When It's Time To Fire A Customer

What?  Isn't that backwards?  Isn't it the customer that usually does the firing?

Usually, as business people, we work so hard to find and cultivate new clients that we hang onto those relationships with all of our might.  Sometimes though, it's important to recognize that not all client relationships turn out to be good for our business and sometimes they can grow downright toxic.

There is a philosophy in business circles these days that subscribes to the theory that every business should "fire" the bottom 10% of their client base each year. The theory is that you should cull your weakest clients and replace them with stronger, more beneficial relationships. I'm not sure I totally agree with that philosophy completely but I do know that there are some occasions when it's better to rid yourself of burdensome clients.

We just went through a situation where it was just better for us to tell a client to take his business elsewhere.  Over 25 years we've fired maybe 5 customers.  Sometimes it is really easy.  Sometimes it's not.  This one was a bit painful but in the end was best for our business.

What are the signs that you should fire a client?

• When you cringe when you find out that a particular client is waiting on-hold.
• When your staff starts drawing straws to determine who has to visit that client.
• The only time they pay their bill is when they have another emergency they want solved.
• When they consistently blame their mistakes on your staff.
• When they consistently ignore your advice and still blame you when what you told them what would go wrong does.

It's never easy to fire a client, but sometimes it works out better to just say "Life's too short and you're just not worth the grief."  Maybe for some you say it under your breath but sometimes it needs to be said out loud.

Read More

Using the Cloud? Have you got a backup Internet connection?

As organizations become more dependent on their Internet connection for business continuity, the importance of a second "fail-over" connection must be considered.  Loss of access to Cloud applications, e-mails, instant messaging and Internet resources can cripple a business if their primary Internet provider interrupts their service.

What do you do if your Internet line fails for whatever reason?  My company, ACT Network Solutions, supports Senior Living Centers, medical facilities and other organizations that are now taking advantage of services provided in the cloud.  In the "good old days" of on-site server-based programs, services could continue, albeit with some inconvenience. Maybe e-mail stopped flowing for a little while and that was tolerable (hopefully).  Now, critical services such as treatment plans, charting and medication records are frequently in the cloud.  How do you handle immediate issues when you've put your data out of the physical reach of your staff.

It's time to start thinking long and hard about a second Internet connection to take over if your primary line drops off-line. 

The second line is referred to as a "fail-over" line because it can take over if the primary line fails.  It keeps your access to your critical operational data up and running now matter what.  Properly configured, the fail-over line or "shadow line" just assumes the flow of traffic without any loss of productivity. 

Your second line doesn't even necessarily have to be as fast as your primary circuit because, after all, it's only used in emergencies. It should be able to keep you and your cloud connections going until service to your primary connection is restored.   BUT . . . it must be able to handle your processes in a reasonably timely fashion.

Never trust both lines to the same vendor or the same media either.   If you're using a cable Internet provider for your primary Internet line, consider a provider using a different media for the second line.  For example, one of our senior living centers uses a cable provider for their primary broadband connection and a slower AT&T service for their backup.

This type of connection issue is often overlooked in organizational Disaster Planning maybe because it's such a simple thing.  Maybe you're so focused on "major" disasters that we overlook "the little ones".  It's the less obvious things that can get us into trouble more often than we'd like to admit.

For those of you who are thinking to yourself  "Aw, that will never cause US a problem!  Our line is up 99% of the time.  We can live with a little downtime."  Really?  If your organization rules a 24 hour operations, 99% means you're off-line over 3.6 days per year.  Can you really live with that?

Jeff Hoffman is president of ACT Network Solutions, for more information on how to protect your business from IT network interruptions or business continuity issues call ACT at (847) 639-7000 or e-mail jhoffman@actnetworks.com.

Read More

HIPAA Omnibus Rule Compliance Deadline is Near. Are you ready?

The Omnibus Final Rule (Omnibus Rule) was released on January 17, 2013.   HIPAA covered entities and business associates are required to be fully compliant with the Omnibus Rule by September 23, 2013.  Are you ready?

In order to comply with the Omnibus Rule, organizations must update their internal privacy policies to reflect the changes to the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.  Here is a quick summary of those changes:

Release of Decedents’ PHI.

Under the Omnibus Rule, the definition of “protected health information” now expressly excludes the health information of a person who has been deceased for more than 50 years. In addition, the Omnibus Rule provides that providers may disclose the PHI of a deceased person to such person’s family members, relatives or other individuals indicated by the deceased, who were involved either in the deceased’s care or the payment of care. Providers may disclose only PHI that is relevant to the family member, relative, or friend’s involvement in the deceased’s care. PHI cannot be disclosed if the deceased person expressed a prior preference for it not to be disclosed.

