Case Study:
HCMS Group

HCMS Group provides cloud-based healthcare information solutions to employers, health organizations and individuals, including data warehousing, data analytics, and clinical prevention services. Because the company needed a HIPAA audited colocation provider that could reliably supply the infrastructure to provide Software as a Service (SaaS) and Data as a Service (DaaS) portals to users across the nation, HCMS chose Green House Data.

"We had to have...a specific approach to indi­vidual rack security and compliance with human resources related requirements such as background checks."

Two Sides of Healthcare Reform Software

“HCMS stands for Human Capital Management Services,” said Mick Simon, Partner and Chief Technology Officer at HCMS. “We work with organizations that bear risk for the cost of health benefits, to help them reduce cost and protect the health of their populations.”

HCMS serves large employers, healthcare providers, and health plans around the United States, with high profile clients including Whole Foods, Texas Instruments, and Cisco.

These companies rely on the tools provided by HCMS to identify the health plan members who are driving the majority of benefit costs. The data analytics platforms and research databases offered by HCMS en­able clients to predict risk, connect the right people to the right services, and ultimately lower healthcare costs and administrative overhead.

“One of the things that is unique about what we are doing is hosting a very complex analytic reporting platform for our large clients,” said Simon. “We host the delivery of risk information that providers all over the country, at the point of care, can pull up through their Electronic Medical Records.”

Overcoming HIPAA Compliance & Data Center Migration Challenges

As HCMS grew and began taking on large national clients, they experienced greater exposure and scru­tiny regarding privacy and security practices. Security, redundancy, and critical infrastructure elements like power, connectivity, and backup led them to consolidate multiple in-house data center sites into a single commercial provider.

Because HCMS deals with sensitive health records, the organization takes information security very seriously. Their services are entirely compliant with the Health Insurance Porta­bility and Accountability Act (HIPAA) and are also HITRUST CSF certified.

Companies that store and transmit health information must maintain HIPAA compliance, including adminis­trative, physical, and technical safeguards, or else face substantial fines in the event of a data breach. For HCMS, compliance audits were a vital requirement, as was finding a service provider who could assist with the transition and complex security requirements.

“There were really two things we had to have to make the move,” said Simon. “One of them was a specific approach to indi­vidual rack security and the other was compliance with human resources related requirements such as background checks. Green House Data met our needs in those areas.”

Green House Data staff engineered a colocation solu­tion for HCMS in the data center provider’s 35,000 square foot Cheyenne data center, which is audited annually for HIPAA compliance, including thorough vetting of employees and contractors.

In addition, the service provider worked with DIRAK to implement new eLine rack-level security systems. These highly configurable electronic lock mechanisms provide real time monitoring, a gapless audit trail, and AES encrypted communication with keycard access.

“We had several steps to our move that involved outside entities that were challenging,” said Simon. “We were more than pleasantly surprised with the extent to which the entire team at Green House Data was willing to listen and develop additional service offerings, along with policy and proce­dures to meet our needs.”

Chat Now