Managed IT Services, HIPAA/HITECH Compliance and Changing IT Providers: Ed Garay from Lutrum Answers Your IT Questions.

Mary Pat: Where does the name of your company, Lutrum, come from?

Ed Garay: When I was developing a name for this company, I didn’t want to be like every other healthcare IT services company with health, md, medical, etc. as part of their name.  I wanted it to represent something deeper about what we do and who we are as an IT organization.  Although we are IT specialists, I realized that one of the things that I am always working with my team on is to listen and understand our client’s needs.  Which lead me to creating the name, Lutrum.  Lutrum is a slight variant of the Latin word Lutra.  Lutra means otter in English.  And the otter symbolizes empathy.

Mary Pat: What led up to you starting your own business?

Ed Garay: In late 2000, I worked as an IT Director for an organization that continued to downsize.  I came to a career crossroad.  With starting to support under 100 systems, and the network running in tip-top shape, there was really no need for me to be there full-time in the long run.  So, do I look for another job that can’t possibly be as fulfilling as where I was, or do I take a leap of faith and start up my own business and share my knowledge with the masses?  Through the feedback of mentors and other resources that knew me personally and professionally, I was highly motivated to take the leap of faith and have never looked back.  My business career has evolved over the years and has naturally lead me to Lutrum.

Mary Pat: What are Managed IT Services?

Ed Garay: Managed IT Services is a proactive approach to IT support.  It’s a flat fee service that provides virtually unlimited support.  And in our case, it also includes virtually unlimited Clinical Application Support, which is Managed IT Services includes proactive measures such as Anti-virus/Anti-malware software, Anti-spam services, backup services and other services that help prevent certain issues.  It’s intended to be a Win-Win-Win scenario.  If we are doing our job correctly, then it’s a Win for us since we have less reactive ‘fires’ to put out, a Win for our client as their entire organization remains productive (and there are less jokes made by their staff about their technology), and a Win for our client’s client as one of the results of properly leveraged technology is responsive customer service.

Mary Pat: Can you expand on what you mean by Clinical Application Support?

Ed Garay: We assist you with your use and management of your practice management and EMR software by helping you create or update templates, helping you manage and train staff on system upgrades, helping you create training materials and cheat sheets, and are available to help you however we can to improve your use of the software.

Mary Pat: How can you manage practices nationally?

Ed Garay:  With our Managed IT Services support platform, we are able to do at least 80% of IT support remotely.  The newer the client’s hardware, the higher the percentage.  When in need of someone onsite, or ‘remote hands,’ outside of our area for a short amount of time, we reach out to our network of IT Partners to help.  In some cases we work with internal client staff if they are made available to us.  But because we can do so much remotely, and we work well as a team with our clients staff and their vendors, all management of our clients is done out of our main office.  We do make site visits from time to time as necessary.

Mary Pat: What sets you apart from other companies offering IT services?

Ed Garay: First, I have the most memorable personal tag line “When your computer is dead, call Ed!”  Second, Lutrum has a culture of personable IT people.  Although we work hard, we definitely appreciate a good humor and enjoy working closely with our clients.  Third, unlike most IT companies, we won’t just install your EMR/PM application and leave.  We will also provide you a Clinical Application Manager to help you leverage your technology and work towards a Return On Investment.  Lastly, we continue to modify our Managed IT Service offerings so that they are turnkey.  For example, we include many services and hardware that most IT providers would prefer to charge separately.

Mary Pat: You recently had a booth at the MGMA annual meeting in Las Vegas and had a lot of interest in your Compliance product.

Ed Garay: Practices are looking for help with HIPAA/HITECH compliance and we had a number of managers who told us they came to the exhibit hall specifically looking for our solution.

Mary Pat: What is your HIPAA/HITECH solution?

