by Rick Kuwahara COO of Paubox
Article filed in
8. Hoala Greevy “We see a continuing trend of email being the top breach factor for a HIPAA breach.”
by Rick Kuwahara COO of Paubox
On this episode of HIPAA Critical we chat about a recent community beach clean-up, our partnership and donation to the Orca Conservancy, the huge $145-million settlement by Practice Fusion and its impact on opioid deaths and looking back at the HIPAA Breaches of 2019.
Here’s the full transcript of this episode.
Olena Heu: Welcome to another episode of the HIPAA Critical podcast, I’m Olena Hue, and joining me on this episode is founder and CEO Hoala Greevy.
Hoala Greevy: Hello, Olena. Great to be here.
Olena: We’ve got another exciting show for you and lots to talk about. Let’s first update you on a recent event that transpired where you guys had a wonderful beach clean-up.
Hoala: Yeah, that’s right, we went and did a beach clean up at Crissy Field in San Francisco last week. We arrived in the morning, we got our trash bags and gloves and our trash grabbers, and we went and hit Crissy Field, which overlooks the Golden Gate.
And for better or worse, it’s a pretty clean place to begin with. So we did our best to find some trash. Normally the most trash we found was on the beach itself and around the picnic tables.
So we did that in the morning and we had one of our advisors, Denis Coleman came out and helped us, which was great. He’s also the co-founder of Symantec, great to see him in person. And my girlfriend Lisa also helped out so that was wonderful.
And then at the end of it, we took a picture with an oversized check with the Golden Gate Bridge in the background and we also made a donation to the Orca Conservancy. That’s a tie-in with our newest product project Orca.
So that was our unconventional PR community service event and we have a goal this year of doing 50 hours of community service, so that was in alignment of completing our community service commitment.
In the bigger picture of things, we just believe that the leader always gives back and that’s something I took from prominent Hawaii Business 101, you could say.
Olena: Very nice. And so why that particular location?
Hoala: Well, the morning sun, is in your face. It’s great lighting for taking a picture with the Golden Gate in the background, and it’s relatively close to our office. And it’s kind of a cool place. I don’t go there often, but it’s just a nice pretty chill spot and easy to get to.
Olena: And good to get outside and give back to the community.
Hoala: Yeah, I think the staff liked focusing on something else, other than encrypted email, just for a little bit of their day, and just always feels nice to do something to give thanks for the city that’s given us so much opportunity.
Olena: Wonderful. Tell me more about Orca Conservancy and how that partnership began.
Hoala: Well, we reached out to them, I believe over email, and highlighted this event we’re looking to do, and we thought it was a nice tie-in for project Orca, which is our HIPAA compliant email marketing solution that we recently released.
And so we kinda wanted to tie in an Orca-related beneficiary and these folks focus on the southern Orca population from Alaska to Northern California.
So we thought that was a nice tie-in and they’ve got a great social media presence, so that also helped us reinforce these folks were on it. And sure enough, they replied to us immediately. So that’s kind of how that came about.
Olena: And so we like to focus on winners and losers typically on our episodes of HIPAA Critical and we wanted to mention that Orca conservancy is winning this week as well.
Hoala: Yeah we made a donation to them in the amount of $500 using our Brex Corporate card, we’re also big fans of Brex.
We took a picture with our oversized check with the Brex logo on it. They care for the state. They are not a bank. But we did use our Brex card to make that donation. So we enjoy working with both organizations.
Olena: Excellent and tell me more about Brex, ’cause this is the first time I’m hearing of it.
Hoala: Oh man, yeah. So they’ve got this blanket coverage, as far as brand and marketing goes, of Silicon Valley and they brand themselves as a corporate card for startups.
So they’re a relatively new company, great brand, great execution, and they allow startups like us to get a corporate card within minutes and deploy cards to staff members very quickly.
So we like working with them, we’re using another one of their products called Brex Cash, which is paying… It’s sort of a competitor to a business checking account, and you get points and interest rate on your money that sits in there.
Olena: Very cool.
Hoala: We’re using their products and we’re NPS-10 Brex customers.
