Multi-Location Dental Group Unification.

The situation.

The client is a dental group operating multiple offices, each of which had grown up with its own IT vendor, its own backup arrangement, and its own (often inconsistent) compliance posture. Staff couldn't reliably access patient records across locations. Imaging was trapped per-office. Each office's HIPAA Security Risk Analysis read like it was for a different practice. When a ransomware event was reported in dental press, the client had no clear picture of how exposed they were.

What we did.

Network & Identity

• Unified site-to-site network across all locations
• Consolidated identity into Microsoft Entra ID (Azure AD): one account per employee, single sign-on, MFA enforced
• Conditional access policies aligned to role and location
• Off-boarding automation: when an employee leaves, all access disabled within minutes

Backup & Recovery

• Standardized 3-2-1 backup architecture with immutable cloud copies
• Practice management system recovery objective: from "best-effort" to 4 hours, tested quarterly
• Documented and rehearsed restore procedures

HIPAA & Compliance

• Security Risk Analysis covering all locations as one organization, in the format OCR wants to see
• Business Associate Agreements with every vendor in scope
• Audit-ready access logs across PMS, imaging, and clinical workstations
• Encryption verified on every workstation that touches PHI

Operational Outcome

• One vendor relationship replacing three
• Shared imaging and scheduling across all locations
• Single ticketing system; same engineer across the relationship
• Documented playbook for opening the next location