Redefining Your MSP Business with HIPAA Compliance-as-a-Service
As an MSP, you know how hard it is to grow your business.
This case study takes a deep dive into how to add Compliance-as-a-Service and use
Compliancy Group’s Partner Program to increase your retention, revenue, and profit.
About Carlin Bradley
Carlin Bradley is a managed security services provider (MSSP) based out of Memphis, Tennessee.
With customers in 16 states, Carlin Bradley primarily provides network infrastructure, often involving hosted services and the support package behind that.
We spoke to Paul Redding, CEO at Carlin Bradley and a Compliancy Group Reseller Partner. Paul told us about the challenges that Carlin Bradley faced before using The Guard and the new opportunities that Compliancy Group has opened up for him.
Compliancy Group Gives MSPs/MSSPs the Tools for Growth
Carlin Bradley knew that health care, one of the fastest growing industries in the US, could be the key vertical they needed to take their business to the next level. But they were hesitant to make the leap before they ran into Compliancy Group, said Paul Redding. “We’ve done network security well for years. The problem with health care was understanding HIPAA itself. We were concerned about the potential liability and the sales and operational challenges–but Compliancy Group helped with all of that.”
Compliancy Group gives MSPs and MSSPs a powerful SaaS-based compliance solution called The Guard. The Guard can be resold as a Compliance-as-a-Service offering, giving MSPs the tools to break into health care and make lasting managed service relationships, year after year.
With Compliancy Group, it’s easy to undertake and understand how to successfully add new services to remain sticky with current clients and drive new business out of them through Compliance-as-a-Service.
Compliancy Group worked with Paul and his team to develop a successful SaaS-based business in health care.
“We found Compliancy Group two years ago when we didn’t have a single health care client–now, we’re focused almost entirely in the medical space. We realized that we needed to adapt to a SaaS-based business model. The old days of relying on project work caused us to miss the entire business application set of opportunities. With SaaS, we could tell that the opportunities were ripe for growth. Compliancy Group gives us the tools to take that growth into our own hands.”
Through their partnership with Compliancy Group, Carlin Bradley has been able to successfully convert clients who initially came to them for project work into valuable recurring managed service clients.
“Compliancy Group has one of the largest marketing databases in health care. They’ve built their process around MSP and MSSP partners and send me new clients who are actively looking for an MSP. These are real, hot leads,” he added.
“Compliancy Group helped me gain 20 new project clients over the past six months–and I’m proud to say that we’ve been able to convert 60% of those into managed service clients. For some MSPs, that’s more new business than they can get in an entire year. Not only has Compliancy Group given me the tools I need to succeed, they’ve fundamentally changed my business for the better. They provided not only the compliance and security knowledge, but full marketing and sales support.”
Because HIPAA compliance is something all health care clients and vendors need to address, MSPs are uniquely qualified to help clients simplify the law. Compliance goes hand-in-hand with the security work that MSSPs like Carlin Bradley already complete. Compliance-as-a-Service allows MSPs to help their clients address the law, all while providing increasingly complex security infrastructure for their health care practice.
Transforming Your Business with SaaS
Compliancy Group provides partners with strategic guidance to develop and implement an effective business model based around adding The Guard as a Compliance-as-a-Service option to health care clients.
Because MSPs and MSSPs like Carlin Bradley can potentially encounter protected health information (PHI) over the course of work they do for health care clients, MSPs are considered “business associates.” Under HIPAA regulation, business associates are entities or vendors hired by a health care provider who comes across PHI in any way over the course of work they’ve been hired to perform. That means that MSPs who provide network support, data encryption, or cloud services, for instance, are considered BAs and therefore must become HIPAA compliant themselves.
MSPs who sign up to be a Reseller Partner will use The Guard to become HIPAA compliant so they can begin servicing clients in health care.
Paul puts it in perspective: “Compliancy Group’s Compliance-as-a-Service offering provided a strong, specific-need case for buying a subscription to The Guard upfront. Viewing it as cost of doing business is fine, but that’s the wrong way to look at it–it’s a minor cost to start differentiating how you market your business at a whole new level. It’s truly the key to growth.”
With a SaaS model, you don’t need to focus as much on the margin you make on the sale of individual licenses. The important thing is that adding new SaaS services like Compliance-as-a-Service changes your client relationship from vendor to strategic business advisor. By helping clients address their business needs–rather than just IT or security work– you’ll attract new accounts, drive new revenue, and invest less than you would for traditional project work.
“When you have a tool like The Guard, you really don’t need to focus on the administrative worries. You get to focus on security, and get to GROW your business faster.”
Adding Compliance-as-a-Service to Your Offerings
Carlin Bradley has been able to fundamentally change its business thanks to the ongoing work they’ve done to adopt Compliance-as-a-Service.
“The number one differentiator, hands down, between Compliancy Group and other HIPAA solution providers is that they truly treat me like a partner. Compliancy Group views Carlin Bradley as an asset and a strategic partner, as opposed to just another MSP.”