Hoala: Oh yeah, well, we’re happy to be their customer as well. I think it’s a win-win.
Olena: And what can you tell us about your forecast for who’s losing this week?
Hoala: Oh man, so that’s an easy one. The loser this week is Practice Fusion, which got… It was released, they agreed to pay a $150 million fine. Sorry, $145 million fine in Federal Court.
And they basically admitted to being responsible for unnecessary Oxycontin prescriptions through a partnership with Purdue Pharma, which is the overwhelming villain in this whole opioid crisis that America is in.
And going back to, I believe 2013, they basically, Practice Fusion, which is an EMR vendor who was sold to Allscripts a couple of years ago, they basically designed their software solution to encourage their customers, i.e physicians, to over-prescribe opioids.
And so…I mean man, people died because… This is… Killed more people… Anyhow, it’s just, it’s beyond pale, that a startup could do this.
And again, the fine is $145 million. And they were bought by Allscripts a few years ago for 100 mill. So, Allscripts comes out looking bad on this too, ’cause they’re down 45 mill on an acquisition they made in 2018, or way more than that, but clearly, these guys are losers.
I just see no honor in this outcome at all. It’s just… Man, I was just, I’m at a loss for words. These are the losers.
Olena: That’s a pretty hefty fine too.
Hoala: People died because of their software. That’s the opposite of what we’re here for.
People died because of this company over-prescribing opioids to the American population through Purdue Pharma, which by the way is on their chapter 7 or 11 bankruptcy protection. Those guys are screwed, as they well should be.
Olena: Definitely something that we can hopefully send the message out to people to be aware of and be more cognizant obviously, when people’s lives are at risk.
Hoala: During the time they were doing this, the death rate tripled over 15 years.
Hoala: Due to opioid overdose. That’s probably more than all heroin and cocaine and practically every other drug you can think of, overdose deaths in the same time period. I mean, it’s just crazy, it’s crazy that this was legal. Alright.
Hoala: Maybe I’m going on a rant, maybe we should move on.
Olena: Alright, and so you also were chosen to be on a panel during a speaking event here on Oahu?
Hoala: Yeah, that was, we were in town for a meeting with Wall-to-Wall Studios. We are doing a brand overhaul. And we had an all staff meeting in Honolulu for that.
And during that same week, was East Meets West 2020, which is a tech conference put on by Blue Startups, and I was lucky enough to be asked to be on a panel, and that panel was about indigenous entrepreneurs bringing cultural values to start-ups.
Olena: Have you found that you’re a native Hawaiian, indigenous person for a lot of startups?
Hoala: Oh man, so I keep this ledger, so Will, myself. And in the back of the room at the Hilton was Ikaika Sheehan. And as far as I can tell we made up the three native Hawaiian tech entrepreneur CEOs on the planet, and we were all in that room, at that moment.
And maybe I’m off by 100%, but that number is still under 10. So not a lot of guidance out there, if you’re Hawaiian and a tech CEO. So, hoping we can do something about that in the future.
Olena: Excellent. Any updates as far as Project Orca is concerned?
Hoala: Yeah, shucks. We’ve been very disciplined on using customer feedback as our roadmap, once again, Project Orca is our solution to the need we see in the market for HIPAA compliant email marketing.
And so what we’ve been laser-focused on, is allowing our customers to create custom audience fields in Project Orca.
There were some other infrastructure we had to build to get that in place, we did that, and then we spent close to two-and-a-half weeks building out this new feature, which we released yesterday.
So we’re very excited to see what our customers will do with this new feature that we’ve added and I think we’re gonna unlock a lot of value for our customers to be able to add things like a person’s birthday, a person’s age, perhaps a prescription type or even an appointment date.
And so, having these fields within our Orca database will allow them to really personalize the email messaging that they need to send out, whether it’s for population health objectives or secure patient outreach goals.
So, looking to get this into the hands of our customers. And then make sure that they have a successful experience and then cooperate with them as far as getting customer success stories done.
Olena: Excellent, yeah. I was looking through my emails trying to email my dentist, and then I saw my happy birthday email was in there, and I thought, “Oh that’s so cute, I kind of forgot about that.”
