When your business straddles the line of finance and healthcare, security and compliance are bound to drive your IT direction. AccessOne knows this firsthand. The company provides patient financing solutions for health systems. As part of their solution, they offer an online portal through which patients can access and pay their medical bills over time, and hospitals can track the status of accounts and seamlessly transfer them back to their internal databases when necessary. With sensitive patient data on the line, AccessOne looks to its infrastructure to support and secure its operations.
Demand for Economical, Dynamic Testing & Development
Over the years, AccessOne has evolved from a small family business to become one of the leading providers of patient payment options in the US. While its IT initially focused on maintaining systems, it has become a critical means to ensuring performance, reliability and accessibility to provide an outstanding customer experience for both patients and hospitals. For AccessOne, downtime is not an option.
Given the sensitivity of its clients’ protected health information (PHI), security is also vital to AccessOne, and so is its compliance with a series of regulations – including HIPAA and PCI DSS – all focused on mitigating risk and safeguarding privacy. Obligated to meet these mandates or face large fines, security and compliance weigh heavily in AccessOne’s IT decisions.
AccessOne recognized that a third-party infrastructure provider could most effectively help them fulfill these requirements. This provider would also need to offer the company steadfast assistance and expert guidance.
Leveraging expertise to drive success
In 2013, AccessOne was introduced to Peak 10, and the company found the partner it was looking for. With a HIPAA-compliant cloud and a team of risk and compliance experts, Peak 10 offered the performance, security and availability AccessOne required to drive its business direction and support its partners, customers and internal customer service team.
Today AccessOne leverages a full hybrid IT solution from Peak 10 that includes its HIPAA-compliant cloud, colocation, firewall and disaster recovery (DR) services. With 99.999% uptime, Peak 10 ensures AccessOne’s application is available when needed, enabling its internal staff to assist customers and work uninterrupted. Utilizing both the Peak 10 cloud and colocation services, AccessOne leverages Peak 10’s security measures, including five-point physical security and 24/7 monitoring. As an added layer of assurance, AccessOne operates a firewall from within Peak 10’s infrastructure – an enormous benefit to Harris Kinyanjui, systems administrator for AccessOne, whose team is responsible for its infrastructure.
“Having that barrier and safeguard really helps us as far as security is concerned,” says Mr. Kinyanjui. “It provides a peace of mind.”
An equally important aspect of this collaboration is Peak 10’s technical support and expertise. Peak 10 helps with advice and planning, including load balancing load balancing servers, firewall management and determining what workloads should be in the cloud.
“Peak 10 is an extension of our existing IT services,” notes Mr. Kinyanjui, who appreciates the 24/7 support and ability to visit the data center when necessary. “My job is making sure everyone else can do their job without worrying about downtime or any IT-related issues. Peak 10 helps me do this”
With the majority of its environment in the Peak 10 cloud and a few select servers colocated with Peak 10, Mr. Kinyanjui is alleviating of many infrastructure management issues, allowing him to focus on other important IT initiatives.
“Peak 10 makes my job easier,” says Mr. Kinyanjui. “I don’t have to worry about servers going south. Peak 10 takes care of the maintenance, the patching, and if there are any issues with the service, I’m alerted.”
While AccessOne is ultimately accountable for its own compliance, Peak’s 10 HIPAA compliant cloud and annual third-party audits of its own infrastructure set a solid base. By leveraging this infrastructure and Peak 10’s risk and compliance specialists, AccessOne is better able to respond to audits and achieve its own compliance. To achieve full PCI DSS compliance, AccessOne engages Peak 10 to perform monthly internal and external PCI DSS scans. These scans encapsulate AccessOne’s existing compliance level and guide the AccessOne IT team around what still needs to be done.
AccessOne continues to develop its relationship with Peak 10, having recently colocated additional servers with the provider. While the company plans to virtualize all its servers in the near future, these servers were still viable. With only its phone and active directory servers left on premise at AccessOne, the company is poised to make a full transition to Peak 10, further allowing the AccessOne IT team to focus on the key initiatives that will fuel the business’ direction.
A future of new initiatives and continued partnership
AccessOne has its sights set on national growth, and its IT team knows its infrastructure must be able to scale to adapt to the business’ changing needs to foster this growth and maintain security. It is also keenly aware of the added regulations a larger customer base and national presence will impose, and is focused on having all the pieces in place to nurture this growth. As AccessOne
gears up to renew its contract with Peak 10, Mr. Kinyanjui knows from experience that Peak 10 is more than capable of handling these demands.
“I can only see our relationship with Peak 10 being even more impactful because of where we’re heading,” he says, noting the strength of the relationship.
This relationship was developed and continues to thrive through Peak 10’s consultative approach to partnering. Ever focused on its customer needs and the changing marketplace, Peak 10 is always enhancing its portfolio of services. This suits AccessOne perfectly as this collaboration fosters new ideas.
An output of this collaboration was AccessOne’s decision to implement Peak 10’s Encryption as a Service offering. Driven by the expansion and regulatory mandates, AccessOne views encryption as a last line of defense in optimizing security and ensuring customer privacy. Currently, AccessOne employs full-disc encryption on its corporate laptops with the ability to remotely erase a laptop
if lost or compromised. For Mr. Kinyanjui, it only makes sense to have the same safeguards in place on the servers that house its critical data.
Regardless of what AccessOne’s future holds and what IT challenges will accompany that path, the company feels strongly that Peak 10 has the capability and scalability to support them every step of the way.
“We won’t be stunted in growth because of an infrastructure issue,” says Mr. Kinyanjui. “Peak 10 can help us get to where we need to go.”