The ITIL change management process is one of the very important processes that helps increase security for IT applications and infrastructure. For example, in healthcare and hospital environments, maintaining an eHealthRecord (eHR) application is an enormous IT task. Cerner, Epic, Allscripts, MEDITECH, Siemens and McKesson are the major vendors and cost many millions to purchase. It often requires millions more in resources to implement and maintain.
The ongoing task of maintaining a hospital eHealthRecord is a giant burden on IT. There are also many possible security issues, given that HIPAA compliance is required for any hospital or healthcare environment. According to industry research, some hospitals have a backlog of over 1000 eHealthRecord Requests for Change (RFC), and many are related to security.
Often when an aspect of the eHealthRecord is not working correctly, the IT help desk receives the phone calls, since they are the first point of contact to support clinical professionals such as physicians and nurses. After the help desk performs some troubleshooting, they may realize that there is an issue or an enhancement required to solve a problem or increase functionality. A good ITIL change management process is critical to organize all the RFCs and to make sure that the issues impacting security are prioritized high on the implementation list. It is easy to get caught in the thinking that features and functions are the most important changes, since clinical professionals are asking for these and they have responsibility for frontline delivery of healthcare services.