Have you ever wondered how an Email API can be beneficial for Healthcare businesses and covered entities? Well, in this episode, that’s what you’ll find out. We’re going to give you an overview of why healthcare businesses choose an Email API in general and, more specifically, how an Email API can be utilized for contact tracing.
Travis Taylor: Happy to be here. Sierra, thank you so much for letting me join.
Sierra: Of course. So, Travis, how did you end up at Paubox in a primarily focused role around building and maintaining customer relationships?Travis: Yes. My first step into sales... I have family on my mom's side that has been in the TV ad space for decades. I knew that they were great mentors to learn from. I saw that they were successful in their field and wanted to follow in their footsteps.
Coming over to Paubox, I'd noticed that there was a job posting on LinkedIn, applied for it, and it was an opportunity for me to reunite with our VP of sales, Scott Wong. He and I had worked together at a previous company. I knew that if he saw something great with this company, I wanted to be part of that ride as well.
This was a great way to get into the SaaS space and continue my professional development in healthcare. There are many opportunities for growth in this field, so happy to kind of continue my expertise there.
Sierra: Okay, great. Yes. Thanks so much for sharing that. Can you elaborate a little bit more on your passion and mission at Paubox?Travis: Of course. With healthcare, there's always so much money going into this industry in terms of research and new technologies. But it's still behind the times when it comes to adopting these technologies, especially for medical practices and hospitals.
For me, I enjoy being a teacher. We are an industry expert, not only in healthcare, but I consider us cybersecurity experts. If you didn't know, Sierra, healthcare is the number one vertical targeted for cybercriminals. Everyone's after protected health information (PHI). And you know, I think we're in a perfect space to be in. In terms of security, there's always going to be more opportunities to continue helping the healthcare community.
Sierra: Right. I do agree with you about healthcare being behind on the times. There's a lot of folks still using fax machines. We're in a digital transformation and need to continue with that transformation.Travis: Absolutely.
Sierra: A focused national response to COVID is a central promise of Joe Biden's campaign. Contact tracing is a huge, huge component of this. Can you give our listeners more info on contact tracing itself and how it is tracked currently?Travis: Yeah. We can use an example of trying to trace your steps.
People are pretty familiar with losing your keys, wallet, or phone at this point. So, it's all about kind of retracing your steps. Right? Where did you remember last having it? Where do you think you left it before?
Contract tracing kind of works in reverse. When someone has a positive result from the COVID test, you need to use a spiderweb to figure out where they have been and who they have possibly come into contact with and are infected. The whole goal of contact tracing is to help prevent community spread.
Right now, it's a very laborious process, a lot of manual work and data entry. With testing as part of this new administration coming in, it will expand this a lot more. We're going to need more effort in terms of people working in terms of contact tracing.
Sierra: Yeah, I agree with you there. It's the same thing with technology. We're a little bit behind on the technology. It's still manual. It's like a spiderweb. We need to go the digital route with contact tracing for it to be effective.Travis: Right now, the Biden administration estimates that we need approximately 100,000 Americans to deploy an effective strategy. It's about one person for every 3,000 citizens. We have a lot of work to do and people to hire to ensure that we can prevent this spread from continuing based on the skyrocketing numbers as of today.
Sierra: Yes, for sure. They are skyrocketing in Dallas, where I live. Travis, can you give our listeners an overview of our email API solution and how it plays a crucial role in implementing this digital contact tracing technology?Travis: Of course, there's a couple of things here.
Within the email API, we're looking to automate a lot of processes. We built a HIPAA compliant email infrastructure, so this email API comes into play with many developers who are building unique applications and platforms. We’re building a bridge between their platform and our API based on the data they are maintaining.
Let's think of COVID test results. For example, you have a database of all the individuals who have gotten tested and whether that result is positive or negative. If we can start sending alerts out automatically from these databases to notify people of negative results and the people that are positive and you’ll be hearing from someone in terms of our contract tracing efforts.
Again, a lot of this is to help get out notifications as quickly as possible to an individual's email that will arrive right in their inbox.
Robocalls have blown up my phone, so I typically don't answer those for the time being unless I have that contact saved. If people can get these notifications via email, they're much more likely to get that information that they need to act on appropriately.
Sierra: Oh, for sure. Because that is a time-sensitive issue, if somebody is manually calling all of those individuals instead of doing it digitally, tons more people could be out spreading the disease. So, an excellent point there.Travis: We're in the first sentence of someone's email, so they're probably getting a notification on their phone, maybe on their smartwatch. It's going to their desktop, computer, or laptop. So it's we're hitting them on multiple channels to, again, make sure that they're getting the information as quickly as possible.
