Case Study: Meeting Privacy and Data Security Demands Without Breaking Your IT Budget

As many small businesses grow so does their need for more complex and scalable IT resources. While those needs vary from adding more storage or servers to creating larger networks and adding information services, the common issue is that of managing your needs and expenditures while maintaining security and reliability. That goal is typically a difficult balancing act that requires technical knowledge and industry experience.

Recently we developed an innovative approach to growing IT infrastructure and resources for an expanding business while satisfying both their business needs and stiff government privacy and data security policies.

The Problem: Needing Increased Storage Space to Secure Private Data.

A Mental Health Services practice was moving to a new office and expanding their operation to accommodate more patients and modernize their accounting and records management systems. The company needed to update its infrastructure equipment for up to 5 employees and 100+ patients while being in compliance with state privacy and data security policies and the Health Insurance Portability and Accountability Act (HIPAA). While updating and expanding the infrastructure is a relatively straightforward and well worn territory for most IT consultants, there are special considerations when dealing with privacy and medical records confidentiality issues. There are numerous potential legal issues that could call technology configurations and choices into question including litigations and compliance audits. The owner was very interested in utilizing "Cloud" technologies to decrease the cost and maintenance burden of hosting scheduling and accounting applications, and the large amount of storage necessary for patient records. However, Cloud services are not generally geared toward tailored applications nor able to provide certified and secured facilities that are necessary for medical record storage. Most Cloud vendors also do not generally offer 24/7 technical support or consulting services to ensure the system is running correctly, they are much more a commodity service built for rapid growth and extreme cost savings.

Once these issues became apparent, the owners sought to purchase their own servers and equipment and devote part of their office space to a server room. This is a great choice for medium to large businesses with significant cash flow for capital purchases and the resources to dedicate to technical support and future upgrades. However, as the estimates for the equipment came in, the owner began looking for a different option.

The Solution: Off-Site Managed Data Center.

The concept of an off-site datacenter is typically something in which only large businesses and massive enterprises are interested, however, times are changing. An off-site datacenter vendor can offer 24/7 technical support, massive redundant resources and even backup diesel electricity. There are numerous US Government and ISO certified and accredited datacenter vendors across the country that can provide leased servers and storage for fractions of what would be spent on purchases and maintenance. These vendors are responsible for the health of the systems as well as their security and backup. They have trained and certified personnel to provide support and when necessary are available to provide information for legal proceedings and will typically have documentation at the ready for such events. Most have very secure facilities with biometric access controls and locked racks for each customer's equipment.

Once a vendor was chosen the configuration details were handled by the owner and a consultant to ensure that all needs were met and a Service Level Agreement was in place. The new off-site vendor would host Exchange Email, a website, application servers and bulk storage along with providing a comprehensive backup and disaster recovery plan.

The Reward: A Reliable System and Significant Savings.

The immediate benefits included that their new office space only required basic networking equipment, inexpensive workstations and a cost-effective internet connection used to connect to the remote systems. These systems require minimal investment and are easily accessible and typically require little additional staff training. The long term business benefits are increased ROI due to the limited immediate cash expenditure and lack of equipment obsolescence.

The managed datacenter solution helped satisfy the needs for data encryption and a documented security and privacy plan for patient record and accounting storage. The documented infrastructure and file storage maps may well prove invaluable when responding to requests for information during a potential litigation or investigation. Having a well planned and managed IT infrastructure while the business needs are minimal can have a huge impact while the business grows and the needs become more complicated. The business was able to put a forward- looking 5 year plan in place to address their current and future needs ensuring that their IT resources were guaranteed and any future issues could easily be resolved.

In the end, the company met its increased storage needs in a secure environment, and had a valuable partner moving forward to ensure those benefits continued to accrue. The company was ready to expand, was sure of its compliance obligations, and had spent significantly less capital than originally budgeted for the project.