by Sierra Reed Marketing Manager at Paubox
Article filed in

20. Scott Segerstrom “There are still a lot of bad actors out there.”

by Sierra Reed Marketing Manager at Paubox

HIPAA Critical episode 20

This week on the HIPAA Critical Podcast, we chat with Hoala Greevy, Paubox Founder & CEO, regarding the latest news headlines and how fax machines hinder healthcare. Five Acres is winning this week, and Sierra Reed, Paubox Marketing Manager, chats with Scott Segerstrom, Director of Information Systems, from Christie Clinic in Illinois.

Rather read?

Here’s the full transcript of this episode.

Olena Heu: Welcome to another edition of the HIPAA Critical Podcast. I’m your host, Olena Heu and joining me this week we have our Paubox Founder & CEO, Hoala Greevy.

Hoala: Howzit Olena! Great to be with you again.


Olena: Fantastic and of course, always a pleasure to speak with you. Now before we jump into the latest updates, how about an update from you Hoala. You’re back in San Francisco?


Hoala: I’m back in SF… working remote… checked in on the office, it’s doing fine. And you know, it’s halibut and salmon season. So that’s something to look forward to on the kayak fishing angle.

Olena: Sounds delicious and so would you say that you’re a little bit busier now that you’re back in San Francisco or everything’s kind of just remained the same?

Hoala: It’s about the same. We use this a goal setting framework called the OKR system and I think that’s been rather critical for our productivity and goal attainment and alignment. So this is our third quarter using the OKR system and as far as things go from that standpoint, we seem to be as productive as pre COVID whenever everyone, or mostly everyone was in the same office.

Olena: Excellent. That’s wonderful to hear. All right. Well, in each HIPAA Critical podcast, we cover the latest in headlines. We also feature the winners and the failures for the week. But first, we’re going to jump into what’s happening in the news right now.

Hoala: Yeah, great. Olena. So there was a prominent story in the New York Times last week regarding the U.S. response or lack thereof to the Coronavirus and lo and behold, the fax machine was front and center of one of the problems. The article goes on to paint a picture of, you know, a fax machine receiving reams of user of patient Covid results and the paper just overflowing and spilling onto the floor.

So, you know what we’ve been saying all along here, which was just brutally reinforced in this article, is that the fax machine remains the dominant form of communication in U.S. healthcare. For us at Paubox, we consider the fax machine to be our true competitor. To be clear, it’s not the only competitor but we believe it is the true competitor to our product, which of course, is HIPAA compliant email.

So, lots of organizations out there, still rely on fax, some, a lot of them don’t even use email in the workplace. So we’re going to keep focused, keep on our path and I think we are going to be able to provide a lot of value to the healthcare system just by making a better, more reliable alternative to the fax machine. It’s crazy to say in 2020, but that’s the reality. Read “Kill the Fax”.

Olena: I’m kind of surprised. I guess I wouldn’t think that fax machines are still relevant. Why do you think the healthcare industry still utilizes them so much?

Hoala: I think a lot of it comes from an interpretation of the HIPAA Security Rule, which early on deemed the fax machine to be, quote “compliant”. There are some gray areas for sure around fax machines and security, especially when you start dealing with email to fax or fax to email. But, you know, if you read it to the letter, they consider the fax machines to be “HIPAA compliant”.

So a lot of healthcare orgs just go with fax by default but what’s interesting and with organizations like HITRUST, which is the gold standard of security frameworks, which we’ve had that certification for two years now. They in fact, prefer security email over the fax machine. So, you know, we’re right in alignment with HITRUST, you know, what they view as proper data exchange and security frameworks.

Olena: Excellent. All right and so from this particular situation, you know, with this bottleneck, what would you say are the takeaways from what we’re gathering?

Hoala: I think COVID accelerated this long overdue digital transformation in healthcare. People have been talking about it for a long time and now it seems to be accelerating and a lot of that involves cloud software vendors like us, right? When everyone’s working remote, the fax machine sitting in your office is just completely useless, right? Or a large portion of your workforce is working remote. Having a fax machine in the office doesn’t do you any good.

Having a solution that goes fax to email. Well, that still involves a portal login. So as back to like the same amount of friction as all the other competitors in the market, like the ones provided by Cisco, for example, which we’ll be talking about in a few minutes. So I think healthcare does move slower in the U.S., but it is certainly being accelerated at this point in time. So for us, it validates why we’re here, what we’re doing, and we just need to stay focused and execute.

Olena: And so your personal preference for your medical information to be transferred would be what?

Hoala: Yeah, I’d like them to use Paubox. I mean, who has a fax machine? It’s just crazy. And, you know, you talk to your friends about it. And you know, if they’re about to have a kid or some kind of procedure, and this renowned hospital will say, okay, what’s your fax number? They’re just going… what? Who has a fax? Are you crazy? and then they go… oh, we’ll just mail it to you then. You’re talking like a 50 page document that they need today. Not in a week. So that’s where things are at. Change is coming. It has been brought about in a faster rate by COVID. We just have to stay focused.