Sierra: Yes. Travis, can you provide some specific use cases with customers that you serve?Travis: Absolutely. Right now, I'm working with a few COVID-19 testing startups. One is located in southern California, and the other is getting up and running in Missouri.
What's great is that these are brand new companies that saw a huge demand of people who want to get tested. Either they feel sick, or they're concerned about who they've come into contact with, or people they have come into contact with that may have been affected by someone else.
So, the company is ordering its test kits. They're working with me to start building their database and using our email API to get these results out.
We have a large health system up in New York, dominating the COVID-19 on the East Coast. Hundreds of locations. They're doing about 400,000 notifications a month.
Sierra: Wow.Travis: That's only going to go up at this point. I think we're going to keep hearing from more and more of these companies. We're continuing our research to see how we can be a leader in this COVID-19 pandemic in terms of leveraging an email notification system.
Sierra: You're right because those numbers are going to skyrocket and continue. As long as this, you know, COVID-19 is spreading. So good point there.Travis: Yeah, it's in. It's great that we have some news on a vaccine. But the numbers don't lie. We need to continue the efforts to try to bring that down as much as possible. There's not going to be a silver bullet to this.
Unfortunately, we're going to need everyone to lean in and do their part. From not only being safe and watching who you're with but also listening to the healthcare community’s directions.
Sierra: 100%. What are some other use cases for our listeners for health care practices and covered entities to use an email API?Travis: Yes, that's a great question here.
This is really what's nice about the email API. There's a lot of unique use cases because, again, it's allowing developers who have built their platforms to then leverage our HIPAA compliant email infrastructure in tandem. They can focus on their app, and we take care of the email side of things.
Some of the other use cases that I've seen are appointment reminders, billing receipts, invoices. Which I think is the best idea. To send invoices to patients that owe a balance to the medical practice and to help a medical practice collect on their accounts receivable in the tough financial times that we're in.
Anything that we can do to help the healthcare community collect on what is owed to them will help them in the long run because we know that COVID-19 has been very detrimental to the healthcare community.
Sierra: You're right about that. Once money that is due goes to collections, a lot of times, people don't even find out they owe money until they get a collection notice. If they have everything in the mail, and digitally, in their email, that's more opportunities for the clients to know that they owe something. So yeah, that's huge.Travis: You can deploy an effective strategy of collections on 15 days overdue, 30 days, 45 days, 60 days, and then the dreaded, “Don't wait any longer, you're hearing from collections,” which no one wants.
Again, any way that we can help the healthcare community is why I wanted to come to Paubox.
There's a lot of unique use cases. Not just for general email communication, but it can also be financial if you deploy the right strategies.
Sierra: So, what are some other use cases?Travis: So a couple of other ones. Again, the test results don't have to be related to COVID-19; it could be pharmacy refills. The list can go on and on because we're partnering our email infrastructure with anyone's platform or software that they're building. We're going to keep hearing from new software companies, especially these next few months, with everything that's going on.
Sierra: Yeah, pharmacy refills, too. What a good thought. As a client, I spend so much time calling my doctor, coordinating with CVS, trying to get all of my medicine refilled.Travis: If that could be automated, that would be less hassle for the client or the customers. It will require some development work to get this up and running, but it's worth the investment. It's worth the investment. Anything that can help you become more efficient in your operations.
This is what you want to do. Because with a manual process of a human trying to do this, it will take too long, there's going to be errors. There are going to be many more errors rather than leveraging an automated system.
Sierra: Right? Where do you see the security, compliance, and healthcare industry going in the next ten years?Travis: If we only we all had a crystal ball?
Sierra: That's a loaded question.Travis: I think there are four major trends, and you brought up one of them already. There is digital transformation healthcare, adopting new technologies that promote what I call accessibility.
Let's look at Zoom, for example, and telehealth. Zoom has exploded this past year. It's allowed medical practices to see patients that don't feel comfortable coming into the practice, or their state doesn't allow them to have them in their practice yet.
I think we're going to start to see more technology within the healthcare community. Zoom, especially, I didn't think that would probably happen for another ten years. Not accelerated into about one, right in terms of how often you see people using it.
Now, a couple of other ones. Vendor consolidation, doing more with less money, essentially. So trying to find providers and vendors that are experts in multiple fields. That way, you'll have a smaller number of support and vendors to work with at that point. Especially with the tough financial times that we're in, people can't be spending like they used to be, and I think any new expenses are scrutinized now than ever before. So again, any way you can consolidate vendors is going to be key.
Last year, data privacy, even outside of healthcare, when you look at GDPR, the CCPA, I think again in healthcare and securing PHI is just going to be very critical.
