Remote Security, E-commerce, and Telehealth: Adapting to COVID-19 Through Technology
on June 16, 2020
By Cassi Price, Manager of Marketing Strategy, VGM Forbin
This article was first featured in "VGM Playbook: Technology and the Patient Care Continuum"
“If it doesn’t challenge you, it doesn’t change you.” – Fred DeVito
It’s safe to say that we’ve all been personally challenged and changed by the pandemic of 2020. When this is all said and done, you’ll ask yourself—did your business rise to the challenge and adapt technology to accommodate new patient needs, or did you stand by while the world changed around you?
If you’re in the group that’s rising to the challenge, you’re likely in the middle of a transition. Changing processes, training staff on new software, updating your website, and finding new ways to connect with your patients via telehealth and e-commerce are just a few things you’re doing to adopt. As a business, you’re running exercises on how you’ll adjust to the many possible scenarios out there about how we’ll “return to normal,” or what the new normal will be.
While you’re doing the right things, when you’re deep into this transition it’s possible that you can’t see the forest for the trees. This means you need to take a step back to make sure you’re protecting what made your business unique and successful in the first place, and then be extremely vigilant in prioritizing employee/patient safety, data security, and patient experience.
So, let’s take a step back and examine the technology transitions you’re likely in the middle of and address the questions you need to ask to ensure you’re staying on track.
For Employees’ Work From Anywhere Software—Qualifying Compliant Vendors
While many states saw months of strict social distancing measures, we’re dipping our toes into more relaxed guidelines that may leave your business to stagger staff that will be in the office and staff that will be home. You may also anticipate that a flareup of the coronavirus in your state will lead to your staff transitioning back to remote work and patients back to telehealth. Either way, you’ll be keeping those subscriptions to Office 365, RingCentral, Zoom, and/or Continuum. Before you commit to the annual subscription, you need to ask these questions to remain in compliance.
Ask Your New Vendors:
- When was your last risk assessment performed and would you be willing to send me a copy of the report?
- What steps do you take to protect the ePHI you’ll maintain?
- Are you willing to sign or provide a business associate agreement?
Any software company that is maintaining, transmitting, or storing electronic protected health information (ePHI) needs to sign this agreement with you. If you’re talking about a patient during a conferencing meeting, you’re transmitting ePHI. You may need to go through this with any conferencing companies, chat software, and file-sharing vendors such as Dropbox or OneDrive.
In fact, free Gmail accounts don’t include a business associate agreement (BAA) and are not HIPAA-compliant. You’re required to purchase G Suite to access those resources. In our experience, almost all free software and service providers will not sign a BAA, so do your due diligence when moving forward with these new technology providers.
- Have you reviewed and updated your backup, disaster, and contingency plans to protect your business?
- Have you updated your security suite to cover remote employees’ workstations and those connections back to the office?
Those working from home are doing so from places that you haven’t had to secure before. If they’re connecting to your network from personal computers, are you making sure those computers are not presenting new threats to your network? Do those computers have an updated antivirus software installed? Does working from home require users to store ePHI or other personal protected information (PPI) on their home computers and is that information being backed up with your current backup solution?
For Data Security—Backup, Email Protection, and User Security
Now that we’ve covered updating your backup plan, there are extra steps to keep all that data in the cloud secure and protected. Here are the areas to focus on to keep your cloud covered:
- Cloud Backup: This is your disaster recovery. In the event of system failure, outage, or other disasters, it’s recommended to have your database backed up off-site and readily available when needed. The most common cloud backup services we work with are Microsoft Azure and Barracuda, but you may also work with iDrive, Acronis, or Dropbox Business.
- Email Protection Layers: Don’t trust your email provider to be secure all by itself. It’s their job to get you your emails. It’s recommended that you also add security in the form of multiple vendors scanning your emails to make sure they’re secure before they’re delivered. At VGM Forbin, most of our customers that have Office 365 have also elected to use Barracuda as an extra layer of security. You may also be using Mimecast.
- Multi-factor Authentication or Two-factor Authentication: With the mixture of employees working from both the office and home, it’s vital to enable a solution that verifies its user with not only a username and password but also something physical like a fingerprint or random verification code sent to a different device. You see this enabled on Facebook, Google, and even Nintendo Switch. Most often, the vendor of choice for this function is Duo.
