Paubox is the easiest way to send and receive HIPAA compliant email. No portals. No plugins. No extra steps. Just secure email for both senders and recipients.
Paubox has achieved the High Performer award based on the responses of real users for each of the Data Security related questions featured in the G2 Crowd review form.
“We are thrilled to receive this recognition from G2 Crowd and most importantly, from our users,” said Hoala Greevy, Founder CEO of Paubox. “This award further validates our mission of putting the user experience first to make it easier for everyone to send secure emails.”
Paubox’s Data Security ratings were highlighted by ‘Quality of Support’, which scored 98%, and Paubox’s ‘Ease of Doing Business With’ was 100% compared to the category average of 83%.
The Data Security Spring 2018 report is based on ratings by business professionals. Paubox received more than ten reviews and five responses for each of the relationship-related questions to qualify for inclusion in the Relationship Index.
“Rankings on G2 Crowd reports are based on data provided to us by real users,” said Michael Fauscette, chief research officer, G2 Crowd. “We are excited to share the achievements of the products ranked on our site because they represent the voice of the user and offer terrific insights to potential buyers around the world.”
Learn more about what real users have to say (or leave your own review of Paubox) on G2 Crowd’s Paubox review page!
About G2 Crowd
G2 Crowd, the world’s leading business solution review platform, leverages more than 381,000 user reviews to drive better purchasing decisions. Business professionals, buyers, investors, and analysts use the site to compare and select the best software and services based on peer reviews and synthesized social data. Every month, more than one million people visit G2 Crowd’s site to gain unique insights.
When you need to find the right healthcare provider for your needs, where do you start?
Ari Tulla encountered this problem when he moved from Finland to California. He faced complex health issues in his family and needed to find the right doctor quickly. Instead, he spent months searching the web, calling offices and trying to find a doctor who could help and figure out what’s wrong.
He knew there had to be a better way. And so, BetterDoctor was born.
“What Happened? On March 1, 2017, PHC discovered that the email accounts of four of its employees had been subject to unauthorized access on February 28, 2017. PHC immediately terminated the unauthorized access and began an investigation which included a review of the contents of the email account for protected information. A forensic investigator was hired to confirm the scope of the unauthorized access to the email accounts and the related Google drives. Unfortunately, PHC is unable to confirm what emails within the account, if any, were subject to unauthorized access. Therefore, the forensic investigator reviewed all four email accounts and Google drives to determine what protected health information they may have contained. Though it has no evidence that any emails were subject to unauthorized access, in an abundance of caution, PHC is providing notice to potentially affected individuals.
What Information Was Involved? The information related to patients located in one of the email accounts or Google drives and therefore potentially subject to unauthorized access includes a combination of patient name, phone number, Social Security number, driver’s license number, financial account number, credit/debit card number, date of service, diagnosis and treatment information, medical history, facility and provider visited, health insurance/payor information and, if applicable, Medicaid identification number. PHC currently has no evidence of any actual or attempted misuse of patient information as a result of this incident. “
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
“What happened? On January 11, 2018, ATI discovered that certain employees’ direct deposit information was changed in our payroll platform. We took immediate steps to mitigate the impact of the incident, and also promptly initiated an internal investigation, with the assistance of third-party forensic investigators, to determine the nature and scope of the incident, including whether any sensitive information was affected. As part of this investigation, ATI recently determined that certain ATI employee email accounts were accessed without authorization between January 9, 2018 and January 12, 2018, and that certain types of patient information were included within one or more of these email accounts.
What information may have been affected by this incident? Recently, ATI determined that one or more of the affected email accounts contained, and the unauthorized actor may have had access to, information related to certain ATI patients, including the following types of information: name, date of birth, driver’s license or state identification number, Social Security number, credit card number, financial account number, patient identification number, Medicare or Medicaid identification number, medical record number, diagnosis, disability code, treatment information, medication/prescription information, doctor’s or therapist’s name, billing/claims information, and/or other health insurance information.. The type of information affected varies per impacted individual. Social Security number was only impacted for a small percentage of the affected population. While our investigation is ongoing, we do not currently have any evidence of actual or attempted misuse of patient information as a result of this incident.”
