Sprinter Health cut device management to just 10% of IT's workload, freeing up time to prep for HITRUST

The challenge: Healthcare compliance at startup scale

Sprinter Health delivers in-home medical services to patients who cannot access traditional primary care. Field clinicians visit homes with iPhones and iPad devices to provide phlebotomy and nursing care, accessing protected health information to deliver treatment. Corporate staff work remotely on Macs, often handling sensitive patient data.

When Richard Patterson joined as Sprinter Health's first IT hire in August 2025, the company had grown to 400+ employees without a dedicated IT function. Responsibilities had been distributed across staff during the company's rapid scaling phase. That approach couldn't continue. As a healthcare provider handling PHI, a single gap in device compliance could derail an audit for months.

Patterson reported directly to the COO with a clear mandate: build an IT department capable of supporting aggressive growth over the next 18 months without proportional increases in headcount. The compliance requirements were non-negotiable. Annual SOC 2 Type 2 audits. HIPAA compliance across all devices. Preparation for the company's first HITRUST audit, targeted for Q1 2027.

Legacy tooling kept IT from innovating

Patterson inherited a device management platform he describes as capable but operationally demanding for small teams. "When you're talking about a very small IT team, it’s not easy to manage," Patterson says. "I call it the Salesforce of MDMs. It's just not intuitive."

The platform required individual configuration profiles for every managed application and setting. Chrome needed its own profile. Slack needed another. Each with separate scope, exclusion, and deployment logic managed independently. There was no way to group related settings or view everything applied to a device in one place. Troubleshooting meant manually cycling through 20+ profiles to identify which one caused a problem.

The previous setup also lacked integration between the MDM and Google Workspace for device authentication. When IT offboarded an employee, revoking their Google account didn't automatically lock their laptop. Patterson needed confidence that identity termination propagated to endpoint access immediately, without requiring manual action in the MDM console.

For a healthcare company preparing for increasingly rigorous compliance frameworks, the platform's operational burden created unacceptable risk. Patterson needed a solution that could run reliably with minimal supervision, provide audit-ready evidence on demand, and enforce security controls consistently across the fleet.

The solution: Compliance automation from day one

Patterson had used Iru at his previous company and it had enabled him to manage an entire Mac fleet as a one-person IT operation. When he assessed Sprinter Health's situation, the path forward was clear.

Within a few months of joining, Sprinter Health migrated their Mac device fleet to Iru.

CIS benchmarks applied automatically

Instead of manually configuring dozens of security controls, Patterson could apply industry-standard baselines through Iru's Blueprint system. CIS (Center for Internet Security) guidelines are built into the platform, available to implement with minimal configuration effort.

The ability to go in and automatically apply CIS guidelines to a blueprint right out of the gate, to be able to show that to compliance as we're getting ready to go through audits, it's just peace of mind. I don't know any other product out there right now that does that the same way that I would have the same confidence in.

Richard Patterson
Manager, Information Technology

This capability matters significantly for audits. SOC 2 Type 2 auditors don't just verify that controls exist at the moment of review. They require proof that controls have been in place consistently throughout the audit period. Iru's approach to security baselines provides exactly that evidence.

Passport connected identity to device access

One of the critical gaps in Sprinter Health's previous setup was the lack of integration between device management and Google Workspace for authentication. With their previous MDM, achieving this required purchasing a paid add-on and the data syncs to the identity provider were often delayed.

Iru's Passport feature solved this natively. Mac device authentication connects directly to Google Workspace. When IT terminates an employee's account, they lose laptop access automatically. "As soon as they're shut down at the identity provider level, they're shut out of their laptop too," Patterson says. "Even if I'm not at a computer to go into Iru to lock the computer right away, they lose access because they lose access to their Google account."

Automated compliance checks

Sprinter Health uses compliance automation tooling to automate compliance tracking across its SaaS and endpoint environment. Patterson manages the device compliance scope while a senior compliance manager on the legal team handles healthcare credentialing requirements.