For Patients—Website Experience, E-commerce, and Telehealth
In addition to making your employees’ systems secure, we’re sure you’re also working hard to keep patients and clients coming back to you. We’ve seen businesses around the globe bending over backward to keep serving their customers and patients while practicing social distancing. As we see some of these social distancing measures continue for longer than originally expected, here are a few areas to examine within your business to make sure you’re continuing to evolve to the new normal of patient experiences:
Make sure your website clearly defines the steps to having a great experience in your store virtually. This is done by providing step-by-step instructions on how to consult with your business virtually to get the same friendly experience that you would have face to face in your store.
If you’re researching long-term telehealth service, the functions to consider include:
- Secure and compliant mobile apps to gather ePHI via messaging, video, fax, or voice calls
- Look for security certifications such as HITRUST CSF that shows the vendor is supported by a strong security risk management framework
- Easy, dynamic call routing that you can adjust from home for an influx of calls that may come in at different times for different purposes
- Voicemail transcription to increase the speed of response by the team
- Multi-level interactive voice response (IVR) capabilities—this means you can easily create a multi-layer phone routing menu to get patient calls routed to the right people.
We’ve seen solutions like RingCentral cover these functions. Another possible solution in this area that focuses specifically on healthcare is BlueJay Mobile Health.
If you have a product catalog featured on your website, you’ll also want to start improving the experience on those pages. We see many DMEPOS businesses transitioning to e-commerce models so their patients can continue to purchase products easily from them without contact. If you’re diving into e-commerce, here are some very important items to keep in mind:
- Focus on Product Pages: Whether you’re doing e-commerce or not, if you have product pages, we recommend you dedicate time to improve the information on those pages. Areas to improve could be product descriptions, features, specifications, photos, and any other information that’ll help customers find that page and learn about the product. This can influence whether they make the choice to purchase the product or contact you about it. If you have A LOT of products already listed on your site, prioritize the products that you sell often. If you’re just starting your online catalog, stay focused on your main products. Don’t put a catalog out there of product descriptions that you hurried through. Take your time and create polished pages for your key products that you really want to sell.
- Choose Your Payment Gateway: This solution authorizes payments for your merchant account. Most of the solutions out there offer similar functions but vary greatly in terms of transaction and subscription fees. Look closely at whether your payment gateway offers discounts based on volume and make sure those fraud settings and address verification settings are all turned on. The payment gateway we most commonly work with is Authorize.Net.
- Determine Shipping/Delivery Options: Great shipping options are crucial in today’s e-commerce environment. Get your contracted rates set with FedEx or UPS and then see where you can offer free shipping. This may be the service that determines whether a customer buys from you or your competitor.
- Determining Return Policy: In a situation where your customers were accustomed to trying a product out in your store before purchasing but can no longer do that, this service is key. Determine what your return policy will be and if you can offer free returns, then you’re set. Make those policies crystal clear and make sure they’re on your website.
- Managing Sales Tax Compliance: Make sure you’re well-versed in where you can charge tax and where you don’t have to. When it comes to e-commerce, you may want a service that’ll instantly calculate rates based on geolocation and product classification as well as distribute payments to tax jurisdictions. A great vendor to go with is Avalara, who’s also offering 3-months free to help businesses during this time. The offer expires on June 30, 2020.
- Integrations to Automate the Process: Finally, there are many ways to make your e-commerce run efficiently for you and your customers. At VGM Forbin, we've developed integrations specifically for the DMEPOS business including:
- Insurance verification with vendors like Zirmed/Waystar
- Billing software integrations with Brightree and USS
- Catalog integration with fulfillment centers like VGM Fulfillment and Preferred Medical/NDC
If you’re overwhelmed by all that comes with updating the technology within your business, you’re not alone. It’s impossible to be an expert in all areas of both your technology infrastructure and online experience. The most important thing you could do for your company right now is to find the right partners that are experts in these areas and can help you bring it all together. At VGM Forbin, we have been proudly serving VGM members for over two decades. We’re committed to helping your business thrive with the right technology and web solutions!
You don’t have to navigate this alone. We're here, your VGM technology and web partner, to help you overcome these challenges. Reach out to connect with our team today!