Boston Health Care for the Homeless Program (BHCHP) operates at a complex intersection: healthcare delivery for a highly vulnerable population, spread across 35+ physical locations - from street outreach teams to the Jean Yawkey Place clinic. The threat model here isn't abstract. It involves protecting sensitive patient health records (PHI) under HIPAA, securing clinical systems used by multidisciplinary care teams in transient settings, and maintaining data integrity for an organization that serves over 10,000 patients annually without the typical perimeter controls of a single-site hospital.
Founded in 1985, BHCHP is a mission-driven nonprofit providing primary care, behavioral health, substance use treatment, and dental services to individuals and families experiencing homelessness in Greater Boston. The operational surface area is wide: integrated teams deliver care in shelters, on the street, and in fixed clinics, which means IT and security staff must account for mobile device management, network access in non-traditional environments, and the realities of shared workstations in high-turnover spaces.
A security role here means thinking about endpoint protection and access controls where the "office" is a shelter hallway or a van. The data is real, the stakes are regulatory and human, and the infrastructure has to be resilient enough to support clinical operations that never really stop. This is healthcare security with a ground-level view - less boardroom, more field ops.