A normal business may see much sense in improving the service management of its IT department. If the improvements increase IT's efficiency, reduce costs and minimise downtime, ROI is easily measured.
However, in a hospital's case, much more is at stake. When a hospital's IT system impacts the way in which doctors treat and care for their patients, real lives depend on the IT department's ability to perform under pressure.
Such was the thinking behind Zulekha Hospital's decision to implement the Information Technology Infrastructure Library's (ITIL) best practices, and gain ISO 20,000 certification for process management. Adhering to ITIL best practices is the most widely accepted approach to IT service management in the world, and achieving the ISO 20,000 certification that measures these practices proves that the organisation's IT team really does run itself to the best possible standards.
Clearly, a patient at any hospital would hope that the IT side of things is top-notch, particularly given the digitisation of records and information. However, Zulekha Hospital was the first healthcare organisation to achieve the ISO 20,000 in the GCC when it gained its 2005-standard certification in 2011.
"This is the first hospital in the entire GCC region to have the vision to go for the quality initiative, to make sure the patients are important, because we realise it's not about business or a loss of image -- it's loss of life," says Ali Asgar Bohari, Director of IT, Zulekha Hospital. He presided over the switch to ITIL best practices, which he decided to begin in 2009.
"Before implementing ISO 20,000, we were doing our job, but we were not able to show that we were doing it," Bohari says. "It was kind of off-hand. So the IT department was kind of negligible."
The problem, Bohari says, was that requests to the IT department were never documented. If somebody wanted a report, or wanted their printer fixed, they would simply call the IT department and then an IT employee would follow up on the request. Conversely, there would be no records of the IT system being up for 99 percent or even 100 percent of the time. No documentation was ever made, meaning it was difficult for the department to justify more investment at a time when the Zulekha group was growing.
Given the group now includes a hospital each in Dubai and Sharjah, plus a medical centre and another planned hospital in Sharjah, this simply wouldn't do. So Bohari sought out best practices that he could implement, and landed on ITIL and the ISO 20,000 certification. However, as he found out, this would require a culture change that would hardly happen overnight. Indeed, it took more than two years for his team to get certified after deciding to implement in 2009.
"We got the basic idea of what ITIL is and then what kind of requirements there are for ITIL," says Bohari. "Then we started with a tool from ManageEngine for a service desk to start the documentation, logging the calls into the service desk and then started about the incident management, problem management and change management."
Following the ITIL guidelines and implementing a ManageEngine tool was certainly a good start for the department. As time went on, forms had to be filled out for IT requests, and it was documented whenever an IT request was completed. Suddenly, the IT department had evidence to show the management that it was indispensable. Of course, the changes met with some resistance, but Bohari sent orders straight from the top that these processes had to be followed.
"It was more work for the IT department initially, I think," Bohari says. "But now this is our practice. Now, it's a daily routine."
That said, even by implementing the ITIL practices, Bohari was still a way off of achieving the ISO 20,000 certification. The auditors, who come from a German body, are famous for their fastidiousness, and they browse meticulously through at least six months of records to ensure that the processes really are being followed to the highest standards.
This is why, during the implementation phase, Bohari saw fit to call on some consultants from Elitser Technologies, which specialises in helping IT departments implement the changes necessary for the ISO 20,000, among other things.
"You can do it by yourself -- but somebody should be there to find your gaps, or what you're doing incorrectly," says Bohari. "This is the best way to do things. At some point of time, you really require some consultants who can come and really help you a lot. So Elitser helped us very nicely, and with this help, we achieved the certification."
Having just been certified for the 2011-standard ISO 20,000, the IT department works very differently to the way it did before 2009. For example, tasks such as fixing broken printers or laptops are now prioritised depending on who they come from, and service-level agreements with all departments stipulate how long it can take for a particular task to be completed. What's more, everything is documented, so insight can be gleaned out of the information that results.
No doubt the ISO 20,000 certification has helped the IT department in doing its job, but it has also helped, most importantly, in terms of providing better patient care and customer service, says Bohari: "Now what is happening is you come in, and all records are available on the doctor's desktop, on the hospital management software. He has to just log in and see all your history, and what has been done. He won't even have to ask what has happened with you because everything is available with him."
It's a job well done, then, but Bohari has no intention of stopping at the ISO 20,000 certification. Having gotten a taste of what ITIL best practices can do for his department, he aims to achieve ISO 27,000 certification for security practices, and ISO 22,301 certification for business continuity and disaster management practices.
"Everyone should do it -- really," Bohari says. "I recommend everyone implements ITIL best practices, and they'll see the difference it makes."