Tampa General Hospital (TGH) replaced its outdated care coordination software with a new HIPAA compliant digital infrastructure, improving operations and patient outcomes, saving 569 lives.
What happened
TGH’s existing care coordination platform could no longer keep up with the demands of modern healthcare. It lacked scalability, speed, and flexibility, particularly when extending coordination efforts across the hospital system. To overcome this, the hospital transitioned to a new, secure analytics platform designed to optimize performance, streamline operations, and unify care delivery across more than 150 care sites.
Implementing the new platform resulted in:
- The creation of a Sepsis Hub that supports early detection, monitoring, and treatment protocol adherence.
- Faster patient placement and reduced post-anesthesia care delays.
- Integrated clinical, scheduling, and staffing systems for improved operational flow.
- These tools were developed in-house, giving TGH full control over regulatory compliance and eliminating prior constraints tied to external vendors.
The backstory
TGH had earlier developed a promising sepsis detection tool in collaboration with an external vendor. Though the tool improved clinical outcomes, the FDA ruled it a regulated medical device, subjecting it to new compliance requirements. That decision forced TGH to discontinue use of the tool, despite its clinical success.
This setback led the hospital to reevaluate its approach, resulting in a switch to technology that allows in-house development and deployment, built entirely within a HIPAA compliant framework.
Going deeper
- Sepsis Hub: Provides early warnings of potential sepsis cases and helps clinicians track compliance with treatment protocols.
- Care progression navigator: Custom-built tool with role-based dashboards integrating data from the electronic health records (EHR), staffing, and scheduling systems.
- MRI optimization: Uses clinical data to dynamically schedule MRI appointments, reducing delays.
- Secure infrastructure: Fully compliant with HIPAA, integrating data from the electronic health record (Epic), staffing (UKG Dimensions), and provider scheduling (QGenda).
What was said
“This led to the transformation of our existing 'CareComm' into the 'Care Coordination Center,’ or C3,” said Scott Arnold, Executive Vice President and Chief Digital and Innovation Officer at Tampa General Hospital.
Furthermore, “C3 empowers our care teams, supports physicians, and enhances the overall patient experience... The result was a comprehensive Sepsis Hub that continues to produce positive outcomes for our patients.”
“Because this tool was developed internally, we were not subject to the commercial product restrictions that halted our earlier sepsis work,” Arnold added.
By the numbers
- 569 lives saved by the Sepsis Hub as of July 2025
- 83% reduction in patient placement time
- 30% decrease in length of stay for sepsis patients
- 30% faster MRI turnaround
- 28% fewer post-anesthesia care unit holds
In the know
HIPAA compliance applies to any system that processes, stores, or transmits protected health information (PHI). Tampa General developed this AI internally, on a secure infrastructure so all data flows and decision-making tools met regulatory standards.
This helps the healthcare organization invest in in-house, compliant, and customizable technology, rather than relying on external tools that may trigger additional regulatory burdens.
Why it matters
Tampa General’s story is a strong case for why hospitals should prioritize compliance-first technology. Rather than retrofitting outdated systems or relying on vendors who can’t keep up with clinical innovation, building or integrating HIPAA compliant platforms internally can allow for better responsiveness, improved patient outcomes, and regulatory peace of mind.
Organizations can further extend secure care coordination with HIPAA compliant solutions, like Paubox, so communication outside the EHR remains just as secure.
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
Can providers use regular emails for patient communication?
No, regular email services, like Gmail and Outlook, are not secure. Instead, providers must use a HIPAA compliant emailing platform, like Paubox, to safeguard patients' protected health information (PHI).
What makes an email HIPAA compliant?
Providers must use a HIPAA compliant email solution, like Paubox, to safeguard patients’ PHI. HIPAA compliant emails offer encryption, access controls, and other security measures, preventing unauthorized access and potential breaches.
Do providers need patient consent for HIPAA compliant emails?
Yes, providers must get explicit patient consent before sending PHI via HIPAA compliant emails.
Learn more: A HIPAA consent form template that's easy to share
