From on-prem Medical Director to Best Practice Premier on Azure.

The brief

An Australian GP group of six clinics operating Medical Director as the practice management system on ageing on-premises servers. Remote clinicians were connecting through unreliable VPN links, the disaster-recovery position consisted of backup files only, and growth had become constrained by both the legacy software and the physical premises.

The brief encompassed the complete engagement: retire Medical Director and the on-premises servers; design and deliver a production-grade Azure landing zone; migrate the clinical platform to Best Practice Premier; provide clinicians with secure access from any location; and ensure every external clinical integration the practice depends upon continues to operate reliably. The environment was to be sized to absorb the current six clinics on day one and engineered to scale to sixty without re-architecture.

What we found

• Medical Director on ageing on-premises infrastructure. The legacy practice management system was scheduled for retirement, and the supporting hardware had reached the end of its operational life.
• Six clinics on the existing footprint, with growth ambitions beyond it. The on-premises platform could not absorb additional clinics without proportional hardware and operational investment at each site.
• Years of accumulated clinical data held within Medical Director. Patient records, prescriptions, imaging, and pathology results all required migration into Best Practice Premier without loss of fidelity, lineage, or clinical accessibility.
• Remote access via VPN was unsustainable. Connections were slow, unreliable, and a significant source of service-desk volume.
• No defensible disaster-recovery plan was in place. Backups existed, but restoration had never been tested at scale.
• Clinical integrations were poorly structured. Each provider was configured manually at the network edge, with no formal documentation maintained.

What we did

Designed and codified a production-grade Azure landing zone across three subscriptions in eleven layered Terraform modules, with networking, identity, security, monitoring, backup, and workload concerns cleanly separated. The environment was sized to absorb the existing six clinics on day one and engineered to scale to sixty clinics without re-architecture — capacity, networking, and identity boundaries planned for tenfold growth from the outset.

Migrated the practice management system from Medical Director on-premises to Best Practice Premier on Azure, deployed on a hardened Windows Server 2022 with SQL Server 2022. Azure Virtual Desktop provides clinician access from any location, with conditional access enforced at sign-in.

Migrated historical clinical data from Medical Director into Best Practice Premier — patient records, prescriptions, imaging, and pathology results — with structured reconciliation gates at each stage and clinical sign-off before cutover. No clinical history was left behind on the legacy platform.

Implemented an FQDN-based Azure Firewall with an explicit allow-list for every external clinical integration the practice uses — clinical messaging (HealthLink HMS, HealthLink SmartForms, Medical Objects Capricorn and Trinity), pathology (Sonic Healthcare — Melbourne Pathology, DHM, Clinipath, SonicDx, Fetch), ePrescribing (eRx Script Exchange and NPDS), government services (Medicare Web Services, PRODA, My Health Record, NASH PKI), drug database (MIMS), telephony (3CX SIP/RTP integrated with AVD session hosts), and productivity (Microsoft 365 with Entra ID Domain Services).

Resilience designed in — host-level disk encryption, daily Azure Backup with long-term retention, and Azure Site Recovery cross-region replication (Australia East to Australia Southeast).

Every infrastructure change is deployed through version-controlled Terraform with drift detection and formal review. The practice now maintains a documented record of every infrastructure change rather than relying on undocumented institutional knowledge.

The phased rollout

Every engagement is delivered using The Ascent Method — Map, Architect, Build, Operate.

1. P1
   Map + Architect: landing zone and Terraform baseline (weeks 1–6). Three subscriptions, eleven modules, with networking and identity concerns separated by design and sized for tenfold growth from six clinics to sixty.
2. P2
   Build: workload migration, Best Practice Premier, and clinical data transfer (weeks 4–14). Hardened Windows Server 2022 with SQL Server 2022 deployed. Clinical data migrated from Medical Director on-premises to Best Practice Premier on Azure — patient records, prescriptions, imaging, and pathology results, with clinical sign-off at each reconciliation gate.
3. P3
   Build: clinical integrations through the FQDN firewall (weeks 10–22). Every external integration explicitly allow-listed and tested end-to-end.
4. P4
   Build: AVD and clinician rollout across six clinics (weeks 16–26). Clinicians transitioned to Azure Virtual Desktop with conditional access; VPN connections retired.
5. P5
   Operate: resilience, disaster recovery, runbooks, and handover (weeks 22–32). Daily backup, cross-region replication, runbooks, and a warranty period.

Outcomes

Medical Director retired across the on-premises footprint, with Best Practice Premier in production on Azure and every clinician operating through AVD from any location.

Historical patient records, prescriptions, imaging, and pathology results migrated into Best Practice Premier, signed off by the clinical lead, with no clinical history left behind on the legacy system.

Six clinics live on the new platform on cutover, and the environment validated to absorb up to sixty clinics without re-architecture — adding a clinic is now a configuration step rather than a hardware procurement.

Clinical messaging, pathology, ePrescribing, and government services operate reliably through a firewall configuration that is defensible in an audit context.

Daily backup and cross-region disaster recovery ensure that a hardware loss or regional outage does not result in practice closure.

Every change to the environment is version-controlled, peer-reviewed, and reproducible — the infrastructure now functions as a codified organisational asset rather than as institutional knowledge held by individuals.