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Always a good idea to inject some humor in the beginning I covered some background terms and acronyms to get the audience on the same page A considerable amount of time was spent compiling charts and graphs Looks like I only put one person to sleep =) It was a privilege to present at NIST, the standards body that HIPAA takes its data security guidance from
NIST
The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories.
From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on standards provided by NIST.
In fact, HIPAA data security guidelines follow NIST standards.
Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations—from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.
San Francisco, CA – March , 2018 –Paubox, a provider of HIPAA compliant email, today announced a partnership with athenahealth, Inc. through athenahealth’s ‘More Disruption Please’ (MDP) program. As part of the athenahealth® Marketplace, this newly integrated application is now available to athenahealth’s growing network of 111,000 healthcare providers to enable secure email communication of protected health information that doesn’t require extra steps.
“Paubox delivers a valuable service for providers,” said Hoala Greevy, CEO of Paubox. “By making it easy to send and receive email in a HIPAA compliant way, we help providers streamline operations to include email into their workflow and eliminate paperwork and phone tag.”
athenahealth is a network-enabled, results-oriented services company that offers medical record, revenue cycle, patient engagement, care coordination, and population health services for hospital and ambulatory clients. The company’s vision is to build a national health information backbone to help make healthcare work as it should. As an MDP partner, Paubox joins a network of like-minded healthcare professionals who are looking to disrupt established approaches in healthcare that simply aren’t working, aren’t good enough, or aren’t advancing the industry and help providers thrive in the face of industry change.
To learn more about Paubox’s new integrated application, please visit Paubox’s product listing page on the Marketplace.
About Paubox
Paubox is redefining HIPAA compliant email by eliminating cumbersome extra steps for senders and recipients. No portals. No plugins. No extra steps. Just secure email. Paubox integrates seamlessly with G Suite, Office 365 and other email platforms.
Roger Cohen: Apple FaceTime and the HIPAA Conduit Rule
Here’s the transcript from our conversation:
Hoala Greevy: Lately we’ve been covering the HIPAA Conduit Rule Exception in our own blog posts and content. One of the questions one of our customers had was, “say something like Apple FaceTime, does that apply for the HIPAA Conduit Rule or not?”
It’s kind of an opaque area, as I understand it.
Roger Cohen: The HIPAA Conduit Exception is a reasonably narrow exception. Sort of the traditional example of a HIPAA Conduit is the Post Office, or FedEx, or UPS. And either the phone company, setting aside voicemail, which is a slightly more complicated issue, in tech ISPs.
I would want to understand how FaceTime works and what happens to data, if any data is stored. That’s really the key in the application of the Conduit Exception.
Does the Conduit, or the Entity that may be a Conduit, does it have only transitory access to the possession of health information, or is it storing health information over a longer period of time?
Hoala Greevy: That’s what my conclusion was on my layman’s research on it because you know you’ve got, I’m sure they’re logging IP address, date, time, maybe a person’s name. I mean Apple doesn’t sign Business Associate Agreements for their consumer grade services and I felt like this didn’t fit the HIPAA Conduit Rule.
Roger Cohen: I would advise talking to your HIPAA lawyer prior to concluding that Apple FaceTime can be a conduit.
Hoala Greevy: Got it!
Roger Cohen
Roger Cohen is a Partner in Goodwin’s nationally recognized Life Sciences Practice. He counsels healthcare services, life sciences, and healthcare IT clients concerning compliance with the myriad laws and regulations governing the delivery of healthcare services such as the Anti-Kickback Statute, the Physician Self-Referral Law (the Stark Law), the False Claims Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Medicare and Medicaid rules and regulations, and laws governing reimbursement, licensure and certification.
Mr. Cohen’s experience also includes extensive work on healthcare transactions. He has represented clients in acquisitions and financings involving a wide variety of healthcare providers including hospitals, ambulatory surgery centers, physician groups, skilled nursing facilities, rehabilitation and physical therapy facilities, behavioral health and substance abuse treatment providers, dental clinics, home healthcare providers, clinical laboratories, pharmacies, and care management companies, among others.
Mr. Cohen also has deep experience assisting clients in transactions involving and providing counsel to health IT companies such as telemedicine providers and electronic health record, mobile health (mHealth), and digital health companies.
The mother of all healthcare conferences, HIMSS Annual, went down this month at the Venetian in Las Vegas. At least 40,000 people descended upon the Sands Expo Center to network, learn and probably do a bit of gambling.
