Trace Id is missing
November 01, 2021

Amedisys prescribes Microsoft Security and a password-free solution to support clinical teams

Home healthcare and hospice care provider Amedisys needs to protect sensitive patient data. But accessibility to that data by its clinicians is just as important. The company works hard to ensure that those dedicated workers can quickly and easily call up the information systems and productivity applications that are now tightly interwoven into medical care delivery. How to accomplish these two seemingly oppositional goals? Amedisys found the answer with Microsoft Security solutions.

Amedisys

“We’ve got a wealth of tools in our Microsoft stack and we’re just scratching the surface of what’s possible. By evangelizing those possibilities throughout the organization with seamless security, we make their lives easier—and enhance patient care.”

Keith Blanchard, Senior Vice President and Chief Technology Officer, Amedisys

It’s no wonder that Amedisys has accrued awards and honors for excellence across the spectrum of in-home care: personal and palliative care, home health, and hospice. The Baton Rouge, Louisiana–based company keeps patients first, while also balancing the challenges of diverse regulations on medical record management in the more than 30 states where it operates with data accessibility. Its large remote team of clinicians must exchange data with the main office and often with other team members. How could Amedisys make data more secure—and quickly, easily accessible?

An established leader in quality with industry-leading outcomes, Amedisys also boasts impressive technology creds—it was named in the 2021 Best Places to Work in IT, 2021 Modern Healthcare’s Best Places to Work, as well as Innovator of the Year in Louisiana in 2011. It applied that outside-the-box thinking to security, using a full spectrum of Microsoft Security solutions that keep everyone in touch and focused on the most important people at Amedisys—the patients.

Building a security posture based on trust

When he considers security at Amedisys, Richard Kaufmann first thinks about patients, especially those nearing the end of their lives in hospice care. “Patients and caregivers rely on an intimacy that I always want to protect from disruption by security controls,” says the Vice President and Chief Information Security Officer at Amedisys. “A patient in their last hours relies on the caring attention of one of our clinicians. If that caregiver needs something from our system as they work with that patient, the last thing they should worry about is a password.”

In 2018, Amedisys embarked on a program of vendor consolidation to support that primary goal of frictionless security. Its choice: Microsoft Security solutions.

Streamlining security

Senior Vice President and Chief Technology Officer at Amedisys Keith Blanchard shares his cybersecurity philosophy. “It’s important to focus on the critical business needs of the organization, then to help enable employees to achieve them,” he says. “With the right tools, we can make life easier for those employees and build their trust. Then they’re more likely to follow our recommendations. Selecting the vendor that can boost security seamlessly and adeptly—Microsoft—is a big win.”

The team consolidated vendors, replacing its McAfee virus protection and other third-party security solutions with the comprehensive set of security tools in Microsoft 365 E5 for its information workers. It provides clinicians with the Microsoft 365 F3 license combined with the full E5 security and compliance solution set.

Blanchard adds an enterprise management perspective. “We’ve gained efficiency from maintaining a uniform stack,” he declares. Amedisys wanted to avoid piecemealing unrelated solutions from a lot of different vendors, saving both license costs and the cost of coordinating data and engineering systems. “By bundling our security solutions within the Microsoft 365 stack, we gain the advantage of a much broader solution portfolio at a significant cost saving,” he explains.

He prioritizes solutions that fit in the Amedisys hybrid environment, a strategy he calls “cloud-opportunistic.” In its gradual journey to the cloud, the company prioritizes cloud applications when possible, maintaining on-premises apps as necessary.

Reimagining identity

Its Microsoft 365 license gave Amedisys access to other security services that it might not have otherwise afforded as third-party solutions, like Microsoft Endpoint Manager

Blanchard wanted to consolidate a device management landscape that included Windows devices in the office, Android tablets carried by clinicians, and iOS-based devices for the sales team. The company’s specialized software for medical records and referrals that run on Android and iOS operating systems exclusively weren’t an issue. “Not only did we create $250,000 savings using Microsoft Endpoint Manager as part of our Microsoft 365 stack, we now provide a better experience for our clinicians with a streamlined login for all their applications, regardless of the platform,” says Blanchard. “It’s a great win-win for us in an area that we wouldn’t have been able to address otherwise, and our Microsoft security consolidation saves us $865,000 all up.”

