iOS Fleet Takeover & MDM Buildout:
Colorado Home Health Organization

The Situation

Home health organizations were under pressure from two directions in the mid-2010s. Medicaid programs were beginning to mandate Electronic Visit Verification (EVV), requiring proof that a clinician was physically present at a patient's location at the time of a visit, validated by geolocation and electronic signature. Simultaneously, the industry was moving from paper charts to digital charting platforms, and field clinicians were the last link in that chain. The device in their hands was no longer a nice-to-have. It was a compliance and billing requirement.

When this Colorado home health organization transitioned their IT services to ISI, we inherited the infrastructure as it existed: approximately 50 iPads distributed across field clinicians with no centralized management, no formal inventory, and no MDM enrollment. The devices had originally been set up under a previous MSP without proper Apple business program registration, which meant there was no clean path to remote management, no visibility into what was enrolled or missing, and no ability to push the HIPAA-compliant charting application in a controlled way.

Layered on top of that was a Verizon account in need of serious auditing. The fleet included older cellular iPads on 3G data plans, and Verizon was in the process of decommissioning the 3G network. Some devices had finished their financing terms and were still on active lines. Some lines had no active device attached at all. The org was paying for connectivity that either no longer worked or was attached to hardware that shouldn't have been on the account.

This engagement was delivered through ISI, where I was responsible for the technical intake, MDM buildout, carrier account remediation, and ongoing device management for the duration of the five-year relationship.

The Challenge

• No usable asset inventory: 50 devices in the field, distributed across clinicians, with no reliable record of serial numbers, assigned users, or device state
• No MDM enrollment: devices had been configured manually or under a previous provider's account, with no path to remote management without re-enrolling each one
• No Apple DEP business registration: the organization lacked the DUNS number registration and Apple Business Manager setup required to enroll devices under their own business identity
• Legacy 3G iPads facing imminent decommission: Verizon's 3G network shutdown meant some devices would simply stop working on cellular, with no warning to clinicians in the field
• Verizon account carrying unused lines and unfinanced devices still on active billing
• EVV compliance requirement: Medicaid reimbursement depended on the charting platform capturing geolocation and electronic signatures at the point of care, which required a properly managed, HIPAA-compliant device environment
• Budget constraints on both sides: the org had limited capital for hardware refreshes, and ISI's engagement time was not unlimited
• MDM was a skill set being built in parallel: Profile Manager on macOS Server was not a widely understood tool at the time, and this engagement was an early deployment of it in the field

The Approach

The first priority was establishing ground truth: we couldn't manage what we couldn't find, and we couldn't plan a Verizon transition or MDM enrollment strategy without knowing exactly what existed. Everything else was sequenced off that foundation.

• Asset discovery and inventory: Worked directly with the organization's leadership and clinical coordinators to physically locate all devices in the field. This meant contacting clinicians, collecting serial numbers, documenting assigned users, and reconciling what we found against the Verizon account and any existing records from the prior MSP. The result was the first accurate device inventory the organization had ever had.
• Low-cost asset tracking with Microsoft Access: Dedicated asset management tools like Snipe-IT were not yet widely accessible for small-scale infrastructure, and the budget ruled out anything purpose-built. The practical solution was Microsoft Access. Using skills carried over from earlier in my career, I built a custom database to track device serial numbers, assigned clinicians, Verizon line assignments, and device state across all 50 iPads. Asset labels were generated and printed directly from Access and physically applied to each device, giving us a paper trail that matched the digital record. It wasn't a sophisticated system, but it was accurate, maintainable, and cost nothing beyond the time to build it. That database was the working inventory that made enrollment sequencing, Verizon auditing, and user assignment tracking possible throughout the engagement.
• Apple Business registration and DEP setup: Registered the organization's DUNS number with Apple Business Manager and established their DEP account, the foundational step that made every subsequent MDM action possible. Without this, devices couldn't be enrolled under the org's own business identity, and remote management, app distribution, and device lock/wipe capabilities would remain out of reach. Getting this right required navigating Apple's business verification process and coordinating the transfer of device records from the prior arrangement.
• MDM buildout via Profile Manager on macOS Server: Deployed Profile Manager on a Mac mini running macOS Server with a Fusion Drive as the MDM platform. At this point in the market, purpose-built MDM solutions like JAMF were primarily enterprise-priced tools. Profile Manager was the practical, budget-appropriate solution for an organization at this scale, and it integrated directly with Apple's DEP and VPP programs. Configured device profiles to enforce screen lock, passcode policy, and app restriction settings appropriate for a HIPAA-adjacent environment.
• VPP app licensing and deployment: Set up Volume Purchase Program licensing to acquire and distribute the HIPAA-compliant digital charting application across all enrolled devices. VPP allowed the org to hold the app licenses under their own account, not tied to individual Apple IDs, which was critical for managing device reassignment when clinician turnover occurred. Apps could be pushed silently to enrolled devices without requiring clinicians to interact with the App Store.
• Verizon account audit and lifecycle management: Worked directly with Verizon Business representatives to audit the full account: identified lines with no active device, devices that had completed financing terms but remained on monthly service, and cellular iPads running on 3G that would be rendered non-functional by the network decommission. Coordinated bulk device swaps for the 3G hardware, negotiated updated data plan structures for the replacement devices, and established a standardized ordering process for new lines when eligible staff needed cellular devices. Removed billing for hardware and lines that had no business being on the account.
• Fleet modernization planning: The 3G decommission created a forced refresh cycle, but it was also an opportunity to standardize on a current iPad model and cellular band configuration that would have a longer operational life. Coordinated bulk orders through Verizon Business to replace aging hardware in batches rather than one-off, which simplified enrollment and kept the Verizon account structure clean.
• EVV and HIPAA-compliant charting deployment: The charting platform used the iPad's native GPS to record visit location and timestamps, paired with electronic signature capture, to satisfy Electronic Visit Verification requirements for Medicaid billing. Deploying this correctly required the device to be enrolled, the app to be present and configured, and location services to be permitted at the system level, all of which the MDM profile controlled. Clinicians in the field had what they needed without manual setup on each device.