Chris Cruttenden: What is an Inappropriate Referral?
While there, we setup an impromptu interview center outside Palazzo Ballroom L.
My friend Chris Cruttenden, President of Safety Net Connect, stopped by to catch up.
Here’s a transcript of our conversation around the question, “What is an inappropriate referral?”
Hoala Greevy: What would be an example of an inappropriate referral?
Chris Cruttenden: Typically in some of the systems, the physician is fairly busy, they still use some archaic systems like a fax. Somebody would come in and be complaining about a rash on their arm and he’s like, “Oh I don’t know, you need to see the dermatologist.” He’d give it to the nurse, the nurse would fax it over, get an auth, they would go have to see the dermatologist.
In our system, they would take a picture, ask a question, “Can I resolve this here or do I need to send them to the dermatologist?” We ask them questions like, “Have they changed the soap, have they been hiking in a place where maybe they got poison oak?” Through the process of education elimination, probably that patient would get help and not need to do an extra visit at the dermatologist.
Are you at #HIMSS18 today? Want to be interviewed? Come meet us outside Palazzo Room L from 10am – 12pm. We have 3 tripods, 3 HD cameras, 2 wireless mics, and great questions to ask! @PauboxHQpic.twitter.com/dMEUSHM4lq
The HIMSS Annual Conference & Exhibition brings together 40,000+ health IT professionals, clinicians, executives and vendors from around the world. Exceptional education, world-class speakers, cutting-edge health IT products and powerful networking are hallmarks of this industry-leading conference.
The mother of all healthcare conferences, HIMSS Annual, went down this month at the Venetian in Las Vegas. At least 40,000 people descended upon the Sands Expo Center to network, learn and probably do a bit of gambling.
Chris Cruttenden: We focus on the Safety Net population
While there, we setup an impromptu interview center outside Palazzo Ballroom L.
My friend Chris Cruttenden, President of Safety Net Connect, stopped by to catch up.
Here’s a transcript of our conversation around the term “Safety Net population:”
Hoala Greevy: Can you tell us more about this safety net concept, because I was very unfamiliar with it.
Chris Cruttenden: When we first got into the business, we found there was so much low-hanging fruit and county health systems where we could do a lot of good. We’ve basically focused on just the safety net population, which is in California, Medi-Cal or indigent programs which is basically county-run programs that deal with people that are uninsured, homeless people, and whatnot.
We created basically everything that high-tier people get with private insurance, we created an electronic system that allows them to have appropriate care coordination, services, efficient referrals, and when they show up at the myriad of different places, their information follows them. Which is really nice.
Are you at #HIMSS18 today? Want to be interviewed? Come meet us outside Palazzo Room L from 10am – 12pm. We have 3 tripods, 3 HD cameras, 2 wireless mics, and great questions to ask! @PauboxHQpic.twitter.com/dMEUSHM4lq
The HIMSS Annual Conference & Exhibition brings together 40,000+ health IT professionals, clinicians, executives and vendors from around the world. Exceptional education, world-class speakers, cutting-edge health IT products and powerful networking are hallmarks of this industry-leading conference.
The mother of all healthcare conferences, HIMSS Annual, went down last week at the Venetian in Las Vegas. At least 40,000 people descended upon the Sands Expo Center to network, learn and probably do a bit of gambling.
While there, we caught up with Paubox customers and partners on their biggest takeaways from HIMSS18.
Here are the transcripts of our conversations.
Hoala Greevy: Howzit! This is Hoala Greevy, I’m here again with Jonathan Bush, we’re at HIMSS18 in Las Vegas. I last saw Jonathan during date JPM week in January in San Francisco. I got one question for you Jonathan, what’s your biggest takeaway for HIMSS18?
Jonathan Bush: I just got here!
Hoala Greevy: Yeah me too!
Jonathan Bush: My biggest takeaway is no different than last year.
Hoala Greevy: You can say the same thing for 10 years and still be considered a genius in healthcare.
Did I get that right?
Jonathan Bush: And here’s data point number one!
Aadli Abdul-Kareem: My biggest takeaway is actually going down to the Interoperability Showcase and seeing how much they’re promoting system integration and interoperability across applications.