Streamlined logins are at the heart of the Amedisys security strategy. “The cost of a bad password policy can become pretty apparent very quickly,” says Kaufmann. “Imagine the burden of resetting passwords 10 or 15 times a year for 25,000 users. We tell our people that if they practice good password hygiene and security practices, the password that they started their careers here with may last them until they leave.” His team implemented Windows Hello for Business, the biometric identity mechanism that needs only to register the face of the device user to allow access to Amedisys Windows-based devices. Using only one password for all other access makes it easy for Amedisys staff to create and rely on more complex, safer passwords. “Removing the barrier to logging in with Windows Hello was the first part of our journey to better security,” adds Kaufmann. “It makes our users’ lives easier.”

Blanchard agrees. “The insights and intelligence we get from tools like Azure Active Directory and the other Microsoft Security solutions made us comfortable with getting rid of password changes and the headaches and security issues they once created for our IT team.”

Lifting functionality and visibility with best-in-suite simplicity 

Amedisys realizes interlocking benefits by using Microsoft 365 productivity apps along with Microsoft Security solutions, especially as the company acquires new entities. “The interoperability in the Microsoft stack allows the skills and intelligence of our team to really shine,” says Blanchard. “The interface is standard across applications, making it easy to be effective within the stack. That and the single pane of glass visibility of the security solutions have been big wins for us.”

Adds Kaufmann: “I’m much more comfortable taking on larger acquisitions now because I’m confident that I’ll get visibility into their environment much sooner than I would with another technology stack. The fast visibility we get with Microsoft is unparalleled.” His team can attach a tenant from an acquisition to that of the Amedisys system to scan for sensitive data. Microsoft Defender for Endpoint sensors are part of Windows 10, so the team needn’t deploy agents that would increase system overhead—another advantage for Amedisys staff. “We can deploy Microsoft Endpoint Manager without an agent because of its synergy with Defender for Endpoint,” he explains. “That greatly speeds up visibility for our security team. Microsoft empowers our security program to be device agnostic.  With Defender for Endpoint and Endpoint Manager deployed into our environment we don’t need to have mobile security controls and typical endpoint controls.”

Sharpening compliance

Amedisys began a project to assess data governance some years ago but found progress slow until it activated Microsoft 365 compliance center. “What if I could snap my fingers and tell you where our sensitive data is?” suggests Kaufmann. “When we turned on Microsoft 365 compliance center, we used its machine learning capabilities to search on our criteria and in 48 hours had our results from more than 10 million documents. We’d still be working on that if it weren’t for Microsoft.”

Kaufmann adds that reporting data for new regulations or inspections could be costly and time-consuming. Amedisys needs to comply with the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes–Oxley, and various state regulations. “Once, satisfying those demands meant hiring outside consultants to sift through the data for days,“ he says. “Now, we can run a compliance what-if scenario in a couple of hours with Microsoft 365 compliance center regardless of the framework or regulation. It’s been incredibly valuable to our leadership team.”

Transforming the company with human-centric security

When Amedisys office workers had to switch to remote work overnight during the pandemic, the company discovered the power of a security policy that prioritizes user productivity. Normally, a failed login attempt is an alert for security teams that a device may have been stolen. But the Amedisys IT team used those login alerts to proactively contact users and help them access the systems they needed. “We’re freeing our clinicians to interact responsibly and collaboratively with patient data across the enterprise with help from Microsoft,” says Kaufmann. “Our goal is to remove many of the barriers that exist within healthcare organizations today.”

For Blanchard, that transformation hinges on bringing more technology to the people on the frontline. He encourages clinicians to stay connected with Microsoft 365 apps like Microsoft Teams and Yammer. “We’ve got a wealth of tools in our Microsoft stack and we’re just scratching the surface of what’s possible,” he says. “By evangelizing those possibilities throughout the organization with seamless security, we make their lives easier—and enhance patient care.”

Find out more about Amedisys on Twitter, Facebook, and LinkedIn.

“What if I could snap my fingers and tell you where our sensitive data is? When we turned on Microsoft 365 compliance center, we used its machine learning capabilities to search on our criteria and in 48 hours had our results from more than 10 million documents. We’d still be working on that if it weren’t for Microsoft.”

Richard Kaufmann, Vice President and Chief Information Security Officer, Amedisys

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft