Skip to main content
Nona Clinical IT
About

Built by someone who's been inside the building.

Nona Clinical IT is built on a simple premise: clinical research sites and small healthcare practices deserve an IT vendor who already speaks their language. Sponsor audits, IRB protocols, OCR, BAAs, eSource, EDC, regulatory binders — not jargon to translate, baseline knowledge to assume.

Who's behind this

Andy Arevalo

Founder, Nona Clinical IT, LLC

Andy is the operations manager for a multi-site primary-care + immigration-physical practice in Orlando, FL. Day job: keep two clinics' workflows, phones, EHR, and compliance posture running.

Over the past several years that role has expanded into building the clinic's IT and security from the ground up — Microsoft 365 migrations, managed firewall, Wi-Fi 6 rollout, PBX, video monitoring, HIPAA-compliant workflows, custom software for tracking patient flow and billing, and an in-house AI assistant for routine ops.

Nona Clinical IT was started after several friends and acquaintances at neighboring research sites and clinics asked some version of the same question: "would you do for us what you've done here?"

The pitch is straightforward — you get someone who's already worked the problem from the inside, who already speaks your operational language, and who is going to be honest about what's actually worth fixing first.

How we're different

What you actually get with us.

Operational fluency

You don't need to translate CRIO, Veeva, Florence, Medidata, sponsor query backlog, IRB modification, eSource, or eConsent into IT terms. We already know what they are and how they fit together.

Compliance built in

BAAs signed before work begins. Risk Assessment, written policies, incident response plan delivered as part of the work — not as a follow-on engagement billed separately.

AI without exposure

Azure OpenAI inside your tenant. Same BAA as your email. No PHI through consumer ChatGPT, no shadow-IT AI accounts, no compliance footprint we'd have to disclose to a sponsor.

Direct access

You work with us. There is no offshore tier-1 queue, no account-executive layer, no scripted response time matrix. Calls and emails go directly to a person who knows your environment.

Itemized everything

Phase 2 is a menu, not a black box. Hardware shows you the supplier invoice. AI workflows are bundled as a fixed-fee Foundation Pack with per-workflow add-ons. You can audit our prices.

Local presence

Orlando-based. On-site when it matters: discovery visits, network upgrades, sponsor audits, incident response. Remote when it's smarter: ongoing support, tooling administration, scheduled work.

Geography

Orlando-based. On-site when it matters.

Headquartered in Orlando, FL. We work with clinical research sites and healthcare practices across Central Florida and the broader Southeast.

Most ongoing support is remote — NinjaOne RMM, RustDesk, Intune. But initial discovery visits, network upgrades, sponsor audits, and incident response are done on-site. We don't run a national tier-1 queue.

If this sounds like the vendor you've been looking for —

One 30-minute call, a $750 written discovery, then you decide whether to proceed. No salespeople. No deck. No "let me get my account executive involved."

Start a conversation