Case Study September 21, 2018

HI-IQ® from ConexSys – A HIPAA Case Study

The need for a more secure and reliable HIPAA compliant hosting solution.
Selection Criteria
Strong foundation of HIPAA knowledge and experience along with SAS 70 certification and Citrix support were needed to provide its customers with a low risk, cost efficient application.
Deploying a Hybrid cloud in a dedicated server environment allowed both ConexSys and its customers to scale quickly while leveraging the latest technologies. Additionally, ConexSys was now able to spend more time on HI-IQ development efforts.

HI-IQ is a software platform designed to be the centerpiece tool for managing interventional radiology workflow. ConexSys licenses HI-IQ to hospitals to improve departmental patient
workflow, outcomes and inventory management. ConexSys has partnered with Connectria to offer HI-IQ as a hosted solution, providing ConexSys and its customers a low risk, cost-efficient
application. Discover how Connectria Hosting and ConexSys have teamed up to deliver a reliable and secure hosting solution in support of HIPAA compliance.

The Challenge
As a Business Associate of its hospital customers, ConexSys must protect and secure patient information according to HIPAA regulations. And since its HI-IQ solution manages a variety of data, including information such as patient identifiers, allergies, preexisting conditions, diagnoses, and costs, among others, ConexSys must ensure the integrity of PHI (Protected Health Information). As ConexSys developed HI-IQ for a hosted platform, they required the hosting provider to be accountable to the same guidelines and standards as those they upheld. A search for the right hosting partner revealed that few companies are capable of understanding and addressing HIPAA compliance. Additionally, the hosting partner would be required to support Citrix, the delivery method of choice for HI-IQ, a characteristic not common among many HIPAA hosting providers.

As a software provider, ConexSys prefers to focus upon developing, marketing, delivering and supporting HI-IQ and not maintaining a HIPAA compliant IT infrastructure. The right hosted solution would provide them this opportunity. Similar to ConexSys, IR departments face common challenges; namely, a desire and preference to concentrate upon delivering quality healthcare, not managing an IT system and HIPAA regulations. To the extent that ConexSys and its hosting partner may alleviate these concerns, an IR department is more apt to adopt the solution. Other reasons for choosing a hosted HI-IQ solution include:
• No capital investment required…only an affordable, fixed monthly operating cost is needed.
• Departmental self-reliance…do not need the support of the hospital’s IT department.
• HIPAA support is inherent in the solution…facilitates compliance.
• Have access to the latest technologies…can quickly scale as needed.
• Relieves the IR department of maintaining systems, including backups and restores.
• Have ability to access system anywhere…only an internet connection is needed.

The Solution
Following a six-month search, ConexSys chose Connectria Hosting. ConexSys recognized Connectria’s strong foundation of HIPAA knowledge, services and experience. With solid HIPAA customer references, Connectria had clearly done this before. ConexSys realized they would have the support that they needed and they wouldn’t be left on their own to figure things out. Connectria’s hosting services had also been audited and received SAS 70 Type II Certification. This is important to customers who deal with highly sensitive information. SAS 70 controls establish guidelines and general principles for initiating, implementing, maintaining, and improving information security management. And unlike other hosting providers whose SAS 70 claims may be limited to sales order or other processes, Connectria’s SAS 70 certification is directly related to its actual hosting services or hosting infrastructure.

According to Emily DeMerchant, ConexSys Director, “Connectria’s experience and support made us feel comfortable. We didn’t feel like we would be ‘an experiment’ with them. They had the right combination of security compliance, hardware and support. Once we moved to implementation, it only took about a week to deploy the solution.”

The Results
The solution deployed consists of a hybrid cloud and dedicated server environment. It allows both ConexSys and its customers to scale quickly when needed, while leveraging the latest technologies. Key features of the Connectria HIPAA solution include detailed audit tracking, encrypted offsite data backups and facility logs and audits. “Connectria’s solution has freed us of the demands involved with maintaining IT systems and infrastructure,” noted Emily DeMerchant. “We now spend more time on HI-IQ development. No longer do we have to worry whether we’ll have the IT resources to acquire additional customers. With Connectria, we now scale on demand. There’s definitely been a return on investment in choosing Connectria’s HIPAA hosting solution.”

Related Resources

HIPAA Compliance in the Time of COVID-19
Those of you providing services to patients are probably knee-deep in understanding HIPAA as it applies to extraordinary circumstances such as a pandemic like COVID-19…
Disaster Recovery Options For The IBM i Series
Last updated March 30, 2020 Earlier this year, the Disaster Recovery Journal released its latest figures on disaster recovery preparedness. The last time we reported…
Five Ways to Reduce Your AWS Cloud Spending
 In the cloud, as with everywhere else, every dollar counts. And as the cloud continues to grow in popularity, organizations are increasingly looking for ways…