It looks like now everything from having a data center infrastructure that’s HIPAA-secured and ensuring that within that data center infrastructure, there’s tools that developers can leverage to integrate with EHR systems, more easily consume laboratory and share laboratory information, even down to consent. Like having behavioral health be a very huge topic in tackling “how do I drive consent-driven transactions in compliance with behavioral health?” It’s been pretty amazing.
So that’s my biggest takeaway: True interoperability is finally being addressed the way it needs to be.
Chris Cruttenden: It seems to be a lot of hype about AI and blockchain. The takeaway on blockchain is it is not ready for primetime, at least in healthcare. It is far, far, far from ready.
The AI stuff was extremely interesting and I think it’s going to create some efficiencies, especially in specialty care- radiology, dermatology, anything in a visual aspect where you can, retinopathy, where you can basically look at the images and have it learn which is a bad image versus a good image.
Santosh Mohan: There are a lot of exciting things. The the show floor is exciting. For me personally, the most exciting thing is that there’s so many more startups here than there ever were. This is no longer just the playground for the big enterprise software people. So that is amazing.
Also, the the number of health systems that are here wanting to work with startups and wanting to work with them by any and all means possible, so not just sort of driving pilots. I think they recognize that the pilot model is just not working really great unless there’s a strong discipline to it.
But also embracing App Stores, you know like our marketplace, you guys are on the marketplace. Embracing those models to really you know, also I think recognizing that they cut down the RFP times, they cut down the upfront integration costs, and for the startups too, I mean I you know you get saved on so much of upfront energy that you have to put working through the number of channels that you will, if you’re going directly to a health system.
So I think this type of new models, not just ours, maybe even Allscrips and Epic and Cerner, everybody has a model now. The willingness to recognize that and work through that, I think that to me is just very exciting.
Talking to customers is one of the favorite parts of my job as Founder CEO of Paubox. I’m thankful Carrie was able to find a window in her busy day to meet with me at Northside Social in Arlington, VA.
Here are my takeaways from my coffee meetup with Carrie Nixon:
Northside Social is cool coffeeshop and wine bar in Arlington, VA. I had the Chopped Chicken Salad and three cups of coffee, all of which were very good. I was there for over three hours and it was packed the entire time (positive signal).
Sure enough, we caught up yesterday at Tryst, a cool coffeehouse in NW DC.
Here are my takeaways from speaking with Aadli Abdul-Kareem, Co-Founder of Electronic Health Network:
Founded Electronic Health Network (EHN) in 2007.
Aadli is an interop expert.
Likes working with athenahealth.
EHN has an application partner network.
“No one likes plumbing but everyone needs it.”
Shares my disdain for DIRECT.
EHN looks for go to market partners.
Tryst
Tryst stands in the center of the nation’s capital and prides itself on having outstanding specialty coffee, craft cocktails, and a commitment to being the city’s ‘third place.’ Their signature touch is including animal crackers with each drink. You can see them next to Aadli’s tea cup in the picture above.
The mother of all healthcare conferences, HIMSS Annual, went down last week at the Venetian in Las Vegas. At least 40,000 people descended upon the Sands Expo Center to network, learn and probably do a bit of gambling.
Aadli Abdul-Kareem, Electronic Health Network Co-Founder
We setup an impromptu interview center outside Palazzo Ballroom L.
Aadli Abdul-Kareem, Managing Partner and Co-Founder of Electronic Health Network, stopped by to share his biggest takeaway from HIMSS18.
Here’s the transcript from Aadli’s takeaway:
Aadli Abdul-Kareem: My biggest takeaway is actually going down to the Interoperability Showcase and seeing how much they’re promoting system integration and interoperability across applications.
It looks like now everything from having a data center infrastructure that’s HIPAA-secured and ensuring that within that data center infrastructure, there’s tools that developers can leverage to integrate with EHR systems, more easily consume laboratory and share laboratory information, even down to consent. Like having behavioral health be a very huge topic in tackling “how do I drive consent-driven transactions in compliance with behavioral health?” It’s been pretty amazing.
So that’s my biggest takeaway: True interoperability is finally being addressed the way it needs to be.
