MDwise is a nonprofit health maintenance organization focused on providing health coverage to Indiana individuals and their families. They currently provide coverage to more than 350,000 members through a broad network of primary medical providers, hospitals, specialists and other providers.
Stringent laws in Indiana require all healthcare-related information to be stored for at least seven years, and in some cases, 10 years. MDwise was struggling to retain and archive their data in a way that was effective, easily accessible, and cost-effective to meet federal HIPAA regulations. According to John Goerges, Director of IT at MDwise, their previous backup strategy created a vendor lock-in, and they were constantly increasing the space on their external hard drives as their data grew.
“We were at a point where we were ready to look at something different,” he said.
MDwise needed a new HIPAA compliant backup and DR strategy right away. Key factors in their new solution included the ability to grow their data footprint without increasing their storage use, and the ability to view all their systems in a single portal.
MDwise chose OTAVA’s Data Protection as a Service (DPaaS). Using software from partner Actifio, OT DPaaS restores large files faster and more frequently than traditional backup, with no proprietary deduplication of data. In addition, clients can choose their own backup windows, and data is retrievable within hours rather than days. MDwise also paired OTAVA’s DPaaS with their Disaster Recovery as a Service solution, giving them a strong business continuity strategy.
“We went with OTAVA because we’re very data-driven company, and we have a need for security and HIPAA compliance–that was a big thing for us,” Goerges said. “We chose them because of the efficiency of their solutions, fully redundant data center, cost, and most importantly, their focus on compliance.”
OTAVA has been annually independently audited against HIPAA standards and was the first data center operator in Michigan to successfully pass a HIPAA audit with 100 percent compliance. OTAVA also regularly reports against PCI DSS, SSAE 16/SOC1 and SOC 2 standards.
“Because we were managing our own servers, we had to jump through a bunch of hoops and loops for compliance audits. It was just a lot of redundant work.” Goerges said. “With OTAVA, everything is ready for us. I can ask for the last SOC report or HIPAA report, and everything is met. That saves time on our local systems and engineers so they can focus on their job and not worry about some of these audits.”
With OTAVA’s disaster recovery and data protection products, MDwise found the IT partner that provided them the flexible solution they were looking for. They avoided vendor lock-in, and can be sure they’re fully compliant with state and federal law. Finally, OTAVA’s fully managed, fully compliant services means MDwise can focus on mission-critical projects instead of worrying about the health and integrity of their data and systems.