types of practices. In 2012, decision made to move 2/3rd of the providers to Hospital partners and provide a “CBO” Central Business Office” billing for hospital and UTMG.
UTMG needed to split the company into two organizations, one for billing and one for clinical operations.
Exigo was asked to “Rightsize” the IT staffing and costs which in 2012 consisted of 40+ employees and a $10 million budget. All to be completed by October 2014 and to split IT environments into two self contained organizations.
In addition to the changes above, UTMG had to implement 3 new EMR’s to meet M/U deadlines and upgrade GE IDX to GE Centricity.
Old Environment (in 2012)
• Mixture of Virtual and Physical Servers• NETAPP Storage• GE IDX and Allscripts• Windows 2003 and SQL 2005 Servers• XP on All Desktops• Office 2007• 10meg Email attachment• 2 week active emails before archived• Proof Point DLP and Email Filtering• Voltage Secure Email Server• Symantec eVault Archiving (Terabytes of storage)• Microsoft Communicator Server for IM• No Mobile access to Email• No Web Access to Email• No Forwarding Allowed for providers who use UT
Email address.• Access to information only allowed through Citrix
XenAPP. • Some Sharepoint 2010
“We needed to improve our communications
among our providers and staff. Due the
complexity of our systems, most providers
just opted to not use it.”
Dr. Robert Canada
UTMG CMO
Our Goals• Cut IT Costs
• Improve IT Systems
• Do More with Less. Automate!
• Improve Disaster Recovery
• Improve Communication in
Clinics
• Better Collaboration
• Ensure Compliance, without
restricting work flow
• Easy Expansion or Downsizing
Is the Value there?
On Premise vs Cloud Costs?
What is the Value Proposition?
Where are the cost savings?
New Economics
Pay for what you use - healthcare organizations often work within tight budgets - select the cloud offerings you need now and pay for subscription-based access
Lower TCO over time
13
On Premise Exchange 2013 vs Office 365
1200 User Comparison On Premise In Cloud
New Yearly Fees
New Yearly
Fees
MS Licenses (Servers & PCs) $415,000 $429,000Quote
Secured Email (Voltage) $4,200 $0
Email Archiving (Enterprise Vault) $27,480 $0
Blackberry Server/Licenses $2,292 $0
PHI Scanning (Proof Point) $16,608 $0
$225,080<----Savings first year
Hard Costs Per Year $465,580 $429,000 $327,240<---3 Year cost savings!
Server Cost Estimates (4 Servers)
New Hardware Equipment $67,000 $0
Yearly Management Costs $9,000 $0
Power consumption/Bandwidth $3,000 $0
Backup Costs $2,500 $0
Installation (MS Consultant) $50,000 $50,000
Microsoft Service Promo Credit $0 -$30,000
Reclaimed Storage Going To Cloud $0 -$77,000
New Mail Server/Mobile Access $131,500 -$57,000
*software included with MS Licenses
Total First Year Costs $597,080 $372,000
Security
Value Proposition Mailbox size 10MB to 50GB, 25MB attachments
Unlimited archiving went from a separate cost to included with E3
Lync mobile clients for iOS, Android, Windows Phone, Windows 8
Remove Blackberry system.
Office 365 Message Encryption added at no cost to E3 plan
Multi-Factor Authentication added to all plans at no additional cost
Office for iPad, Enhanced Office 2013 features
Reduce our On Premise Sharepoint footprint, improve our portal
Benefit: Help Avoid IT Costs
Security Reviews
BAA and HIPAA Reviews
18
Email communications are permitted, but you must
take precautions
The Privacy Rule allows covered health care providers to communicate
electronically, such as through e-mail, with their patients, provided they
apply reasonable safeguards when doing so. See 45 C.F.R. § 164.530(c)
Providers must take steps to protect the integrity of
information and protect information shared over open
networks
The Security Rule does not expressly prohibit the use of email for sending
e-PHI. However, the standards for access control (45 CFR § 164.312(a)),
integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR §
164.312(e)(1)) require covered entities to implement policies and
procedures to restrict access to, protect the integrity of, and guard against
unauthorized access to e-PHI.
