5 Questions with Goodroot’s Amplified Services Leaders
As the Chief Information Officer at Goodroot, Markus leverages his thirty years of healthcare technology experience to oversee a broad spectrum of infrastructure projects and technology solutions for Goodroot’s community of businesses. Tasked with the crucial role of HIPAA Security Officer, Markus ensures that each affiliate organization within the Goodroot ecosystem complies with stringent internal information technology controls, supporting HIPAA, SOC 2, and other relevant security standards. His seasoned expertise empowers Goodroot’s affiliates and entrepreneurs, guiding them towards efficient, secure, and innovative technological solutions.
Q: Can you elaborate on the term “Amplified Services?” What does that mean to you?
A: Amplified Services is a powerful enabler—a force multiplier—for startup healthcare businesses at Goodroot. Our team enhances an entrepreneur’s ability to succeed by ensuring that every operational aspect—legal, HR, accounting, sales, marketing and IT—is managed by dedicated, highly skilled professionals. This gives the entrepreneur room to focus on their unique value proposition, thereby maximizing their company’s potential for success.
Q: How do you transform affiliate concepts into technologically viable solutions? Can you share a success story where you were able to significantly fast-track a technology build for an entrepreneur within the Goodroot community?
A: When I’m working with a new entrepreneur, sometimes they have a clear tech destination in mind and my role is to build it and oversee the project—ensuring best practices are followed. But at other times, all we have is an exciting concept – like a new SaaS system – and my task is to dig deep into the existing landscape, define the possibilities for the future and then bring that vision to life. The secret sauce here is pinpointing that essential functionality to hit the market running while also delivering extreme value for users. After that, it’s about navigating the project with agility, empowering stakeholders to call the shots in real-time and making sure the solution is always perfectly tuned to the business needs. As an example—when we were beginning to develop Penstock’s ClearFile SaaS solution for health plans, I shadowed Joe Boyle, the President of Penstock’s Regulatory Services, for weeks—soaking up every detail of the current SERFF regulatory filing process. It was a manual slog, but I could see the potential for a slick, tech-driven solution that could be a real game-changer for Joe and his clients. In under a month, we sketched out a roadmap for MyClearFile. And in under four months, we brought it to life completely. This SaaS solution is going to transform the complex, lengthy regulatory filing process for qualified health plans into a streamlined, user-friendly operation—all within a single, multifaceted platform.
Q: Without someone like you on board, how long would that have taken for an entrepreneur just starting out?
A: I am not sure that solution would have been considered or developed at all within an entrepreneur’s first year of business. I don’t simply blueprint these solutions, I actively manage all development activities and ensure optimal use of resources to deliver the solution on time, within budget and to full specifications. While a competent partner could potentially undertake this phase, an entrepreneur would be looking at insane development costs and the risk of not meeting objectives.
We don’t staff bench development resources. As a result, our affiliate companies are not burdened with that cost when they’re not being utilized. Instead, I procure top project-specific resources and save entrepreneurs significant costs by using this model. We often incorporate both onshore and offshore resources to maximize savings. Having that deep network of highly skilled, pre-vetted development resources ready to jump in when needed is a huge value proposition for entrepreneurs.
Q: Security risk is likely a major concern for new entrepreneurs—especially in healthcare. How do you protect affiliates and ensure data security?
A: In the world of startups, especially those in healthcare, security is non-negotiable. It’s not a risk, it’s a prerequisite. Sure, we have all these great tools these days that come with built-in security for things like email, file sharing and cloud hosting. However, the real challenge lies in aligning with the rigorous security norms set by the industry, such as HIPAA, ISO 27001, NIST CSF, SOC 2, and more. In simple terms, if you’re working in healthcare, you often become a business associate or a covered entity, which means you need to prove compliance with these strict security frameworks. This involves creating a dedicated security program that can stand up to annual audits, assessments, and respond convincingly to a variety of customer security questionnaires. Sounds complex, right? Well, that’s where my experience as a HIPAA Security Officer for multiple large-scale healthcare organizations comes in. I have a playbook that’s worked time and again, and I use it to ensure all our affiliate companies are meeting compliance requirements. This means they can provide the necessary evidence to their customers and address all annual security questionnaires confidently. In our business, falling short on these standards could cost us clients. So, ensuring security isn’t just a precaution—it’s a vital service we provide to all our affiliates.
Q: Reflecting on your post-graduation phase from the University of Georgia’s College of Business, what role did you envision technology would play in your professional journey? At what point in your career did you truly recognize the transformative potential of technology?
A: After graduating, my first job was with EDS—one of the world’s tech titans back then—and it gave me a unique front-row seat to technology’s transformative power in various sectors. Let me give you some context. When I graduated in 1989, the Internet and mobile technology were nonexistent. Yet, within a couple of decades, I found myself at the heart of several groundbreaking shifts, from the migration to Windows and client-server models to the dawn of the internet, the emergence of cloud-computing, the explosion of mobile tech and now the rise of Machine Learning and AI. But it wasn’t just about being part of these shifts. At some point, I realized that as a leader in this field, my role was to continue mastering and adapting to new technology. Because in the tech world, the only constant is change, and embracing this change is the key to staying relevant and making a difference.
Bonus Question: Why do you believe that entrepreneurs have the power to change healthcare?
A: Healthcare requires change, and who better to bring about that change than entrepreneurs? By their very nature, entrepreneurs are those daring souls who refuse to settle for the status quo. They’re not fans of doing things just because that’s the way they’ve been done forever. Instead, they have this uncanny knack for spotting inefficiencies and dreaming up ways to change for the better. I’m fortunate to be a part of an entrepreneurial tribe at Goodroot. We’re a bunch of brave and bold people who aren’t afraid of taking calculated risks and constantly pushing boundaries to make healthcare better. That’s why I believe the current entrepreneurs—and future entrepreneurs—at Goodroot have what it takes to make a meaningful difference in transforming healthcare.