In the first column in the two-part Application Portfolio Management series, the urgency surrounding information technology portfolio bloat was explored: After significant investments to their information technology infrastructure, health systems are finding they must upgrade their technology continuously. At the same time, they are experiencing downward cost pressures generated and intensified by COVID-19.
In this context, application portfolio management and decommissioning are necessary practices to ensure that IT is properly aligned with emerging initiatives and priorities; addition to portfolio costs must be counter measured to balance cost and value.
Inventory, Catalogue & Discovery
An application inventory is vital for the management of a healthcare delivery organization’s information assets. It will also provide insights that will be helpful for application inventory portfolio management and decision-making. From the application inventory, data storage and legal compliance issues can be identified, as well as opportunities to save money and reduce technology footprint by sunsetting or combining systems. While there is no single best practice for conducting an application inventory, at the very least, an inventory should capture the following information about each enterprise application: Application Demographic (Name, Description), Operation (Release cycle, Service desk ticket count), Technology Platform (Software, Database), Usage/Integration (Integration Points, Number of users), Data (Information types, backup protocols), Financial (Contract, Annual costs), Function (Capabilities).
This data can be captured and memorialized in a variety of ways, ranging from a spreadsheet to a full-fledged configuration management database. While automated tools can help with the initial inventory, manual effort will still be needed to collect basic information such as business usage, application owner, and costs.
Application Portfolio Scorecard
Once the application portfolio has been defined, analysis can be conducted to determine disposition on its various components. Depending on organizational needs, application evaluation can be straightforward or intricate. For some organizations, a simple review of the application portfolio to ensure support of mission objectives and capture application operational costs will suffice, allowing for identification of those applications that should not be decommissioned. However, in most cases, a more rigorous evaluation will be necessary, assessing each application in the portfolio. As part of an initial analysis, the applications should be evaluated for functional fit, that is, the level of support required for business capabilities or processes, and technical fit, the degree to which applications match the organization’s technical standards. Deeper assessment will include application analysis for the following categories:
- Strategic value: Does the application support the business strategy?
- Available skills: Does the organization possess institutional knowledge to best utilize the application?
- User satisfaction: To what degree are users satisfied with the application’s usability and benefits?
- Availability of alternatives: Are there better alternatives, either through existing, redundant applications or modules, or commercial off-the-shelf solutions?
- Total cost of ownership: What is the sum of all costs associated with the application?
- Architecture strategy conformance: How is the application conforming to the organization’s strategic and operational technology roadmaps (e.g., standard technologies, cloud-first strategy)?
- Security risks: Does the application pose any security risks due to its architecture?
- Documentation and training: How robust are the available documents and training materials?
To calculate the risk profile of the application portfolio, a risk framework should be developed to rank applications based on their functionality, type of information processed and overall business value. The context of the risk assessment is to define a plan for consolidation, remediation, or elimination of the legacy applications. Categorization of applications depends on the criteria specified in the risk framework. Identification and prioritization of high-risk applications must be based on total cost of ownership and potential savings, and, of even greater importance, business impact, security threats, compliance requirements, and overall operational risk.
Download the full whitepaper, Healthcare Application Portfolio Management & Decomissioning, which provides methodology and insight to improve IT responsiveness, reduce costs, and improve security posture.
About Galen Healthcare Solutions
Galen Healthcare Solutions is an award-winning, KLAS-ranked healthcare IT technical and professional services and solutions company providing high-skilled, cross-platform expertise. Since 2005, Galen has partnered with specialty practices, hospitals, health information exchanges, health systems and integrated delivery networks to provide high-quality, expert level IT consulting services & solutions including strategy, data archiving, data migration, optimization, project management, and interoperability. For more information, visit www.galenhealthcare.com.