To understand the financial impact of the various Help Desk staffing models discussed in Part One, the important question to answer is, "How many Help Desk staff are required for your call volume?"

The Meta Group and the Help Desk Institute have calculated the cost per call resolution at the various levels of support. These studies show the real financial impact of the different models. In all cases, the Generalist Model is about 48% more cost effective.

The following are methods of determining how many Help Desk staff are required for your volume:

• Determining Direct Labor Requirements. How calls are submitted determines the biggest impact of labor requirements. The percentage of calls actually being resolved at the Help Desk have a direct impact as well.
• Determining the Number of Potential Direct Labor Hours Available. It is unrealistic to think that anyone who works a 40-hour week will be available for all 2,080 theoretical hours in the year. When you factor in and deduct hours for company holidays, vacations, sick time, training, etc., the net number will determine the potential direct labor hours available.
• Utilization Rate. This rate reflects the fact that inbound calls arrive randomly. Rarely does a new call arrive at the exact moment an open call is concluded. The level of service required of analysts determines an "appropriate" utilization rate.
• Sample Formulas. Calculations to determine:
1. Total numbers of hours required
2. Number of potential direct hours available
3. Actual number of direct labor hours available
4. Gross staffing level

For these formulas and much more in-depth information, please refer to Giva's Whitepaper on Help Desk Staffing Models.

Studies indicate that 80% of the typical help desk budget is salary. Frequently, Help Desk managers worry about staffing levels more than any other matter. These managers need a methodology to determine said levels. The usual Erlang formulas from queuing theory do not always work because of the wide diversity of Help Desk entry points (phone call, e-mail, fax, etc.). This theory is helpful for some call centers but not for the more complex Help Desk environment. Therefore, staffing appropriately has a major impact on the business and the bottom line.

Understanding the Different Call Flow Design Models is Key

Gatekeeper Model

This model can be staffed with a single person or a few. It is designed to make it easier for the customer to have one phone number to call. In most cases, however, this model creates more problems than it solves; most often the "Gatekeeper" cannot solve the problem, creating a bottleneck instead, resulting in very low customer satisfaction.

Call Sorting Model

This structure sorts the calls into special groups using technology rather than people. Each call is then transferred to someone who can solve the customer's problem, a "specialist." With this model, additional staff is required in order to resolve the issues in each category; and, due to the fact that call volumes are not predictable, a lot of time can be wasted. Often, customers have more than one problem they are calling about which is a big drawback to this design.

Tier Structured Models:

1. The Specialist Model is the filtering of calls, commonly known as a tiered specialist structure. Often, the Desktop Support group receives the calls in order to solve more customer problems on the first call. Because of payroll expense for the "specialist," phones are not manned 100% of the time prompting customers to leave a message.
2. The Generalist Model is where the "generalists" answer the phone, e-mail, log the calls, answer what they can and transfer the rest to the second level (tier). This model resembles an ER triage process. This triage call handling process is the most effective for most help desk operations. The majority of good help desk analysts can solve 45%-65% of all calls allowing the second level (tier) to solve the more challenging issues. Customer satisfaction is often very high because the Help Desk operators "own" the problem even though they may not be the one to handle it, similar to the first nurse contact in the triage of an ER

In part two, we will discuss the financial impacts of various Help Desk staffing models!

For more in-depth analysis, please refer to Giva's Whitepaper on Help Desk Staffing Models.

Customers interested in purchasing software or cloud services can encounter myriad of problems and obstacles during the purchase process. Your company can reduce the complexity of the software or cloud buying process by asking the following 10 penetrating and informed questions of your potential vendors:

1. Dissatisfaction with product: After my company pays for your software licenses, what if we become dissatisfied?

2. Better technology: What if better technology comes along after we purchase your software licenses?

3. Deployment "out-of-box" vs. time and cost of customization/configuration: How quickly can we be up and running on your product? Does it work "out of the box"?

4. Preparing and comparing the Total Cost of Ownership (TCO) of all alternatives: What is the estimated Total Cost of Ownership (TCO) of your product over four years? Consider all the acquisition and lifetime costs of ownership.

5. Most overlooked critical fine print in software maintenance agreements: What exactly is included in annual software maintenance?

6. Costs of post-implementation customization/configuration: Our CFO is concerned about commitments for ongoing fees. Can we stop paying software maintenance any time we want, but continue to use the software licenses?

7. Vendor product road maps and commitment: What is your road map for future development?

8. Using uptime and support service level agreements to manage our relationship: Does your company charge professional services fees if we have support issues that require reconfiguration?

