Spokane-based Medcurity Inc. has landed nearly $700,000 in venture capital and loans this month, money its founders say will enable the startup to grow its platform offerings and add its first employees.

“This is what we need to be able to scale and be a viable, profitable company, and we’re excited to be continuing to improve what can be a confusing and intimidating process,” says Joe Gellatly, who started the company in 2018 alongside co-founder Amanda Hepper.

Medcurity’s original product is a Health Insurance Portability and Accountability Act-compliant platform for health care organizations, enabling them to store information more easily and protect patient data more effectively.

Gellatly and Hepper came up with the idea for Medcurity last June and pitched it to Mind to Market LLC, the idea-stage accelerator and investment fund created by Spokane-area investors to help support startup companies.

Medcurity raised its initial $50,000 in seed funding with Mind to Market last August, and by December, it had launched its web platform. 

The company’s second round of funding was led by Kick-Start III, one of the angel funds managed by Tom Simpson, president of the Spokane Angel Alliance. Additional investors included other members of the Spokane Angel Alliance. The company also received a loan from the Ignite Northwest’s Technology Growth Fund. 

“It was a big win for us to be able to raise both our initial capital and our second round of funding from sources here in Spokane,” says Gellatly. “We’d hoped to be able to do it that way, but it was a real blessing to know we had enough support locally to make that happen.”

Hepper says Medcurity is using the new funding to hire product support and sales people, establish its newly leased 900-square-foot downtown office, at 905 W. Riverside, and develop additional tools for its platform.

“We just recently established this office space and hope to hire about four new employees to fill it by the end of the year,” she says. “Our initial product was the security risk assessment, which can be a cyclical product as it’s something that’s required to be completed annually. Our goal is to bring on employees that can help support clients with their annual assessment, as well as promote our new product offerings.”

So far, Medcurity has had about 15 health care organizations, across 30 some locations, purchase and use its platform to conduct their security risk assessment as well as track remedial actions and progress over the course of the next year, Hepper says. 

“The majority of those clients are based here in the Pacific Northwest, but we’ve also had interest from some national clients,” she says.

The company seeks to grow via partnerships with health care organizations, as well as those that access patient data but don’t provide direct patient care, such as information technology firms, and insurance or claims organizations, Hepper says.

“We’ve established partnerships with health care management organizations, and health care consulting groups, as well as groups that provide things like administrative or information technology services to clinics and hospitals,” she says. “We’re also talking with insurance companies that might be interested in adding this to their product mix.”

Gellatly says Medcurity also is seeking partnerships with several local information technology companies and has already begun a partnership with Chicago-based C3 Partners LLC, a national consulting firm that provides management consulting and guidance to independent practices.

“C3 Partners is a national company that happens to have a lot of clients that need to complete HIPAA assessments, and they plan to make Medcurity a part of their product package,” he says.

Hepper says that just prior to obtaining its second round of funding, Medcurity added a risk analysis portion to its platform that enables clients to access the likelihood of a security breach, as well as its potential impact.

Going forward, she says, the company plans to add new tools that will enable clients using the platform to customize their policies and procedures, establish business associate agreements with vendors, and train employees in HIPAA compliance.

“One big issue for clients completing these assessments has been that they often don’t have the right compliance policies and procedures in place,” she says. “We plan to provide the ability to identify which policies and procedures are needed and customize them to fit each organization’s needs. Those documents can be attached to the risk assessment and reviewed on the client’s schedule to ensure they’re up to date and accurate.”

Hepper explains that clinics and hospitals also have relationships with business associates, or vendors that process patient information, and are required to have compliance contracts in place with each one.

“We’ll make it possible for them to identify each of their vendors and establish a business associate agreement document with each one in Medcurity,” she says. “These documents can also be reviewed and updated whenever necessary.”

She says Medcurity also plans to add a feature to the platform that will train health care employees in HIPAA compliance.

“The employee training portion will be designed to help staff understand their role in protecting patient information, and how to comply with HIPAA,” she says.

Looking ahead, Gellatly says Medcurity is considering exploring more tools that would help clients with cyber security.

“We’re not a cyber security company, but we would like to be able to help clients assess vulnerabilities in their networks, and then connect them with our partners in IT or cyber security who have the tools to address those issues,” he says.