The Virtual CISO Podcast
The Virtual CISO Podcast

Episode · 11 months ago

How HIPAA Compliant Email is Revolutionizing Healthcare w/ Hoala Greevy


When it comes to healthcare InfoSec, it’s the Wild West. Most healthcare organizations just don’t have the necessary IT budgets to make it a priority.

But it should be a priority. The truth is a large number of hospitals have been targeted by ransomware in the last few years. 

Today’s guest, Hoala Greevy , Founder and CEO at Paubox , shares how his company is arming healthcare organizations with HIPAA-compliant email and APIs in their ongoing battle against cyber threats.

In this episode, we discuss:

- The current state of information security in healthcare

- How Paubox provides HIPAA-compliant email and APIs

- Where security and privacy in healthcare is headed

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here. 

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

You're listening to the virtual see soap podcast, a frank discussion providing the best information security advice and insights for security it and business leaders. If you're looking for NOBS, answers to your biggest security questions or simply want to stay informed and proactive. Welcome to the show. Hey there, and welcome to yet another episode of the virtual see so podcast. With you, as always, your host John Very, and with me today is hawala Greevy. ALOHA LA. How's the John? How are you today? Did you did you see what I did the Aloha? No, not letters my name. No, the same letters as my name as well. Is Now is that now? I know your Hawaiian, or Hawaiian you know or in Hawaii minimally, by any chance does the fact that your name have those letters in it? Is there any significance of that? Now, completely different meaning, just a coincidence. Okay, yeah, it's cool. So thanks for thanks for coming on that. I looking forward to this conversation. Always like to start super easy. Tell us a little bit about who you are and what is it that you do every day. Sure, I'm the founder CEO of power box. We provide seamless, encrypted, compliant email in the US healthcare vertical. Our mission is to become the market leader for him, but complying email in the US. I built the product in Hawaii, pulling an all lighter and I moved the company to San Francisco in two thousand and fifteen for our launch and since then we over we have over threezero paying customers all fifty states, twelve countries, team of about fifty employees and three distinct product lines. So before we get downe the business, I always ask the question what what's your drink of choice? Well, I'm in Hawaii right now, so it's coffee, but if it was later in a day it might be Tequila. So yeah, depends on day. All right, so let's you know, I was really interested in having this conversation because my experience in healthcare is that the information security posture and in our healthcare systems is not quite what I think it should be. But I was, you know, anxious to touch chat with somebody like yourself who works in it every single day talk a little bit about the current state of information security in healthcare and whether or not that differs between the larger hospitals that you work with versus this smaller medical office programs. Yeah, sure, so, among our three thous customers we have a pretty good sanb segment there and drilling down into it, I and my opinion when it comes to compliance and INFOSEC, still the wild west. You know, some dentists will go wow, well, that doesn't apply. I don't need to do that. Smaller practices. You go up to the larger practice healthcare organizations and I guess of mine, without any solid data to back it up, is there. Emr deployments have evaporated, it budget with nothing much left for, you know, necessary security investments. But to be clear, that's just the hypothesis. So whole industry need to help. I would agree. I mean, like you know, we do a little bit of work in the healthcare space and the recent it's only a little bit is because they really don't have the funding, it appears, to do what they need to do and they know that their risk. I mean I feel bad for some of the SESSE's that I've spoken with because they know where they are and they're just their hands are tied from a financial perspective and I know like even something as simple as investing in a proper security risk analysis which is the first step of being hip a compliant. They're like, oh, we got this little spreadsheet and I'm like look, here's the ocur final guidance on risk assessment, and they're like yeah, I get it, but, yeah, I don't have the bucks. Yeah, and, as he said, it's required by law once a year at a minimum, an annual risk assessment. And yet most of these...