9. Routine technical support vs. professional service fees: If we want to do additional customization and configuration work after the initial deployment, does your company charge professional fees?

10. Termination clauses, contract term commitments, discounts and hidden fees: Does your company provide Respond and Resolve Service Level Agreements for support service requests that your company is committed by contract to meet?

For a more in-depth look into these questions, see Giva's Whitepaper Ten Tough Questions to Better Select, Compare & Evaluate Any Software or Cloud Vendors.

With new technology comes new dangers. Data breaches are a crippling threat to businesses nationwide for multiple reasons: business security has failed its customers and their information is unsafe (whether it be financial or medical), companies lose money when it is time to repay or monitor its customers by hiring third parties, and employees actually suffer job loss from these devastating breaches.

The Identity Theft Resource Center's Data Breach Reports defines a breach as "an incident in which an individual name plus a Social Security number, driver's license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format." As of December 16th, the ITRC recorded 744 breaches with over 81 million informational records compromised. Big businesses such as Home Depot, Target, Michael's, Neiman Marcus, and Bebe are victims of data breaches.

Firstly, data breaches can cause massive monetary damage. Elizabeth Weise from USA Today says, "Companies need [breach insurance] because they have to pay up when their customers get hit." The average monetary loss is $188.00 per customer hacked, which the company is required to pay back. Even a small business of 1,000 customers is then required to pay $188,000. Breach insurance can be expensive, but so can being the victim of a cyber attack.

Insurance and monetary compensation are possible solutions. However, most people do not realize the effects of security breaches on those in charge of business security. Data attacks can result in job loss. These job losses include Beth Jacob, CIO of Target; Maricopa County Community College District director, Miguel Corzo; head of Utah's Department of Health's technology department, Stephen Fletcher; and an Accretive Health employee responsible for the loss of an unencrypted laptop filled with sensitive healthcare information on over 23,000 patients.

When it comes to data breaches, there seems to be a greater margin of job penalty in the field of healthcare. Aside from the few mentioned above, Goold Health Systems fired an employee this year for downloading patient information onto a USB drive and then losing it. Highmark, Inc. fired a mail room employee for an error which disclosed over 3,500 patients' Medicare information without authorization. Two Georgia Hospital employees were fired for improperly disposing of an unencrypted desktop including information on over 6,500 patients. Boston Medical Center fired a third-party vendor after realizing they had posted data from 15,000 patients to the website without password protection.

Whether via carelessness, accident, or the work of a hacker, customer information must be taken seriously, especially when it pertains to healthcare. The lack of security can result in job loss. This is not a new issue: in 2006, four healthcare employees of Providence Health Care were fired for the theft of 365,000 healthcare patients' medical records. Thankfully, a security vendor was hired, and patients could sign up for information restoration and monitoring.

However, the healthcare business demographic accounts for almost half of ITRC's recorded data breaches, with hacking as the cause for more than a third of these breaches. Healthcare records provide a wealth of information, making them a huge target for cyber attacks. Because of this, federal law and the Health Insurance Portability and Accountability Act (also known as HIPAA) require security methods such as encryption of medical data to ensure a company remains protected from a data breach.

Businesses are going to have to continue to be vigilant in implementing their security strategies.

With Giva, security is of the utmost importance.  This is why Giva is has worked to become HIPAA-compliant, with its cloud software complying with strict regulations, helping keep their healthcare - and all - customers' information safe.

Now more than ever, businesses need to be diligent about securing customer information. According to a recent news article, 2015 could be the "Year of the Healthcare Hack." Hackers could target both healthcare and insurance companies in order to secure customers personal information. The No. 2 U.S. health insurer, Anthem Inc., disclosed a breach of its database that has affected nearly 80 million records leading to investigations by state and local authorities. While in the past, cybercriminals have focused on the financial and retail sector; the new target is less-secure medical data. That being the case, many businesses are starting to focus more on security. According to research analyst Stephanie Balaouras at Forrester, "If your company execs are smart, they will make protecting customers' data and preserving their privacy one of their top business and social responsibilities in 2015." (Forrester)

With all the benefits of Healthcare Information Technology, the obstacle of cyber attacks must be addressed as well. Many businesses have prospered because of HIT and will continue to do so in the future.  However, being proactive in addressing this security issue must be a priority for all businesses in 2015 in order to secure customer information. The Reuters article above mentions that "UnitedHealth Group Inc. and Aetna Inc. have been warning investors about the risks of cyber crime since 2011." Warning investors is important; preventing hackers from stealing customer information is paramount. In meeting the strict HIPAA compliance regulations for cyber security, Giva can be the answer to businesses concerned about this problem. For more information read 7 Key elements of Giva's HIPPA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

