Howto implement a computer network at a doctors office

[paki1]

Desired result:

The project is to computerize a family doctors clinic. We need a total of 5 computers which a network printer/ scanner and router.

Initially we want to be able to schedule appointments on a calendar using these computers and eventually switch to compouterized billing too. This billing will be through some online warehouse service like the ones from web MD.

==========

Can i please get suggestions on what I should keep in mind before buying the hardware. any comments/ suggestions are welcome..

is there any other forum here on tek tips where i would get a better answer to this.

If anyone has had experience implementing a similar solution please post some suggestions..

Does anyone know of any popular software for scheduling or billing used at doctors offices these days

thanx

 

[vacunita]

For the first part of your question:

Considerations to be made:

Wired or Wireless Network?

Router: For Wired installation: one that has enough ports to accommodate the number of PC's to be networked. and It's always a good idea to have extra ports should the need arise to add more PC's to the network

For Wireless installation obviously a wireless router that can accomodate the PC's.

Printer: A Printer that has networking capabilites, and or a Printserverbox (small box that allows printer to be plugged to the network) or a Dedicated Pc that will share the printer on the network with the rest of the Pc's.

Scanner most definetly a dedicated Pc to serve as Scanning server of sorts.

As for the software part maybe someone else here has some ideas.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[rvnguy]

paki1,

All small network solutions are similar right up to the point where they are not. I have setup many but never for a doctors office.

For under 10 users using XP Pro in P2P would be sufficient for central data store and speed that would be required for a small office. I favor a seperate box dubbed as the "server" running with XP Pro. What you don't get with this is the other services that a MS network package has like mail, scheduling an the like. Scheduling is the one that you need as mail in a small office is overkill. All of this comes at a cost and then there is setup & maintenance.

As there are some privacy issues with patient information you should include what is required/good practice to protect this information.

There are devices kinda like the palm's but specific to the medical profession they have seen first use in hospitals for patient data & can be downloaded & sync'd to the info DB. This would depend upon how techie the Doc's are. Would save transcription duties. As most services are now by code for insurance purposes this has been standardized for most GP functions. A real big waste if the Doc's are not into using them.

As there are many things that you can do for office automation and suppliers of med specific packages, I would do a bit of home work list pros cons against a list of desired features(you must first know what things you want to end up with a system that meets your needs). Try to get the list down to 3 +/- and have these companies do a demo.

As for other standard office functions you can look at the "Open Source' community as they have good apps that are free or close to it.

This sounds like fun....Good Luck & let us know

rvnguy
"I know everything..I just can't remember it all

 

[edfair]

Have been involved with 8 to 10 in hardware support and default administration using Unix based servers and terminal/PC as workstations.
Will make a strong suggestion that you not consider any hardware until you get your requirements set and possibly a software supplier lined up. It is almost a certainty that no matter what you have you'll need to replace it on the first software change.
You'll have patient privacy issues and HCFA issues and medicare issues and all sorts of insurance company issues unless you go with a software supplier that has worked all these out.
The software package I was most familiar with was MDX, can't remember the company, but they were replaced by another about the end of my support time.
You also need to look beyond a software supplier to see what support you can get. Major software writers sell thru smaller support companies, who are responsible for the actual support. You will want to check for the level of support you will likely need and how good it is with their existing customers.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

 

[gbaughma]

My advice:

If you're having to ask, you're not ready to take on the networking of a doctor's office.

It would be one thing if you were doing a business who's data wasn't confidential, and covered by HIPAA.

Do you have errors and omissions insurance? Is the doctor willing to sign a document stating that you won't be held responsible if someone hacks their system? *ESPECIALLY* if you're even considering a wireless solution?

Are you planning on monitoring and intrusion detection? How are you going to GUARANTEE that the highly-confidential data is kept secure on the Internet, especially if you're using online billing? Have you looked into backup and redundancy solutions?

OK, I'm not trying to bust your chops, far from it. However, considering I work in the health care industry, and consult in the banking industry (GLBA for banks is like HIPAA for health care), it's considerably more tothink about than just "make it work".



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[smah]

In addition to the privacy / regulatory issues that have been mentioned, there's a very important system that hasn't been mentioned yet - backup!

 

[CorBlimeyLimey]

Best bet for the software is to ask other medical offices what they use or recommend.

See also

http://www.ctsguides.com/medical-doctors-office-software.asp

[Cheers]

 

[kmcferrin]

Speaking as someone who has designed and implemented for several hospitals, I can second the notion that the most important decision is what software you are going to use. Get demos and see presentations from several vendors, then pick the one that best fits your needs. Once you have that established you can begin looking into hardware specs and network design. For example, you may end up with a Windows-based solution that runs on Windows workstations, or you may end up with a *nix-based system where everybody has a dumb terminal instead of a PC. The biggest mistake that most people make when setting up their business is to pick a platform and then decide what apps they can run on it. The best choice is to pick the apps that you want, and then choose a platform that accommodates them.

HIPAA (if you are in the US) makes security a priority, and most small businesses do not spend much time/effort on security. With that in mind, you should consider systems that allow you to keep the network simple, yet functional, and that is easier to secure. Wireless networking can be problematic and expensive to properly secure, so I would steer clear of them for now.

Handheld and tablet PCs are neat, but they usually require wireless functionality, and not all medical office applications use them.

What are your major office functions that stand to benefit from automation? I would guess scheduling, billing, accounting, transcription, and record keeping. Most of those are the same functions that have been solved millions of times before by other businesses, so don't try to reinvent the wheel.

 

[rvnguy]

kmcferrin,

Excellent post!!

These are all the same things(guidlines) for any office.

