MediBillMD enables their healthcare services with a fixed IP

MediBillMD is a service-based company that provides end-to-end revenue cycle management for clinics and healthcare providers. They manage the billing of claims and the reimbursement process. They also handle:

• Credentialing — verifying providers’ qualifications and enrolling them with payer
• Authorization scrubbing — checking claims for errors before submission, reducing rejections and delays

Here’s a simplified version of the revenue cycle they manage:

1. A patient visits a clinic and sees a doctor
2. The doctor generates a claim and sends it to the insurance payer
3. The insurance payer processes the claim and reimburses the doctor

MediBillMD handles the billing and collection tasks, so clinics can focus on patient care. They are experts at ensuring providers get paid for services rendered.

The challenge: secure remote access to PHI

Alex Walker, Assistant VP Business Development and Sales, explains:

MediBillMD’s main office is in Dallas, Texas. Their operations team works primarily overseas. They needed:

• A Server with a dedicated IP to provide a fixed U.S. IP address.
• A secure VPN solution that enforces HIPAA compliance.

They turned to NordLayer to fulfill these requirements.

Step 1. Deploy NordLayer in 3 minutes

MediBillMD had tried another solution that didn’t work well. They switched to NordLayer because of user-friendly management, strong support, and familiarity with Nord’s products.

Deployment was straightforward:

1. Log in to NordLayer.
2. Send an invitation to each user.
3. The user clicks the link to download the NordLayer app.
4. The app installs automatically.
5. They’re ready to connect.

Step 2. Set up a Server with a dedicated IP

MediBillMD’s teams must access U.S.-based websites and EMRs from other regions. Some websites block non-U.S. traffic. The dedicated U.S. IP solves that.

When employees begin work, they automatically connect to the NordLayer VPN to reach EMRs and billing websites. Without the VPN, they can’t access any resources at all.

MediBillMD also has a Business Associate Agreement (BAA) with each clinic. This ensures that PHI can be accessed without storing data locally. By using the dedicated IP, each clinic knows exactly where MediBillMD’s requests come from, and no PHI gets saved on local systems.

Step 3. Enable Always On VPN

MediBillMD enforces an Always On VPN policy:

• Users’ devices start up with NordLayer connected.
• If NordLayer disconnects, internet access is blocked.

This approach eliminates accidental data exposure and keeps PHI protected at all times.

Step 4. Add extra security with DNS Filtering

MediBillMD blocks certain sites by using DNS filtering. They can tailor these policies to ensure employees don’t accidentally access risky domains.

Results: healthcare services enabled

• All remote employees secured. The team can safely access the U.S.-based resources.
• No bandwidth loss. The VPN runs smoothly without speed drops.
• Always On VPN. Employees remain connected, ensuring continuous compliance.
• EMRs remain in the U.S. No local data storage, aligning with HIPAA.
• Easy scaling. Adding new users takes only a few clicks.

Why NordLayer works for MediBillMD

MediBillMD values an all-in-one cybersecurity solution. They don’t want multiple vendors for separate tasks. NordLayer meets those needs:

• Scalability. New users can be added instantly.
• Future expansion. As MediBillMD grows, they can adopt network segmentation and advanced analytics.
• HIPAA-friendly. Combined with EMR-based security features (like two-factor authentication), NordLayer keeps PHI access locked down.

They plan to add more dashboards for HIPAA audits in the future. For now, they focus on a smaller volume of analytics. As they expand, they’ll integrate more features.

Pro cybersecurity tips

Organizations handling PHI must follow strict security rules to stay HIPAA-compliant. These practices help prevent breaches and block unauthorized access. While designed for healthcare, they also benefit other industries managing sensitive data.

1. Adopt a clear desk policy
   Always lock your computer when leaving your workstation, even for a minute. This protects PHI from unauthorized access and helps meet privacy and security standards.
2. Protect data when sending attachments
   Encrypt files with a password and email that password separately. Never include any patient identifiers (e.g., name, member ID, insurance details) in the email body. This reduces the risk of exposing sensitive information.
3. Enforce least privilege
   Give access only to those who need it. Critical passwords stay with management, so unnecessary personnel can’t view or handle sensitive data. This keeps systems locked down and HIPAA-compliant.

Alex Walker, Assistant VP Business Development and Sales @MediBillMD

Conclusion: future-ready HIPAA compliance

MediBillMD needs a dedicated U.S. IP to serve their remote workforce and U.S. clients. Here’s what they did:

• Deployed a Server with a dedicated IP so employees can access U.S. EMRs.
• Enabled Always On VPN to keep data secure 24/7.
• Used DNS Filtering to block risky or unneeded websites.
• Applied least privilege principles, with network segmentation planned for the future.
• Prepared for growth: Adding new users is simple, and everything else is built into NordLayer.

For healthcare companies like MediBillMD, an all-in-one solution helps maintain compliance, boost security, and simplify IT.

A Server with a dedicated IP starts at $40 per month. Other security features come in the Core NordLayer plan.