CASE STUDY: Ignore Shadow IT Risks at Your Own Peril.
Since 1995, T&G Medical Billing, INC. has provided Medicaid billing services to school districts throughout the state of Texas to help them maximize their recovery of federal SHARS program dollars. They also provide Medicaid oversight, compliance training, and support tailored to the needs of each district. To achieve this, they used a wide range of people and software to receive, assimilate, review and transmit data to Medicaid.
Shadow IT Risks
Meet Ted Smith. Ted wondered: Is it possible to displace a legacy architecture, add significant process automation, and increase compliance and security…all at the same time?
Whatever happened, Ted knew that he couldn’t grow this architecture and that his auditors were just going to mire them down in a mess of red flags and bureaucracy. He needed to take a big step forward, and a managed citizen development platform was looking like exactly what he needed.
Critically, they must ensure that the data submitted is compliant with state and federal regulations.
But just as importantly, their organization must meet the highest levels of regulatory compliance (HIPPA and others) and other standards.To reach this point, a bloated legacy architecture of non-secure and non-compliant applications had taken root. It was, in effect, a product of Shadow IT run amok. Central IT lacked systematic control and the organization was unable to scale.
A Compliance audit clearly revealed the scope of the Shadow IT problem.
RIsk and Potential Violation were everywhere:
Shadow IT had infested the organization, leading to spreadsheets, databases and even off-the-shelf software solutions. Functionality was at best “good enough”.
Shadow IT used no strict technical enforcement of important regulations like HIPAA or other PII regulations did not exist on many systems.
Risks of intrusion and data misuse were everywhere. One disgruntled employee or even a simple hack could lead to a PR and commercial nightmare.
Risks of human error were sizable and unmanaged. Data-entry personnel populated and manipulated data across multiple ETL procedures and software systems to package and ship data to Medicaid. Simple errors in data-entry or data management could place Ted’s company at risk.
Two Weeks after Engagement with Citizen Developer tools
Citizen developers reduced design time by 74% due to their understanding of business requirements, leaving nothing out of the perfect-world SaaS solution.
The CitizenDeveloper platform was inherently secure from common attack vectors ranging from XSS to SQL-injection attacks, despite being 100% citizen developed.
Citizen developers were inherently unable to introduce code vulnerabilities.
Platform tools provided strict enforcement and compliance using only a series of simple clicks to implement.
- Reduced design time by 74%
- Platform was inherently secure
- Platform tools provided strict compliance
Nine Months after Engagement
Workflow improvements increased process efficiency by 53%. A new cloud based client portal supported direct submission of session notes by the client to the SaaS solution.
Strict Medicaid program compliance meant that only properly formatted and validated data was pushed to Medicaid.
HIPAA compliance was strictly enforced using CitizenDeveloper Platform tools.
Code vulnerabilities were reduced by >99% despite using only citizen developers to build.
T&G Medical Billing reduced their exposure to risk by an estimated 94%.
- Workflow efficiency increased by 53%
- Strict Medicaid program compliance
- HIPPA compliance enforced
- Code vulnerabilities reduced by 99%
Forty-Eight Months after Engagement
T&G Medical Billing is now a Digital-to-the-Core Business: Once providing human services, they have now made the transition to a SaaScompany. 100% of T&GMedical Billing’s provided client services have been converted from human to digital, and each of these are contained within the CitizenDeveloper Portfolio.
T&G reduced their bloated legacy portfolio by over 80%. They no longer struggle with many spreadsheets and manual processes, and more importantly, with uncertainty, error and risk.
Rapid changes to HIPAA, PCI, and Medicaidcompliance regulations are now manageable.
100% reduction in EDI Data transmission errors,after 900,000 unique transmissions.
Zero data breaches or security violations in four years.
- Reduced their legacy portfolio by 80%
- 100% Reduction in EDI data transmission errors
- Zero data breaches
T&G Medical Billing is now more Agile:
Incorporation of Customer Feedback. During the schools’ break, T&G surveys their clients to discover enhancements they would like to see deployed by his SaaS solution.
Rapid Deployment. During the summer, T&G designs, develops, and tests large feature sets that are added to the client-facing application, deploying in time for the coming school year.
Constant Process Improvement. T&G Medical Billing has deployed dozens of process automation features, for example, a fully-automated invoicing and billing tool.
T&G Medical Billing is now more Cost-Efficient:
Productivity Increased 53%. T&G no longer needs dedicated personnel to validate SHARS program data requirements or billing personnel.
3rd Party Data Service Costs Reduced 100%. The company no longer needs to pay licensing and data transmission/scrubbing services.
Focus shifted to Sales and Marketing. With the successful conversion to digital, T&G Medical Billing can now dedicate their full focus to sales, marketing, and building client relationships.
T&G Medical Billing has enjoyed year-over-year growth in each of the previous four years, without the addition of new staff.
What others are saying about CitizenDeveloper
With CitizenDeveloper, I am able to spend less than a day developing a Proof of Concept that would have otherwise taken weeks to accomplish. Without your tool, most of what I do for my company would be impossible.
Citizen development has allowed me to accomplish more in the last 2 years than I have in nearly 2 decades of traditional development – which cost me more than double what I pay today.