Iru integrates directly with their compliance software, automatically checking requirements like screensaver timeout settings without manual verification. "I'm able to integrate Iru directly," Patterson says. "There are some things that it just pulls automatically. Things like our screen saver settings, it automatically recognizes that we have that in a blueprint in a library item and automatically just checks that off for us."

Type 2 audits require historical evidence, not just current configuration. Auditors need to verify that controls were functioning correctly for at least the last year, not implemented days before the audit. Iru's audit logs provided that historical record without additional effort.

Blueprints consolidated configuration management

Beyond compliance-specific features, the operational efficiency gains came from Blueprint architecture. Where other device management tools require individual profiles for every setting, Iru's Blueprints let Patterson define complete device configurations at the group level.

The biggest thing really was Blueprints and Assignment Maps. The ability to set those up and have one place where I can manage everything that goes on to devices by criteria. In our previous management software, we had to do that individually per item. Being a small IT team, any efficiency you can find is insanely helpful.

Richard Patterson
Manager, Information Technology

Results: Compliance-ready infrastructure with minimal overhead

Device management now consumes just ~10% of Patterson's time in an average month. The Iru environment is configured, reliable, and largely self-sustaining. He checks in periodically to verify license counts or update API keys, but the day-to-day operational load is minimal.

The contrast with the other half of Sprinter Health's device fleet demonstrates the impact clearly. Patterson's direct report spends roughly 50% of her time managing the iPhone and iPad fleet still running on their initial device management provider, dealing with the same configuration complexity and operational demands that drove the Mac migration.

"We have our Iru instance set up so well that it just flows," Patterson explains. "I have to pop in periodically to make sure we're okay with licenses, maybe update something if an API key changes. But it's very minimal."

Beyond time savings, the platform provides consistent confidence in compliance posture.

I don't have a single day now where I have to wonder is my MDM working correctly. It just works.

Richard Patterson
Manager, Information Technology

HITRUST preparation enabled by operational efficiency

The capacity Patterson recovered from reducing daily MDM management is now directed toward Sprinter Health's first HITRUST certification, targeted for Q1 2027.

Additional HITRUST requirements like stronger password policies and tighter security controls build on existing SOC 2 foundations. Many are already in place or require only minor adjustments. "HITRUST builds a lot on what SOC 2 already does," Patterson notes. "There are some things that we're automatically good on. Then there are other things where HITRUST takes it up a notch."

The challenge isn't technical implementation. It's organizational change management. Communicating the changes to employees, setting expectations, establishing the request workflow for temporary admin access. That communication and process work requires time and attention, which Patterson now has because device management isn't consuming his capacity.

Looking ahead: Full fleet consolidation

Patterson plans to migrate Sprinter Health's remaining iPhone and iPad devices to Iru. This will bring all devices under consistent compliance controls and further simplify audits.

Early testing with trial users has been smooth, showing none of the persistent issues they see today. His direct report, who manages the mobile devices and is being cross-trained on Iru, is eager for the migration.

Patterson says, "She's like, 'We're going to make this change this year, right? Because if it's this easy on the MacBook side, I can only imagine what it is for the iPhones.'"

When the migration completes, the efficiency Patterson found managing Mac devices will extend to the clinical fleet. His direct report's 50% device management workload is expected to drop to levels similar to Patterson's 10%, creating additional capacity for strategic initiatives beyond device management.

With HITRUST preparation underway and continued growth expected, Sprinter Health's two-person IT team has the infrastructure and confidence to meet increasingly rigorous compliance requirements while still driving the business forward.

About Sprinter Health

Sprinter Health is a healthcare provider delivering in-home medical services to patients who cannot access traditional primary care settings. Field clinicians use mobile devices to access protected health information while providing care in patients' homes. The company must maintain HIPAA compliance, complete annual SOC 2 Type 2 audits, and is preparing for its first HITRUST audit in Q1 2027.