Case Study
HealtheConnections is a health information exchange (HIE) that connects hundreds of hospitals, physician practices, labs, urgent care centers, nursing homes, health centers, and clinics across New York. As a data steward, the organization aggregates and securely shares clinical information to improve patient care and outcomes.
With such a critical role, ensuring the security of protected health information is foundational. “The obligation to ensure the security of that data is paramount to everything we do,” said Elizabeth Amato, President and CEO of HealtheConnections.
Running an HIE involves balancing high-priority projects with regulatory demands, like HITRUST and Medicaid security requirements. The team realized they needed to do more than “pass” their audits and “check the boxes”; they needed to build a truly resilient cybersecurity program.
To strengthen its security program, HealtheConnections turned to the team at Fortified, a healthcare-specific cybersecurity advisory partner.
“Working with them has really allowed us to have a partner that acts in tandem with and as additional resources to our staff,” Amato said. “They are laser-focused, highly knowledgeable, and offer a capability that we would not be able to fill internally to that same extent.”
Through an outsourced cybersecurity adviser, Amato’s team gained the strategic guidance and day-to-day support needed to help the HIE move beyond compliance to operational maturity.
Through the partnership, HealtheConnections has gained:
Operational Confidence: HealtheConnection’s leadership team gained greater confidence in the organization’s cybersecurity program, knowing they were no longer trying to manage it alone. The partnership helped complement and enhance the internal team’s healthcare technology-specific expertise.
Day-to-Day Integration: Fortified functioned as a true staff augmentation partner, operating seamlessly as if they were part of HealtheConnections. This integration removed barriers and created efficiencies across daily operations.
Depth and Expertise: By leveraging an external team, HealtheConnections gained access to a broader and deeper knowledge base than would have been possible internally, which proved invaluable in strengthening the organization’s security posture.
Trust and Collaboration: Fortified quickly earned the trust and respect of HealtheConnections’ staff, working as genuine partners without turfism or hierarchy.
Financial Value: Outsourcing cybersecurity has provided HealtheConnections with access to a team of experts in a cost-efficient manner. For an HIE where financial considerations are critical, this model delivered more value and capability than hiring internally.
For HealtheConnections, outsourcing cybersecurity to a healthcare-focused partner helped alleviate bandwidth and efficiency in-house. Fortified’s understanding of the unique needs of an HIE quickly instilled confidence in the partnership. Amato’s team has been able to mature its cybersecurity program, free up staff capacity, and build a resilient approach to protecting sensitive health data. As Amato shared, “They have been great partners bringing the expertise, collaboration, and resources we need to ensure our cybersecurity program. We are really thrilled.”