...folks are looking to check the box and invest the least the man possible on average. Well, I think with and I think that's what makes you guys valuable and important to the healthcare industry right is that they can engage with a single vendor and it takes a lot of the risk off them. So talk a little bit about like pop boxes. Hip a compliant. What does that mean? What makes you hip a compliant? So, at a high level for hip a compliance, when it comes to data, you want to be encrypting data at rest and you want to be encrypting data in motion. So we focus on encrypting email data in motion. So I've been doing email for a long time. That's my first job out of college in one thousand nine hundred and ninety nine. So we're doing email. You know, twenty two years and it's one of the oldest protocols of the Internet, smtp, if not the oldest. And the highest priority of the SMTP protocol is message delivery. That's hard coded in right and a lower priority is message encryption. So if the receiving mail server is not capable of accepting a tls connection using starttls, this is message encryption and motion it will automatically downgrade the connection to clear text because it has to achieve its highest priority getting the message there. This happens without the end users knowledge or approval. I mean you can read mail headers and they can get very confusing. You can see the proof of the male headers. But this is why all the other competitors have built porter based solutions or APPS, because when you have a portal you can force an https connection and a log in. But the thing that everyone hates right seven steps, fifteen minutes just to read a message. The experience is even worse on a smartphone. I mean it's just terrible. And so what we've done, because we've been doing this for so long, is we just took the message encryption component of the SMTP protocol and made it equal in priority to message delivery and that that's the break that we've done is re engineering SMTP protocol without breaking anything and then providing that as a service for our customers. And in healthcare, turns out a lot of stuff you're emailing can be construed as protected health information and sensitive data, and so the benefit we provide our customers is for our flagship product, you set your email gateway or your smart host, depending if you have an exchange server, and all outbound email gets routed to pile box. So we encrypt every email for every sender on every device. No change in behavior. You don't have to remember to type the word encrypt or secure in the subject line or any of that crap. It's just totally seamless and we just put a footer on the bottom letting the recipient know that the center has taken diligence to encrypt the message. and Luckily for us it's a handing glove fit with healthcare. Yeah, I know it sounds really interesting. I love the idea of that frictionless because you know, I'm a security guy. I've been doing this long time and I understand the value of of security email, but when it's not implemented well, I hate it. You know, it's such a hassle to deal with. So it sounds like what you're doing, and correct me if I'm wrong, is you know, there they are pointing their mail server to you. You're accepting a tls connection from the mail service, so we know the email stays encrypted it during that course you're encrypting local data and then you're taking the responsibility to ensure that if you're going to deliver an email, that is delivered in encrypted fashion on their behalf. Yes, so we for our encrypted email product. We do not allow unencrypted connections from our customers and in fact we require our customers to establish at least the tls one point to connection. We also support one point three. This is exact guidelines with the NSAS guidance earlier this year in January. And then,...

...on the same side, we enforce the same requirements when we send the email to their intended recipient. Now, if the recipient is not capable of handling a connection that high or doesn't have tls at all, then we detect that on the fly and upload it to our secure message center and then send that recipient a link to go and view the message. Now and then there's different levels of security our customers can enforce on how much friction they want to impose on that particular message to get that gets delivered, and we've we have two patents around that, and so you know, we're building an IP portfolio as well. Yeah, like the I like that model. You know where what you're doing is you're creating friction for somebody because of their misgivings about their security posture. It almost insents them to actually do what they should be doing, which is allow a tailess, you know, encrypted communication of the mail server, right. So and and what you do is that your client doesn't feel any pain, any friction. It's just that if they've got people that are not so that's a nice model. Yeah, you'd be surprised. On ironically enough, there's a lot of these email security appliances in the wild. Baracuda is a common offender. By default, these appliances ship without tls enabled, and so they're sitting in front of this on Prem Exchange server or something racked in a data center, tls is not enabled, so it's stripping off any sort of encryption coming in or going out of their exchange server. All their email is flying through the Internet in plain text because of this security appliance that got shipped by default with the thing disabled. And there's quite a few I'm hot there. So it's not as clear cut as you think. Yeah, just another great example of where people get budget to buy product but then they don't get the budget for the training or to keep the tool updated and it's misconfigured and and they're when they've got a full sense of security. And we see it all the time. So so not really that surprising to be unfortunately. Yeah, so question for you. So, you know, when you think about hippo compliant email, I think the classic case that you think of is protecting your atbound communication. You know, I'm working in a doctor's office, I'm sending something to somebody and I want to make sure that I'm being hippo compliant. How is it different if I have to worry if I'm a in the medical profession and someone might be sending me Ephi in an email or something of that nature? You know, how does your solution handle that that particular use case? Yeah, great question. So from hippop strict interpretation it's not required that you encrypt incoming communication, but we pride ourselves on customer feedback and using it as a roll map of what to build and when. And so enough customers started asking for it, so we rolled it out. So if a complementary service that provides inbound security, whereby it's a similar concept, we become the MX record for our customers domain name, therefore routing all inbound traffic to us. And in this case, if the sender is offering an encryptic connection, will of course encrypted send it along to our customer, assuming of course it's not a ransomware, fishing etc. And we'll put a little footer at the bottom letting our customers know that we encrypted that inbound the email as well. So, again, not required for hip hop, but a lot of people love it. And in addition to that, every paid customer of ours we also provide them with a secure contact form. It's just the link with some default fields, you know, you can use to drag and drop a PDF document, for example, hits and we encrypt it to the customer. So another method our customers can use their patients or, you know, other doc does an ecosystem to send them a encrypted email. So that's cool question for you. So that I like what you said where you you have some ability to filter, if you will, emails that might be...

...malicious in nature and things of that nature. Has Anyone ever requested, I would think, is there any concept of almost like white listing and email address? So, in other words, let's say that I am a doctor and somebody WHO's not my patient sends me medical information before I've gotten you know, they've become a patient, they've signed all the paperwork. Is there any way to do almost like a white listing, if you will, of hey don't accept. Only accept emails from customers that we know are inbound, emails from customers that we know are already already a patient of ours. Our system can be configured that way. I I don't know if anyone's using it that way, but we it could be done. Yeah, that can, because I would seem to make sense to me, because, because I mean like that, you know that way you don't ever end up with Phi from somebody that you don't intend to have PHI from. I was I was just thinking healthcare is the last American business segment to use email. It's just amazing to me. Even to this day. A lot on answered questions around using email and healthcare and that's probably one of those. Yeah, so I know you make a point on the website of that you provide hip hop compliant Apis. That that piqued my interest. Who would be using your APIS and why? Sure, yeah, so we have a pub box email API's way to think of it would be a hip a compliantce and grid, High Trust Certified Sand Grid. So we have a rest API, SMTP API, and the most common use cases right now are test results, covid being classic use case. So you can send the test result straight to the person's INBOX. They don't have to log into a portal, which data shows ninety three percent of them don't bother to anyway. You can also use it for personalized pointment reminders, where you may need to insert some Phi to really trigger the reminder, either to not eat before a surgery or don't miss a certain appointment. And then, lastly, they're also using it to send lab test results which may contain, say, a PDF document, and that's really neat too, because you can deliver that straight to their inbox in a compliant manner without requiring your end users to log in. And you know, for the boomers out there, they just they have a lot of problems with tech, and rightfully so. They never grew up with it right. So if you can deliver it straight to the INBOX and be compliant, that's a really good use case. there. Gotcha. WOULD THAT BE? And, like you know, the API would be being leveraged by like, like what? Like, you know, epic or one of the Orcerner or one of their HMS, you know, LMS systems. WOULD THAT BE? What would be? Would be calling your API to deliver the things you talked about a second ago. We don't have the big ones on it yet. We're in talks with some larger lab testing. Why? Actually, we do have some lab testing customers, some big ones, but the big Mrs, not yet. But conceptually as very much so, okay, makes and make makes total sense. So health care is definitely one of our critical infrastructure agencies and we know that the government has been very keen on issuing guidance recently. So, you know, up to and including the presidential executive order. Zero Trust is a as a big topic of conversation. Where you guys at from a power box perspective with Zero Trust? Yeah, for sure. So far involund security product which is I was mentioning earlier. Again, we value customer feedback. So we started getting customer saying, Hey, why did this get through your system? Right. So we got enough of these examples on our hands and I started diving in deeper and what I realized, what they all had in common was the fishing campaign was sent via American company infrastructure. Right, these bad actors were opening accounts on aws go, Daddy, mail, chimp, mail, gun, IBM, etc.

