These days, most healthcare enterprises are somewhat in the dark when it comes to their application inventory. At best, they are manually keeping an Excel spread sheet of it. At worst, they have little idea what they have, what the applications can do, if they’re duplicates, how secure they are and how much they cost, says Dr. Shelly Disser, vice president of solution delivery at MediQuant. In this edition of healthsystemCIO’s Partner Perspective Series, Anthony Guerra, editor-in-chief and founder, speaks with Disser on how COVID (along with mergers and acquisitions), has contributed to healthcare organizations’ struggles with application management and rationalization.
What seems to be missing is one master list and understanding what your whole footprint looks like and getting a common dialogue and a common set of verbiage around the vendors, their systems, their business and technical purposes.
Instead of it becoming something that your IT department can own and maintain long-term, that Excel spread sheet gets stuffed in a virtual file drawer somewhere and it doesn’t get updated.
It’s something that’s going to catch up with you – that’s the problem. It’s like sneaking that little piece of cake every day and not writing it in your diet journal.
Guerra: Shelly, thanks for joining me.
Disser: Thank you for having me.
Guerra: You want to start out by telling me a little bit about your organization and your role there?
Disser: I work for a company called MediQuant. We are a data storage company. We store data for systems that hospitals have replaced or retired over the years because obviously the data has a lot of long-term value and a lot of long-term use cases that might outlive their source application. My primary role here is vice president of solution delivery. I interact with our customers on their projects and archiving programs, and tangentially, we have a lot of exposure to application management in our customer base.
Guerra: The core issue we’re going to be talking about today is application rationalization. I know from my interviews over the years, this is a huge issue. Large health systems are dealing with applications numbering in the hundreds. There is a lot of redundancy, and there are a lot of things getting bought without going through proper channels. It’s one of those out-of-control kind of issues that’s hard to get your arms around and hard to put the brakes on. It’s like a runaway train. From your point of view, what do you think is going on around this issue?
Disser: MediQuant gets invited to come into healthcare systems and help them determine what they can do with some of the old systems that they’re no longer running. Often that leads to conversations and findings on many other systems that they didn’t even know they were running. Suddenly, it becomes part of this “what-do-I-do-with-it” list. It’s become apparent over the years that despite the best of intentions and a lot of business and best practices published by IT organizations, hospitals struggle with having an inventory they can manage. They lack knowledge about their application inventory or that knowledge isn’t complete. They need to know everything that they’re responsible for as an enterprise—from contractual obligations to what people are actually using and what they’re using it for—all the way through what kind of data they have in it, and the security exposure to some of those systems. Our customers are struggling. There’s a large push for HITRUST and a lot of other compliance entities coming in. Application inventory is becoming one of the larger pain points for our customer base.
Guerra: I think you made the point that they sometimes don’t even know what they have.
Disser: Absolutely. A lot of that is driven by mergers and acquisitions. Some of the larger healthcare facilities are selling off some of the smaller rural facilities and you have new pop-up entities that are surfacing in those particular markets. While the organization is focused on what their healthcare market is going to be and who they’re going to serve, there are all of these infrastructure layers that they’re not quite dealing with. What systems did they get in this acquisition? How compliant are they? What are they still running? What data is in them? That’s contributing to the problem, as well. Some of the larger institutions—even if they’re not in acquisition mode— do not often centralize purchasing, so there are some outlying clinics that are allowed to make purchases without going through any kind of a centralized IT process. They might have one published, but it might not be enforced. Or it might not have been written with the perspective of, “Wait, we really need to make sure we are making a purchasing decision that isn’t redundant within our healthcare footprint.” Sometimes, it’s just easier for a CIO to let employees of the organization go buy what they want without first trying to see if it exists in the larger organization. Application management is an issue that has cropped up a couple of different ways. It’s more transparent now that, with a lot of the merger and acquisition activity, and some of the increased buying for COVID-related treatment options, managing inventory is becoming more of a pain point. It’s more in the forefront.
Guerra: So, as you’ve mentioned, you’ve got a scenario with a lot of shadow IT and people buying things without proper approval. You’ve got M&A, which is a huge issue. Those are the reasons this is happening. The reasons we want to battle it and take control of it—you mentioned those as well— is cost savings and security. Do you want to talk a little more about the security angle on this, why having applications all over the place is not necessary and is creating extra risk?