As I tried to point out, layout what you want to do then see what fits the need.

not doing this being the biggest mistake most make as you pointed out.

rvnguy
"I know everything..I just can't remember it all

 

[Rick998]

I suggest you and the clinic also need to carry out a comprehensive risk assessment along the lines of 'What guaranteed uptime is required? What are the implications if the server or one (or more) of the workstations is unavailable or fails?'.

The answers to these will determine whether an 'ordinary' PC is used as a 'server' or whether a 'proper' server (with redundant power supplies, RAID array of [hot-swappable?] hard disks, UPS, tape backup, etc.) is required.

The risk assessment will also need to include security, both physical (e.g. theft) and data (i.e. either stored deliberately or accidentally, e.g. 'temporary' files containing confidential patient data).

Another thing to consider is Service Level Agreements. If there are any problems with the 'system', how soon will the clinic require a response... and more importantly, a resolution (1 hour? 4? 8? 24?). Who will provide the response and what involvement will they have (documented procedures, carry stock of replacement hardware, etc.)? How will the clinic survive during downtime of the 'system'. What, if any, penalties are agreed in the case of a breach of any SLA's.

Last, I suggest you also agree a 'Disposal of redundant equipment' policy so issues like secure wiping or destruction of replacement hard disk is carried out in accordance with any Data Protection laws relevant to the profession or government (local or central).

Hope this helps...

 

[ceh4702]

Security, Backup. If you can get a product that runs off of a central server that might be nice. It is easier to backup if it is a server based scheduling and billing system. That way the workstations dont have to be bulky or powerful.

You have to consider where the equipment will go. Will it be wall mounted or what?

Spit into this cup not the monitor.

If you do not like my post feel free to point out your opinion or my errors.

 

[gbaughma]

Well, I inferred from the original post the following:

1) It was a small clinic; if it was a large clinic, they'd have an IT person already. Perhaps a new doctor, or one that hadn't networked as of yet.

2) That the original poster didn't have a lot of network experience, and had even less dealings with HIPAA and so forth.

I deal with HIPAA regulations every day, and GLBA regularly as well. HIPAA doesn't care HOW you network, as long as it's secure, and the protected information is secured.

I write a security report for a bank every year. I have to document any changes to the network, especially if it means communicating with the outside world. I not only have to understand myself exactly what every piece of software is doing (for example, the Internet Banking section), but I also have to get the *board* to understand it. The FDIC examiners won't settle with "Yeah, Greg says it's secure, we don't really know how it works, but he says it's OK." They have to actually understand (in general terms) themselves.

Let's look at it this way. Suppose that you installed a network at a clinic (as is being discussed). You dropped in a cable modem or DSL so they'd have e-mail and such. Through user carelessness or whatever someone was able to drop a back-door into one of the machines.

Next thing you know, a patient is calling the clinic, because they have AIDS, and now that information, along with *EVERY OTHER PATIENT'S* protected information is posted on a news group on the Internet.

Guess who's responsible? The patient? Nope. The clinic? Well, they'll probably have the pants sued off of them and go out of business. And then, guess who they're coming after? Yup. The person who installed the network, who didn't make sure that it was HIPAA compliant, had intrusion detection and proper anti-virus protection.

Oh, sorry, you didn't have Errors and Omissions Insurance? You're *personally* sued.

Sooooooooo.... let's put this into perspective.

1) The patients who's information got posted - well, their lives are shot. They can't get a job, because now everyone knows they have AIDS.

2) The clinic. They got sued for hundreds of thousands of dollars by each patient who's information was compromised. If they're lucky, it will end up as a class-action suit instead for a few million, instead of having to answer x-number of suits individually. Either way, they're out of business. Even if their insurance covers the damages, their reputation is ruined, and the insurance will probably drop them anyway. The doctor himself may even lose his license.

3) YOU. Do you really think the clinic isn't going to drag you into this? YOU allowed all those lives to be ruined, through neglegence and not understanding the regulations governing health care industry. If you survive the lawsuit, your reputation is also ruined, and you'll be lucky if someone hires you to set up their new computer from now on.

Well, that's enough ranting from me for now. I understand the excitement about getting a "regular gig", especially if you're just trying to break into the business and make a name for yourself. But here's another thought for you. When one of the banks I consult for first wanted to set up their Internet Banking, they asked if I could do it for them. Now, I've got 20+ years of computer experience, and yes, I probably could have gotten it all working. But I decided not to. I suggested the bank outsource it to a company that did it as a business. Why? Because I couldn't absolutely guarantee that the information would ONLY be shown to the eyes of the account holder. I couldn't guarantee that the privacy of the customers would be upheld. And even though I figured I probably *could* do a pretty good job at securing all of that, I wasn't ready to literally bet everything I owned on it.



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[Rick998]

Greg,

Very good post that gives food for thought. Unfortunately the original poster doesn't appear to be covering the thread.

Rick

 

[edfair]

I made an assumption at the beginning that medical records were not part of the equation. That would be a risk I would suggest that new network people avoid.

Pretty good assessment of the risks.

Ed Fair
Give the wrong symptoms, get the wrong solutions.

 

[UnlimCompSol]

Great information!!! Greg that was awsome!!! I am thinking very hard about starting my own computer business dealing with small business networking and you hit a lot of little things that are always overlooked. One thing that I didnt know about was the error and omission insurance. That is one thing I am going to look into ASAP.


Malik

http://www.unlimitedcomputersolutions.com

where your problems are our solutions!!

 

[gbaughma]

It's stuff that has to be thought about, no doubt. I deal with it day in and day out. Thanks for the kind comments tho.


Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[paki1]

thank u all.. the project went on sort of a back burner as something else came up but Im back now and i appreciate all the help. Will post an update in about a week or two with how I am going about setting up the network

thanx all