Here are 10 things you should consider if you are planning to let go of your practice's IT person or vendor. Don't act rash!
As the saying goes, no one is irreplaceable. But some staff may leave you feeling like you're over a barrel -and you might be. This can be the case with IT people, particularly in small-to-medium practices where fewer staff mean more reliance on specialized roles, such as IT Manager. This can't be easily covered by other employees. In other practices, the "IT Person" may be a vendor who provides computer and/or network services, but I'll just use "IT person" understanding that person may or may not be an employee.
The other, mostly unsaid, thing is that the IT person, particularly in a small-to-medium practice, may hold the keys (i.e., passwords) to all sorts of systems vital to your practice's operation. A practice manager may be concerned that the IT person may be snooping in their files or even reading their email. You may even be afraid that the IT person would withhold information or even seek revenge if fired.
Why do practices lose their IT person? Sometimes they flame out after some spectacular failure or loss of data / systems. Stereotypically, it may be that your IT person is better able to relate to computers than the people who need her help. Often, it's for the same reasons other employees fail, ranging from basic incompetence, not providing good customer service, an inability to work productively with others, or dishonest or unethical behavior. But there are other reasons, too.
Increasingly common is a skills mismatch or the IT person isn't able or willing to learn and adapt to changes in the practice's business or technology. IT is undergoing a massive shift -from on-premises servers and applications to the cloud. When the exchange email server moves to the cloud and the practice management and EHR systems aren't on in-house servers, this is a change in the daily life of your IT person. Similarly, staff who have worked for years with a current application such as a practice management or EHR platform may be resistant to a change to, for example, a cloud-based alternative.
Several times in my professional life, I've been asked to help evaluate a struggling IT person or department in a practice. This often comes as the practice faces a major transition such as a change in leadership or philosophy. From the IT person's perspective, there may be frustration that technology is not adequately funded or that a management decision to pursue (or not) a technology project ignores their advice or concerns. From the practice manager's perspective, the problem may be that the IT person is more concerned with technology in and of itself, rather than what technology can do for the practice. In my experience, by the time I get involved, practice management and IT are just talking past each other, never connecting or satisfying either party.
Having said all that, here are some key considerations if you're thinking of letting go of your IT person.
1. If you don't trust that your email or voicemail are private, by all means use an alternative such as Gmail or your personal cellphone. But be mindful that if the termination is contested, you may need to produce records of communication such as email, so keep ALL communication focused and professional.
2. Put in place HR policies that support ethics that IT protects privacy and confidentiality, including but going beyond HIPAA's standard of staff accessing protected information only on the basis of "need to know." If you wonder what this might look like, the AHIMA code of ethics is a great start, even though it may look like more than you need: http://bok.ahima.org/doc?oid=105098#.WV0sQYgrI55
3. Understand that there will be costs to ensure that this process doesn't cause your practice to grind to a halt. Get help beforehand: an outside IT consultant or vendor's expert assessment not only will tell you the state of your IT functions, but also identify risks. Additionally, it also may support your case for termination. As important, the consultant may be able to help you in the interim following the termination.
4. HR and legal counsel will also be essential in understanding your options. While they will help in ensuring that you have your "ducks in a row," they also may be also helpful in identifying other potential options (e.g., a skills mismatch may be resolved by a reorganization or lay-off.)
5. Don't do it in anger. Anger may provoke a similar response, and you don't want to trigger rash action or revenge by your own actions. Also, you very likely may be asked to account for your reasoning for the termination and, "because I was PO'd..." is never a good look in court.
6. Follow a structured process for the actual termination (a good process is outlined here).
7. The portion of the exit process done by HR should include asking the IT person to sign a statement concerning their termination. It should state that they understand they are still covered by the legal obligations of HIPAA and other relevant laws and regulations, are required to return all of the practice's property, and they are no longer authorized to access practice computer systems and networks. If needed, the IT person should be asked to list any undocumented passwords - and you should verify they work. As a measure of your good faith, HR and your consultant can work with the departing IT person to provide reasonable return of information, such as contacts or personal information stored on the practice's computers.
8. Make sure you're covered during the transition. Ensure you'll have interim help, a temp or replacement IT person to step in and keep things running. In addition to providing daily support, they can also assist you in tasks such as revising job descriptions, insuring any expiring contracts are followed up on, and in rehiring a new IT person.
9. Ensure access to tech support and services. Knowing who to call or email to get tech support and services is very important. But you'll likely discover that many services are tied to a particular person and not the practice itself. Vendors' technical support may be limited to one or two key contact staff. Having your interim IT person update this information BEFORE problems happen will save you a lot of heartache.
10. Keep the IT person's email address active - with a new password, of course - for at least a year after she leaves. It's virtually certain that you're going to miss a thing or two in reviewing all your software licenses, web domain registrations, contract and service renewals, etc. Monitor it, daily at first and once a week as time goes on. The person monitoring the email should unsubscribe all general email list subscriptions, such as tech newsletters, which will dramatically the volume of email and streamline monitoring.
My final piece of advice bears repeating: whether you're going to fire your IT person or not, an up-to-date business contingency plan is important protection for your practice -and it's required by HIPAA!