Disser: Sure. Absolutely, it is. We’re all hyper-aware of all of the security breaches that have happened, even most recently. I have clients that are being distracted all over the place from their mission-critical IT functions because of security remediation that they have to go take care of immediately. These systems come in through shadow IT, or maybe through processes and governances that haven’t caught up to the buying need. Security is painful. Nobody likes to deal with it, but it’s absolutely necessary. We’re all finding, if you don’t deal with it on the front end and understand where you’ve got access points into your organization, you could have potential exposure. Somebody could get into your organization with something malicious, and you need to be aware of all of those places where people are accessing your network and your system. It’s even more critical than ever.
Guerra: We know this has been a huge issue, and it has been for a long time. We know that COVID has exacerbated the situation because of a buying spree that happened in order to deal with COVID. You’re trying to control your application mix, and suddenly you have more coming in and you may have redundancies there because you really didn’t get to look deeply into your inventory. The problem has been bad—and the problem has gotten worse. How do you think people are generally dealing with this today? How is it being managed?
Disser: I think it’s not being very well-managed, to be honest. There are a lot of systems that exist in a healthcare organization or enterprise that manage application lists and application inventories for their own use cases. You might have a budgeting system that lists all your vendors and the systems that you believe you have on board for budgeting purposes. Contract management might have their own list. Your service desk might have its own list for user support. Your PMO might have its own list for their upgrades and for their concurrent projects and things like that. What seems to be missing is one master list and understanding what your whole footprint looks like and getting a common dialogue and a common set of verbiage around the vendors, their systems, their business and technical purposes. That does seem to be missing in the industry, even in very large organizations.
Guerra: Do you think they are trying to make this master list using Excel?
Disser: They certainly are trying.
Guerra: What are the challenges of doing this in a manual Excel-based format?
Disser: We all love and hate Excel. It serves its purpose and then it outlasts its purpose. And yes, we have many customers who have either internally taken it upon themselves—or through external partners—have engaged in some sort of way to tackle this. [They say to themselves,] “Let me get my arms around this. Let me pull together these lists from all these different systems, and see where their commonalities are, see where they cross over. Let me see where they show gaps—things the contracts department knows about that the IT department doesn’t know about.” Things like that. We can already start to imagine how they get out of hand rapidly. That forces it to be sort of a one-and-done.Instead of it becoming something that your IT department can own and maintain long-term, that Excel spread sheet gets stuffed in a virtual file drawer somewhere and it doesn’t get updated. And it doesn’t get all the proper attention to make it a usable workable document, or a living breathing piece of data that you can then incorporate into all your decision-making. And that’s where we’re finding that this rationalization process is kind of stuck. It’s stuck in this project-based, “let me rationalize” for this particular purpose for this short term. [People say,] “Oh, we’ve got this great outcome. We got rid of X number of applications. We were able to get down to a strategic list of applications and get a plan in place for divesting ourselves of anything we don’t need.” But then, that ends, and it goes away, and no one is continually managing it when it’s in Excel or done manually.
Guerra: I believe that some of the best ideas you get are from speaking to your customers and they say, “This is another problem I’m having.” Is this something that you’ve decided to take on to help your customers? Obviously, this is a natural offshoot of the work you do.
Disser: Absolutely. MediQuant has been in the archiving business for over 20 years, and we’ve developed processes to help customers home in on what systems they need to archive, so it was a natural step to take one step backward in the process and say, “what systems do you have?” We have a lot of tools that we use internally, and one of them is an Excel spread sheet. We were sitting around one day talking about these very issues that we were having with our own Excel spread sheet— called a Data Retention Roadmap. The Roadmap has been extremely helpful for our customers, our sales team and even our delivery team on understanding what systems the customer has that they want to archive. Well, that’s just one use case. We started thinking about what we could do with our Data Retention Roadmap to make it more usable over the years, over the continuum. Maybe there are some health systems that decide to put on that Roadmap a plan they have for doing something else with an application—not putting it into a MediQuant solution—which is perfectly fine. But where did that decision get captured? How did that get saved? How do we help that customer who maybe has a leadership change, or their institution gets sold, how do we keep that knowledge and say, “Hey, you already evaluated this with us, and we helped you decide, you just need to get rid of this; it’s redundant data.” We didn’t want them to have to go through the Data Retention Roadmap process again. So, we started thinking about how we could automate the Data Retention Roadmap, make it more application-based, so that I can gather information about your systems, and then I can save that, and I can log it and have it for my customer to view and understand what decision they made and when they made it. We started building a product and we realized that the product could extend into rationalization. It could really tie in nicely with an overall application inventory and all of the decision points that you need to capture and keep, and keep up to date, about that inventory, so that as you manage that inventory through its life, you can know what you are currently running. At the touch of a button, what systems are you currently supporting? What systems are you currently tolerating? What systems have you flagged to get rid of in some way, shape or form; which might be an archive, it might be putting it in some data you own; or it might be just getting rid of it. That’s how we came up with this. It’s really just one little click of the dial different from what we do, but it supports, obviously, our archiving strategy. And, of course, if you decide that anything in your inventory needs to be archived, we clearly want to be the partner for that.
