Case Study: StorageCraft and SolutionStart

Case Study: StorageCraft and SolutionStart

August 7

Whether it’s the whine of the drill, the scraping and poking, or the numbing and choking, fear keeps many patients away from the dentist.

Up to 20% of Americans avoid going to the dentist regularly because of anxiety or fear. Some adults don’t go to the dentist at all unless it’s an emergency.

StorageCraft partner Jimmy Georgiou, CEO and founder of SolutionStart Technologies, loves going to the dentist. That’s because his company specializes in technology solutions for dental offices. One reason for his company’s success is knowing what dentists fear most, and knowing how to alleviate that fear.

And what do dentists fear most? Downtime.

As Jimmy explains,

Dentists today depend on practice management software, digital imaging equipment and electronic records to treat their patients and run their practices. Without access to their computer systems, they can’t treat a single patient.

X-rays, dental charts, prescriptions, treatment plans, lab orders, appointment schedules, accounting and other vital practice data are all managed and stored electronically. Downtime not only brings productivity to a halt, it can also subject a dental practice to huge fines for violating certain healthcare regulations.

For dentists and other healthcare providers in the U.S., the scariest regulation is HIPAA, the Health Insurance Portability and Accountability Act. This act protects the privacy and security of an individual’s health information, and imposes fines for non-compliance.

Just like avoiding the dentist can create expensive problems for your teeth and gums, neglecting HIPAA compliance can seriously hurt dental practices.

Fear of non-compliance is right up there with downtime. Our company began focusing on the impact of HIPAA within the dental industry so we could fully understand the role technology plays in compliance.

SolutionStart now offers HIPAA compliance as one of its managed services, and Jimmy is often invited to speak about HIPAA and data security at dental conferences. In 2013, he presented Securing Your Office Technology: HIPAA Requirements and Beyond at the annual meeting of the American Association of Oral and Maxillofacial Surgeons.

HIPAA and other regulations require dental practices to have encrypted email, firewalls, backup, and data protection across both wired and wireless networks. Electronic protected health information (ePHI) must be encrypted when it’s stored and when it’s transmitted, which is why we rely on StorageCraft.

Sharing the Risk

In 2013, the Omnibus Rule expanded HIPAA requirements to include business associates and their subcontractors, holding them to the same standards as dentists and other healthcare providers.

As a technology integrator, I have to sign a business associate agreement that I’ll share the liability for ePHI with my dental clients. As a HIPAA business associate, I will not use any technology that will expose patient information and make my company liable. For us, StorageCraft is the solution, end of story.

An ePHI data breach can be as easy as putting patient information on an unencrypted thumb drive, storing ePHI on an unencrypted laptop, or posting something inappropriate on social media. By law, dental offices and their business associates must protect the

  • confidentiality of ePHI
  • integrity of ePHI (prevent unauthorized alteration or deletion)
  • availability of ePHI.

Part of what we do is try to be consultants, educating the client on what they need. Most small businesses don’t have a compliance officer on staff. We show them the technologies that minimize their risks and vulnerabilities. HIPAA is really about risk management.

Failure to manage risk can be costly. HIPAA non-compliance penalties range from $100 to $50,000 for each violation. In some cases, “each violation” means each patient record exposed—totaling millions of dollars in fines for large healthcare organizations.

Even small practices can face business-crippling HIPAA fines. In 2012, a five-physician surgical practice was fined $100,000, and a small hospice organization was fined $50,000. In 2013, a small dermatology practice was fined $150,000.

Dental practices—and MSPs who are their business associates—need to understand that the future is about compliance. Technology is a big portion of that compliance. Every dental office must understand the transformation that is occurring as we become compliant. How technology is being used is absolutely key to fulfilling that, especially for a small dental office that doesn’t have a compliance department keeping an eye on things.

The HIPAA Security Rule recommends healthcare providers to establish procedures for obtaining necessary ePHI during an emergency. Contingency plans must include data backup to a different secure location, disaster recovery measures, emergency mode operations and testing procedures.

Availability of patient data in an emergency is why all of our backup solutions are based on StorageCraft ShadowProtect. Since 2009 we’ve used it on every new client, and we retrofitted everyone else to ShadowProtect over a three-year window. We can back up data to the cloud and restore it at a moment’s notice. Having data readily available at any time provides better patient care and helps with compliance. Having that data in a format that’s ready to spin up is priceless.

Minimizing Worries

Before partnering with StorageCraft, SolutionStart used a tape-based backup solution.

As Jimmy recalls,

Tape backup worked as long as I sat in front of the computer and made sure it worked. If not, by the time I found out there was a backup problem, it was a really big problem.

In 2009, SolutionStart was one of the first dental integrators to use StorageCraft, and today it’s the only backup solution they use and recommend.

StorageCraft was the best decision we ever made. It allowed us to take the backup offering and implement it without all the worries. It’s a reliable product, something I can guarantee, and it’s profitable. I don’t worry if the backups are working.

According to Jimmy, StorageCraft and its Recover-Ability solution is a perfect fit for HIPAA compliance—or dental practices as well as MSPs.

As an IT provider, it’s my job to minimize the risk for my clients. As a business owner, I don’t have time to be defending myself. It’s about being proactive rather than reactive. With ShadowProtect, we build it right and we build it securely, so our clients can focus on taking care of their patients.

For Jimmy, the StorageCraft features that make them ideal for HIPAA are

  • rapid restore and data recovery
  • real-time backup monitoring
  • built-in encryption and other data security options
  • virtualization options.

ShadowProtect provides three forms of encryption: RC4 128-bit, AES 128-bit, and AES 256-bit. Backups can be scheduled as frequently as every 15 minutes, so a client loses no more than 15 minutes of data in any given outage or emergency.

ShadowProtect is really a backup, disaster recovery, and business continuity solution. It’s the only BDR solution we’ll continue to use.

About SolutionStart

Founded in 2000, SolutionStart Technologies is the premier dental technology provider in the southeastern U.S. With headquarters in Charlotte, NC, SolutionStart serves hundreds of dental practices in North Carolina, South Carolina, Georgia, and Florida.

The company began as a network technology provider with an emphasis on customer support. After discovering that the network designs most commonly used in business couldn’t handle the demands of dental practices, SolutionStart changed its focus to the dental industry in 2002.

“Dental offices are demanding computer and network environments,” says CEO Jimmy Georgiou. “We manage everything from the infrastructure, software and integration to the x-ray equipment. SolutionStart designs it, sells it, and supports it.”

Their expertise in the dental industry has received national recognition. In 2009, he led his team in designing a technology solution for a client whose office won the National Dental Office Design award awarded by the American Dental Association.

“Our mission is to provide complete solutions for every dental practice’s technological needs, empowering our clientele to focus on patient care,” Jimmy says. “A complete solution includes compliance.”

He advises MSPs in the healthcare industry to quit being technology companies and start being compliance companies.

“Technology is the tool we provide to give our clients a compliance solution,” he says. “We are solution providers that are focused on being compliant. If you can’t own up to the world of compliance, you should get out of healthcare IT and find a vertical that doesn’t revolve around humans.”