Patient rights to limit disclosures. Under the Omnibus Rule, your organization must comply with a patient’s request that PHI regarding a specific health care item or service not be disclosed to a health plan for purposes of payment or health care operations if the patient paid out-of-pocket, in full, for that item or service.

Providing electronic copies of medical records.  Providers must comply with a patient’s request for an electronic copy of his or her PHI if the records are maintained in an electronic format and are readily producible in the requested format.

Changes The Breach Notification Standards.   

The Omnibus Rule changed the standard for determining whether a breach of unsecured PHI has occurred, and what steps the provider must follow.  In essence, your internal policies must reflect how you will respond to a potential breach and must be spelled out more completely and the requirements are now tighter. Once the new standards are reflected into your policies, you should no longer use your previous breach standard, even for breaches that occured prior to the Omnibus Rule’s compliance deadline.

Marketing and sale of PHI.

Under the Omnibus Rule, the marketing or sale of products based upon patient PHI is generally prohibited. Generally these prohibitions don’t apply if your organization has received valid authorization from the patient.  Organizations must also ensure that any definitions of “marketing” and “sale of PHI” in their policies complies with the revised definitions and standards under the Omnibus Rule.

HHS has posted on its website the audit protocol derived from the recently completed audit pilot program. The audit protocol provides a helpful list of the items that an auditor will review when assessing whether a covered entity is in compliance with HIPAA.

After the policies are finalized, your organization should formally adopt and approve the policies in accordance with any procedural requirements in your governing documents or standard operating procedures.

Staff Training Requirements.

Any time your organization updates its privacy policies, workforce members should receive training on any new and revised policies. In particular, management and higher-level employees should be fully trained on the new breach standards.

Training is important component of compliance with HIPAA and the HITECH Act. Security training should be documented and maintained in your event training logs. Program details may be requested during an audit or investigation.

Changes to Notice of Privacy Practices.

The Omnibus Rule modifies and expands the content of the notice of privacy practices (NPP) that a provider is required to maintain and distribute to its patients.   A covered entity must:

• Make their NPP available to patients who request a copy on or after the effective date of any revisions.

• Must post the revised notice on its website, if applicable.

• Must post the notice in a prominent location on its premises.

• New patients who receive services for the first time after modification of an NPP should be provided with a copy of the revised NPP.

Also remember that covered entities should always retain copies of previous versions of their NPPs and of any written acknowledgements by patients of receipt of NPPs.

Changes to Business Associate Agreements.

There have been changes to the Business Associate Agreement (BAA) document requirements.  Omnibus has changed the definition of a “Business Associate” and now includes subcontractors of business associates that deal with PHI.  Covered entities are not required to enter into BAAs with downstream subcontractors. Rather, the business associate who contracts with the subcontractor must enter into a BAA with the subcontractor and you should require proof of compliance.

Are you unsure of your status on HIPAA Compliance?  Contact ACT for a FREE consultation and review of your readiness at (847) 639-7000 or by e-mail at support@act4networks.com

Read More

Computer Support Rates - When Cheap Really Isn't

What's in a labor rate?  Why are some IT companies more expensive than others?  Our company is neither the most expensive in our market nor the cheapest.  Some companies lead with a low price but then tend to take longer to finish tasks than others.  Comparing by hourly rates alone can be very misleading.

Recently we ran into an instance where we were asked to replace another IT support company charging much less than what we charge on an hourly basis.  The client had about 75 PCs and 4 servers along with the standard mix of peripherals that needed support.  Based upon our experience with similar organizations of that size in that industry I provided an estimate for the number of hours we'd need to support them annually.  My estimate was met with stunned silence in the meeting until finally the client admitted that the old support company was billing them for 5 times that number of hours.  Our hourly rate was going to be higher what the old guys charged but we were still going to save the client thousands of dollars per year.

Rates don't mean as much as many people think.  It's the bottom line that matters.  What's cheaper?  A $75/hour tech that takes 3 hours to perform a job or a $100/hour tech that does it in 1 hour?  Some IT companies have a reputation for taking too long and billing for every minute no matter how long it takes.  For over 25 years, we've had a "Fair and Reasonable Promise" for our clients.  We tell you how long a job will take before we start and we stick to our estimate.  You shouldn't have to pay a premium because a tech is having a bad day and takes longer than expected.

How can you avoid the rate disparity debate?  Define what you want done thoroughly and ask for a fixed price (also called a Flat Fee job).  That should even out the playing field for vendors with different rates.  After all, isn't that what you really care about?  The Bottom Line, right?

Read More