HIPAA-compliant cybersecurity solutions for healthcare that scale

From the opening of their first clinic in 2011 to their 35th clinic today, Complete Care’s disciplined approach to technology secures their infrastructure against bad actors.

While nearly every industry has IT needs and requires the right IT solutions to continue to grow, when it comes to healthcare, those needs are even more essential. Protecting electronic health records (EHR) and protected health information (PHI) is business critical, not just for patients but also for the healthcare organization.

Further, everything in a busy healthcare system, from scheduling to documentation, relies heavily upon a fully functioning IT network. That’s why Complete Care came to us nearly 10 years ago to help manage all of their IT needs. From sustaining current workforce needs and demands to preparing them for growth, keeping their data safe and secure was vital. We knew that, in addition to creating a scalable solution, security would be paramount.

Security and scalability from the start

Healthcare organizations are facing unprecedented threats and, in addition to those threats, is the need to adhere to fairly strict HIPAA regulations. If you’re in the healthcare space, you know that when it comes to data storage and network security, there are potential vulnerabilities that can put everyone at risk. To stay flexible and accessible while increasing their security posture, ProSource deployed a fully HIPAA compliant cybersecurity solution to protect Complete Care, their patients, and its network from growing and evolving cyber threats.

If you’re a growing healthcare organization and the solution doesn’t scale, it just won’t work. With growing demands on healthcare, successful healthcare organizations need to be able to grow and do so confidently. Complete Care, for example, grew by hundreds of employees in just a few short years.

When Ken Snyder, the IT Manager, joined Complete Care, there were 300 employees. That was a gain of at least 275 employees from the time ProSource partnered with them. These days, that team, with help from ProSource, is responsible for managing the needs of 35 locations across Florida and over 600 employees. This is no small feat when tens of thousands of clients entrust the employees of Complete Care with their Protected Health Information (PHI) and Personally Identifiable Information (PII).

Both ProSource and Snyder understand that true security, in any space but especially healthcare where HIPAA requirements are strict, requires a multi-layered approach, even more so when it comes to managing both an onsite and remote workforce. That’s why ProSource chose the Microsoft 365 environment and deployed a private cloud that includes a VDI for remote employees and also hosted medical workloads (DICOM imaging infrastructure). Additionally, that multi-layered security approach also includes endpoint encryption management, wireless security, endpoint security, managed infrastructure from firewalls to wireless solutions. This ensures that not only can Complete Care effectively, efficiently, and reliably provide the vital services they do, but it also provides them with the required multi-faceted, HIPAA compliant security approach.

And, beyond that, it means leveraging the managed IT support of ProSource to round out an IT team and provide a growing healthcare organization with the expertise and skills they need.

Growing a healthcare organization requires IT investments

IT can be a big challenge for every business, and one of those challenges is finding the expertise businesses need to provide IT support that not only maintains current expectations but also facilitates growth. As we said, Complete Care experienced major growth over a few years. During that time, staffing and headcount growth was focused on supporting business critical missions and prioritized healthcare roles.

That’s where ProSource was able to assist Complete Care with their growth goals. Prior to our engagement, there was no IT manager in place, and even small issues needed to be escalated to outside help. Having an IT Manager provides a boots on the ground presence for their team to address immediate issues, and for someone to coordinate with us when extra assistance is needed. The first goal, for our partnership was helping them find an IT Manager. We were able to, quickly, get Snyder up to speed on the goals and needs of the organization and continue our partnership, allowing ProSource to shift our support to focus on critical IT infrastructure, including reliability, scalability, and security rather than troubleshooting.

“When you’re just starting an IT department,” notes Snyder, “it’s just really hard to build out the kind of team, the specialists, the expertise that you guys have. For us to do that, it would require significant financial resources, to hire people to handle what you all do.”

Further, most IT teams don’t need the specialists ProSource has for 40 hours a week, even if they could find them. As a managed security services provider (MSSP), ProSource is able to round out Complete Care’s IT team, providing specialized skill and expertise based on need and demand, which is a huge cost savings.

Planning for future growth

As Complete Care looks to the future, ProSource continues to provide not just support but also advice and insight into how to best prepare for future growth as well. Managing a growing team and network requires a keen understanding of the best options when it comes to providing IT solutions. In the past, Complete Care has relied on more traditional solutions, like on-premise servers, but in working with the ProSource team, they are discovering how they can leverage the flexibility and scalability of cloud solutions. By assisting the Complete Care team with low/no touch deployments, ProSource is helping create a streamlined and more efficient process. Additionally, this can provide even more support when it comes to handling tech needs, both human resources and necessary hardware investments.

This shift can free up even more time for Snyder’s on-site IT team by reducing time spent on onboarding, integration, and updating at computers when new users come on. The introduction of both Microsoft 365 solutions has improved delivery and turnaround times to get new team members up and running quickly while keeping everyone connected, updated, and secure, in all their offices, across the state.

Like so many organizations, we have a growing number of remote staff. We have to provide security that matches that configuration and utilize IT solutions that are flexible. From the early onsite solutions to considerations for security and HIPAA compliance as we grow, ProSource has really helped us fill the security gaps nicely…and all with an eye on scalability as well.

— Ken Snyder, IT Manager, Complete Care

Bottom line

Many organizations come to ProSource when they’re facing IT challenges, looking for help fixing those immediate needs. The ProSource team has a job to fill that immediate gap and then look ahead to how we can prepare our partners for the inevitable growth that will come once IT solutions are flexible and scalable. As with Complete Care, we were able to address the immediate need, and then provide the support and expertise to help them look ahead at what they would need and how we could continue to help them reach those goals.

Now, with over 35 locations and at least 20x as many employees as when we started our engagement, Complete Care is able to look back and track that growth to the IT decisions they made in the early days, with ProSource guidance.

Key outcomes

  • Completed large scale migration of ~200 users from G-Suite/Google Workspace to Microsoft 365 in order to leverage compliance benefits and support growth/scale
  • Standardized and deployed a consistent security fabric across the environment. Defense in depth/layered security. Unified Threat Management (UTM) Firewalls, Security Awareness Training, Data Loss Prevention (DLP), Encryption, Mobile Device Management
  • Facilitated and enabled significant growth from a single office to 35 locations and around 600 employees.
  • Oversaw and managed the transition as the sole IT provider to Managed Security and Infrastructure Provider, simplifying and improving security and networking capabilities
  • Interviewed and hired an IT manager for the client to begin building an internal help desk for level 1 issues