Abyde is a revolutionary software that provides the easiest way for any sized practice to implement and sustain comprehensive HIPAA and OSHA programs. Chris Wheaton is the current Chief Revenue Officer at Abyde, with a professional history in sales at multiple medical equipment companies. Wade Waybrant is the current Vice President of Sales at Abyde, with a professional history in sales at law and real estate companies. Together with their team, Chris and Wade are revolutionizing compliance so their customers never stress over compliance again!
In this episode of TechTalk Podcast, Brad Cost, Dr. Jay Greenstein, Chris Wheaton and Wade Waybrant sit down to discuss:
The crucial role HIPAA plays in medical providers' livelihood.
Change HealthCare's recent cyber attack & the after-effects.
Staying up-to-date on compliance with Abyde.
SHOW NOTES:
3:26 – Getting into HIPAA compliance technology.
[Chris] “I’ve been with Abyde for about five years now and I'm now the Chief Revenue Officer. I really did not see myself getting into compliance at all, but I don't think anybody does. I came from a device company that was in the eye care space and I really love the idea of helping independent practices. A college buddy of mine asked me if I had ever run a sales team before, and even though my answer was absolutely not, he hired me! We were here to help run their sales team and partnership division, and we’ve been seeing amazing growth ever since. One of my recruits, Wade, our VP of sales, came over and helped us run it, but I’m really proud to be a part of this organization and a technology company out of Clearwater, Florida. We're really pumped. Wade, I'll pass it over to you.”
[Wade] “Yeah, I appreciate it. Chris stole a little bit of my thunder there, but he actually brought me on to help him grow the company. I got my professional career started in the legal space, where I was doing a lot of real estate law and contract management, so compliance makes a lot of sense to me. When I saw the gap in understanding and the way this could impact medical practices all over the country, it was a no-brainer for me to come aboard and help spread the word."
6:00 – Change HealthCare cyber-attack.
[Wade] “It created ripples across the entire healthcare system. I don't know any particular vertical that hasn't been affected by it. Since I've been with Abyde, I’ve never seen the Office of Civil Rights, the law enforcement body over HIPAA compliance, open an investigation so quickly into an organization, which tells me they're taking this very, very seriously. Just a couple of weeks ago, they issued an open letter to the healthcare industry as a whole, urging them to take steps to get HIPAA compliant, so it’s very important.”
7:57 – The importance of staying up to date with compliance.
[Wade] “You mentioned how you invested in getting all these certifications and making sure your security was up to speed for your business. Frankly, I think a lot of providers, and chiropractors specifically, it's a tough investment to make because there's no direct return on it until you need it. That's when it really matters. I know Dr. Jay can certainly tell his story as well.”
13:45 – Dr. Jay’s experience with ransomware.
[Jay] “Basically, we had moved from our server-based software platform to Genesis, which was in the cloud with much better programming, automation, and reports. However, on our old system, we still had accounts receivable, so we were still working those accounts. One day, somebody on my team gets an email with a link and clicked on it. The next thing we know, nobody can get into that old legacy server-based platform. We got a pop-up that says, “we've hacked your system, we took it for ransom, and we want two Bitcoin to unlock it.” I don't negotiate with terrorists, so we're didn’t do that. Luckily though, I had a friend who is a tech titan that was able to find us the right solution to get our data unlocked. That was $10,000, but it was either going to cost us $50,000 in ransom money or $10,000 in getting this stuff unlocked. Now, you would think that's a victory, but all the things we had to do afterwards was painful. We had to do a complete HIPAA audit assessment, a report to the AG, a report to HHS, and put a disclosure on the front page of our website that said we had been hacked. We also had to notify all of our patients by mail or email - imagine that for good brand recognition and branding. We're not a multi-billion-dollar company like Change HealthCare - we have limited resources. The HHS found us to be basically not guilty, meaning we didn't get in trouble, but it was still learning lessons about where our gaps were. We had an IT policy, but the employee did not follow it and we didn't do enough follow-up education. Abyde provides that education really seamlessly. Because we are leveraging technology and systems like Abyde, I sleep really well at night.”
16:57 – Understanding compliance.
[Chris] “I think it all goes to education. Dr. Jay, you're a business owner and a doctor, but you got pretty educated pretty quickly through that ransomware attack. At Abyde, we try to lead with education. We have solutions, but let's educate and make sure the office managers, office administrators, doctors, practice owners are aware of what they need to do first and foremost. Then, we can bring in the software. Our software is ultimately valueless if a doctor is not educated. Nobody's going to look at our software as the coolest thing they’ve ever seen unless you understand what the HIPAA requirements are. I'll let Wade speak to the three kind of value adds of our software and our CS team but educate is our main go-to-market strategy when we're revolutionizing an industry."
[Wade] “If you've been paying attention, educating your team, and making sure they're trained on what they need to do, you're a lot less likely to have an instance like that happen to your organization. I tell people to think about it like insurance policy for your business. I'm never excited to pay my car insurance bill every month, but if I ever needed it, I am glad I have it. That's the way you have to think about compliance. The biggest value add for our software is the simplicity because compliance can be very complicated and a lot of organizations like it that way because it creates a need. You need them because they're the only ones that can explain it to you. We take a different approach. We want to make it user friendly, approachable, and easy to use. We continue to pump that message of education on a continual basis. The most important value our software provides is assurance, peace of mind, the ability to sleep at night. If there's ever any type of incident, whether it be from a patient complaint or a data breach, Abyde’s got your back with a 100% audit pass rate. Let's be honest, the reason you're doing this is to protect your business."
