Eleven Years: Navigating Post-Pandemic Healthcare IT

Eleven years of healthcare IT service and innovation

September 10, 2022. Eleven years of Robell Technologies serving Arizona healthcare and professional practices.

Year eleven was the first full year operating in what we're calling "post-pandemic normal." COVID restrictions eased, but work patterns changed permanently. Here's what we learned.

Hybrid Work Is Permanent

Some practices returned to full-time office work. Others stayed mostly remote. Most adopted hybrid: some days in office, some remote.

This requires different IT infrastructure than either pure office or pure remote:

Flexible Access

Systems need to work equally well from office and home. Cloud services excel here. On-premise systems require robust remote access.

Security for Distributed Teams

When staff work from multiple locations, security can't rely on office network protections. Endpoint security, zero-trust approaches, and multi-factor authentication become essential.

Communication Tools

Video conferencing, chat platforms, and collaboration tools that were emergency measures in 2020 are now permanent infrastructure.

Cybersecurity Matured

This year, cybersecurity stopped being an IT issue and became a business risk management issue.

Board-Level Attention

Practice owners and partners now ask security questions regularly. It's not delegated entirely to IT anymore.

Cyber Insurance Requirements

Cyber insurance policies now require specific security controls: MFA, EDR, security awareness training, tested backups. Coverage without these controls is expensive or unavailable.

Ransomware Evolution

Ransomware attacks became more sophisticated. Attackers spend weeks inside networks before deploying ransomware. They steal data for double extortion: pay ransom or we publish your patient data.

This requires better detection and response capabilities, not just prevention.

Cloud Services Dominated

By 2022, cloud-first is default for new practices. Existing practices continue migrating from on-premise to cloud systems.

What Moved to Cloud

Email: Office 365 or Google Workspace standard
File storage: OneDrive, SharePoint, cloud backup
Practice management: Many vendors now offer cloud versions
Phone systems: VoIP replacing traditional lines
Backup: Cloud backup services standard

What Stayed On-Premise

Some imaging systems with massive file sizes
Legacy practice management software not yet cloud-compatible
Specialized medical devices

Hybrid Approaches

Most practices run hybrid: some systems cloud, some on-premise. This requires managing complexity of multiple environments.

Compliance Complexity Increased

HIPAA enforcement continued. State privacy laws multiplied. Professional responsibility requirements evolved.

Documentation Requirements

Regulators want evidence of compliance efforts: policies, risk analyses, training records, incident response plans.

Generic templates don't satisfy investigators. Documentation needs to reflect actual practice operations.

Vendor Management

Business Associate Agreements are standard. But we're also seeing requirements for vendor security assessments, ongoing monitoring, and incident notification procedures.

Breach Notification

Timeframes shortened. HIPAA requires notification without unreasonable delay. Many state laws specify days, not weeks.

What's Working

Zero Trust Security

Assuming nothing is trusted by default, verifying everything, limiting access to minimum necessary. This works better for hybrid work than traditional perimeter security.

Continuous Monitoring

Automated monitoring of systems, security events, backups, performance. Catching problems early prevents crises.

Regular Training

Quarterly security awareness training plus monthly simulated phishing keeps staff alert to evolving threats.

What's Challenging

Supply Chain Security

Practices depend on dozens of vendors. Each vendor is potential security weakness. Managing vendor risk is ongoing challenge.

Legacy System Retirement

Some practices still run critical software on outdated platforms. Migration is expensive and disruptive, but continuing with unsupported systems is riskier.

Staff Turnover

Post-pandemic, healthcare staffing shortages mean more turnover. This creates security challenges: access provisioning, training, off-boarding.

Looking Ahead

Year twelve will likely bring:

More AI in healthcare and legal applications
Continued hybrid work evolution
Increasing cyber insurance requirements
More sophisticated ransomware
Growing regulatory complexity

Thank You

Eleven years means eleven years of Arizona practices trusting us with their technology infrastructure and data security.

To our clients: thank you for your continued partnership. Your success is our success.

To practices considering working with us: we specialize in healthcare and professional services IT. After eleven years focused on these industries, we understand your specific needs and challenges.

Here's to year twelve.