How Increased Cybersecurity Benefits the Home Care Industry

How Increased Cybersecurity Benefits the Home Care Industry

00:00:03.700 –> 00:00:26.329
Erin Cahill: Welcome to CareSmartz360 on Air, a home care Podcast. I’m Erin Cahill, an account, executive at Caresmartz. in the age of digital health records, home care agencies are on the frontlines of a critical battle cyber security with a growing reliance on remote care, delivery, and the storage of mountains of sensitive, patient data, robust se cyber security measures are no longer a luxury, but a necessity.

00:00:26.620 –> 00:00:28.609
Erin Cahill: These protect patient privacy.

00:00:28.660 –> 00:00:52.300
Erin Cahill: home care agencies, collect a wealth of sensitive information, including medical records, financial details and personal identifiers. A data breach can have devastating consequences for patients leading to identity theft, fraudulent medical claims and emotional distress, strong cybersecurity, pro protocols like encryption and access controls minimize the risk of unauthorized access keeping patient data safe and secure.

00:00:52.510 –> 00:01:13.370
Erin Cahill: Enhanced cybersecurity protects operational efficiency. Cyber attacks can disrupt critical systems, hindering communication between caregivers and patients, delaying medication deliveries and jeopardizing care schedules, implementing cybersecurity measures like network security monitoring and regular system updates minimize downtime and ensure smooth operations.

00:01:13.420 –> 00:01:24.849
Erin Cahill: Investing in cybersecurity is not just about protecting data. It’s about protecting the wellbeing of patients, the smooth operation of the agency, and ultimately the trust that underpins successful home care services.

00:01:24.870 –> 00:01:41.750
Erin Cahill: Today we have on the panel Steve Lock, founder and CEO at C. Lo, a secure and free messaging app for care teams. Steve has over 8 years of experience in the industry and aims to improve peer delivery through better communication between all involved in the caregiving process. Welcome to the podcast Steve.

00:01:43.120 –> 00:01:45.550
Steve Vlok: Thanks, Aaron. Yeah. Great to be here, and thanks for having me on.

00:01:46.000 –> 00:01:54.390
Erin Cahill: Absolutely. So I’ll jump right into it. In what ways can robust cyber security measures minimize disruptions caused by cyber attacks?

00:01:56.150 –> 00:01:56.685
Steve Vlok: So

00:01:57.240 –> 00:02:10.389
Steve Vlok: The main thing really is we we I mean, I’ll kind of go back to the basics. So we see cyber security as being an ongoing process. So 3, it’s always changing things. Things are getting more and more advanced.

00:02:10.389 –> 00:02:28.170
Steve Vlok: And to have, you know, defenses in place day to day that you’re kind of using and living and breathing, but that are built into your workflows is really important. So you know, in our space. Communication healthcare is really really critical. So, being able to communicate easily with your your team members being able to easily communicate with your patients and families

00:02:28.440 –> 00:02:47.789
Steve Vlok: is something that’s just expected now. So they have those systems that sort of have compliance built into them is really really important, and that you don’t wanna have to think about as an end user. So it’s gotta really be happening in the background and be easily updated, easily accessible. And it’s gotta feel just like using a regular tool. So

00:02:47.840 –> 00:03:13.870
Steve Vlok: I think cyber security and the advancements in it, are gonna start seeing a way, more automated processes. So we’re seeing kind of like a growth of AI and cyber security and really, the background activity, monitoring things close to you while the end users could just focus on what they’re doing, what they do day to day, which is just using the solution and knowing that it’s safe. So that’s sort of where I think the industry is trending.

00:03:14.190 –> 00:03:21.699
Erin Cahill: Yeah, and how can increased cyber security training for staff contribute to a more secure environment within a home care agency?

00:03:22.810 –> 00:03:46.861
Steve Vlok: So the training is really just about raising awareness. So the big challenge is sort of educating the caregivers or the or the clinicians on what cyber security based practices actually are being able to implement in reality. So you know, it’s it’s about being identify, you know, phishing attacks or things that are not real, or being able to sort of distinguish a colleague talking to you versus

00:03:47.170 –> 00:03:56.149
Steve Vlok: a bad actor. And there’s, you know, there’s really good training material out there now that makes it really easy to implement within organizations.