Olena: Okay, well, excellent and now it’s time to transition over to the good news who is winning this week.

Hoala: So we want to highlight one of our newer customers Five Acres. It’s an organization that’s been around over 100 years and they found us through Google. First of all, they needed a reliable, less cumbersome encrypted email solution. They were using a solution by Cisco Systems, which was portal based, which of course, involves a login for the recipient and training for the internal staff on how to use the portal based solution.

When we were interviewing them from a customer success story that our marketing department spearheaded, we discovered that just by using the solution from Cisco, they had to generate 2,500 help desk tickets just on how to use the darn thing. Or if recipients were having problems opening it, which then cascaded into more than 400 hours spent just troubleshooting issues related to the solution.

Which kind of begs the question, you know, did they end up paying more than the cost of the Cisco solution in human capital time just to deploy and support it? I mean, there’s an argument there for that. So first of all, we got them on our encrypted email solution, which is Paubox Email Suite Standard.

Then later, they discovered we had an inbound security solution to be our Paubox Email Suite Plus, so we got them on our inbound security. We immediately stopped display name spoofing attacks. I think about 46 viruses in the first four weeks, and a whole bunch of spam. So we were able to help them out and help them on their worthy cause.

Olena: Excellent, wonderful and so obviously with you helping them, you’re also helping their customers.

Hoala: Yes and I believe they’ve provided us with some referrals because they just like to get their whole ecosystem using Paubox to really streamline the entire email communication workflow. So we’re following up and seeing what we can do to help out some of their other partners in their ecosystem.

Olena: Wonderful. Okay, well, you know, while we like to highlight those that are winning, we also need to showcase who is failing and so what do you have for us this week?


Hoala: shucks, I did our monthly HIPAA Breach Report. We’ve been doing this for three years now and every month we just look at the past months breaches that were reported to the Health and Human Services…hhs. gov. It’s nicknamed the wall of shame. This is a breach portal and in those three years, we we’ve just never seen numbers like we’re seeing now.

So, for example, in this month’s report, there was 29 breaches alone in the email sector in the previous month. Normally, the entire breach report has about 29 breaches total across all sectors and now we saw 29, just for email. We also saw a new total of 50 breaches total, which we’ve also never seen that many breaches in a given month. I think this may have some correlation to news that came out a few days ago.

Russian hackers trying to steal information on vaccine research being done for COVID. Maybe there’s a tie in there. Email has certainly proven to be an effective breach path. The data shows it over and over again per month. So I’d say just email security in general would be a fail for the month. You know, again, it’s 2020 and there’s just still a ton of breaches out there happening in email.

So again, it validates why we’re here. We just need to service more customers and help improve that and one specific example would be Merit Health. They suffered over 100,000 patients protected health information being violated last month. The case is under investigation… I think it is still underway. We haven’t found any recent press releases about it but it was reported that just one breach alone affected over 100,000 Americans data.

Olena: Well, thank you for all that information and of course, you’re a wealth of knowledge is priceless.

Hoala: I know a lot about very little, just one little thing in HIPAA but yeah, we keep our eyes on it.

Olena: Thank you so much, Hoala. Well, now we’re going to transfer over to Sierra Reed, our Marketing Manager here at Paubox. During this week’s encrypted interview, she chats with Scott Segerstrom, Director of Information Systems at Christie Clinic in Illinois. Take a listen.

Sierra: What are the biggest threats that you think medical practices need to be aware of right now in the current environment?

Scott: Well, there’s still a lot of bad actors out there. There’s a lot of nefarious groups across the world that try to break into healthcare institutions and they see us in a vulnerable state right now simply because you’re either overworked or understaffed because you have people spread all over the place. So there are different opportunities that they can tap into. So paying attention to all that stuff is one of the biggest targets people need to focus on. In addition to that trying to make healthcare safe for patients.

I don’t mean only patients in a hospital setting. So you know, Chrissy Clinic is not a hospital, we don’t have patients that stay overnight, we are strictly an ambulatory clinic. So, patients come to us for care. But patients have a fear of going to any healthcare operation and getting cross contamination from somebody else that happens to be in the facility. And that’s true for the ambulatory side as well as the acute care side. So trying to make patients comfortable is a threat to the business.

Not necessarily a threat to it, but a threat to the business. As an IT person, I’m trying to come up with new and novel ways to be able to make patients comfortable, using technology tools to help provide that level of safety and that level of satisfaction for them while still allowing them to be seen.