And then launching their campaign. So you know the rbl for the IP reputation check, D Mark Check, D Kim check. It passes all known email security checks, of course, because it's being sent on American company the infrastructure. And so what we realized was, hey, the barbarians are already in the castle, they've already crossed the mode. We need to come up with an additional piece of authentication in addition to what's already out there. And so we created this thing called zero trust email. We rolled it out a few months ago and what we're doing is we're focusing on the multi factor authentication component of zero trust, and so in this case we're requiring additional set of MFA between the mail servers themselves. So the process is invisible to the end user. But what we're saying is, Hey, I know you are sending from Amazon sees, but I still don't trust you. I need one more piece of information, and that piece of information is custom for each of our customers and it changes over time. So it's very difficult to impersonate this information because it's it's personalized and it changes over time. So we've had some great feedback from it so far, but you know, it's an evolving landscape. I mean we are in an unacknowledged war with, you know, hostile roke states, because at the same time we were getting these complaints from our customers, you know, I'd be reading articles in the New York Times and Wall Street Journal saying Robe nations like China and Russia, they know that the FBI, the Nessay, etc. They are not allowed to go in and break into American companies and surveil their systems. It's considered out of SCOPE. So that's precisely what they're doing. They're setting up accounts on American companies using, you know, like legitimate credit cards, legitimate bank accounts, and I think there's just so many of them created these companies can't keep up. So pretty harsh landscape out there. Yeah, I guess I would explain why. I think it was yesterday I saw an article pop that said fifty percent of America's hospital systems have been hit by ransomware in the last end period of time, I think was a year or two, which I found somewhat staggering. Well, yeah, I mean, Phi data is is worth more on the black market. It's definitely a vulnerability and are infrastructure. These folks need a lot of help and you know, we're here to do it. It's just an ever evolving landscape and I think the cloud based solution is best. These on premise devices they can't keep up well, especially because, I mean again, another thing that I read recently, you know, I don't know if it was accurate now, but somebody asserted that many, if not most, healthcare systems don't have any true information security person, or hospitals, excuse me, don't have a true information security person on staff, which again, one of those things are yeah, the see saws, the CIO and the yeah, yeah, I wouldn't be surprised. Yeah, which were which is staggering. I mean, and and you know, at that point the idea that you'd have fifty percent of hit by a ransom whare makes makes a lot of sense right. So, speaking of like you know, people ending up on on the bad boys list, so to speak, I know that you have done a lot of work with the D hs hs wall of shame. Tell me a little bit about that. Yeah, sure. So, federal law, Hippah, if you have a breach affecting five, are injured or more people, you're acquired by law to report it to the HHS, health and Human Services within thirty days and then it gets posted on this site which is nicknamed the HHS wall of shame. And so, to make it more digestible, every month we do a POW box hipop breach report and we just kind of...

...break it down into digestible chunks. And the takeaway for the last four years that we've been doing it is the two most common breach point vectors. It's not laptops, it's not paper, it's not the EMR system, it's email and network servers, or just servers, and that continues to this year. So statistically, just using this data, the most likely breach point is email in healthcare and I think that would apply probably across verticals. Yeah, so we do that every month. Yeah, I think. I think, if you know, I mean I forget what the exact number is, but a very large percentage of some type of a social engineering most frequently at least, initiated via fishing, right. Yeah, Password resets, fishing, impersonating the CEO of the CFO. Yeah, yeah, it's it's it's ever, ever changing. Yeah, business email compromise is definitely a pain point in every and every vertical. So the idea that you would see what you're seeing isn't surprising. So so question for we recently did some work internally using was our first paray into leveraging some machine learning to try to move security from a reactive to proactive stance, and it was it was pretty promising and really interesting and fun for me. I would imagine you are, you know, you are processing millions of emails per day and one of the core tenants of machine learning is having a large enough data set to train. So it sounds seems to me like you have a fantastic data set for machine learning. Is that something that's on your road map? Yeah, that's a great use case there and we're currently training our data sets now for those reasons you said, John. So access to the data's free. It happens a lot. And the training set of this component we're asking our customers do via robot we've built. So we're collecting data now and then we're going to train it and I'm expecting, I'm pretty optimistic about, the results will get. So yes, that's definitely something we're already doing and I see ai as a pivotal part of our company's future. I think it's clearly the future in our business. That without a doubt. Yeah, yeah, I'll be. I'll be paying attention to see see what you guys doing, because that sounds really exciting to me and I can see that it would be insanely a potentially insanely useful. So your model is really elegant, you know. I like the way it works and it would seem to me that it would work for any other client, not just the folks in healthcare. So I mean, have you guys thought about using it outside of the healthcare space? So would like as an example the cyber security maturity model, certification requirements. You know that encrypted email is a requirement for controlled unclassified information and it would seem like that would be another potential good fit for you guys. Yeah, will. If our customers start asking for it, we will take thee take a strong look at it. So that's kind of how we base our our approach this stuff. Right now. Healthcare has been a wise choice because as a startup, boiling the ocean probably doesn't work. So, you know, it's one set of laws, it's one currency, it's one language. From a sales and marketing perspective, it it really allows focus and I mean it's just a huge industry that's massively underserved. But we do have finance attorneys, accountants, we have those customers on our platform. But it wouldn't be obvious to you, if you can to our site, because our our language and positioning is is healthcare. But we do have other hers. Yeah, it makes it makes a lot of sense to me. So Phi, elements of Phi definitely fall into what we would refer to these days as personal information as defined by, you know, California Consumer Privacy Act. You Know Virginia's new law GDP are. How does power box deal...