Ed Garay:  The HIPAA/HITECH Report on Compliance is generated by a ROC (Report on Compliance) cloud-based tool that we provide.  Three key features to it are:  It meets the Meaningful Use Stage 1 Security Risk Analysis requirement, it’s a system that is continuously updating regulations so that a Practice’s Compliance Officer doesn’t have to keep track on their own, and Covered Entities can better manage and track their Business Associate’s compliance documentation.  Since it is built in a Yes/No question format, it becomes easier to figure out where your organization stands with compliance.  As a Managed Compliance Provider, I originally started offering the ROC tool so that our clients can hold us accountable for keeping them HIPAA/HITECH compliant.  But we soon found out that with our expertise on the HITECH side of compliance, we can assist practices even with existing internal or external IT support as well. MMP readers can request a sample ROC (see a small section below) by emailing me at

Sample of the report generated by the ROC tool Lutrum offers for HIPPA/HITECH compliance

Mary Pat: One of the most nerve-wracking projects a manager can undertake is moving from one IT vendor to another. Can you talk about how that process can be successful?

Ed Garay: It is possible to achieve success during an IT Vendor Transition.  If you follow a steps outlined here, you will feel more confident about making an IT Vendor change and can start expecting better results from your current (or future) IT Vendor.

  • Start with understanding the agreement terms with your current IT vendor.  Some may have an early termination fee.  You’ll want to have 15-60 days of availability from your current IT Vendor before fully cutting over to your new IT vendor
  • Determine timeline of transition that works best for your medical practice.  Is it a transition that needs to be expedited, or is it one that needs detailed consideration?
  • If you do not have network documentation provided to you by your IT Vendor, have them provide you electronic documentation of the following:
    • Computer Inventory
    • Administrator username and passwords for networked devices, your domain, online providers, website hosting, etc.
    • Medical Practice’s top three HIGH RISK areas
    • List of open support requests especially if they are known security concerns and high priority requests
    • List of 3rd party service partners such as Internet Service Providers, Online Backup Providers, and Website Hosting Providers, etc.
    • Backup configuration(s) and devices
    • Endpoint Security configuration(s) such as Anti-virus and Anti-spyware software
    • Anti-spam configuration(s)
    • Network configuration(s) and layout to include wireless connectivity, VPN’s, and networked devices
  • Provide this documentation to your new IT Vendor and allow them 3-5 business days to comb through the information and document questions they may have for your current IT Vendor
  • Initiate a conference call or face-to-face meeting between your medical practice (key individual(s)), your current IT Vendor and new IT Vendor.  This is a very critical step.
    • All great IT Vendors exit their client’s organizations smoothly
    • With your network documentation in hand, the new IT Vendor can talk more specifics with your current IT Vendor.
    • If certain software and services are specific to your current IT vendor, the current and new IT vendor will need to coordinate the swapping out of the software and services within your timeline.
  • Encourage current and new IT vendors to communicate with each other regularly during the identified timeline
  • Have both IT Vendors regularly report to you updates on the transition
  • Have your new IT vendor engage with your medical practice’s end users during the transition before Go Live
  • Go Live of your new IT Vendor’s services!

Mary Pat: As a takeaway for MMP readers, Ed has put together a Top 10 List of steps that practices can take to ensure they are mitigating HIPAA/HITECH risks. For your copy, send an email to

Ed Garay, CEO and Founder of Lutrum

Ed Garay is the CEO of Lutrum, a managed IT services company that provides medical practices with a turnkey IT solution. He is certified in Management of Clinical Information Technology. Ed says “Through state-of-the-art technology, strategic planning, quick response time, and open communications, we create a winning partnership between your team and ours so that your IT worries disappear, leaving you more time to run your business.” You can contact Ed at 480.745.3091 or

Bringing you the latest healthcare news!

The Manage My Practice Blog keeps our readers up to date with the latest healthcare news, trends and analysis.

Recent Posts

Back to the the Blog!
Back to the the Blog!

Where have I been? Ten years after I started my consulting business and started blogging, in 2018 I stopped blogging when I took a very interesting interim position at the University of Washington...

read more

Get in touch

Phone: (919) 370 0504