Guerra: Your title’s “product delivery,” but it sounds like you’ve been doing product development.
Disser: Yes, I have been doing product development. I’ve been in archiving for many years. I joined MediQuant after a tenure at a prior archiving company that I had started, so I did product development there, along with the white boarding, the brain storming, the customer panels, the “would this work for you?” Is this a problem you have?” So MediQuant’s CEO, Jim Jacobs, approached me and said, “Hey, we’ve been throwing around the idea about this product. You did a new product, obviously years ago, we’d like for you to work on this and participate in it.” It’s been an exciting way to take my industry knowledge and what I’ve done in the past and add value to MediQuant.
Guerra: Product development can be a lot of fun. Would you agree with that?
Disser: Oh, it can be a lot of fun. I love the methodology. In this iteration, I’ve actually learned something new, and I love learning something new. I’ve gotten to learn an agile development methodology and then work with stakeholders on formal design sessions, and that includes customers. It’s been exciting to talk to customers and get their input on this idea; to get their input on how it might work for them and hear some of the challenges they think they might have with a product like this. Because, they’re going to have some challenges, right? I met with one customer who has multiple systems that manage a lot of inventories. They talked about how it will be a cultural challenge to bring those inventories together in some way. They gave us a lot of ideas about product integration and integration platforms that might be a future roadmap for the product so that it integrates well with cost accounting or a service desk. We’re not looking to be one of those fully blown out systems. We want to complement those systems; not replace them. It’s been a really exciting journey.
Guerra: It’s interesting what you mentioned about the cultural challenges. I think we know that to be successful as a software provider, you can’t just hand over the software to customers and walk away. You really must be invested in making sure that the customer finds success with it. And that will come over time, right? You get better and better at coaching your customers. And then some companies we know of put in very specific requirements of what you have to do, and they become very successful. It takes a lot of time to get to that authoritative position, where you can say, “my way or the highway.” Do you see going down the same road, in terms of developing that set of best practices around the software that will help a customer be successful?
Disser: Yes, I do. And in fact, fortunately, there are already best practices out there. There are documented best practices around asset management and around customer management and around governance for purchasing and making decisions. And that’s what we want to dovetail into. We want to make sure that we are helping provide all the data points that might go into an already established process. The processes are already in place, they’re just not being followed because the data is not readily available. No one knows who owns some of these systems, or what value they provide or why they were purchased. It is going to be a lift to get some of that up and running and then getting the culture in place to keep it up to date. I think that will happen once a client sees the value in keeping their inventory up to date, and the value that it gives to all of those processes; to budgeting, cost accounting, contracting, service desk, and archiving. They may naturally want to keep it up to date because it provides so much value to them across the organization. It’s kind of like archiving. When archiving started in 1999, people said, “What is that? Why would we want to do that? I think that I do have a problem but help me understand the connection there.” That’s why I think this is so exciting for me because it’s another problem to help this industry solve, and once this catches on, I think they’ll actually run away with it, just like they have with archiving, which is kind of exciting.
Guerra: Do you have a formal name for this software? And is it generally available now, or is it still in development?
Disser: It’s called Application Arc. It’s a web-hosted application. We are in the throes of getting it out to some early-release customers this summer, and we plan for a general availability release in the fall.
Guerra: So, if anybody wants a little of that early release action, they can reach out to you?
Disser: Absolutely, we’d love to work with them.
Guerra: Let’s talk a little bit about archiving, in general. Are you seeing any interesting trends here with COVID or with what’s going on these days with archiving?
