The Situation
A three-site Melbourne medical centre with 24 staff — doctors, nurses, and administrative staff — was running on an on-premise infrastructure that had become both a security liability and an operational constraint. The primary server was a physical Windows Server 2016 machine hosting the practice management software, email, and shared files. It had not received security patches in nine months due to a concern that patching would break the practice software.
The practice had recently been notified by their My Health Record auditor that their current setup did not meet the required security controls for accessing the national health record system. They also needed to demonstrate RACGP IT security standards compliance for their upcoming accreditation review.
The three sites were connected by a basic internet VPN that regularly dropped connections, causing the practice management software to log staff out mid-consultation. This had happened twice during video consultations — once with a patient discussing a terminal diagnosis.
What We Did
Medical IT migrations require careful sequencing around clinical operations. We scoped the migration to occur in three phases corresponding to the three sites — with each phase taking place over a weekend to minimise disruption to patient appointments. Before any migration work began, we stood up a parallel Microsoft 365 environment and tested the practice management software's compatibility with the new infrastructure.
The practice management vendor was engaged early — a lesson from previous migrations where vendor support gaps had caused delays. We had written confirmation of supported cloud deployment before any migration work commenced.
- Staged migration across three sites over four consecutive weekends to avoid disrupting clinical operations
- Migrated on-premise Exchange to Exchange Online — all staff email, calendars, and contacts preserved with no reconfiguration required on clinical devices
- Migrated shared file server to SharePoint Online with permissions mapped exactly to previous folder structure
- Deployed Microsoft Intune for endpoint management across all clinical and administrative devices
- Replaced the site-to-site VPN with Azure virtual networking for reliable, monitored inter-site connectivity
- Implemented Azure Backup with immutable storage and tested restores — meeting My Health Record backup requirements
- Deployed MFA with Conditional Access requiring compliant device check for all clinical staff sign-ins
- Completed RACGP IT security assessment documentation for accreditation review
- Delivered staff training sessions at each site with recorded sessions for future staff onboarding
We'd been putting off this migration for two years because we were terrified of disrupting patient care. CX IT planned every detail, tested everything before touching the live systems, and the actual migration weekends were unremarkable — which is exactly what we needed.
The Outcome
All three sites were migrated with zero hours of unplanned downtime. The weekend migrations were completed within the planned windows, with the final site going live at 8:45am on Monday — 15 minutes ahead of schedule.
The practice passed their RACGP accreditation IT assessment without any deficiencies — the first time they had achieved a clean pass in three accreditation cycles. The My Health Record auditor confirmed compliance within two weeks of migration completion.
The inter-site VPN replacement eliminated the connection drops entirely. In the six months following migration, there were zero consultation interruptions due to IT connectivity issues.
The cloud migration also restructured the practice's IT costs significantly. Three on-premise servers requiring regular maintenance and eventual replacement were eliminated. Monthly IT cost (managed service plus Microsoft 365 licences) is 31% lower than the previous annualised spend when infrastructure refresh costs are included.