A multi-location primary care and specialty medical group serving the New York Metro Area — 160+ staff across three offices, including physicians, nursing staff, and administrative teams managing a high volume of daily patient appointments and sensitive health records across all locations.
Locations managed
Staff supported
Vendors replaced
Full HIPPA compliance
The Challenge
A growing multi-location medical group in the New York metro area had built their technology environment the way most practices do — reactively. Over seven years of expansion from one location to three, they had accumulated four separate technology vendors: one for managed IT support, one for their network, a third for their camera system, and an outside consultant they called occasionally when compliance questions came up. Each vendor knew their piece. Nobody owned the picture.
The cracks started showing when the practice administrator requested a HIPAA risk assessment ahead of a planned credentialing review. The findings were significant. Workstation security was inconsistent across locations. Email lacked multi-factor authentication. Audit logging was incomplete on systems handling protected health information. And on the physical safeguard side — the area most practices overlook — two of the three locations had no documented access control, their camera system was analog with recordings stored on a local DVR that hadn’t been checked in months, and there was no way to produce an entry log for any door in the building.
The compliance remediation window was 90 days. Coordinating four separate vendors through that timeline wasn’t realistic. The practice needed a single partner who could assess the full environment, build one plan, and execute across IT, cybersecurity, cabling, and physical security — without disrupting a medical practice that sees patients six days a week.
What Solved IT Did
Solved IT began with a full environment assessment across all three locations — IT infrastructure, network topology, cabling documentation, physical security coverage, and a complete HIPAA gap analysis. Within two weeks, the practice had a single remediation roadmap with clear sequencing, assigned responsibilities, and a 90-day compliance target. Then we built it.
Managed IT & Microsoft 365 Migration We assumed full managed IT responsibility for all 160+ staff across all three locations. Workstations were audited, secured, and enrolled in centralized management. The practice migrated from a legacy on-premise email environment to Microsoft 365 with HIPAA Business Associate Agreement in place, MFA enforced on all accounts, and data loss prevention policies configured across email and file storage. Helpdesk support went live from day one with an under one-hour response SLA — replacing a previous average response time of nearly four hours.
Cybersecurity & HIPAA Compliance Our CISSP-certified team led the technical and administrative remediation across all identified HIPAA gaps. We deployed Todyl endpoint protection on every workstation and server, implemented email security and anti-phishing controls, configured audit logging across all systems touching PHI, and ran HIPAA security awareness training for all 47 staff members. We also produced the updated risk assessment documentation, policies, and procedures the practice needed for their credentialing review.
Network & Structured Cabling Our RCDD-credentialed designer assessed all three locations and found two with undocumented, out-of-spec cabling that could not support the camera and access control infrastructure being planned. We designed a full Cat6A structured cabling replacement for those two locations and completed installation across four weekend windows — arriving Friday evening and clearing the space before Monday morning patients arrived. Every run was documented, labeled, and certified.
Video Surveillance We replaced the analog DVR camera system with a 22-camera Verkada enterprise IP deployment across all three locations — covering all patient-facing areas, entry points, parking, and server rooms. The system is cloud-managed, accessible remotely by authorized practice administrators from any device, and retained on Verkada’s encrypted cloud storage with no on-premise hardware to maintain or fail.
Access Control We installed Brivo cloud-managed access control at all 14 entry points across the three locations, replacing keyed entry with credential-based access that generates a complete, time-stamped audit log for every entry event. Staff credentials are managed centrally — a new hire is added in minutes, a terminated employee is removed instantly, and the practice administrator can pull an entry report for any door at any location at any time. This directly addressed the physical safeguard gap that had been flagged in the HIPAA assessment.
The Results
- Full HIPAA compliance achieved in 89 days — internal risk assessment closed with zero critical findings; credentialing review passed without issue
- Four vendors consolidated to one — managed IT, network, physical security, and cabling now managed under a single Solved IT engagement with one invoice and one point of contact
- 31% reduction in monthly technology spend — vendor consolidation and flat-rate managed IT pricing eliminated redundant contracts and per-incident billing
- Response time reduced from ~4 hours to under 1 hour — helpdesk SLA met consistently across all three locations from the first week of engagement
- Complete physical access audit trail — every entry event across all 14 access points at all three locations now logged with credential, timestamp, and location
- Zero patient-facing disruption — all cabling, camera, and access control installation completed across weekend windows with no impact to scheduled appointments