In a digitized world, one of the greatest conveniences is health information technology (HIT). Considering nearly everyone in the US is a consumer of healthcare, there are numerous benefits to adopting electronic health records. The evidence report, Costs and Benefits of Health Information Technology, outlines a few. Health information technology is a means of electronically storing, recording, accessing, or transferring a patient's medical records. This includes health and medical history. Not only is this paperless and perhaps more reliable, but it allows for "clinical decision-making and disease management." It also allows for prescription filling, test ordering, and care reminding. For example, the system can provide alerts for necessary patient vaccinations or send a prescription to be filled at a pharmacy convenient to the patient. Overall, health information technology improves the efficiency of healthcare - a highly profitable, nationwide business.

However, adopting HIT is costly and requires change in the organization. It is considered an investment, but perhaps a necessary investment in terms of economic advancement. In non-financially focused studies concerning adoption of HIT, areas of improvement included increased productivity by the healthcare provider, improved patient safety and, subsequently, fewer adverse drug events (ADE) and time spent in hospitals to treat ADEs, and better physician decision-making. For example, the ability to reduce the "ordering of redundant clinical laboratory tests could produce an annual savings of $35,000 in laboratory charges." It is economically beneficial to improve the efficiency of healthcare.

In a day and age where nearly everything is digitized, it is only fitting a business as widely used as healthcare should follow suit. Adopting health information technology will improve provider efficiency while increasing consumer centeredness. Electronic health records are more personalized, more organized and more efficient. Although implementation of HIT is an expensive adjustment, benefits for both provider and consumer are apparent. Healthcare efficiency is important to society as a whole.

With efficiency of digital access to healthcare records comes the necessity of increased data security measures. The Federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was passed to establish a national framework for security standards and protection of confidentiality with regard to health care data and information. Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. See 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Giva is proud to showcase the essays of its Student Scholarship and Worldwide Community Ambassador Award winners. Below is an essay from Joseph Lee, Rush Medical College. Giva's hope is to inspire others through these essays, and we hope they will help others realize the joys and benefits of service.

Who is a "Good" Doctor?
By Joseph Lee

Had you asked me the same question one year ago, my answer would have been vastly different to the one I will give today. In the summer of 2012, with my first year of medical school completed, I embarked upon my last official summer vacation with two things in mind: a basketball tournament in Dallas and one in Atlanta. My closest friends and I had been playing in tournaments for the past 10 summers, and it was a sacred bond forged together in the name of competition. However, two weeks before our first tournament, I became instantly and overwhelmingly short of breath. Having been born to Korean immigrant parents, I was raised to utilize the hospital in emergency cases only, and I knew this was such a case. A few scans later, doctors discovered numerous pulmonary emboli (PE), caused by a subclavian deep vein thrombosis (DVT), and just like that, I was lying in a bed of a major hospital for a life threatening condition.

Fast forward a few months, and I am lying in a similar bed to treat the underlying cause of the sublclavian DVT: a first rib removal. There is little that can adequately prepare someone physically, emotionally or spiritually to undergo surgery; and my thoughts continued to race in the days following. In addition to the expected physical pain, isolation, fear and frustration were a few of the emotions I experienced in the four day ordeal. The procedure went according to plan thanks to a skilled surgeon and his team, but the attributes that made the doctor "good" went far beyond his ability to operate.

"Wow. I'm glad you are feeling better" and "I can't believe you went through that" are common reactions people have when they see the scars on my upper chest. Quite frankly, the past nine months have been difficult, literally full of blood, sweat and tears. But through it all, I have been able to maintain my positivity and gratitude knowing that I have gained the invaluable experience of being a patient and discovering the vulnerability and trust that patients give their doctors. Patients indulge information to doctors that they may have never told anyone in their life and in doing so, place a great deal of trust and responsibility in the hands of a doctor. Many patients will not understand the mechanism of disease behind their condition and anticipate that the doctor will explain to them and their family why it is that they are feeling the way they are and ultimately heal them. And that is precisely what my surgeon understood: the privilege of being able to care for patients and the intimacy of the doctor-patient relationship. And as I awoke to the care of my worried parents, the first thing they wanted to discuss was the details of the procedure that was methodically and patiently explained to them by my "good" doctor.

In study after study, patients have reported dissatisfaction with their medical care, not because of lack of knowledge or health outcome, but because their doctors did not show enough warmth in the encounter or listen to the patient's questions and concerns. There are few times where a patient and their loved ones are more vulnerable and in need of compassion than when dealing with a hospitalization. And for some doctors, a patient may be another item on a checklist, but that patient is someone's mother or father, son or daughter, sister or brother. My "good" doctor understood this and would often say "If you were my son..." when discussing treatment options, reflecting on the type of care he would want for his family and treating me similarly. Such ideals are rooted in love and compassion for patients, not as clients in the health care system, but as fellow human beings striving to make something of themselves and the world around them (I).

Unfortunately, the ordeal of living with a chronic illness or undergoing a major operation extends beyond the confines of the hospital. Whether it is creditors harassing patients for medical bills, prescriptions that need to be refilled, or lifestyle modifications that need to be made, the health care experience doesn't end when a patient walks out of the hospital doors. It often takes merely a minute, as in the case of the "good" doctor who told me that as a student I could apply to get the procedure financially covered by the hospital. Such foresight in anticipating financial concerns and directing me on the next steps to be taken provided relief in the surmounting stress.

Lastly, the "good" doctor understands that as our patients are human, so are we. This means we will make mistakes, some of which can result in life-threatening consequences. With that said, the "good" doctor practices humility and honesty, apologizing and sharing as much information with patients as possible. Although no one strives to make mistakes, they will happen, and how one reacts to them is a distinguishing feature of the "good" doctor (II).

Of all the qualities I tried to explain in what makes a "good" doctor, there was no emphasis on skill and knowledge. And while being able to fulfill the duties of making the correct diagnosis and appropriate treatment plans is expected, the intangibles of love, compassion, foresight and honesty is what makes a doctor, "good". I learned such lessons in the purest manner possible, by being a patient myself, and will use them to guide me in all future patient encounters, as I strive to be a "good" doctor.

Citations

1. Evans, B. J., Kiellerup, F. D., Stanley, R. O., Burrows, G. D. and Sweet, B. (1987), A communication skills programme for increasing patients' satisfaction with general practice consultations. British Journal of Medical Psychology, 60:373-37.
2. Hingorani, M., Wong T., Vafidis, G. (1999) Patients' and doctors' attitudes to amount of information given after unintended injury during treatment: cross sectional, questionnaire survey. British Medical Journal, 318(7184):640-1.

Interesting reading from the NYT this morning:

"The constant drumbeat of data breaches won't cease anytime soon, according to a new report from California's attorney general, Kamala D. Harris.

There were 167 data breaches reported in California last year, an increase of 28 percent from the 131 data breaches reported the previous year. The information of more than 18.5 million California residents was compromised in 2013, a significant jump from the 2.5 million compromised records in 2012.

Those numbers were skewed by two widespread breaches last year. At Target, personal records for 41 million people were compromised, and at LivingSocial, hackers gained access to 50 million records. According to the attorney general, each of these two breaches put 7.5 million California residents' information at risk.

The majority of breaches — 53 percent — were because of malware and hacking, while a smaller number, 26 percent, was attributed to the physical loss of a computer or device. The report reiterates what many already knew: There is much more information to be stolen through hacking than physical loss. The vast majority of the 17 million records compromised in California last year — 93 percent — were attributable to malware or hacking, whereas only 1.15 million records were compromised by the physical loss of an electronic device."

Read more at data breach study in California.

Are your cloud applications HIPAA Compliant?

Long before the commercial success of the Internet, Brian J. Fox invented one of its most widely used tools.

In 1987, Mr. Fox, wrote Bash, short for Bourne-Again Shell, a free piece of software that is now built into more than 70 percent of the machines that connect to the Internet. That includes servers, computers, routers, some mobile phones and even everyday items like refrigerators and cameras.

On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named "Shellshock," drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

Many of the commercial tools that individual users and large corporations depend upon are built on top of programs that are written and maintained by a few unpaid volunteers in what is called the open-source community. That community, along with big companies like Google, adjusts and builds new things on top of older work. 

Sometimes there are flaws in that code. And over the years, the flaw becomes part of all sorts of products.

The mantra of open source was perhaps best articulated by Eric S. Raymond, one of the elders of the open-source movement, who wrote in 1997 that "given enough eyeballs, all bugs are shallow." But, in this case, Steven M. Bellovin, a computer science professor at Columbia University, said, those eyeballs are more consumed with new features than quality. "Quality takes work, design, review and testing and those are not nearly as much fun as coding," Mr. Bellovin said. "If the open-source community does not develop those skills, it's going to fall further behind in the quality race."*

Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. 

* Attribution to the NYT