T buy-in and support is important when it comes to deploying healthcare policy management software. We thought it was important to address the question of how much IT involvement is really needed when deploying a healthcare policy management software. We have had several hospitals and large chains of hospitals hesitating whether the timing was right to roll out a policy management system because their current IT resources were tied up doing other longer term deployments. We have even lost contact with prospective customers that really needed a policy management solution but did not have clarity as to how much IT time was needed to get it off the ground. Some of those deployments include things like enterprise EMR roll-outs of EPIC or Cerner or perhaps the deployment of time and attendance software like Kronos.

1. HOW MUCH IT SUPPORT
IS NEEDED WHEN
DEPLOYING
HEALTHCARE POLICY
MANAGEMENT
SOFTWARE?

2.  IT buy-in and support is important when it comes to
deploying healthcare policy management software.
 We thought it was important to address the question
of how much IT involvement is really needed when
deploying a healthcare policy management software.
IT BUY-IN AND SUPPORT
policymedical.com

3.  Policy management software is usually not as
expensive as EPIC or Kronos but because of the
corporate visibility of policies and procedures this
hesitation is understandable and we wanted to share
with you in this presentation how much time is really
needed by your hospitals time strapped IT staff.
IT BUY-IN AND SUPPORT
policymedical.com

4.  Compared to an enterprise rollout the reality is there is very
little strain put on the IT team of a facility when setting up
policy management software.
 There are three main points which take up an IT specialists
time:
 Basic Security considerations.
 Setting up browser configurations (if needed) to handle any unique
plugins
 Creating a VPN tunnel for LDAP SSO
 (this is just techie speak for syncing your usernames and passwords with
the policy management system so your employees don’t have to
remember another password.
IT BUY-IN AND SUPPORT
policymedical.com

5.  The other big area that takes time out of an IT specialists
time is syncing your existing usernames and passwords that
you use everyday with the policy management software.
 This removes the task of having to set-up hundreds or
thousands of user accounts. Every leading policy management
vendor does this: configuring a VPN Tunnel for LDAP SSO
(Lightweight Directory Access Protocol, Single Sign-On).
 Setting up a VPN tunnel allows for a secure connection
between a policy management software’s SSO server and your
facilities LDAP server.
 Allowing users to utilize the same log-in that they use for their
networked computers, to log-in to the policy management software.
The creation of this secure VPN tunnel comes in five stages.
BROWSER CONFIGURATIONS
policymedical.com

6.  Step 1:
 Policy management vendor usually send two one page forms for your
IT team to complete.
 Step 2:
 Policy management vendor receives the completed forms & creates
the secure VPN tunnel.
 Step 3:
 Policy management vendor sends your IT team the configuration for
the secure tunnel.
 Step 4:
 Your IT team configures the secure tunnel to the specifications
provided.
 Step 5:
 Policy management vendor verifies the connection over the secure
tunnel to your LDAP server and configures the policy management
application to properly reflect your facilities’ LDAP configuration.
CREATION OF SECURE VPN TUNNEL
policymedical.com

7.  These steps can be completed in as little as a single business
day enabling your facilities access to LDAP SSO.
 Understanding that not all situations are the same the typical
time required for creating and configuring a VPN tunnel is
about 8 hours of a single IT specialists working time.
 The person that will usually be doing this on your IT team will
probably be someone with a title close to Network, or
Database, Administrator.
CREATION OF SECURE VPN TUNNEL
policymedical.com

8. There are a few final tasks that cannot be
skipped by your IT team:
To add the policy management vendor’s “no-reply”
email address (i.e. no-reply@ilovepolicies.com) to
your email safe list.
 Adding this email to your email safe list will allow the policy
management system to properly send emails. Though this task
cannot be skipped its impact on your IT team should be at most
one (1) working hour.
OTHER BASIC SECURITY CONSIDERATIONS
policymedical.com

9.  The final thing to mention to your team and specifically
your IT team is the fact that policy management systems
do not contain any PHI (patient health information).
 This is very vital to know and communicate.
 If IT teams are not communicated this simple, yet vital,
fact they will be marching down a road to highly secure
the policy management software in ways that are just not
needed.
 When a system houses any sort of PHI it needs to follow
certain protocols and the data needs to be handled and
secured in specific ways.
 Once again this is not the case for policy management software. As
there is no PHI there are only two other security measures that an IT
team may want to take.
OTHER BASIC SECURITY CONSIDERATIONS
policymedical.com

10. 1. The first would be to restrict access to certain
locations by creating what is called a white list of
IP addresses.
1. The second would be to channel all access to the
policy management system through one internal
intranet web page by embedding what is called an
encrypted security token.
 These two tasks would only take 1-2 hours of your time.
SECURITY MEASURES
policymedical.com

11.  There you have it. There is certainly some IT time required to
deploy policy management software, but probably not as
much as you might think.
 It is untrue if you are ever told that policy management
software is deployed 100% by non-technical users on your end
and the policy management vendor handles everything.
 However the truth and main points to take away is that it will
cumulatively take only one IT specialists time of around 2
days to do what is needed from a technical perspective.
 Also to reiterate there is no patient health information.
 We mention this point again because over the past year every
healthcare facilities security team that we have encountered told us
that all policy management vendors should openly and clearly
communicate this fact. It saves them a ton of time if they know that
ahead of time.
PERHAPS NOT AS MUCH IT TIME REQUIRED AS
YOU MIGHT THINK
policymedical.com

12. If you would like to find out more, or would like
to request a demo, please don’t hesitate to
contact our team here, at Policy Medical, who is
always here to help with any questions you may
have.
BENEFITING YOUR ORGANIZATION
policymedical.com

13. THANK YOU
policymedical.com