Medcurity Inc. is improving its health care compliance and security software to free up resources to address the growing threat of data breaches in the health care industry, say co-founders Amanda Hepper and Joe Gellatly.

Medcurity's latest artificial intelligence-integrated software updates are giving the Spokane-based medical records technology company more time to focus on the development of programs that help hospitals and clinics recognize their risk of cyberattacks.

"Our customers have been through bad breaches and attacks, or they're very afraid of it," says Gellatly, who is CEO. "We want to shift our focus because that's really the battlefield right now." 

Health care data breaches and cyberattacks impacted more than 100,000 people in the U.S. last year, according to a report from Cranbury, New Jersey-based media company Chief Healthcare Executive.

Health care companies operating in Spokane aren't immune to data breaches either. In 2022, Spokane Regional Health District announced two cyberattacks that gave unauthorized access to health record information of over 2,300 patients. And in 2019, Columbia Surgical Specialists PS, of Spokane, reported a $15,000 payment to recover patient files in an attack that exposed the health information of up to 400,000 patients, according to reports by the HIPAA Journal, a health care news outlet based in Lansing, Michigan.

"A lot of our customers, unfortunately, come to us after a breach," says Gellatly.

When a breach happens, the federal government requires the affected companies to produce their security risk analysis and health record privacy policies and procedures for review, he says. Organizations that don't produce that information fast enough can be fined.

"We help them put that all together so they can show it to the government," says Gellatly. "So far, the government has decided not to penalize them because they're moving quickly to use Medcurity for risk analysis. That's helped them avoid having a penalty on top of the breach that's already expensive and painful and impacts patient care."

Medcurity expects continued revenue growth this year from the rollout of two software updates in January that improve efficiencies in the company's security risk assessment platform and its learning management system, the two executives say.

"Our goal was to be first to market in our space (through) AI," says Gellatly.

The latest software updates were released within weeks of each other this year, after Medcurity worked for months to integrate AI to its platform, says Hepper. 

AI will cut down the amount of time needed to perform a security analysis by half, compared to what the technology was capable of just a year ago, Gellatly adds. 

The company's second software update completely overhauled Medcurity's medical privacy training content, Hepper says.

"We have a new learning management system just released two weeks ago that's really posturing us to expand our education offerings into other areas ... such as OSHA," says Hepper, who is president of Medcurity. "Our competitors are in that space, so we want to head-on compete and do it better."

The updates will free up time and resources that Medcurity previously invested in the review and generation of customized health care compliant policies and procedures for its clients.

"The less time we spend on writing down procedures, the more time we can spend on actively protecting (the client) from the types of attacks happening in our market," Gellatly says. 

Hepper notes that people are still a part of the process.

"We're always going to add the human touch, so (policies are) approved by a human before it becomes part of a product, which is really important," she says.

Medcurity earns revenue by providing clients its software as a service for an annual subscription that costs between $1,000 and $100,000, depending on the size and complexity of the health care organization. Many of its clients have signed three-year contracts with the company, they say.

The software works by creating health care compliant policies and procedures that are generated through Medcurity's fill-in-the-blank customizable template, which is accessible on all platforms including mobile, explains Hepper. 

The scalable subscription model benefits midlevel and rural organizations that tend to operate without a full-time compliance officer. The subscription model also gives clients access to continued risk assessment and policy review, which has been necessary for evolving threats, she says. 

Document generation can take as little or as much time as needed, Hepper says. Some companies will spend an hour and others can take up to a few hours or longer to complete the document generation, depending on the complexity of the organization. 

The end result is a set of health care compliant policies and procedures that are unique to the client's needs. 

Gellatly declines to disclose Medcurity's annual revenue, but notes that the company has grown over 50% in a year.

As the company has grown, Medcurity has relocated to larger offices three times in six years. It's now headquartered in a portion of sixth floor office space in the Holley Mason Building, at 157 S. Howard, in downtown Spokane, in the same building where Gellatly and Hepper first met. 

The company is subleasing from Spokane tech company Gravity Jack Inc., says Hepper.

"We really enjoy the vibe downtown," she says. "Though we're nationwide, it's nice to be downtown for us and for our team as well."

Medcurity has 10.5 full-time equivalent employees and works with four contractors, she says. 

Its client portfolio has increased 650% since 2020, with 300 current clients in 1,800 locations, up from 40 clients in 150 locations four years ago, Hepper says. 

Medcurity's customer base has increased to include enterprise clients such as Yale University, although most of the time, the company is working for midmarket community health centers and hospitals and rural organizations.

"Our customers are pulling us toward cybersecurity in a lot of ways, and we've added more services to be able to look for vulnerabilities," Gellatly says. "We are letting the customers in some ways pull us in that direction, but we're also expanding compliance."

Medcurity is a Spokane-based medical records technology company that began as a startup idea in 2018.  

The two co-founders met when Gellatly joined Hepper's department at Inland Northwest Health Services, back when INHS occupied a few floors in the Holley Mason Building, Hepper says.

Years after the two left INHS, they reconnected at a black light-themed Bunco party, where Gellatly asked Hepper to consider joining his consulting business. At the time, industry professionals performed security risk analysis with spreadsheet technology.

"Sitting in the StartUp Spokane offices, we looked at each other and just knew that there had to be a better way that we could do it," says Hepper. "We applied for Mind to Market funding, and we've had local Spokane support from the beginning."

Two years after incorporating, a round of fundraising brought two West Side investment companies that invested a combined $700,000 in Medcurity. Since then, Gellatly says the company hasn't campaigned for additional Series A funds.

"For better and for worse, we've learned to grow on the resources that we have here," he says. "We've had some continued support from our original investors."

Hepper adds that the company has learned to be financially responsible and operate with efficiency. 

Going forward, Medcurity will continue using AI to create product efficiencies.

"It is really exciting what (AI) can do for our customers, hospitals, and clinics, which are really receptive," says Gellatly.