As founder and CEO of a company that guides medical professionals through the complex and daunting world of HIPAA – the 1996 federal law that restricts access to individuals’ private medical information — Sarah Badahman knows she needs to express to her customers passion and enthusiasm for the subject matter.
To wit: her LinkedIn profile reads, in part, “I have been accused of being a special kind of crazy since I love HIPAA and all things security related!”
“Apparently, this is not a normal love,” she writes.
And indeed, Badahman’s passion for the Health Insurance Portability and Accountability Act, a subject most people find overwhelming at best, comes shining through during a late evening phone interview with a reporter, after a long day of work and road trip to southern Missouri to deliver a speech.
“I feel like you have to show passion,” says Badahman, founder of St. Louis startup company HIPAAtrek. “Saying I’m crazy for HIPAA just makes me more approachable because, for most people, HIPAA sounds scary. They don’t know how to approach it at all.”
But approach it they must, because of the huge issue HIPAA addresses: recent statistics indicate stolen medical information is worth 10 times more than your credit card number on the black market.
Badahman’s company promises to guide healthcare organizations and their business associates in the creation, management and communication of HIPAA policies and procedures, using online manuals and training modules on the compliance journey.
Badahman says her company’s incremental approach to guiding customers is a big key. HIPAAtrek’s software conducts what might be termed “virtual hand holding,” sending notifications to medical administrators when the time is right to conduct specific HIPAA-related tasks. “The system sends you e-mails so you are getting bite-by-bite, step-by-step guidance. That makes it easier to comply,” says Badahman.
Badahman says this baby step approach to HIPAA is a necessity for some of her clients.
“Some of them,” she says, “aren’t even sure how to properly create passwords that are secure and protect a patient’s information. So by using our product they learn how to do that. They learn that a password should be at least eight characters long, and they learn the complex algorithms they should be using when they create their passwords. They also learn they should be changing their passwords every so often – every 60 or 90 days. It’s a big deal because there are a lot of hacks that are happening due to password insecurity.”
HIPAAtrek’s target customer, says Badahman, is “anybody who needs to be HIPAA compliant. We were founded in May of 2014, and right now we have 87 organizations using our software. They’re as small as one physician and one employee, all the way up to an organization that has 750 employees over 27 locations. And we have small business associates like outside IT consultants and business consultants using our software as well.”
Badahman says an organization with one physician and one employee would pay about $30 per month for the service. An organization of 750 employees would pay about $2,000 per month.
She cautions potential customers that working with HIPAAtrek doesn’t mean a medical provider simply can offload it’s HIPAA responsibilities to a contractor. “Compliance is a journey,” she says. “That’s where the ‘trek’ in HIPAAtrek comes in. It’s not, ‘here’s a check box and now we’re done with it,’” she says, reminding customers HIPAAtrek helps administrators, but doesn’t completely take over their HIPAA responsibilities.
And while she proudly embraces the technical assistance she is providing customers, Badahman says there is a much deeper, altruistic goal that exists at the foundation of her company. Noting that many talented healthcare professionals have expressed frustration at cumbersome compliance processes and have indicated a desire to leave the medical profession because of them, a reporter asked Badahman if she felt services such as HIPAAtrek might deter some from leaving the profession.
“I hope so! That’s one of my biggest hopes, because I feel for them at the very core of my soul, as a healthcare professional. I want to make it simpler for physicians to comply with regulatory issues like HIPAA so they can focus on patient care again.”