Every year, 415,000 patients across the United States benefit from home health visits from an Amedisys caregiver. Richard Kaufmann, Vice President and Chief Information Security Officer at Amedisys, supported the move to Microsoft, in part because it streamlined compliance and helped accomplish one of his teams’ key goals: to make the user experience as seamless as possible without sacrificing security. With Endpoint Manager, Amedisys now has an integrated solution for managing endpoints that includes Microsoft Intune and System Center Configuration Manager.
Every year, 415,000 patients across the United States benefit from home health visits from an Amedisys caregiver. One of the largest US providers of healthcare in the home, the company has 21,000 clinicians working to make a tangible difference in the lives of patients and their families—its mission for nearly 40 years. “Amedisys is a people-focused company,” says Travis Reeves, Systems Administrator at Amedisys. “Everything we do is about supporting our patients. However, to accomplish our mission, we have to support our frontline clinicians with the right tools to help them provide excellent care in the home.”
Today, Amedisys clinicians travel to their patients’ homes equipped with tablets managed with Microsoft Endpoint Manager, so they can more securely access the resources they need to do their jobs. For Keith Blanchard, Senior Vice President and Chief Technology Officer at Amedisys, there is a direct link between secure data and patient care. “We’re trusted to take care of people when they’re the most vulnerable. And we want to make sure that we respect and honor their data,” he says. “It was important for us to find a vendor like Microsoft that values and respects the patient data as much as we do.” With Endpoint Manager, Amedisys now has an integrated solution for managing endpoints that includes Microsoft Intune and System Center Configuration Manager.
Richard Kaufmann, Vice President and Chief Information Security Officer at Amedisys, supported the move to Microsoft, in part because it streamlined compliance and helped accomplish one of his teams’ key goals: to make the user experience as seamless as possible without sacrificing security. “It’s incredibly important to protect sensitive data, but also to allow employees to do their jobs,” he says. “Why add a layer of complexity to the equation when you can just push out Microsoft 365, and have all those protections built into the platform?”
“We’re trusted to take care of people when they’re the most vulnerable. And we want to make sure that we respect and honor their data. It was important for us to find a vendor like Microsoft that values and respects the patient data as much as we do.”
Keith Blanchard, Senior Vice President and Chief Technology Officer, Amedisys
“Creating relationships”: Seamlessly improving care with Endpoint Manager
Mobile devices have played a key role in how Amedisys caregivers work since 2015, but the use of devices in the field has greatly improved over the years. “When tablets first came into the environment, clinicians had to set up and download their apps manually,” says Reeves. “Since then, we have deployed Samsung tablets to all our clinicians using Microsoft Endpoint Manager.” The changing technology has helped clinicians provide more attentive care. “Clinicians can focus on their patient rather than struggling to sign in to multiple apps,” says Edward Lewis, Manager of Enterprise Systems at Amedisys. “It speaks to how Amedisys cares about creating relationships.” Beth Bourgeois, Hospice Case Manager, RN at Amedisys, visits patients in their homes every day and knows firsthand the importance of connecting with patients and their families. “Our goal is to keep the patient in the home and out of the hospital,” she says.
In the year since Amedisys switched to Endpoint Manager as its unified cloud management platform, clinicians have enjoyed a more seamless user experience. “We received a lot of feedback from clinicians that signing in to multiple apps took time away from providing patient care. We addressed this by turning to Microsoft Azure Active Directory (AD) single sign-on, which creates an easy-to-manage environment and simplifies the user experience,” says Reeves. In the past, users had to create multiple passwords for their devices and the apps they used. “Our passwords used to expire every 90 days,” Bourgeois remembers. “You had to put in a password for everything, any little app you touched, you had to log in.” The result was that Bourgeois and her colleagues spent too much time searching for passwords and struggled to stay connected from the field. “I didn’t check my email as much as I should have, because it was difficult,” she says. “Now you can just push a button and everything opens for you.” With Azure AD, users only need to sign in to their managed devices once to get all the files and apps they need—such as Microsoft Teams, Outlook, and Excel—at their fingertips. “Clinicians appreciate that they can read their email or use Teams from anywhere in a highly secure environment without having to sign in multiple times,” says Reeves.
“We realized that we could migrate our 25,000 devices to Microsoft Endpoint Manager and operate successfully using the Microsoft licenses we already owned. We saved $250,000 annually by switching over to Endpoint Manager.”
Travis Reeves, Systems Administrator, Amedisys
“We saved $250,000 annually”: The benefits of a consolidated platform
Consolidating on Endpoint Manager, Amedisys has achieved significant cost savings by eliminating a previous solution. “We realized that we could migrate our 25,000 devices to Microsoft Endpoint Manager and operate successfully using the Microsoft licenses we already owned,” says Reeves. “We saved $250,000 annually by switching over to Endpoint Manager.”