00:03:56.150 –> 00:04:00.418
Steve Vlok: But I think it’s really about this being an ongoing thing. So we see a lot of

00:04:00.670 –> 00:04:16.312
Steve Vlok: in the past. A lot of legacy sort of solutions would be, you know they train their staff maybe once a year, and they have this like compulsory training day, and everyone can’t do it. They get excited about it. But then they just forget about it. And so it’s really easy for a bad actor to come in and sort of take advantage of that

20
00:04:16.560 –> 00:04:37.359
Steve Vlok: So sign up for security, being like an annual thing. And what we see is it’s really got to be something that’s thought about day and day out. And you know, constant reminders, constant training around what to expect and what to look out for. And I think from our perspective, anyway, being able to bake that training into just regular processes is really important. So

00:04:37.440 –> 00:04:46.330
Steve Vlok: being able to flag things as suspicious or having a you know, champion within the organization, that kind of understands us. Is, is really the key to making sure. People are aware of the risks.

00:04:47.000 –> 00:04:54.120
Erin Cahill: Right, and how can homecare agencies ensure the cyber security practices of third party vendors that they work with.

00:04:55.050 –> 00:05:05.839
Steve Vlok: So. Key one here is just to look for compliance standards being met. So you know, we, as a vendor that you know, operates in a really heavy compliance. Space. I’ll give us an example.

00:05:06.162 –> 00:05:28.449
Steve Vlok: There’s a whole bunch of certificates that we want to get out. Get to show that we’re trusted and verified, and that is a third party order to actually look at our solution. So if a provider or a vendor can’t show, you know, third party attestation and penetration testing reviews and source code reviews and some sort of verification that these compliances and frameworks that actually complied with.

00:05:28.450 –> 00:05:41.200
Steve Vlok: Then it’s, you know, it’s really bad. Start you really want to be able to openly see how they’ve gained these certificates, whether it’s hipaa compliance. High tech sock to iso you know, all the right standards and certificates are really important, and then.

00:05:41.200 –> 00:05:41.520
Erin Cahill: And but.

00:05:41.520 –> 00:05:53.918
Steve Vlok: Become just common practice. Now I think, to be in the healthcare or home care space and not have those standards is, you know it’s just you wouldn’t use a solution like that. So that’s sort of the thing to look out for.

00:05:54.373 –> 00:05:54.720
Erin Cahill: And then.

00:05:54.720 –> 00:06:19.292
Steve Vlok: Further to that. If we’re thinking about using systems that actually share protected health information. Or Phi, the one key phase, if it if we’re strictly us talking now. It’s really important that the vendors are willing to sign a business associate agreement. And this is really just a agreement between the covered entity and the and the vendor to say, Yeah, we we actually want to be able to share and

00:06:19.770 –> 00:06:29.689
Steve Vlok: and transmit this information safely. And we’re agreeing that we’re compliant with hipaa. And then is this written agreement of how they actually look after and safeguard that Phi.

00:06:30.370 –> 00:06:43.089
Erin Cahill: Right? And my next question, you might have already answered it. How can cyber security be specifically tailored to protect data transmitted during remote, patient interactions. Is there anything you wanted to add on to what you just mentioned?

00:06:43.930 –> 00:07:11.330
Steve Vlok: Yeah. So I mean, I’ll use our tool as an example. So what becomes really difficult when you’re not just talking internally. An organization is being able to verify the other users or the other participants in this communication as an example. So you wanna be able to verify the end user. So whether that’s like an identity verification or some sort of other verification entry point. So thinking about, you know, if you send a link out for someone to join. Maybe there’s 2 factors. There’s maybe another thing that.