Are you at #HIMSS18 today? Want to be interviewed? Come meet us outside Palazzo Room L from 10am – 12pm. We have 3 tripods, 3 HD cameras, 2 wireless mics, and great questions to ask! @PauboxHQpic.twitter.com/dMEUSHM4lq
The HIMSS Annual Conference & Exhibition brings together 40,000+ health IT professionals, clinicians, executives and vendors from around the world. Exceptional education, world-class speakers, cutting-edge health IT products and powerful networking are hallmarks of this industry-leading conference.
On February 28, 2018, Memorial Hospital at Gulfport submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Mississippi, the Memorial Hospital at Gulfport email breach affected 1512 individuals’ protected health information.
Memorial Hospital at Gulfport is classified as a Healthcare Provider.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
Lance Spitzner: “We’re nothing more than another operating system. The HumanOS.”
Day two of the 31st Annual FISSEA conference at NIST kicked off with a Keynote presentation from Lance Spitzner, Director of Security Awareness at SANS.
His Keynote was titled: Making Security Simple – It’s Really, Really Hard.
Lance was fired up on stage, which in turn got me fired up.
I was especially encouraged to hear that when it comes to enhancing security, Lance strongly recommends a focus on making the new behavior as simple as possible. In the case of Paubox and our approach to seamless encryption and HIPAA compliant email, there is no new behavior for senders to learn.
Here are my takeaways and pics from his energetic presentation:
Lance outlined his 3 step process for making Cybersecurity Simple.
The best security awareness officers often do not have technical backgrounds.
“Once people interact with technology, then the game radically shifts.”
In general, people are smart.
Defense organizations tend to have the strongest security programs. At the other end of the spectrum, manufacturing firms.
Lance Spitzner’s Three Steps to Making Cybersecurity Simple:
Teach as little as possible (be wary of cognitive overload).
Make the new behavior as simple as possible.
It has to be “Sue” proof (Can a non-technical person understand it?).
20 years ago, it was easy to hack default Windows OS installs. The BJ Fogg Behavior Model – Curse of Knowledge: The more of an expert you are at something, the worse you are at communicating it “Every behavior has a cost.” Used disabling of auto-complete within Outlook at the world’s largest bank as an example Lance spent a good chunk of time (rightly so) on NIST Special Publication 800-63B Lance reported only 10% of G Suite users are using 2FA (Two-Factor Authentication) Infographics are great for communicating information Lance’s 3 Takeaways for Making Security Simple (Hint: It’s Really, Really Hard)
When a patient has a medical concern and wants to reach out to their healthcare provider, office phones can be tied up and they are left with no answers. Additionally, some medical concerns are better explained visually than verbally.
Considering some medical practices have perpetual busy tones, how else can your patients reach you? Thanks to technology, there is a popular alternative: email.
However, most medical concerns involve mentioning protected health information (PHI) of some kind. In order to ensure your organization is HIPAA compliant, any communication with your patients needs to be secure and encrypted.
With Paubox, there are ways for your patients to engage securely with your organization without you having to send an email to them first. Here’s how it works.
Use a secure URL to receive secure messages from patients
There is no way a patient can send you a secure email first without having email encryption in place themselves. However, a Paubox encrypted contact form is a seamless workaround for patients to send secure messages to their healthcare providers.
Our Paubox encrypted contact form features basic fields for patients to fill in, such as their name, email address, phone number, and a brief message. We’ll also include a space where patients can upload up to 50 megabytes of attachments (such as photos or documents).
Patients can access the encrypted contact form through a secure, custom URL that can be placed anywhere on your website. This allows the patient to send a secure message to your organization first, and the information will be delivered in a HIPAA compliant email straight to your inbox, avoiding the hassle of hard copies, scanning and manual entry.
Every Paubox account comes with one encrypted email address and one encrypted contact form.
If your patient is not a Paubox subscriber, Paubox can still encrypt their incoming contact form email.
The Paubox encrypted contact form links with any G Suite, Office 365 or Microsoft Exchange email account. The selected email account will receive the contact form via email after the patient fills it out.
If your business email provider includes a BAA with its service, then the BAA will cover any emails at rest in your inbox for HIPAA compliance.
For emails in transit, Paubox utilizes TLS encryption to secure the email as it is delivered to the selected inbox.
If you use Paubox’s email encryption service, you can take the Paubox encrypted contact form one step further by directly replying to the contact form email in a secure, HIPAA compliant manner.
You can see a visual confirmation of this process at the footer of every Paubox email. The footer reads, “This incoming email was seamlessly encrypted by Paubox,” as seen below:
Paubox encrypted email takes care of in-transit encryption at no extra cost. And just like our encrypted contact form, it’s very easy to use.
A Paubox encrypted contact form on your website will show your patients that you are taking their privacy and security seriously by allowing them to contact your organization in a secure, HIPAA compliant manner.
This month Uber launched a new business line called Uber Health. The service provides a ride-hailing platform available specifically to healthcare providers.
Uber Health allows covered entities like clinics, hospitals, and rehab centers assign rides for their patients and clients from a centralized dashboard. The rider is not required to have the Uber app, or even a smartphone.
Uber Health and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Uber Health’s site and on their homepage, they state:
Uber Health engaged HIPAA experts to design a program customized for the healthcare environment with numerous safeguards in place to protect PHI — including Business Associate Agreements with partners, technical controls and administrative processes.
In the Uber Newsroom, we also found this: HIPAA Compliance. To ensure Uber Health meets HIPAA standards, we have been working hard to develop, implement, and customize numerous safeguards. We also worked with Clearwater Compliance, a leading HIPAA compliance company, to conduct comprehensive risk and compliance assessments. We are thus pleased to sign Business Associate Agreements (BAAs) with our healthcare partners.
Does Uber Health Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
We were able to quickly determine that Uber Health is willing to sign Business Associate Agreements with the healthcare organizations they serve.
On February 16, 2018, Flexible Benefit Service Corporation submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Illinois, the Flexible Benefit Service Corporation email breach affected 5123 individuals’ protected health information.
Flexible Benefit Service Corporation is classified as a Business Associate.
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.
We learned more about eConsult and Care Coordination Connect System.
Chris shared his biggest takeaway from HIMSS18.
Chris participated in our signature Paubox Lightening Round.
The mother of all healthcare conferences, HIMSS Annual, went down this week at the Venetian in Las Vegas. At least 40,000 people descended upon the Sands Expo Center to network, learn and probably do a bit of gambling.
Chris Cruttenden, Safety Net Connect President
We setup an impromptu interview center outside Palazzo Ballroom L.
My friend Chris Cruttenden, President of Safety Net Connect, stopped by to catch up.
Here’s the transcript from our conversation:
Hoala Greevy: Howzit! This is Hoala Greevy, Founder CEO of Paubox. We’re here at HIMSS18, in Las Vegas and I’m here with my friend Chris Cruttenden, President of Safety Net Connect. Without further ado, let’s get started.
Chris, can you tell me more about what your company does and what problems you guys solve?
Chris Cruttenden: We solve two problems in healthcare. One is the communication problem between primary care physicians and specialists. We’ve created a system we refer to as eConsult and it helps coordinate the care and do away with the need for inappropriate referrals.
The second system that we provide is what we call Care Coordination Connect System, where we help deal with patients that when they’re discharged from a hospital, [we] get them the appropriate care and transitions of care through our systems.
Hoala Greevy: What would be an example of an inappropriate referral?
Chris Cruttenden: Typically in some of the systems, the physician is fairly busy, they still use some archaic systems like a fax. Somebody would come in and be complaining about a rash on their arm and he’s like, “Oh I don’t know, you need to see the dermatologist.” He’d give it to the nurse, the nurse would fax it over, get an auth, they would go have to see the dermatologist.
In our system, they would take a picture, ask a question, “Can I resolve this here or do I need to send them to the dermatologist?” We ask them questions like, “Have they changed the soap, have they been hiking in a place where maybe they got poison oak?” Through the process of education elimination, probably that patient would get help and not need to do an extra visit at the dermatologist.
Hoala Greevy: For the second set of services you folks provide, can you tell us more about this safety net concept, because I was very unfamiliar with it.
Chris Cruttenden: When we first got into the business, we found there was so much low-hanging fruit and county health systems where we could do a lot of good. We’ve basically focused on just the safety net population, which is in California, Medi-Cal or indigent programs which is basically county-run programs that deal with people that are uninsured, homeless people, and whatnot.