A covered entity must implement procedures to verify that a person or
entity seeking access to ePHI is the one claimed. (45 CFR § 164.312 (d))
provides Health IT the tools to
enable HIPAA compliance for email
Enable Person
Authentication
• Providing an extra layer of
authentication, in addition
to a user’s account
credentials, to secure
access
• Verify person seeking
access to PHI is the one
claimed
Securing
Integrity of
Communications
• Deliver confidential
business and patient
communications
• Allows users to send
encrypted email easily
• Recipients receive email in
their own Inbox, not in a
separate web-based portal
Avoid
Compliance
Loopholes
• Ensure adherence for non-
compliant, new to
organization, and mis-
classified users
• Enforce policies via
hold, block, audit, encrypt,
and Policy Tip notifications
• Familiar rule and policy
process for an integrated
compliance experience
Your Email
Protected• Keeps traffic off your
network. Replaced Proof
Point on premise.
• Quarantines and works in
conjunction with outlook
spam filtering.
• Custom Rules, although we
have only used white listing
of domains at UTMG.
• We Find Microsoft’s
responsiveness to a virus
outbreak to be fairly quick.
Journal ALL
email for
forensics. • No checkbox on user
settings to place all emails
on legal hold.
• Read difference between
Archiving and Legal Hold.
• You have to manually turn
this on via Power shell!
• eDiscovery works well!
HIPAA Physical, Technical and Administrative safeguards
have been implemented since Dec 2011 to support
Microsoft’s role as Business Associate
Microsoft offers a HIPAA Business Associate Agreement
that covers all Office 365 services
Created collaboratively with academic medical centers,
government agencies, providers, and health plans to
help ensure broad acceptance
In it’s sixth revision, to accommodate regulatory
changes, customer needs, improved internal processes
Over 10M users covered by the BAA to date
Implemented Breach Notification as required by HITECH
Any breach that Microsoft learns of, regardless of
cause, is reportable to the covered entity
Without unreasonable delay, but no later than 30 days
(half the time allowed by the law)
Contractually, Office 365 customer data belongs to the
customer
No scanning of email or documents to build analytics or
mine data
No advertising products derived out of customer data
No secondary use of customer data
At termination of the service, customer data is returned
and expunged from all backups within a defined
timeframe.
Full transparency to where customer data is stored, who
has access to it, and when it is accessed
How do we get this deployed?
What are our deployment costs?
Who is going to support this?
How much is support?
28
Pilot Program (50 Users)Optimize a move to the cloud with the flexibility of
staged deployments or hybrid scenarios
Upgraded XP and Office – Once the Hybrid Exchange
environment was installed, we upgraded XP and Office for
a few users in each department. Various degrees of usage.
Migrated Email – Moved their boxes to cloud. This broke
the current archive solution so we had to also migrate all
their current archives. Some archives were 25 gigs in size.
Mobile Applications – At the time UTMG policy was
Blackberry only. New CEO had Android phone. We
implemented Airwatch along with email access.
Migrate Remaining UsersRemaining users were migrated in Groups based on
department and size of mailbox/archive. Providers were
migrated last as many were using UT email systems.
30
Benefit: Focus on Business, by Easing Administration
Demo’s and Testing
Focus Group Meetings
Security Testing
User Profiling
Who will use it?User Case Studies
“It was very important that we capture each
job role in the company prior to configuring
the first device.
Michael Ryan
Executive IT Director
UT Medical Group, Inc.
35
Enhance
Productivity
• Have live/recorded
education sessions for up
to 250 simultaneous
users
• Connect with mobile
clinicians and staff
• Store to SharePoint
Online corporate training
site or to user’s OneDrive
for Business
Improve
Collaboration
• Share business files
selectively and securely
with colleagues, patients,
and external business
partners
• Unlimited dedicated
space per employee, plus
backups
• As of Today, UTMG is
testing security and
defining what type of
content will be allowed.
Software Assurance
Which Service is Right for You?
Licenses?
A Must In
Healthcare
40
Q&A
?
Carlo MacDonald/President
Exigo Technology Services, LLC
Mohamed Ayad
MD, MBA, MSIS
Sr. Industry Specialist
Microsoft Health & Life
Sciences