Then the last one is, we had our SECURE conference in October. The line I took away from that came from Julie Haney. She's a computer scientist and usable security researcher at NIST, the National Institute of Standards and Technology. She said that usability and security must coexist, and that rang a bell with me.
One of the key themes that we talked about here at Paubox is we need to remove the human element when it comes to security. As well as people are trained and have good intentions, humans are prone to making mistakes. However, when it comes to HIPAA, you have to be right 100% of the time. There’s no wiggle room there because one breach and one violation could crumble your entire organization.
Typically I wouldn't say I like to talk in hyperbole, but that's ultimately what we're doing and why we're trying to be a leader in the HIPAA compliant email space and cybersecurity well.
Sierra: In our HIPAA Breach Report, email is still the highest attack vector for cybercriminals every month. Human error is a huge issue in securing PHI and sending PHI. As long as humans are involved in that process, there will be PHI that's being breached.Travis: Exactly. How can we implement something that's going to be easy to use for the staff, but that we can make sure at a high level that IT and compliance leaders at a company feel comfortable and can rest easy at night that they deployed something that's going to protect them moving forward?
Cybercriminals are getting smarter and smarter, with new attacks coming in, like display name spoofing, they need to be ready. That's why I foresee any new security products having to be automated or mitigate how much human intervention is required.
Sierra: Yes. I talked about this in the last episode, but I have been phished, and so has our Director of Finance. We were phished on the same day, and somebody was impersonating our CEO, Hoala, asking if we could meet and for other information. Hoala had never emailed me via my Gmail, so I immediately brought it up to him. Then he let me know that our Director of Finance had received something similar. If I wasn't in this space and didn't know better, I might have taken action. At one of my last companies, we had somebody that got into someone's email, emailed them, and tried to get them to send gift cards or do something from the CEO. They did it because they didn't know any better. I think, again, that plays into user error; you don't know what you don't know,Travis: Would you be surprised to know that the average cost of one of those attacks is $180,000.
Sierra: That's obscene. I'm so glad that I didn't do that for my company. What a large amount of pressure to make sure that you're not doing that for your company.Travis: That's why that is the new attack vector because people are trained for some time not to click on links that seem to come from an unknown source. Or, you know, the typical Nigerian Prince, for example. With this, hackers are using a name from someone at your company with some level of authority. Like you said, their financial and HR people, and there's some urgency behind it.
The name matches up, but what about email, does it? Again, hackers are getting smarter. It's humans who are the ones most likely to make a mistake. They're leveraging our human nature against us. I’ve heard of the gift card example. I've heard of 401k payments or even severance packages.
You can look up this stuff online, and the list goes on.
Sierra: Right? Everyone wants their severance; most people would reply to that. Travis, how do you keep up with industry trends? Are there any good podcasts, blogs, influencers, or newsletters that our listeners should be following?Travis: I know Greg shared a couple of good podcasts on the last episode. For me, my main source of healthcare and cybersecurity information is the “Becker's Health CIO and IT Report.” Throughout the week, I'll get an email to my inbox with about 15 different articles merging those two spaces.
At Paubox, we're targeting the information security community, the IT community, and the compliance community. I hear a lot of the ransomware attacks, malware attacks, and breaches that have been reported to the HHS. That's been my primary resource; I’d highly recommend going to their website and signing up for that newsletter.
Sierra: Okay, great. Last but not least, what do you do to de-stress and relax?Travis: Oh, and talk about an up and down year. I would say the number one thing is to be active. From the onset of COVID-19, I think I tried to do my best to go outside, be safe, and be active for my mental health. So going on a run along the beach, playing beach volleyball, playing soccer. I felt like anytime I could get outside my house and get some vitamin D in me was the best way to control my emotions with everything that was going on in the world at that point. I felt like being active and participating in sports, which I've done my entire life, was the best way.
Sierra: Right? You and Greg, y'all have great scenery to do that on the beach. I'm very jealous. You guys live in California, and I'm in Texas, where Galveston is near me, but it's not the best beach. Very jealous of your surroundings.Travis: It’s hard to leave Southern California, that's for sure.
Sierra: Travis, thank you again so much for joining the HIPAA Critical Podcast. I appreciated it and enjoyed speaking with you today.Travis: Cool. Awesome. Thanks so much, Sierra.
Sierra: For listeners, our next webinar on this exact subject will take place on December 16 at 10 am PST with the topic of “How the Paubox API Can Help Fight the Pandemic.” If you would like to register, please send me an email at sierra@paubox.com, and I will be happy to send you the link. You can listen to other podcasts at Paubox.com or subscribe via Apple Podcasts, Spotify, IHeartRadio, Stitcher, or Amazon Music. Thanks again, and see you next time.