“Neither rain nor snow…” You know the adage about the reliability of the U.S. postal system. Today we might transfer that goal concept: “Neither viruses, nor bandwidth nor disk space will stop email!” – at least not for organizations that depend on it as their primary communication vehicle.
And that’s the case with academic medicine. For Thomas Jefferson University, “email is absolutely critical,” according to Jason Hughes, acting director of Core Technologies (a division within Jefferson’s Information Technology department). It’s the primary way people communicate on campus.
But three years ago, that means of communication was threatened because of the increasing heavy volume of users and messages crushing Jefferson’s old equipment. The strain caused the executive team to seek a different solution for their messaging function. They knew they needed a system that would keep up with technological change and the performance levels needed for a quickly changing environment.
Simply installing new equipment that allowed for growth in mailboxes wouldn’t solve the problem. The university’s objectives included extending Web-based messaging to students, who are mobile and need access to email from many different locations.
The Fork in the Road
Thomas Jefferson University, located in Center City Philadelphia, is composed of Jefferson Medical College, the College of Graduate Studies and the College of Allied Health Professions. The university side and hospital side are two separate business units with separate IT departments. The decision to outsource student email was based on two factors.
They decided that managing an email server and potentially an LDAP (lightweight directory access protocol) directory didn’t fall into the university IT department’s core competency. “I’d like my techs to do other things, like writing applications to utilize our LDAP directory so that our professors can send targeted mailings,” comments Hughes. “Chasing down bounced emails and updating virus files is not that interesting and is not along the lines of our core competency.”
They also realized that outsourcing would afford them cutting-edge technology with 24×7 maintenance and that the work would be performed by an organization whose core competency is messaging.
The plan was to first find an email solution for the student population, use it as a pilot and then evaluate whether to integrate it on a campus-wide basis for faculty and staff. They sent out a formal Request for Proposal (RFP), and three entities bid on the work. Two were external outsourcers; the third was the Jefferson Hospital IT department, which had been providing email services for the faculty and staff of both the university and the hospital.
United Messaging, Inc. was awarded the contract in May, 1999. Of the three bidders, United Messaging had the best price and most attractive offering. Although it was a brand new company at the time, the stature and reputation of its founder (who had run Lotus Notes, Domino and cc:Mail for IBM for a number of years) was a strong foundation of confidence for Jefferson.
Transition Challenges
Three thousand mailboxes were transitioned to United Messaging. The “go live” date was in August, 1999. Before that date United Messaging designed the university’s LDAP directory and synchronized it with the university’s banner system (an application that holds all student, financial aid and alumni data). “We wanted that to be our source of truth for a mailbox and LDAP so that whatever a person’s first and last name is in the banner, that’s what the email address would be,” Hughes explains. “We worked very closely with United Messaging to ensure there were no problems in this process.”
Even so, they encountered a challenge. “We initially named the mailboxes as first name, dot, last name,” Hughes reports. “We found that was probably not the best thing to do because we would run out of mailboxes, and there will be a lot of john.smiths. So we switched it to initials as a way to name the mailbox, and an alias that would allow for a first.last e-mail address.” Then they branded a combination of initials and numbers as an individual’s “campus key,” which is used to authenticate to various systems through the LDAP directory. Now people just have to remember their campus key and a password.
The actual transition to initials was effected overnight. But the supplier had to communicate this information to the students, which necessitated sending a number of mailings to let them know why the change was taking place and what their new email addresses would be. “It was a learning experience,” Hughes recalls. “It went relatively smoothly. We got a lot of calls, but we had made sure that we were prepared for that. And that was another benefit of outsourcing – we have integrated the help desk at United Messaging into the help desk here at Jefferson. So United Messaging was the first tier level that received the calls.”
HIPAA Regs
United Messaging’s data centers include fully redundant, state-of-the-art equipment and facilities designed to maximize reliability, security and flexibility. Unfortunately, email’s broad, instantaneous transmission of information carries some business risks. United Messaging recognizes that protection from those risks involves more than installation of hardware and firewalls. The company brings to its clients an onsite assessment of corporate security policy with a workshop and recommendations for a bullet-proof email policy.
For medical organizations, the risks go further than viruses and employee misuse of email. HIPAA regulations, soon to be in effect across the U.S., will regulate the electronic transmission and storage of any patient’s private medical information. While this may not directly affect Jefferson University’s students, it’s nonetheless a major concern for any campus-wide policies. The University owns a number of physician practices, so it is very involved in patient care and research. They realize they will need to become HIPAA compliant.
United Messaging has taken the first step in that regard with its Message Control, which allows for message screening and authenticating the sender of emails. “Public key infrastructure for security purposes is obviously going to be a large component of HIPAA compliance in the near future,” says Hughes. “United Messaging has clients using authentication and digital signatures, which can then be used for organizations requiring a more secure e-mail environment.” Jefferson is confident that United Messaging can provide the infrastructure and expertise that will be necessary for security compliance on campus.
No Worries
Hughes is clearly very pleased with the outsourcing solution. “I don’t know how many emails we handle per day. I haven’t looked. You know why? If it works, I don’t care if it’s one or 1,000 or even several hundred thousand. I don’t have to worry about it, thanks to United Messaging. They make sure it’s working and is fast and reliable. And that was our goal in outsourcing.”
He adds that a decision to outsource shouldn’t be focused only on the financial aspects. “It should depend on what you are looking for. United Messaging has expertise and economies of scale. They have multiple optical carrier lines going into their data centers. We could never provide the redundancy they provide. It’s not feasible. Clearly, if I wanted to provide the same quality of service, uptime and fault tolerance that United Messaging is providing, I would have to spend an inordinate amount of money. We could have improved our operation with less money by using one or two servers in a cluster. But that would not be the type of fault tolerance and the support level that we wanted and now have because we outsourced to United Messaging.”
Lessons from the Outsourcing Journal:
- Worries about email bandwidth, disk space, security, uptime and reliability of a system are greatly reduced when you outsource to a provider with economies of scale and messaging expertise.
- Because email is a primary means of communication in medical organizations today, outsourcing is a quick and efficient solution for PKI infrastructure (public key infrastructure) and HIPAA compliance.
About the Author: Ben Trowbridge is an accomplished Outsourcing Consultant with extensive experience in outsourcing and managed services. As a former EY Partner and CEO of Alsbridge, he built successful practices in Transformational Outsourcing, Managed services provider, strategic sourcing, BPO, Cybersecurity Managed Services, and IT Outsourcing. Throughout his career, Ben has advised a broad range of clients on outsourcing and global business services strategy and transactions. As the current CEO of the Outsourcing Center, he provides invaluable insights and guidance to buyers and managed services executives. Contact him at [email protected].