...with personal information and what's your what's your plans there? Yeah, so for the CCPA, that's the California Consumer Privacy Act that went into effect earlier this January. I check the fine print and when it comes to Phi, there's an amendment that got put into it that exempts Phi from the CCPA. So it Kanna says hey, that's Phi and it stays in hippoph. Everything else under this thing is CCPA. So that's one piece that's covered or exempt. There's a similar thing when it comes to the data requirements around the purple regulation. If there's an overlap between FURPA and HIPPA, hippop takes precedence. So kind of a similar stance there. But you know, fed ramp, CCPA, GDP are will take the same approach. If we see a pattern amongst our customers or potential customers, will go that route and I think it's a matter of time before we get pulled into it. So that's that's a PERFECTA customer feedback. Yeah, well, I mean, you know, one thing is good for you right as you're already high trust certified as I understand it, and high trust is a fairly harge lift. I mean that's not a that's not a certification. It's easy to get. So it speaks to you having a very comprehensive security program in place. So getting to C MMC or getting to an eight D seventy one are getting to a fed ramp. While it will require some effort, it's not going to be some Herculean task because you already have a very good security program yeah, shucks. That's precisely why we chose high trust. Enough customers were asking for it, so that's why we pursued it and not suck to. We just didn't have a lot of people asking for suck to our fed Ram. So that's why we chose that. Definitely a journey. I lived it. We were the first email encryption company to get it. That's a big lift and I I'm happy we did it. It was a tangible road map for us to level up our security posture as a start up, because, you know, you building the plan as you fall out of a building, the parachute as you fall out of the plane. So I'm grateful for it and I'm hoping you're right. When it comes to Fred Ramp, I haven't done a lot of research on those just yet. Mainly do because not a lot of customers are asking for it. Yeah, the other one, in which you might if you're working in in at the state, at the state local, educational and level, fed ramp spun off. There's a there's a program called State rampdown, which is for entities that might not be doing work in the federal space but need to get to a high level at the stations of the state's built a program based on Fed ramp. So that would be another one to kind of throw into the back of your brain. There that at some point you're probably end up stacking on top of the stuff that you already have. You know, when we are first high trust auditor, he'll took a look at our business and he goes, dude, in a couple years you just going to have guys like me coming in your office left and right resort of every day. Listen that you just gotta that would be a sign of success when you got guys like me just cycling in and out for all the stuff you got to maintain. I'm like, Oh, okay, well, you know, in a weird way that's sort I had ever thought about that. But in a weird way that's sort of like. You know, I know we all bitch about paying taxes, but when your tax bill gets really, really high, that's not a bad thing, right, because I'm eazy, made a lot of money. Yeah, so in the same thing with you, right. You know, when you're at the station, Bill, you know, gets to be crazy and you've got fed ramp and you've got eyeso and you got high trust and you got you know, and they you know, C MMC. Yeah, that's not necessarily a bad thing, right. You know that that means you got a lot of clients are right demanding a lot of evidence that you guys are doing good things. So, yeah, that those are those are sort of good problems to have, right. Yeah, those would be deep moats, for sure. Those are those are tangible molts. Yeah. Yeah, so you spend every day, all day and in the healthcare space, talk a little bit about where you think security and privacy will go in healthcare, you know, over the next couple of years. You know, is their light at the end of the at the tunnel for us, because...