21:00 – The benefit of having good faith effort.
[Wade] “There's actually case law in the provider's favor. There was an amendment to the HiTech Act in January 2021 that mentioned if you take that good faith effort and you're able to prove that you've taken steps through appropriate documentation, you kind of have a Monopoly get-out-of-jail-free card. I don't want to say it’s a 100% guarantee because you've got to take the appropriate steps, but again, that good faith effort is going to protect. Not just your practice, but your patient's information as well.”
[Chris] “I think a lot of times providers are confused on what good faith effort means. We always start our consultations asking providers what HIPAA means to them and they really can never explain it. They usually respond with training the team or having a consent form, right? Training your team and having consent forms are very important, but you have to do a security risk analysis and other things throughout time to show that you have good faith effort. We always try to overcome that misconception of doing a few things, like training the team, and assuming you’re good. That's why the education is so critical for our solution. Unfortunately, a lot of practices and doctors put their head in the sand because they don't really have time. One of the biggest value adds we have is the time-saving we're giving back. Our software is going to tell you what to do and when to do it through notifications, 10-15 minutes a month. As long as you're coming in answering questions and keeping the profile to date, everything you need is there.”
29:07 – Compliance is forever ongoing.
[Chris] “I love thinking about compliance as an ongoing thing, not a one and done thing. It's not a checkbox, yet we hear that so often. The great thing about Abyde is it's not only ongoing training and policy generation, but it's security risk analysis and identifying things like the administrative, technical, and physical safeguards you’re addressing throughout time. Things change, but we're able to show that documentation and we're ultimately going to recommend things to make your business better outside of the compliance realm. Should your employees be logging on to their social media accounts at the office? No! Now that's a government standard. There's rules and regulations, but with our software, it's going to remind the HIPAA compliance officer throughout time. We're going to keep asking those questions, so it's all about being ongoing. It's all about being proactive because it's not a matter of if, now it's a matter of when. When there's going to be some type of incident. Let's make sure that we know exactly what to do and when to do it.”
33:26 - Change HealthCare paying the $22 million.
[Chris] “Yes.”
[Brad] “I don't believe they intended for that to be disclosed. At some point, I believe that was a hidden, but they essentially pulled the big breaker because everybody, within hours, disconnected from them. The power that holds that circuitry to connect was totally disrupted. There is this whole protocol when you have an unintentional incident set up by HHS and our accreditation. It could be $125,000 per incident and that could be interpreted as per claim. They probably did that to give them some breathing room while they were going through it. At that level, that's an insane number of people you've got to communicate with. I wouldn't wish this on anybody. They have responded appropriately. This was from an attack group called Black Cat, who was already under the radar of the FBI because of an incident they had with an energy company a few years ago. Even though our government knew they was there and was following them, this still happened. It's a big deal and it's got great more implications than what seems like on the server.”
[Wade] “I want to point out another fact about paying the ransom. They paid Black Cat, but a second group came out a month later, saying they were actually the ones that did it and demanded their own $22 million ransom as well. It happened to them twice, essentially. Dr. Jay, you had a great point too about not negotiating with terrorists. If you wind up paying the ransom to get your money back and the FBI finds out that they were a terrorist organization, you could actually be found criminally liable for funding a terrorist organization. You have to be careful in those situations.”
37:49 – Having a back-up.
[Wade] “I think the HHS jumped into action to investigate them so quickly because they probably had the same questions as well. I'm curious to see their findings, had they actually done a security risk analysis appropriately."
[Brad] “They have the exact same accreditation we do through ENAC. I know they were current, or they wouldn’t have kept it. It's serious at our level and they check on that very frequently. Their tentacles go to the very heart of healthcare transactions in America. It could have erased the healthcare system in America. If that would have wormed its way into another couple of trading partners, it could have been a 100% invasion of the system. I'm sure they were just trying to do whatever's necessary to stop the bleeding the best they could.”
39:33 – On the radar for Wade & Chris.
[Chris] “We do so many different conferences throughout the year and I’m really proud of our team. We're constantly doing chiropractic, dental, optometry events. We actually have a team out in Vegas right now for a group purchasing organization in the eye care space, so we’re speaking all over the place. I think Wade has a conference coming up where he's speaking. We're really excited about what's on the horizon for a buyer because we have more products coming out, we're growing our team, and we’re going to continue revolutionizing compliance for the independent practice.”
[Wade] “I'm excited for the Kaizenovate Business Adjustment Summit. Bringing technology to a lot of chiropractic offices is key because a lot of times they're technology adverse and it's just the way they operate or the way they've always done things. It's an exciting topic that can really help the chiropractic space as a whole by implementing the right technology for your practice.”
41:06 – HIPAA outside the United States.
[Wade] “There's some instances where the benefits may outweigh the repercussions. In those instances, from a HIPAA regulatory perspective, we would strongly urge to make sure you have the business associate agreement in place with those vendors. Once you leave the continental or the 50 states, HIPAA doesn't apply anymore. They do have a GDPR, which is the EU's version of privacy and security, but it's not to the same level of accountability as HIPAA. You've got to be very careful in the vendors you choose to work with.”
RESOURCES
CONTACT WADE & CHRIS
· Call at 800-594-0883
Comments