The move helps Amedisys reduce costs in other ways too. As a very geographically dispersed organization, Amedisys operates a network of more than 500 care centers where clinicians check in for weekly meetings or other administrative tasks. In the past, when an employee left the company, the nearest care center would collect their device and send it to one of two depots to be wiped and returned for the next employee. Or, if a device was lost, a new one had to be shipped from the same depot.
“It was an endless cycle of shipping devices back and forth,” says Reeves. “Now, with mobile device management through Endpoint Manager, employees can leave their device at the care center and we wipe it remotely. Then, when a new employee joins us, they can take the same tablet and enroll themselves in a matter of minutes.” This new strategy has been dubbed the “device pool system,” and it saves IT team members and clinicians on the frontline from the hassle and uncertainty of shipping devices back and forth between care centers and depots.
Amedisys employees can now utilize self-service enrollment through Intune without involving the IT help desk, a process that could take over an hour in the past. “People can’t believe that they can reset their own devices in 20 to 30 minutes with the Intune company portal app, when it used to take more than an hour on the phone,” says Reeves. The IT team also uses Windows Autopilot to reset devices remotely, saving time and shipping costs and increasing mobility for Amedisys employees. “The great thing about having all the workloads in Azure is that no one is tied to an office anymore like they were in the past with domain joined devices,” says Lewis.
“A valuable overview”: A single management portal makes life easier for IT staff
For Amedisys’s highly mobile caregivers, the ability to work from anywhere is a cornerstone of the job. “Our clinicians visit patients in their homes every day, and they use their tablets to do everything from checking their email to chatting with colleagues over Microsoft Teams to confirming their schedules,” says Lewis. For a small IT team, managing these devices was a time-consuming and needlessly complex task. In the past, the team used a combination of Configuration Manager and MaaS360 to manage devices. “When we made the move to Microsoft Intune, we had a single, cohesive management portal. Our IT team used it to gain a valuable overview of devices across the company,” says Reeves. This single pane of glass is especially helpful at Amedisys, where the environment contains multiple operating system (OS) platforms, including iOS, Windows, and Android.
“There is a big security benefit of a holistic Microsoft environment where clinicians can access everything they need from one well-managed device.”
Travis Reeves, Systems Administrator, Amedisys
“Balance security with freedom”: Maintaining security and compliance in the cloud
For a healthcare organization like Amedisys, security is a top priority. “There is a big security benefit of a holistic Microsoft environment where clinicians can access everything they need from one well-managed device,” says Reeves. “It means that no one tries to use workarounds or go outside the managed applications to do their work—for example, texting a colleague on their personal device.”
Lewis agrees: “We use Endpoint Manager for its app protection policies and app configuration policies, so we manage devices in a way that balances security with the freedom our clinicians need to do their jobs without cumbersome sign-in processes.” The Amedisys IT team also uses Endpoint Manager to help ensure the organization maintains compliance with healthcare standards such as the Health Insurance Portability and Accountability Act (HIPAA). “In the healthcare industry, we have a lot of HIPAA guidelines and regulations that we need to adhere to, and we need to make sure that our devices are as secure as possible,” explains Reeves. Endpoint Manager is part of Amedisys’s drive to be as secure as possible. “We use the Intune device compliance dashboard to check the status of devices throughout the organization and follow the proper steps to monitor and maintain our compliance,” says Lewis. “The flexibility and the minor changes that we can make to apps and devices help us keep patient information private and secure.”
“When we were perfecting the device enrollment process before rolling out Endpoint Manager, our team identified a small glitch when users registered their devices,” says Reeves. “The Microsoft team quickly identified the issue and assigned someone to fix it. They made sure the enrollment process was as smooth as possible for our clinicians.”
“We use the Intune device compliance dashboard to check the status of devices throughout the organization and follow the proper steps to monitor and maintain our compliance. The flexibility and the minor changes that we can make to apps and devices help us keep patient information private and secure.”
Edward Lewis, Manager of Enterprise Systems, Amedisys
“Bring value to our colleagues”: The cloud journey gets a boost with Endpoint Manager
Migrating more than 20,000 devices to Intune seems like a big undertaking, but according to Lewis, the process was seamless. “In my 18 years of experience in the IT healthcare field, migrating from MaaS360 to Intune was one of the smoothest transitions I’ve ever experienced,” he says. Amedisys is still on its cloud journey, with the vision in place to one day manage all devices via Intune. “As we gradually move completely from on-premises to the cloud, we are taking steps along the way to bring value to our colleagues. The feedback has been really positive.” For a people-focused company like Amedisys, getting the right tools in the hands of clinicians on the frontline is part of providing great care. “There is so much focus on supporting people correctly at Amedisys,” says Reeves. “That’s part of why the move to Endpoint Manager has been such a success.”
“In my 18 years of experience in the IT healthcare field, migrating from MaaS360 to Intune was one of the smoothest transitions I’ve ever experienced.”
Edward Lewis, Manager of Enterprise Systems, Amedisys
Follow Microsoft