...this is, you know, at the end of the day, it is like, I'm glad to promote your product for selfish reasons, and the selfish reason is that now I've had my medical information leaked multiple times. People get hurt by bad information. Security so the more folks that are on your platform, the less likely it is that mine and the other people I listened to data gets out there. So where do you think this is going? Yeah, so thanks for that question. As it relates to Hippoh, I don't think that's going anywhere. So I think that's something you can bank on from a from a business perspective. When it comes to privacy, I think we're going to see more states creating their own one offs, like California did, when it comes to privacy laws, and then at some points the feds will step into create a nationwide privacy act just to simplify things. However, I think this will take some years to happen. The big tech monopolies out there will be inclined to steer their armies of lobbyists to kill such a maneuver and in the end, what I think will happen is a new privacy amendment will be added to hippo, and we've seen this in the past before with the hippop Privacy Act that came into effect in two thousand and three, the High Tech Act Two thousand and nine and the breach notification rule in two thousand and nine. Hippo itself was enacted in one thousand nine hundred and ninety six. So it seems to be an evolving piece of legislation and I think they're going to attack on a privacy act and you know, the monopolies will probably let it through because that's not really their business, but when it comes to privacy in general, for some of them that's entire business model. So I'm imagine they'd steer their lobbyists to kill something like that. You know, it's actually interesting. You see diverse activity there. So there was a group, and I forget it was, it was a group of the big guys. It was the Google, Microsoft, apple, you know, a combination like that, that actually lobbied for a federal regulation. They were pushing for it, not against it, and the reason they're pushing for it was they didn't want to have to deal with fifty independent state regulations. Like I mean I think they're recognizing like, okay, this happened with, you know, California SB was a three hundred fourteen right the you know, the the first of the privacy breach notification laws, right and then over the course of the next fifteen years, fifty states ended up launching them right. So I think one of the concerns is that they don't want to have fifty state privacy laws and then, you know, two hundred country privacy laws to deal with. So I think in a sense having one national, you know, one national privacylow would actually be easier for them. So it'll be interesting to see where this goes. I do think you're right. I mean I do think, you know, privacy, a privacy amendment on to Hippah. I've heard other people talk about that as well, and that would also get complicated, right, because if you're dealing with hippo data and you're dealing with non hippo data, now you're navigating another, yet another regulation to deal with. So I'm hoping they figure it out because, you know the that kind of level of complexity isn't good for any of us, right. It just drives up friction, drives up cost for all of us, right, with probably a minimal actual value, you know, to the to the extra dollar spent. Yeah, I could see our scenario playing out as well, John. In that case, I would probably guess the Federal Privacy Act would probably not have a lot of teeth in it and and provide these monopolies with a lot of outs. They'd probably push it for that direction. Yeah, Oh, yeah, yeah, yeah, they yeah, they was. You know, the I heard someone say it was on a movie where they said if if you're not paying for the product, your date is the product. So, yeah, these companies, these big guys. Yeah, these big guys do not they don't want to lose their cash cow. Right. You know that? You know we think it's all. This is great, I get this email for free, I get this as application for free. NOPE, in not exactly, guys.

Yeah, that's the common phrase for vpns. Right. If the VPNS three, you're the process. Yeah, unfortunately, I don't think most people realize that. All right, so we beat this up pretty good. Did I miss anything? Is there anything else that you'd like to cover with regards to the cool stuff that you guys are doing over there? A power box? Oh Man, thanks, Sehn. Yeah, we're really fired up on email ai. You know, we like to talk to our customers and one thing we've noticed during the pandemic is they've taken advantage of a project they've wanted to eliminate for some years, and that's getting rid of the facts machine. And if you're not in healthcare this may seem bizarre, but it is the default form of communication. It is the dominant form of communication and healthcare. So they can't ditch the facts number because of the entities they deal with. But they did go effects right, and again that's just such a dated thing. But you know, people are healthcare is selfcare, and so what that means is this more email coming in, especially on the e fact side, and what we see is a pretremendous opportunity for workflow automation as it relates to email coming into an enterprise. And so we've rolled out popbox email ai. It's part of one of our product lines. We've got our first paid customer using it, and this concept of workflow automation, I think it's really powerful. So we're looking forward to further building that out and I really think it'll open up new plateaus for us to automate workflows on our cut for our customers in a compliant, high trust certified manner. I think skies a limit on that one. So pretty fired up got you? So so when you say automation, right, so let me take a guess here. Right. Have facts comes in through the email five facts and currently what somebody does is they get that email, they open it up, they might look at that and then they'll enter date into some system over here, right in Emr. Is the idea that your ai would be able to look at that facts, understand what that facts was about, extract some of that information and, let's say, populate that in the Mr directly you for that person. Yeah, that's exactly it. We'd work with the customer to build a robot to identify certain type of email, parse the message input the data into the Mr. I mean these folks that do this, they don't like doing it anyway and it's error prone, it's rot it's repetitive. It's a prime candidate for WORKFLA automation, which is a segment of Ai Right, robotic process automation, or URPA. So there's a lot of work up front integrating with the particular Emar. So that's where we're cutting our teeth on now, is building out the functionality and then, you know, we can read leverage over, you know, economies of scale once we get all this stuff done. But yeah, that's a classic example and our customers are fired up on this thing. Another one is we learned this during a zoom social mixture. We did these corporate voice mail systems that are sending emails of audio files if you don't answer your extension, and so they're terrified of them listening to it in public on their smartphone. So what we did is we hooked into NLP, natural language processing, and we transcribe the audio file of that message and we insert the text into the email. So now they get the email with the attachment still there, but we've inserted the voice mail transcription and that one's been a home run off the gate because it lowers the risk pro file of this one particular thing that they need to pay attention to. The end users love it because they don't want to download the attachment anyway because it takes too long, and it's accurate enough where it's reliable. They just scroll on their phone and read the thing because of course some of these contain Phi right. So a lot of sensitive stuff coming in these voicemails. So that's another exciting use case we've already built.

