It's a matter of talking the language, said Runyon, a former hospital CTO. "If you don't talk our language and understand our systems and don't have adapters of our systems, we'll probably not look at you very closely. It's really important that you talk the language in health care. A lot of good products have a hard time penetrating health care because they [vendors] have a hard time understanding the domain."
Some vendors are already stepping up to the plate. Symantec Corp., for example, recently announced Healthcare Provider Solution, a suite of products and services aimed at protecting and managing the critical infrastructure of health care organizations.
Runyon said health care has such specialized IT needs that a lot of the horizontal technology specialists at Gartner hardly talk to hospitals. For instance, health care organizations have to comply with HIPAA.
"The biggest pain we have is HIPAA," Runyon said. "They [Symantec] made it easy to report your compliance at the click of a button. They've made some efforts to put in some dashboards and standard reporting that is aimed at HIPAA."
Symantec has organized its products and services into a suite aimed at appealing directly to the health care industry. The suite breaks down into four broad product areas: protecting interconnections and mitigating security risk, managing data in a complex environment, automating compliance with changing industry regulations and expediting legal discovery and preventing data loss.
"For the last year we've been hearing increasingly from our health care customers that they have been buying more storage and interconnecting and extending physician management systems," said Gary Sevounts, Symantec's senior director of healthcare industry solutions. "They've told us, 'Instead of pitching us individual products, we need you to work with us and understand our needs.' We've worked with our customers to deliver customized needs in each use case scenario."
Sevounts said Symantec Healthcare Provider Solution is especially critical for midsized health care organizations. He said Symantec has typically worked with larger hospitals, but medium-sized hospitals have increasingly deployed automation technologies in the last couple of years because prices have been going down. This has driven up their needs for customized data protection and management products and services.
"Midsized hospitals have nowhere as many IT resources as large hospitals or midsized banks," Sevounts said. "They have a very small number of resources. And with that, it's very hard for them to follow all of the security offerings and storage management offerings. At the end of the day IT management at midsized hospitals -- it's their job to deploy initiatives that improve quality of care and enable nurses and physicians. They don't have time to become security experts, so there is a big disconnect between medium-sized hospital IT departments and what vendors do."
"We're talking to our resellers along the line," Porter said. "We tell them we want Symantec AntiVirus or Backup Executive. The people on the phone are happy to write out the order and send us a bill and make sure we get a license. But they aren't involved in the health care industry and they don't recognize the breadth of the issues we face. I like the relationship I have with my reseller, but they're dealing not only with me but with a client list of 300 to 400 others that are not necessarily in the health care industry. I don't expect them to be product experts on everything."
For instance, Porter said he is particularly challenged by the fact that most of his end users are mobile. His care providers visit the homes of clients.
"We offer a lot of leeway in terms of what the providers are doing with their laptops," Porter said. "We have policies and procedures designed to lock down and limit some of the access. The biggest challenge from an IT security perspective is end-user training. It is difficult to modify their mind-set that security is a process that involves everyone in the organization. It's not just an IT technology. So the more I can do to help secure them seamlessly and unobtrusively, the better their experience is."
He added, "It's nice that Symantec is recognizing these issues that we deal with on a daily basis. We have data and we need to keep it secure. Our end-user population has varying degrees of technical sophistication, but none of them believe that they're the ones who need to worry about security."
Let us know what you think about the story; email: Shamus McGillicuddy, News Writer