eGestalt Delivers HIPAA/HITECH Compliance as a Service
eGestalt Delivers HIPAA/HITECH Compliance as a Service
Internet Software and Web Applications
by Agatha Poon
January 18, 2011
For businesses, health care practitioners in particular, that are subject to stringent regulatory policies such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology Economic and Clinical Health Act (HITECH), they don't necessary have the resources and domain expertise to get the job done right. As they are on the lookout for right technologies and products, the availability of security and compliance tools delivered as a service using the cloud model is welcome news.
EGestalt Technologies, a startup in the information technology governance and compliance service space, has turned the concept of cloud computing into practice, delivering compliance products as a service. Targeting small and medium-sized companies in the health care industry, eGestalt recently unveiled a SaaS-enabled HIPAA/HITECH compliance tool, dubbed SecureGRC SB. Providing key features such as threat detection capability, automated updates on new or revised policies and menu-driven assessment, Secure GRC SB is touted to be the only offering in the market that helps smaller companies to achieve HIPAA/HITECH compliance at a fraction of the cost of a standard practice.
As a point of reference, Secure GRC SB starts from $500 per year, which is 20 times less expensive than the standard services provided by compliance providers. While the SaaS-enabled product is a typical usage-based subscription model, pricing varies by number of users, type of assessments and number of locations within the company. The compliance software is based on a patent-pending technology that includes automated assessment and compliance management, and security. SecureGRC SB was built upon Amazon's cloud and brought to market in conjunction with channel partners providing service activation that enables self-servicing.
eGestalt grows with channel parnters
At the heart of eGestalt's go-to-market strategy is the investment in the channel partner program, which has been available since August 2010. With some 50 channel partners from multiple service disciplines (VAR resellers, managed service providers, managed security specialists and compliance mangers), eGestalt can reach out to end business customers from all sizes and multiple verticals, although a majority of eGestalt end customers are in the health care and medical practice segment. With over 6,000 health care providers and millions of business associates in the industry, eGestalt is upbeat about the business prospects.
At present, eGestalt is in talks with a number of hosting providers (primarily in the US) and the startup is planning to grow its channel partner program in a substantial way, building a channel partner ecosystem of up to 200 channel partners by the end of this year.
As a startup with approximately 45 employees in the US and India, eGestalt's channel partner strategy is a good move to drive traffic to its software platform in a manageable manner. Using a revenue-sharing model, eGestalt's managed compliance provider partner program supports three levels, with Level 3 being the full service engagement where program partners will be accountable for selling, billing and support, while Level 1 is the partial service engagement where partners are responsible for generating sales only. Aside from service training, eGestalt provides a guidebook called 'cookbook,' which is designed to provide guidance to MSPs, VAR resellers and managed security specialists about to how to monetize compliance services.
More on eGestalt
Founded in September 2009, eGestalt is a SaaS-enabled startup for IT security and compliance management services. Using a cloud delivery model, eGestalt is aiming to provide a scalable yet simple-to-use compliance product targeting small and medium-sized companies. Although the eGestalt development team is based out of India, the startup is eyeing opportunities in the US market leveraging a fast-growing channel partner ecosystem.
T1R take
TIR considers eGestalt's US market entry strategy fairly prescient. By teaming up with managed service providers and managed security providers, eGestalt is able to deliver an end-to-end service in the SMB segment while empowering channel partners to move up the value stack, monetizing from added value and service support. Since the SaaS-based compliance offering meshes well with managed service providers' existing portfolios, it should thus be viewed quite favorably by business customers that are looking for a flexible service model to meet heightened demand for security and compliance requirements in their operational environments. The on-demand subscription model should garner a fair amount of acceptance, especially as SaaS technology is growing in maturity and the delivery model is viewed as a viable option to keep operating costs down.