That was our first robot and disguise the limit man. I mean, if we look at our business, there isn't anything that happens in our business. That doesn't happen in email, receipts, invoices, renewals, notification, billing reminders, a lot of this stuff can be automated to a billing system in the MR etc. I mean, skies the limit, dude, skies the limit. Yeah, it makes sense because if you think about I mean, what percentage of people sit all day reacting to, I mean, processing email, right? They I read an email, I take action based on what's going on in the email. If that action doesn't require critical thinking, right, why couldn't it be? You know, some level of automation be applied in the enterprise. There's an entire departments dedicates this stuff. So you can reassign them, you can shrink them, you can I mean, there's just all kinds of ways to do it, and these folks don't even like doing the work anyway. This particular work right because it's better suited for a robot. You want to let the humans do things that involve judgment and making decisions on limited sets of data. This stuff is perfectly suited for a robot. And it all is basically revolving around transactional email. Right. So if we can identify transactional email, or effects. Then we we can identify the business processes for our customers that we can suggest they automate. And if you google the term email ai, I mean John, there's not much out there, man. I mean it's a completely wide open landscape here and we're hoping to provide business leadership to further define what exactly email ai is. And this isn't hype anymore. This may have been hype in two thousand and fifteen. This is the real deal and we're already doing it. Exciting stuff, man. I'm looking forward to it. So I always ask, give me a fictional character or, if you'd like, a real war person who you think would make an amazing or horrible see. So, and a healthcare organization. And why? Oh yeah, yeah, that's a great one, man. I'm Michael Scott. For sure. That's that. That's a slam dunk, because, let me, you know, when the Prince of Nigeria emails you asking for help, you know you help them. I mean, yeah, if anyone doesn't reckon, if anyone doesn't recognize the office reference, you're no longer allowed to listen to this podcast. All right, anything else. So, if folks want to get in touch with you? What's uses way to get in touch with you? You know I have a unique name. So who all Agreevy, you find me on Linkedin twitter, very much opposed anything facebook does. So I am not on anything facebook related, but definitely on twitter and they there. Yeah, okay, so you didn't react to my Aloha when we started, so I'm going to try one more and and I don't know how to exactly say it. Probably use it somewhat noncontextualized, but I think it's supposed to show appreciation. Mahala. Yeah, is that the right way I say New Mahala, Louis Law, thank you very much, but yeah, my yeah, all right, well, I got half of it, so you got to give it you. I get I get points for trying. Right, Oh, lots points, bad for sure. Juala man, thank you so much for coming on. I appreciate it. Best of luck and, like I said, I genuinely appreciate what you're doing to predect or to protect all of the people that are going to the healthcare providers every day. You guys are providing a lot of value about on, John. Thanks. Oh, follow. You've been listening to the virtual see Sooa podcast, as you probably figured out. We really enjoy information security, so if there's a question we haven't yet answered or you need some help, you can reach us at Info at Pivot Point Securitycom and to ensure you never miss an episode, subscribe to the show in your favorite podcast player. Until next time, let's be careful out there.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (101)