How A HIPAA-Compliant Cloud from ServerCentral Helped A Health Care Company Go Global
Health Payment Services (HPS) needed a HIPAA-compliant cloud that could scale with the company — and support the global workforce helping it grow. A search through HIPAA-compliant cloud providers led HPS to ServerCentral. Together, we were able to build an infrastructure that fulfilled HIPAA cloud compliance and delivered the speed and uptime needed to run an agile operation with a remote workforce spread across several time zones. By taking cloud security and HIPAA regulations as seriously as HPS took them, we were able to prove the client’s motto:
There has to be a better way.
How a HIPAA-compliant cloud is helping HPS scale
In the health care industry, there is no room for error. Massive growth can happen overnight, and reliability and regulatory compliance are not just check boxes — they’re the core of the business.
At HPS in Milwaukee, those needs were keenly felt. The company had grown just under 200 percent in five years thanks to a business model that simplified healthcare billing with a single statement for all consumers’ in-network claims. As they began to strategically address their scale requirements, the management team kept in mind the core principle founder Jim Brindley built HPS around: “There has to be a better way.”
That searching prompted the team to take a good look at its infrastructure and consider the possibilities of HIPAA-compliant cloud computing. The few cabinets of servers HPS had were set up when the company was much smaller and far more centralized. The infrastructure wasn’t equipped to handle a growing staff located across the globe, or the sophisticated Disaster Recovery plan and HIPAA-compliant cloud backup HPS needed. Most importantly, it wasn’t nimble enough to scale along with the company.
Simplifying something as complex as healthcare billing requires an agile company and a global workforce that can quickly respond to shifts in the industry. “When we say HPS needs to be agile, we aren’t specifically talking about the software development process. We’re talking about a company whose operations and culture are based squarely on agile principles,” said HPS President & CEO Terry Rowinski. Finding the right HIPAA-compliant cloud service provider could give HPS flexibility and scalability, while delivering the security it needed to meet regulatory requirements.
To help HPS tackle this business challenge, ServerCentral delivered a cloud infrastructure that met HIPAA compliance while remaining as agile as the company needed to be.
"They clearly understood our culture and were intimately familiar with our challenges and opportunities. From the jump Lauren, George, Paul, Tom and the entire ServerCentral team recognized that we wanted a business partner, not just a technology provider. We wanted someone who not only understood the ‘ilities’ we need to operate our business: accessibility, scalability, and reliability — but someone who also recognized the security and compliance requirements — the trust our payers, providers and customers put in us — and took that trust to heart in the same way we do at HPS."
Here’s how Terry and his team prepared HPS to scale rapidly:
3 steps to scalability: HPS’s approach to cloud infrastructure
Step One: Create accessible, scalable, reliable, secure and HIPAA-compliant cloud
Infrastructure became the core catalyst for switching to an agile approach at HPS. Because the data and applications were at the center of the HPS business, creating a global, agile infrastructure could radiate through the company, triggering a shift to the global, agile approach necessary to scale.
With HPS, the infrastructure requirements were clear.
- Everything has to be accessible to a workforce all over the world.
- The infrastructure has to be scalable, since the company grows by leaps when it adds large healthcare networks and accountable care organizations (ACOs).
- It has to be reliable because HPS is processing payments.
- It also has to be secure and HIPAA-compliant, because HPS transmits medical data.
There wasn’t any wiggle room on these requirements. Each requirement was and remains mission-critical to the success of HPS.
Managing HIPAA compliance and the cloud requires a careful and strategic approach — as does PCI and FERPA compliant cloud storage, or any other regulatory compliance. HPS has a great IT team, but partnering with a HIPAA-compliant cloud provider ensured they’d have the expertise they’d need, and saved them the time and stress of understanding and developing HIPAA-compliant data centers.
We approached Terry and his team with an immense amount of questions and a lot of checking and cross-checking to make sure we created an airtight, private, HIPAA-certified cloud. We also built out a Business Continuity and Disaster Recovery plan, setting them up with a failover site in our Ashburn, Virginia, location and delivering cloud security in compliance with HIPAA. Our plan will save HPS hundreds of thousands of dollars in the long run, and the company can failover to our Virginia location and be back up and fully operational within a few hours.
"We are experts in healthcare payment and billing processes. We are experts in understanding the payer, provider and customer requirements and expectations for billing and support. We are not experts in architecting, deploying, managing, scaling and supporting mission critical IT infrastructure. This is where we turned to ServerCentral."
Step Two: Enable collaboration and execution across a globally distributed workforce
A simple connectivity issue at 3 p.m. isn’t so innocuous when it’s also happening to someone starting their workday on the other side of the world. To get the best talent, HPS knew it had to think globally — it needed cloud computing that worked everywhere, all of the time, with HIPAA compliance.
"Finding the right people with the skills, aptitude and interest in working with leading-edge technologies is a significant challenge. Keeping them is an entirely different — and equally important — challenge. In order to build the team we knew we needed to succeed, we looked around the world to find the best possible talent, wherever it may be. We knew a widely distributed workforce, working around the clock, was going to be paramount to our success — and empowering them with the collaboration and orchestration tools necessary to execute from wherever they are, in whatever time zone they’re working, was critical.
Without the ability to collaborate in real-time across the entire company, utilizing all of our internal- and external-facing systems, we wouldn’t be able to keep pace with this industry or our customers’ requirements."
A globally accessible and reliable HIPAA-compliant cloud is the foundation that enables HPS to grow. Collaboration is critical — and that doesn’t just mean chatting in Slack. Everyone needs to be working together to solve problems, then executing those solutions, everywhere, all the time.
Step Three: Establish three-week project cycles for all HPS projects
Ready to put the speed of its HIPAA cloud hosting to the test, HPS executed on the final element of its push to an agile workflow — breaking its work down to three-week sprints. The company had seen how effective time-boxed work could be on its technical projects, and decided to apply the same focused thinking to all of its projects.
"In order to keep pace with the healthcare industry and evolve our business, we implemented three-week cycles for all HPS projects. We chose three weeks as the cycle because it provided a complete extra week for the in-depth testing of all processes and technologies — a critical requirement for health care cloud computing. Everything has to work right the first time. There are no reset buttons."
The quality of work across the entire organization dramatically increased. The ability to focus and execute on clearly defined objectives made everyone’s lives easier while improving our ability to operate the business.
How HPS is preparing its HIPAA cloud infrastructure for what’s next
Delivering bespoke HIPAA-compliant hosting services isn’t the finish line, it’s the starting point. Instead of handing off the infrastructure and waving on our way out the door, we start figuring out how to make it even better. This is when we begin regular failover testing on the HIPAA-compliant cloud servers, to start understanding scale and finding improvements for global connectivity, and continuing to ensure the proper security is in place around HPS’s cloud computing.
Now that we’ve set HPS up with an infrastructure that can handle its needs, we’re working every day to optimize the systems to better handle current and future tasks. And we have to. HPS is on track to double in size in the next few years.
With ServerCentral, HPS has now put in place the foundation, a true technology backbone, which will evolve in 2017 and beyond to both scale with the growth of our business while delivering uncompromised availability at a leveraged cost.
President & CEO, Health Payment Systems