“HCMS stands for Human Capital Management Services,” said Mick Simon, Partner and Chief Technology Officer at HCMS. “We work with organizations that bear risk for the cost of health benefits, to help them reduce cost and protect the health of their populations.”
HCMS serves large employers, healthcare providers, and health plans around the United States, with high profile clients including Whole Foods, Texas Instruments, and Cisco.
These companies rely on the tools provided by HCMS to identify the health plan members who are driving the majority of benefit costs. The data analytics platforms and research databases offered by HCMS enable clients to predict risk, connect the right people to the right services, and ultimately lower healthcare costs and administrative overhead.
“One of the things that is unique about what we are doing is hosting a very complex analytic reporting platform for our large clients,” said Simon. “We host the delivery of risk information that providers all over the country, at the point of care, can pull up through their Electronic Medical Records.”
As HCMS grew and began taking on large national clients, they experienced greater exposure and scrutiny regarding privacy and security practices. Security, redundancy, and critical infrastructure elements like power, connectivity, and backup led them to consolidate multiple in-house data center sites into a single commercial provider.
Because HCMS deals with sensitive health records, the organization takes information security very seriously. Their services are entirely compliant with the Health Insurance Portability and Accountability Act (HIPAA) and are also HITRUST CSF certified.
Companies that store and transmit health information must maintain HIPAA compliance, including administrative, physical, and technical safeguards, or else face substantial fines in the event of a data breach. For HCMS, compliance audits were a vital requirement, as was finding a service provider who could assist with the transition and complex security requirements.
“There were really two things we had to have to make the move,” said Simon. “One of them was a specific approach to individual rack security and the other was compliance with human resources related requirements such as background checks. Lunavi met our needs in those areas.”
Lunavi staff engineered a colocation solution for HCMS in the data center provider’s 35,000 square foot Cheyenne data center, which is audited annually for HIPAA compliance, including thorough vetting of employees and contractors.
In addition, the service provider worked with DIRAK to implement new eLine rack-level security systems. These highly configurable electronic lock mechanisms provide real time monitoring, a gapless audit trail, and AES encrypted communication with keycard access.
“We had several steps to our move that involved outside entities that were challenging,” said Simon. “We were more than pleasantly surprised with the extent to which the entire team at Lunavi was willing to listen and develop additional service offerings, along with policy and procedures to meet our needs.”