We created basically everything that high-tier people get with private insurance, we created an electronic system that allows them to have appropriate care coordination, services, efficient referrals, and when they show up at the myriad of different places, their information follows them. Which is really nice.
Hoala Greevy: That’s cool man. So what does your ideal customer look like, is it a county?
Chris Cruttenden: Yes, we we love county health programs, public health programs, we like working with those systems.
Typically, we love to go into a system where they have a backlog of referrals. We can bring in eConsult and change the workflow. We reduce inappropriate referrals by around 50% on some of the specialties. We reduce the backlog sometimes for a GI visit, it’s it’s you know, 180 days. We get access to the specialist down to two days and then we actually turn it into a system where they actually schedule the appointment within the appropriate time, whether it’s 30 days or 45 days. We’ve eliminated basically backlogs for specialty visits.
Hoala Greevy: How big is your team and where you guys located?
Chris Cruttenden: We’re 20 plus people, we’re located in Newport Beach. We also have an office in Texas and then we have some affiliate offices. [We have] partners, one in Chicago and one in Connecticut.
Hoala Greevy: Wow. All over. That’s cool. So what’s your what’s your biggest takeaway from HIMSS18 so far?
Chris Cruttenden: It seems to be a lot of hype about AI and blockchain. The takeaway on blockchain is it is not ready for primetime, at least in healthcare. It is far, far, far from ready.
The AI stuff was extremely interesting and I think it’s going to create some efficiencies, especially in specialty care- radiology, dermatology, anything in a visual aspect where you can, retinopathy, where you can basically look at the images and have it learn which is a bad image versus a good image.
Hoala Greevy: Chris, where do you see the industry going in the future?
Chris Cruttenden: I don’t want to give away too many secrets! I’m just kidding. But basically there’s gonna be some consolidation as far as what we’re seeing with the EMRs, smaller healthcare software plays. Seems like care coordination is evolving and I think analytics supporting the real-time care coordination is really going to change how people get health care and interact with it. All these mobile devices are really doing big change too. Patients are more hooked in than they’ve ever been before.
Hoala Greevy: Yeah. Optimistic for the future?
Chris Cruttenden: Oh yeah! I do think technology is gonna solve some of the issues that are facing us that politicians cannot solve. But we can solve it.
Hoala Greevy: Okay we’re gonna do the lightning round with Chris Cruttenden. Ready?
Chris Cruttenden: Yeah.
Hoala Greevy: Favorite Hawaiian food?
Chris Cruttenden: Poke.
Hoala Greevy: Yeah! Right on. How many times have you seen the movie, The Big Lebowski?
Chris Cruttenden: Two times.
Hoala Greevy: Two times!? I thought you gonna say too many. You ever been kayak fishing?
Chris Cruttenden:I have not been kayak fishing, no.
Hoala Greevy: Okay we gotta get that going. What book or books are you reading now?
Chris Cruttenden: One of my favorite books is the Art of the Start by Guy Kawasaki. He has an updated version and I always print out some of the pages and tape them on my desk.
Hoala Greevy: No kidding!
Chris Cruttenden: Love it. Because I do a lot of presentations. Love it.
Hoala Greevy: I know someone who knows him. I will make sure he hears about that.
Chris Cruttenden: OK.
Hoala Greevy: That’s cool. I don’t know I’m directly though, but I can get to him.
When’s the last time you sent a fax?
Chris Cruttenden: Believe it or not, I had to send one a couple weeks ago for, like a soccer thing. Nothing to do with health care.
Hoala Greevy: Oh that’s a good one. Okay last question, who would win in the Octagon- a silverback gorilla or a polar bear?
Chris Cruttenden: I’m gonna go with polar bear.
Hoala Greevy:Team Polar Bear all the way! I mean c’mon, it’s not even a question. Right on Chris, thanks a lot man!
HIMSS18
Are you at #HIMSS18 today? Want to be interviewed? Come meet us outside Palazzo Room L from 10am – 12pm. We have 3 tripods, 3 HD cameras, 2 wireless mics, and great questions to ask! @PauboxHQpic.twitter.com/dMEUSHM4lq
The HIMSS Annual Conference & Exhibition brings together 40,000+ health IT professionals, clinicians, executives and vendors from around the world. Exceptional education, world-class speakers, cutting-edge health IT products and powerful networking are hallmarks of this industry-leading conference.