Sierra: I actually went to the doctor this morning and I didn’t feel safe until I got there. They had safe protocols when I arrived, but all I was told beforehand was to wear a mask. Upon arrival, I saw that they had rearranged the seating and they asked me if I had any symptoms. So I felt safer when I got there and was glad that they had initiated all of these new protocols.


Scott: A couple of things that we’ve done here in the clinic, like a lot of other organizations across the country… We’ve launched video visits. So if a patient is really uncomfortable with setting foot inside of the office, we do have the ability to have a video visit with them.

I’m working right now on a solution to more or less turn our parking lots into waiting rooms. So when patients arrive for a visit, all they have to do is send a text message to us and say “I’m here” for my visit and then we can reply letting them know how long they will have to wait in the car. Giving them instructions so that we can have that asynchronous communication between us and the patient without having to tie up phone lines and have a person only being able to have that one on one conversation. I’m getting close to being able to launch that. So that’s coming.

Sierra: That’s an amazing idea. I mean, if I knew that was the protocol for my doctor this morning, I would have been excited to go in, not fearful. So what a great idea.


Scott: Yep. So those are some of the technology things that we’ve thrown at COVID. We obviously, like a lot of places, drive thru for testing. We recently reopened the business after essentially shutting down ambulatory or outpatient procedures. Part of our COVID pre op testing protocols were that all ambulatory procedure patients had to be tested for Covid prior to their surgical procedure. So when the pandemic first hit, we opened up drive through testing for symptomatic patients.

We’ve since converted that over to drive through testing for pre op patients. Patients that need to have those surgical procedures can drive through testing for Covid before their surgery. We also have set up curbside convenient care. We’ve set up, at one of our facilities, curbside convenient care, where patients pull into an outdoor covered canopy area and they call in on a specific cell phone. Then the staff go out to the car all dressed up in gowns and bring the patients in.

Being able to provide the technology to make those operations function is great. Those are some of the rapid response teams I’ve had to put together in order to make those things happen quickly when the clinical operations decided this is what we want to do.

Sierra: I didn’t even think about all of the other IT components that go into all of those different items. So thank you for sharing all that. So my next question for you is how do you guys constantly maintain and upgrade IT at your clinic to thwart all of these new threats amongst COVID-19?


Scott: Well, one of the things that I learned how to advocate and that I’ve brought with me here to Christie, is that you never want to put all your eggs in one basket. Every vendor that comes to market with some technology, solution, whether it’s like Paubox, with email encryption or whether it’s Mimecast with anti spam and all their services that they provide.

Every vendor always has a blind spot to some components of the spectrum. So it’s always in the business’s best interest to have multiple vendors that mesh and interact well with each other. So that’s one of the things that I brought here. I use Paubox for email encryption. I use Paubox too recently… we use it to connect our marketing platforms for email to patient marketing campaigns so that we can get COVID information out to patients through email.

 I didn’t have that type of tool in place before. Email marketing is just one thing that we didn’t do. When Paubox came out with Paubox Marketing here recently we tapped into it and connected our email marketing vendors. It gives a level of security to the messaging that goes out but it also allows it to look like it’s actually coming from Chrissy Clinic rather than from some random email system. So there’s that.

I’ve got a couple of different security vendors that go on the other side of email security. Paubox is pretty much the encryption side, then I’ve got Mimecast for the spam side. Then I use CrowdStrike, for security as a service and anti writer stuff. So each one of those components is what I think an IT executive covers my entire footprint of technology.

Sierra: All right and where do you see the healthcare industry going in the next 10 years?


Scott: Consolidation, consolidation, consolidation. There is going to be so much consolidation in healthcare and when I say that, I don’t mean just in the Healthcare Provider segment. While I think healthcare organizations are going to be merging at some point and that by 2050, you may see 20 or 30 large healthcare conglomerates across the country.

But even if on the payer side, everybody looks at healthcare and they see the provider side but they always forget about the payer side and how complicated the payer side in this country really is. A lot of the things that have happened  with the pandemic and with some of the rules and regulations that the government has come out with to try and lessen the blow to the healthcare industry as far as what’s being reimbursed, especially when it comes to telehealth for video visits and telephones.

As you know, those rules, those regulations, I think my personal thing is that they’re going to end up being made permanent. So the payer markets are going to have to either accept those federal regulations and make their reimbursements just as permanent. Or, you’ll see a flight to a single payer system happen a lot more quickly than what a lot of people may want to see happen.

Olena: Thank you so much Sierra for that insightful interview. For more information, log onto and you will find more about Paubox and more on that encrypted interview series so that you can read and share with your friends. So this is going to wrap up our HIPAA Critical Podcast. Thank you so much Hoala for joining us this week.

Hoala: Thanks Olena. Great to be with you again.

Olena: If you like what you hear be sure to like and subscribe to the HIPAA Critical Podcast. Subscribe via Apple PodcastsSpotifyiHeart Radio, or Stitcher.