UBERDOC Chooses Ascendle to Launch a HIPAA Compliant Platform
At the risk of oversimplifying a large problem, you could argue that one of the greatest reasons healthcare isn’t working for Americans is that it’s become overly complex. Though a physician provides care directly to a patient, the process has become progressively burdened by the involvement of administrators and insurance providers. How? Well, employers are tasked with approving, facilitating, and funding care. As a result, when Ascendle was asked to participate in a new HIPAA compliant solution aimed squarely at simplicity, we were all pretty eager to get involved.
CEO and surgeon Paula Muto approached Ascendle with a vision for a platform that allowed patients to connect directly and swiftly with specialists. They designed their model for consumers wishing to pay via either a Health Savings Account (HSA) or a Flexible Savings Account (FSA). These types of transactions are ideal for bypassing the cumbersome administrative process typical in healthcare.
However, because such software was groundbreaking, it required a company that could swiftly transform Muto’s vision into reality. Muto reached out to Ascendle, seeking a partner to help get her platform, UBERDOC, into the hands of consumers and physicians.
The Start-Up Conundrum
Startups find themselves with common challenges, a grand vision of a potential solution without cash flow, and yet the desire to get to market as quickly as possible. For Ascendle president Diana Bourns, such scenarios are best tackled through ruthless prioritization.
“There are no shortages to the features we could add to an app designed to reduce complexity in healthcare,” said Bourns. “But we didn’t have unlimited time or money, so we put a laser-like focus on providing maximum user value around finding physicians quickly and then allowing patients to evaluate those physicians just as quickly.”
With Ascendle’s guidance, UBERDOC agreed to give maximum attention to patients with a singular desire; to book an appointment with a specialist as quickly as possible.
In fact, research confirms that getting in to see a provider is not only a challenge consumers face; it’s a problem that’s getting worse. A 2017 study concluded that the average time for a visit with a new provider was 24 days (and up to more than fifty days in some cities). In addition, patients and providers have become increasingly interested in telehealth visits, paving the way to interact with physicians located further away. Invariably, circumstances were ripe for a better solution. With an agreed-upon focus and backlog for the MVP, the Ascendle team got started.
A Three-Pronged Product
Once we established the MVP, it became apparent that we would require three different components for product viability, each with a critical role in the application.
Most vital to patients would be the ability to swiftly see when a given provider is available and book an appointment. This approach is markedly different from most experiences. A patient calls in to see a provider, and someone on the other end of the telephone offers them a small selection of appointment times. With UBERDOC, Muto envisioned a customer seeing all upcoming available options, allowing the patient to swiftly determine the provider’s availability and select a day and time of greatest convenience.
Secondly, UBERDOC’s model called for patients to schedule their appointments and pay for services simultaneously, offering opportunities for physicians to be paid promptly, without the friction inevitably caused by billing through insurance. Ascendle chose Stripe for this functionality, given both its ubiquity and security online.
Finally, UBERDOC designed their business plan as a SaaS model, with physicians paying for access to the platform. Like most SaaS companies, UBERDOC wished to utilize recurring monthly billing rather than an onerous annual licensing fee. To do so, they used Recurly for subscription management and billing.
Ensuring HIPAA Compliance
In addition to healthcare providers, it is required that all vendors who interact with personal health information (PHI) are HIPAA compliant. Here, both UBERDOC and Ascendle (performing within the guidelines of a Business Associate Agreement (BAA)) were required to pay strict attention to rigorous procedures.
Failure to comply for either company could result in hefty penalties (as high as one million dollars). Still, for a start-up organization like UBERDOC, the reputation risk could also mean their death before they’d even had the opportunity to achieve traction within the market.
HIPAA’s primary compliance guidelines include:
- Privacy
- Security
- Enforcement
- Breach notification
The most prominent risks associated with HIPAA non-compliance are civil penalties, with fines ranging between $110 per violation to $55,010.
For repeat violations within the same year, the penalty surges to $1,650,300 per violation.
Also, criminal charges can range between $50k to $250k, including a prison sentence if someone intentionally accesses and shares ePHI with unauthorized parties. However, charges and fines may vary by state. Moreover, the Freedom of Information Act (FOIA) provides information on every documented HIPAA violation to date.
HIPAA Security Rules entail technical, physical, and administrative components, each designed to ensure that critical data remains protected, that customers have complete visibility into what data is maintained within the system, and – finally – the customer can remove data as needed. Ascendle was entrusted to build and document the application in a manner that maintained full compliance.
Though not part of the front-end user experience, HIPAA-compliant software requires strict documentation and adherence around all components related to those who might gain access to ePHI on the back-end. Code related to user authorization, access control, and monitoring of those mentioned above and automatic log-off ensured that, at all times, UBERDOC would have specific knowledge of those with access to their system.
Moreover, data encryption, decryption, and backup standards were required to ensure the protection of critical data further.
A Product is Born
Through a series of strategic meetings, ruthless prioritization, and effective product sprints, the Ascendle team transformed Muto’s vision into a live MVP that helped provide visibility and prove viability in an exciting vertical. Muto wrote in an article on the promise of UBERDOC:
“Digital healthcare has everything to do with where medicine is going, not where it’s been. Having affordable options and a transparent price to choose from is important, and through the right technology, it stands a chance to remodel the system. Today’s digital revolution can remove unnecessary and expensive steps while streamlining care so doctors can focus only on their patient’s needs.”
We couldn’t have said it better ourselves.