00:07:11.330 –> 00:07:18.649
Steve Vlok: or a code that they put in or submitted to just verify an extra layer of security. That is, in fact, that person that you’re connecting with

00:07:18.948 –> 00:07:44.330
Steve Vlok: And then the other part, too. If you really wanna make sure that whatever encryption standards and protections that you’re using, make sure that data doesn’t stay on any consumer devices or remote devices that it’s actually just being used in that one session. And then you’ve got the ability to kind of revoke any access or anything, post the console or post that communication. So I’ll give the Ceilo ex as an example. We’re we’re hipaa compliant mission app

00:07:44.583 –> 00:08:06.629
Steve Vlok: we can be used internally within organizations or across organizations, or even with the patient and the families and the key things that we look out for is, we verify the identity of any of not only the clinician, but also the family and the patients, and then we also provide a secure way in which they can talk to each other. And have access to vote and really make sure that the Phi can be safely shared. So if we’re thinking about home case specifically

00:08:06.730 –> 00:08:26.700
Steve Vlok: as we start to see like really dispersed users, and they might be like completely on their own, or they might be out without any real organizational structure around it often. So it’s really important. Whatever tool they choose has all those safeguards built into the tool rather than having to have all the administrative controls around that which you might expect to like a big corporate as an example.

00:08:27.110 –> 00:08:27.940
Erin Cahill: Right?

00:08:28.460 –> 00:08:39.259
Erin Cahill: Are there cost effective cyber security solutions available that cater specifically to the needs of smaller home care agencies making robust protection attainable for all players in the field.

00:08:40.370 –> 00:09:05.447
Steve Vlok: It’s definitely something that we’re seeing is a bit of a work in progress like it’s it’s definitely you know, a lot of the traditional cyber security firms and and processes are really tailored at big corporations where where, I guess you know, in reality, that’s where the the big licenses where and that’s where the revenue was was available for these bigger firms to go after and what we’re seeing now, that’s changing. All of that is really

00:09:05.780 –> 00:09:12.327
Steve Vlok: software is becoming a lot more accessible and cost effective to run because of the cloud. And the second point is, we also have

00:09:13.095 –> 00:09:34.859
Steve Vlok: subscription. So Sas is pretty normal. Now, we’re not having to lock into big contracts and have upfront costs. So the subscription models are becoming a lot more common. And that’s something that we play into as well. So for us, it’s all the subscription model we can. We? You know you can pay monthly or annual is a business discount to go annual as an example for us, and as long as the

00:09:34.860 –> 00:09:47.977
Steve Vlok: provider or the or the client is getting value out of the solution they would, they would keep using, and they keep paying. But they can exit any time. So there’s a really low, low cost to entering this space now. And the other thing, too, is

00:09:48.240 –> 00:10:13.019
Steve Vlok: we. We find that you simply can’t afford not to have good cyber security practices. So if you think about it, what can go wrong? Firstly, you have the fines and the legislation around hipaa. So, for example, you know, these civil penalties are really large monetary fines, that something goes wrong in terms of a breach and the second thing, probably the most important, even more than the financial damages. Really the reputational damage. So it only takes, you know, one or 2

00:10:13.020 –> 00:10:19.979
Steve Vlok: to very small incidents for all of a sudden your your client base to lose, trust and use the provider if they can’t trust

00:10:19.980 –> 00:10:30.819
Steve Vlok: you with your data. How are they gonna trust you to actually, you know, care for them to look after you. So that’s really what we’re seeing is really important. And and probably the last point is, with a lot of the sort of

00:10:31.510 –> 00:10:32.305
Steve Vlok: AI

00:10:33.854 –> 00:10:38.610
Steve Vlok: thanks. Coming to a lot. We’re really seeing the ability for AI to kind of

00:10:39.015 –> 00:10:45.874
Steve Vlok: bring down the cost of delivering cyber security to small organizations because we automate a lot of things and we rise a lot less

00:10:46.180 –> 00:10:48.879
Steve Vlok: resource from people, so to speak.

00:10:49.450 –> 00:10:51.780
Erin Cahill: Right? Yeah, no, that’s a great point.

00:10:51.880 –> 00:11:06.129
Erin Cahill: Well, thank you so much, Steve, for sharing these insights. I’m sure most queries about how increased cyber security benefits home care were addressed today. And to you, my wonderful audience, thanks for tuning in until the next episode. This is Erin Cahill. Signing off.

00:11:07.330 –> 00:11:08.949
Steve Vlok: Thanks very much, Erin. Great, to have you.

00:11:09.350 –> 00:11:12.189
Erin Cahill: Thank you so much, Steve. I’ll stop the recording there.