IT Vendor Management: Diagnosing the Relationships Between Healthcare Organizations and Software Vendors


IT vendor management is a huge (and consistent) risk for the healthcare industry. After working for several healthcare vendors, I come with a nuanced view of what’s currently not quite right between healthcare organizations and their software vendors. My roles as a junior developer, a development and support-team leader, and a lead consultant and solutions analyst to Health IT Business/Pharma leaders did much to enhance my perspective of these relationships.

IT vendor management lessons learned:

  • Compliance issues The federal government monitors the industry rigorously with stringent regulations, including HIPAA, CMS, and ISO/IEC. Ideally, these regulations compel organizations to more tightly manage third-party vendors—but that’s a work in progress.
  • A lack of of centralized systems. Numerous health plans, doctors, hospitals, and other providers may handle a patient’s data via multiple channels, increasing data vulnerability. The fact that these records traverse from upstream to downstream via multiple channel partners or vendors makes them much more susceptible to leak.
  • The fixed-price trap. Most of the healthcare industry still relies on fixed-price contracts. This practice can reduce the number of developers/FTE’s working on the engagement, since the outsourcer will want to preserve its margin. This in turn puts pressure on the client, who must still resolve issues and tickets. If resolutions are sub-par, the organization’s end-user relationships can suffer.
  • Cybercrime. Healthcare records are ten times more valuable than credit card records in criminal markets. It’s no surprise then that between 2009 and 2017, there were 2,181 data breaches in the healthcare industry, resulting in the exposure of 176,709,305 records (or 54.25% of the US population). Organizations are now reporting breaches at a rate of at least one daily,” according to the HIPAA Journal.

IT vendor and healthcare organization potential cost of disconnects

The healthcare industry has been operating behind the times in many ways, with stagnant processes in desperate need of technological advancement. Aging systems are running hundreds (maybe even thousands) of legacy applications, which vendors typically control.

When it comes to modernizing these system architectures, a holistic visibility into the architecture is the first place to start. But neither vendors nor their healthcare-industry clients know the black box areas of their systems. Furthermore, few on either side are taking the time to document applications or to update existing software documentation. Instead, there’s a great deal of person-to-person knowledge transfer. Given the proliferation of outsourcing, these knowledge gaps pose a greater threat than ever.

Software Intelligence bridges IT vendor evaluation gaps

Making matter worse, most organizations don’t know how to evaluate software vendors and partners. They’re still using traditional measurement processes, which provide very little visibility into vendor performance. Specifically, much of the industry still employs a ticket-based system to measure support-team productivity, in which the number of priority tickets resolved/timeframe of the resolution/number of escalated tickets. This provides little, if any, objective assessment of the contract deliverables, not to mention very little visibility into IT vendor deliverables.

One potential solution is for an organizations’ IT team to use Software Intelligence as the cornerstone of a sustainable vendor performance-measurement program—a means of gaining objective visibility into their vendors’ systems and teams. Software Intelligence charts credible software development and maintenance outcome metrics while making them readily available to IT executives.

For example, transitioning code to a vendor team is one of the most difficult parts of an outsourcing engagement. Not only does Software Intelligence help with the transferability of the software, but it helps in-house teams manage software risk by ensuring the overall structural quality of systems while fostering objective dialogue between business units and vendors for smarter and more effective decision making.

Software Intelligence can be a boon to healthcare organizations and their vendors, as they grapple with increasing regulations, sprawling (and often aging) system architectures, and cybersecurity threats. Learn how other digital leaders are improving IT vendor relationships here.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Kanav  Khanna
Kanav Khanna Solutions Architect
Kanav is a Solutions Design Architect at CAST. Previously at Wipro, Kanav is experienced in supporting IT modernization and vendor transparency goals by combining an understanding of business and technical needs.
Load more reviews
Thank you for the review! Your review must be approved first
New code

You've already submitted a review for this item