Spokane Journal of Business

Medcurity: Helping with HIPAA

Medcurity’s compliance tool assists organizations in assessing data safety

  • Print Article
-—LeAnn Bjerken
Medcurity Inc. founders Joe Gellatly and Amanda Hepper say the company has begun selling its software to rural hospitals in Eastern Washington.

Spokane-based health care information technology startup Medcurity Inc. has developed and launched a type of secure records compliance platform that the company’s founders claim is already in high demand.

The company’s co-founders, Amanda Hepper and Joe Gellatly, say their product is designed to streamline Health Insurance Portability and Accountability Act compliance assessments for U.S. health care organizations, helping them to store information more easily and effectively and protect
patient data.

“The name Medcurity is a combination of the words medical and security, which tells you a lot about what our product does,” says Gellatly. “Our vision was for a platform that supports the HIPAA assessment process, giving clients tools to more easily understand it and track their compliance.”

Gellatly claims the need for the platform is so great that Medcurity has presold the software to several Eastern Washington health care organizations and scheduled onsite visits to help them implement it.

“We’ve already started working with some of the more rural hospitals and clinics in the region, and we have more onsite work scheduled later this month,” he says.

While Medcurity currently is focused on using the software to help Inland Northwest health care organizations conduct HIPAA assessments, Gellatly says it does have plans to expand the platform and add more clients.

“Medcurity is planning a new round of seed funding, as we want to be able to scale as quickly as possible to meet the demand for this product,” he says. “We’re scheduled to pitch our ideas to the Spokane Angel Alliance next month, and any new funding will go toward increasing the platform’s capabilities.”

Gellatly and Hepper say they anticipate the company to be profitable relatively soon, although they haven’t yet determined exactly when that will occur. 

Hepper says that in purchasing the Medcurity platform, clients have a choice between either the clinic package or the hospital package of the software. The clinic package starts at $1,000, while the hospital package starts at $3,000.

“These packages both offer access to the platform for a whole year, which includes the initial risk assessment and report, as well as tracking of recommendation items so clients can prioritize and monitor their progress,” she says. “We’re currently offering a yearly subscription but may eventually move to a monthly offering. Another nice feature is that if a client chooses to renew their subscription next year, the platform will keep a record of the prior year’s assessment and results for reference.”

Gellatly and Hepper estimate Medcurity’s software theoretically could benefit 2.7 million health care organizations and related businesses nationwide. 

“That includes hospitals and clinics, but also other supporting organizations that have access to patient health information, but don’t provide direct patient care,” says Hepper. 

Gellatly adds, “Anyone who does patient care will need to be HIPAA compliant, as will any organization that shares that data, which would include businesses like insurance and claims organizations. The penalties for confidential data breaches can range from $100 to over $1 million, so tools like ours that help lower the risk of breaches occurring are in very high demand right now.”

Hepper says all health care organizations operating in the U.S. must comply with the HIPAA Security Rule, which requires them to conduct an annual HIPAA risk assessment.

“A lot of organizations are still using spreadsheets to track compliance, which can be frustrating and inefficient,” she says.

Hepper says the goal of a risk assessment is to reveal where protected health information may be at risk, but most online assessment examples are difficult to understand. 

As a result, many organizations produce insufficient assessments putting them at risk of significantly increased fines in the event of data breaches.

“With Medcurity, we’ve simplified the usual assessment questions and added guidance to help staff (of clients) understand how best to complete them,” she says.

After a HIPAA assessment is completed, clients are provided with a comprehensive report that includes suggested remedial actions, Hepper says.

Many health care organizations, however, are uncertain about the next steps to take when deficiencies are identified, and quality HIPAA training programs and example policies aren’t readily available, she says.

“Medcurity’s platform enables staff to easily view and assign those remedial action tasks so that the organization can work to actively improve their practices,” she says.

Gellatly says the platform also was designed as a responsive web application, so it can adapt to different screen sizes, and staff can carry it with them onsite.

“It was very important to us that this be a tool that staff could carry around with them onsite to make sure all areas are properly assessed,” he says.

In April 2017, Gellatly started his own health care consulting business called Medibeat LLC, and Hepper eventually joined him there in March 2018.

Medibeat’s offices are located within Shared Space, a coworking office environment at 610 W. Second, that’s operated by Startup Spokane, a program developed by Greater Spokane Inc. that offers entrepreneurship assistance, resources, and coworking space to new businesses. 

 “We knew we worked well together as a team, so it was just kind of a natural fit,” says Hepper. “Joe has an entrepreneurship background, so he has all these cool ideas and knowledge of how startups work. Medibeat’s offices are in the same space as some of these wonderful new startups, so it’s probably not surprising that we started brainstorming product ideas in our industry.”

“At some point, we realized that there was big need among our consulting clients for some kind of HIPAA compliance software,” adds Gellatly.

He says the two came up with the idea for Medcurity in June of 2018, and in July they pitched it to Mind to Market LLC, the idea-stage accelerator and investment fund created by Spokane-area investors to help support startup companies.

“We asked Mind to Market for about $50,000 to get started, and we were granted that funding in August,” he says. “We started working to develop the platform as soon as possible and ended up coming in under budget and ahead of schedule.”

Gellatly says he and Hepper hired Spokane-based Zipline Interactive to create Medcurity’s initial product, a responsive web application, which officially launched Saturday, December 1.

“We incorporated some of our own expertise into the platform to help make sure the verbiage was right and it had the functionality we were looking for,” says Gellatly.

Looking ahead, Gellatly says some of the new tools that may be added to Medcurity’s platform include customizable policies and procedures and online training.

“We have an idea of what we’d like to add, but we’ll also be considering feedback from our early clients as to what to include going forward,” he says. “We’re really excited by the traction we’ve gained and the interest that’s been shown so far.”

Hepper says Medcurity also is excited by the positive reaction of clients who have used the platform. 

“It’s exciting to see how happy clients are already,” she says. “Both of us enjoy being catalysts for change, and this software will definitely have a positive impact for hospitals and patients.”

LeAnn Bjerken
  • LeAnn Bjerken

  • Email LeAnn Bjerken
  • Follow RSS feed for LeAnn Bjerken

Reporter LeAnn Bjerken covers health care at the Journal of Business. A Minnesota native and cat lover, she enjoys beachside vacations and writing poetry. LeAnn has worked for the Journal since 2015.

Read More

Sign up for our E-mail updates

including the
Morning Edition

Join our list