Kareo Enables Medical Providers To Focus On Patients, Assured Their Information Is Protected

Kareo is the only cloud-based, medical office software and services platform that has been purpose-built for independent practices. The company’s mission is to help medical providers spend their time focused on patients, not paperwork. Consequently, these providers rely on Kareo’s platform 24/7. Key to the value of its platform is the document management and object storage system, which requires encryption to protect sensitive patient information.

Business Challenge

One of Kareo’s key advantages is the balance it strikes between providing innovative functionality and achieving a compelling price point. The company’s legacy encryption mechanism was a critical component of the Kareo offerings, but it had begun to impose unacceptable levels of overhead and a decision was taken to search for an alternative. Jerry Miller, director of network operations at Kareo recalled, “We needed to integrate encryption into our workflow to simplify our security administration but at an affordable cost for the independent medical practice market.”

To best serve its customers, Kareo strives to deliver a highly intuitive platform. Miller explained, “We assume our customers do not have an IT background or IT staff on site, so we offer simple-to-use, intuitive software. And therefore any third-party solutions we leverage also have to be hassle-free in every way.”

Technical Challenge

The company wanted a solution that could encrypt the terabytes of data in its document management system without causing any network downtime or performance issues for file accesses. In order to comply with audit requirements, Kareo also needed an encryption solution that logged details of whenever the Document Management System (DMS) was accessed.

With aggressive plans for continued expansion, the encryption solution needed to be capable of integrating and scaling with the company’s anticipated growth. Jesse Salmon, security architect for Kareo stated, “We’ve deployed a fast-moving, adaptable architecture that utilizes hundreds of micro services that all talk to each other; we needed an encryption solution that could keep in step with us.”


The Kareo team looked at several possible approaches and invited select vendors to participate in a proof-of-concept (POC).

Salmon described the process, “We had each vendor attempt to encrypt 12 terabytes of data. During this process some of the factors we considered were if we could encrypt the data in place, at what speed it would run, the impact it had on the overall system, and the caliber of administrative tools provided to perform activities like changing encryption keys.

“Vormetric Transparent Encryption by Thales ended up scoring the highest because of its powerful administrative features, ease-of-integration, and outright performance.”


Even with terabytes of information being encrypted during the rollout, Kareo’s customers did not experience a moment of downtime. Salmon noted, “Because we could select individual groups of files, we were able to encrypt tens of terabytes of data without interruption. One of the differentiators with Vormetric Transparent Encryption is that you can specify folder identifiers – called guard points – at the system level via the central manager. With other solutions we lost track of which folders were encrypted and their status.”

Kareo’s deployment of Vormetric Transparent Encryption was invisible to users. Miller stated, “Customer impact during the transition was another area where other solutions would have given us a lot of pain. With Thales however, encryption took around three months to fully deploy, and we were able to keep our systems operating around the clock. None of our customers were affected, there was no impact on performance of our servers, we didn’t receive a single complaint or service desk ticket, and we haven’t had any since deploying. Our end users aren’t even aware of the improved encryption protecting their files.”

Salmon added, “Another benefit with Thales is that we can now audit all accesses of our DMS. We have visibility into which services are accessing which files, with which processes, at what time. This is paramount to ensuring our data is protected.”

“To remain nimble, we have implemented an agile microservices architecture,” explained Miller. “Vormetric Transparent Encryption is able to support this easily and with minimum disruption – both in its deployment and in ongoing operations.”

Above And Beyond

Kareo can assure its customers that uploaded patient data is fully protected. Salmon concluded, “From a HIPAA (Health Insurance Portability and Accountability Act) compliance perspective, encryption may not be explicitly required for these files, but we at Kareo view this as necessary to providing the proper level of security for our customers. Vormetric Transparent Encryption is key to doing this.”

Brand and business Protection With Thales

Business need

  • Enable independent medical practices to focus on care while protecting patient information
  • Provide scalability to support business growth objectives

Technology need

  • Enable DMS access logging
  • Support agile micro-services architecture
  • Encrypt terabytes of data with minimal downtime or system performance degradation


  • Vormetric Transparent Encryption by Thales


  • Deployed encryption across entire portfolio with zero service interruptions or disturbances to end users
  • Implemented cost-effective solution that removed encryption from being an impediment to company growth
  • Retained architectural agility while providing industryleading protection

About Thales eSecurity

Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.