From Athletics to Healthcare: How Academy Medtech Ventures Navigates Cybersecurity, Compliance, and Sustainable Growth in Digital Health

When an industry-disruptor like Academy Medtech Ventures enters the market, growth can be fast and furious but scaling processes quickly and creating sustainable growth isn’t easy. From getting the messaging right for the market to making sure solutions fit seamlessly into clinical workflows to proving to the healthcare industry that patient information and care delivery systems are safe from cyber threats and breaches—it’s a complex journey that requires careful navigation.

JJ Mosolf, president and co-founder of Academy Medtech Ventures (AMV), is all too familiar with these complexities. AMV is a leading innovator in neurocognitive training and the developer of the Operating System of Cognition. AMV’s platform is used by physical and occupational therapists and other clinicians in organizations like Select Medical and Baylor, Scott and White to help patients heal from injuries like strokes and spinal cord injuries.

And that’s just beginning—AMV recently acquired AI human motion capture assets from Altis Movement Technologies, a move that positions AMV to incorporate sophisticated decision-making algorithms and advanced computer vision technology to the clinical solutions they offer healthcare practitioners.

Growing Fast, Learning Faster

AMV’s entry into healthcare hasn’t been without challenges. AMV is an outgrowth of Sports Academy Ventures Lab, an incubator for identifying and accelerating the growth of innovative human performance products and companies. AMV is their first company to step foot in the highly regulated clinical space, a favorite target for cyberattackers.

“Entering the B2B healthcare space poses a new set of considerations from a compliance and cybersecurity perspective. We decided to challenge everything that was currently in place to make sure that we’re setting up for long-term success and scale. And it was a lot; you don’t know what you don’t know until it’s right in front of your face,” Mosolf said.

A young company in fast-growth mode, AMV was working with a number of healthcare advisors but says cybersecurity and compliance were initially “a bit cloudy” without someone to offer that expertise. Leading the charge to stand up cybersecurity practices in the organization, Mosolf found himself balancing the need to understand and leverage best practices without crushing the innovative spirit that drives AMV’s success.

AMV reached an inflection point with the opportunity to work with a large health system. Mosolf says, “They handed us a couple hundred question security questionnaire that looked mostly foreign to us and gave us 30 days to complete it. We had never had to consider those questions at that level.”

How AMV Fast-Tracked Cybersecurity Maturity

AMV’s story might be familiar, as many fast-growth digital health companies don’t have the time or budget to build an in-house cybersecurity and compliance team. For AMV, Clearwater’s ClearAdvantage® managed service program offered a faster and more cost-effective path to cyber resilience, security, and compliance. A full-service program, ClearAdvantage equips companies with program leadership like a virtual chief information security officer (vCISO), on-demand access to the industry’s deepest bench of healthcare cybersecurity experts, best practices built on established frameworks like the NIST Cybersecurity Framework and HIPAA, and access to analytics, dashboards, benchmarking, and reporting available in Clearwater’s proprietary software platform, IRM|Pro®.

Mosolf says Clearwater’s robust risk analysis and technical testing have been two key components of building a successful program and are consistently required by its partner organizations. He says that what started as an education process has now become a foundational pillar of AMV’s infrastructure, “Cybersecurity posed this kind of black box of challenges that once demystified became something that was really neat to get to learn more of. Now, the protection of data permeates every level of our business.”

Mosolf says now AMV can take a more offensive approach to cybersecurity and compliance, creating a roadmap for the next three to five years that will employ strategies to promote continued innovation and success. Since building its cybersecurity program with Clearwater’s help, AMV has refined its software development lifecycle, which now includes manual and automated testing to drive new and better considerations from a data perspective. They’re leveraging this refined cycle to drive innovation and scale solutions that won’t put their customers at increased risk of cyberattacks.

Further, AMV’s robust cybersecurity posture is critical to earning the trust of the healthcare providers they partner with and speeds the process of business associate agreements and security questionnaires that are a standard component of serving healthcare covered entities.

“I can’t say enough of the collaborative relationship we have with Clearwater. I looked at some other options when choosing a partner but stopped those conversations quickly when they felt too transactional. With Clearwater, we get white glove service and top to bottom. We really have a true partnership,” says Mosolf.

Advice for Other Digital Health Leaders

When asked about lessons learned and words of advice for other leaders who are entering clinical spaces with new solutions, Mosolf says to start by understanding where you want to go in the digital health and broader healthcare space because this will help inform the cybersecurity and compliance program. “If you know what constitutes a successful program, you can work backward to find the gaps and fill them,” Mosolf explained. He explained that knowing they want to work with large health systems requires different program components than scaling with other digital health companies.

Finally, Mosolf encourages his counterparts to continue refining what success looks like and to seek out other voices and resources in the space to learn as much as possible. “Start early having conversations with as many other people in your space as possible, he says. “As leaders, we know we need this, but it is so easy to put it off and think we’ll get to it later. Don’t wait.”

Learn more about Academy Medtech Ventures.

Looking for more? JJ Mosolf joined us on the Healthcare Defender podcast series recently; listen to his conversation with us here.

Are you a digital health company looking to create scalable growth while protecting ePHI and value in the process? We can help.

More Success Stories

Navigating the HIPAA Privacy Rule for Reproductive Healthcare: Compliance Essentials Before the December 2024 Deadline

Navigating the HIPAA Privacy Rule for Reproductive Healthcare: Compliance Essentials Before the December 2024 Deadline

In an era where the privacy of reproductive healthcare has become a topic for debate, healthcare organizations face growing fears and challenges over the potential misuse of sensitive patient data. Recent legal developments, coupled with the shifts following the Dobbs v. Jackson decision, have shown the urgent need for robust safeguards. Notably, the December 23, 2024 compliance deadline for the HIPAA Privacy Rule Final Rule to Support Reproductive Health Care Privacy offers a pivotal moment to address these concerns.
The Health Care Cybersecurity and Resiliency Act of 2024: Key Takeaways and Implications

The Health Care Cybersecurity and Resiliency Act of 2024: Key Takeaways and Implications

The Cybersecurity and Resiliency Act (HCCRA) of 2024 is yet another proposed bill aimed at strengthening the healthcare sector’s cybersecurity posture and resilience. It focuses on improving coordination between government organizations, updating cybersecurity standards, increasing breach reporting requirements, and providing grants to rural healthcare organizations that lack both financial and human resources needed to address growing cybersecurity vulnerabilities and increasing threats.

Connect
With Us