OpenLoop Health Safeguards PHI with Files.com Secure MFT

Overview

Growth has pushed OpenLoop into the employer market with more than one million patient visits delivered to date. The IT team is responsible for moving sensitive employer and patient data securely and in full HIPAA compliance without slowing the business down.

Challenges

OpenLoop hit several specific hurdles as they scaled:

• Manual, multi-step file exchange. Employer eligibility rosters containing PII and PHI moved back and forth through Amazon S3 buckets. The process was clunky, user-hostile, and hard to audit.
• HIPAA requirements. Every transfer had to meet HIPAA security and audit requirements, while external HR contacts still needed an email-like experience. Balancing those two pulled in opposite directions.
• Rapid client onboarding. Sales was on track to add dozens of new employer contracts within the year. IT needed a repeatable way to spin up secure drop zones for each client without weeks of development time, since the bottleneck was delaying revenue recognition.
• Identity and scalability. OpenLoop standardized on Okta for Single Sign-On (SSO) and SCIM provisioning. Any new platform had to integrate with that stack, enforce two-factor authentication (2FA) internally, and allow password-only access for less-technical employer contacts.

Solution

OpenLoop selected Files.com’s HIPAA-compliant Managed File Transfer (MFT) platform. The key components:

• Client-specific folders with granular permissions. Files.com provided dedicated client folders with fine-grained access controls, keeping data from different employers separated and secure.
• Okta SSO and SCIM integration. Files.com integrated with Okta for one-click user provisioning. OpenLoop enforces 2FA for internal users and offers password-only access for less-technical HR contacts.
• Easy file uploads for HR partners. Share Links and Inboxes let HR contacts drag and drop rosters in seconds, with no IT hand-holding. File transfer is as simple as sending an email.
• Built-in compliance. Every transfer is encrypted, logged, and covered by a Business Associate Agreement (BAA), meeting HIPAA and internal InfoSec requirements with minimal manual work.
• Future-proof architecture. Optional connectors to Google Workspace and Box prepared OpenLoop to consolidate additional storage silos over time.

Deployment finished in under a week. When an edge-case SCIM credential bug came up, Files.com’s support team identified, patched, and closed the issue quickly.

Results

The switch to Files.com changed OpenLoop’s operations:

• Faster onboarding. Onboarding went from several emails and S3 steps to a single secure upload link. Sales activates new employer programs days faster, accelerating time to revenue.
• Improved compliance posture. Every transfer is encrypted, logged, and covered by Files.com’s BAA, with no added manual tracking.
• End-user adoption. HR contacts handle their own uploads through a self-service interface. IT staff now spend their time on the core clinical platform instead of file-transfer support.
• Scalability unlocked. Folder templates, Okta groups, and automated provisioning give OpenLoop a repeatable blueprint for adding employer and health-system clients.
• Future-proof foundation. With S3 out of the workflow and connectors in place for Google Drive and Box, OpenLoop has consolidated its file management and is positioned for future growth without additional infrastructure changes.

By replacing ad-hoc S3 transfers with Files.com, OpenLoop turned a compliance risk and operational bottleneck into a real advantage. The platform accelerated employer onboarding, safeguarded patient data, and streamlined the workflows that support OpenLoop’s growth in the telehealth market.

More customer stories →