Disser: It’s interesting. With COVID, there was a little bit of a slow-down industry-wide in things like archiving. Archiving is sort of the tail of the dog. As you mentioned earlier in the podcast, there was a lot of purchasing that had to be made quickly, to either bolster infrastructure so employees could work from home, or to make sure that connections with patients could be done via telemedicine. Whether enterprises had that infrastructure in place or not dictated how much they had to pivot. I think it’s interesting that there was probably a big rush to buy a lot of product that isn’t in anybody’s inventory right now. But from an archiving perspective, we didn’t really see a huge slow-down either. We are just seeing a lot of customers come back with very large inventory lists, and now they’re even larger because of decisions they made over the last year. Those decisions maybe now have forced them to look at their footprint and choose systems that might need to be archived so they can clear room for some of the new technology or maybe for some of the security initiatives that they have put into place over the last year.
Guerra: We’re seeing a lot of ransomware going on. I wonder if that’s motivating people to clean out the old stuff.
Disser: Absolutely, it is. It’s a distraction. Completely a distraction because it’s not planned for. The clients that are distracted by it are saying things like, “I need to get back with you in a week. I’ve got some really important things we need to talk about because we’ve done a search in our inventory right now and we realize that we’ve got five other systems with this same security exposure, and we just want to get rid of them.” That’s what we’re seeing in the archive space.
Guerra: I think you’ve said that you don’t see many offerings trying to compete with the one you are in the process of creating. Right?
Disser: Healthcare is such a unique animal. There are a lot of system inventory applications out there, mostly around help desk software, but those are industry agnostic. So, the information they keep in an inventory is somewhat limited. It’s very IT-focused, and it’s definitely not healthcare business or clinical business focused. That’s where we hope to differentiate ourselves. We are creating a product that is really geared toward healthcare enterprises. It’s going to help them track information about applications that are meaningful to a healthcare enterprise that might not be meaningful to a bank or a manufacturing company or some other large industry that is managing a generic application platform inventory. That’s how we’re hoping to differentiate ourselves, by really speaking to the healthcare market and the healthcare user.
Guerra: What’s your final piece of advice? I would imagine you’ve got some folks out there saying, “I’ve got so much on my plate. I’ve got so much going on.” Why would you say that inventory management is something they need to pay attention to right now?
Disser: It’s something that’s going to catch up with you – that’s the problem. It’s like sneaking that little piece of cake every day and not writing it in your diet journal. It’s going to catch up with you. Even if you think about the purchases that were made in the past year for some of the reasons we talked about—to support remote work, remote patient care, pop health, COVID analytics, things like that—all those systems were probably purchased outside of a process, and they could have even been redundant. So, if you think about if this inventory had been in place and had been well-managed before the pandemic, a facility could have very easily assessed their footprint, known what their capabilities were, what their gaps were, made very smart long-term purchase decisions, to not only solve the problem at hand, but also that was aligned with their institution, their strategy. Institutions that didn’t have a good inventory, they didn’t have a safe place to go look and say, “Hey, this constitutes everything we own and our whole infrastructure and our whole strategy,” they probably made a lot of redundant purchases. They probably made a lot of quick purchases. And now, they’re going to be paying for that.
They’re going to have to go back and try and figure out how they will reduce redundant costs. How do they make sure that everything is secure, that nothing has introduced additional risk into their healthcare system, that kind of thing. I think, culturally, it’s something that organizations can start socializing. I think they all inherently know that while purchasing has their list that they manage, and contract management has their list, and the service desk has their own list, it still doesn’t answer some questions. Just the customers that I’ve spoken to, when you ask them, so how do I know that this application that you’ve called Application X, is the same Application X that you’ve got in your budgeting system and it’s the same Application X that you’ve got slightly named differently, on your service desk? How do you know what’s there; what value these systems are bringing into your institution; and what they’re costing you? I think organizations need to be thinking about that, and start asking themselves, “How do I really know? What do I really know about my inventory? How many inventories do I have? Where do I see gaps? Where do I see differences, and how could this be improved by having one system that helps me pull all these inventories together?
Guerra: I don’t know how you could sleep at night not knowing what you have. If you know what you have, you know what your challenges are, you know what needs to be fixed, what needs to be sunsetted. I imagine most CIOs are not comfortable with that lack of confidence in knowing the inventory.
Disser: I would agree with that.
Guerra: Anything else you want to touch on that we didn’t cover yet?
Disser: I don’t think so. I appreciate you talking to me today. You’ve even given me a few ideas to think about.
Guerra: That’s wonderful. I appreciate that. All right, Shelly, that’s about all we have time for today. I really appreciate your time, and I think it was a fun chat. So, thank you.
Disser: Thank you.