Hoala: Yeah, that one’s kind of a gray area, even though it’s innocuous Happy Birthdays. I mean definitely smart on their part, but yeah, kind of a gray area there.
But yeah, I guess I haven’t read any stories about email marketing messages for birthdays being triggered, but you could easily see how something as a prescription reminder or it doesn’t take much to trigger HIPAA, when it comes to personalized email.
So, we think there’s a big opportunity here, and it’s just a matter of execution.
Olena: Alright, well speaking of HIPAA, anything new to report in terms of breach reports?
Hoala: Yeah. So we tabulated the 2019 Annual HIPAA Breach Report, released that last week. And in a nutshell, we had 419 HIPAA breaches in 2019 of which the requirement was 500 or more individuals are affected.
So if you have a breach of 500 or more people you’re required by law to report that to Health and Human Services Department. And of those 419, we had a total of about 35 million Americans were breached, which is roughly 10% of the population.
So 10% of the population got hacked last year.
Hoala: Yeah, pretty big number. And of that, email as a threat vector led the way with 39% of all breaches due to email.
So we see a continuing trend of email being the top breach factor for a HIPAA breach. And so they were 161 of the 419 were caused by email. And it’s the usual culprits, just plain in spoofing attacks, phishing, ransomware via link or attachment.
Olena: What would be the number two?
Hoala: Number two came in at network server, which would be a breached web app or something like that. And that came in at 84 breaches. So still a high amount. But email was almost double of second place. So quite a large delta.
Olena: Just shows the necessity of making sure everything is secure.
Hoala: Yeah, well, what’s also interesting about this report is the last, I believe, the last time we did this podcast Olena, I made this prediction that due to the political instability in Iran we would see up to 50 more percent higher HIPAA breaches in 2020. So now we’ve got the baseline, 419. So in 12 months we’ll see if I was anywhere near the mark or not.
Hoala: But at least we got the metric down on paper, dead on.
Olena: Yes, it’s official. As we wrap up this HIPAA Critical podcast, what are your current predictions at the moment?
Hoala: Right, well, I see that there’s this whole concept of, this patient journey and secure email helping fulfill that patient journey.
And I think it sounds funny to say it, but if you’re in healthcare it is bleeding edge.
And so just little things like reminding someone that they have an appointment tomorrow and they need to do an action maybe not eating for 12 hours or following up with someone after they have a procedure, “Are you okay? Do you have any infections? You need to see this rehab specialist.”
That whole journey is completely, basically broken in US healthcare. And it’s nuts because it’s what 18% of GDP?
And so just an innocuous thing like a secure email to help someone through that journey of whatever they’re going through, as far as treatment goes, man, it’s just, it doesn’t even exist.
And so our challenge with Project Orca is not only achieving product market fit and building a solution the market wants, but also educating the market that this can even be done.
But if we can execute, there’s just tremendous satisfaction and shareholder outcome for that.
So my prediction is, this will be the year that becomes talked about more using email as a way to facilitate and improve outcomes for the patient journey and we can see that with this shift to value-based care payment models, large healthcare systems are gonna be incredibly incentivized to make sure their patients actually do have a rewarding or positive experience when they’re dealing with their healthcare system.
And so every American’s got two things: a phone and an email.
And there’s only so much things you can do via a SMS message without requiring a user to download an app, which we’ve seen fail time and time again if you’re talking about patients.
Patients generally do not wanna download an app when it comes to a treatment. But they probably won’t mind checking their inbox for a secure message that’s seamlessly delivered.
And so I think that’s the huge game changer that we need to be a part of for 2020.
Olena: Wow, very insightful.
Hoala: We’ll see. We’ll see in 12 months if that was just “foolishness and delusions of grandeur” as C3PO would say in the Star Wars trilogy, or we are on to something.
Olena: Wonderful. Well thank you Hoala for your time and insights. For more information you can also log on to paubox.com.
Well, this is gonna wrap it up for this episode. Thank you so much for tuning in.
Olena: For more episodes like this, be sure to follow the HIPAA Critical podcast.