🎧 Brian Doyle and Jeff Broudy of Rectangle Health join the Group Dentistry Now Show. The duo discuss:
💰 Rectangle Health’s recent acquisition of PCIHIPAA and their OfficeSafe solution
💰 Security and compliance
💰 Recent data breaches in the healthcare space
💰 Emerging security threats
💰 Vulnerabilities uncovered while working with DSOs
💰 PCI and point to point encryption
💰 HIPAA enforcement trends.
To find out more visit https://www.rectanglehealth.com/ or https://pcihipaa.com/
Take the free HIPAA Risk Assessment – https://pcihipaa.com/free/
If you like our podcast, please give us a ⭐⭐⭐⭐⭐ review on iTunes https://apple.co/2Nejsfa and a Thumbs Up on YouTube.
Our podcast series brings you dental support and emerging dental group practice analysis, conversation, trends, news and events. Listen to leaders in the DSO and emerging dental group space talk about their challenges, successes, and the future of group dentistry. The Group Dentistry Now Show: The Voice of the DSO Industry has listeners across North & South America, Australia, Europe, and Asia. If you like our show, tell a friend or a colleague.
Choose your favorite listening app below and subscribe today so you don’t miss an episode! Full transcript is also provided below.
Full Transcript:
Bill Neumann:
Hey, I’d like to welcome everybody back to the Group Dentistry Now Show, I’m Bill Neumann. As always, thanks everybody for listening in. Or you may be watching us on YouTube, so whether you’re listening or watching, thanks for being here today. Without an audience, we wouldn’t have a show and of course, without great guests, we wouldn’t have an audience. So we appreciate our two guests on here today. We have Jeff Broudy and Brian Doyle, and you probably don’t know Jeff, but you’re going to get a chance to know Jeff in the next 30 minutes to an hour. And Brian, most likely you’ve seen him around at all couple of the DSO meetings, probably all the DSO meetings over a-
Brian Doyle:
Probably all of them.
Bill Neumann:
Couple of years. And he was on one of our webinars last year. So Brian, thank you for being on the Group Dentistry Now Show again.
Brian Doyle:
My pleasure. Thanks for having us Bill.
Bill Neumann:
You’re welcome.
Jeff Broudy:
Yeah, thanks Bill. Appreciate it.
Bill Neumann:
Cool. We’re going to get a chance to find out about Jeff and his company and how now they’re part of the Rectangle Health family. So brief introductions, and then I’d love for both of you to fill in any blanks, if I miss anything. I’ll go with Brian, because he needs the shortest introduction. Since most people know him, he is the Vice President of Enterprise Solutions for Rectangle Health. Like I said, you’ve probably have met him before or at least walked past him. The next time you have to stop and talk to him. If you’re at a DSO meeting, don’t walk past him, now you know him. He’s been consulting with dental practices and DSOs for over 12 years, he’s experienced in healthcare payments. His goal is to provide state-of-the-art payment and engagement solutions to clients seeking a better patient experience and reduction of accounts receivable. So I’ll let Brian fill in some blanks. So, Brian, how long have you been at Rectangle Health?
Brian Doyle:
I started 12 years ago, I was coming up on 13. So it’s actually kind of crazy, I’ve been here my essentially, my entire adult life.
Bill Neumann:
Okay. So, your entire adult life in with Rectangle and then how much of that in the dental space?
Brian Doyle:
Yeah, so I started in dental. I obviously have strayed away a little bit here and there, but our bread and butter and where we concentrate, a lot of our efforts has been and still is in dental. So I’ve been kind of ingrained in dental the entire time.
Bill Neumann:
That’s great. All right. So Jeff Broudy, so you may not know Jeff, like I said, you’re going to get to know him. He’s the Vice President of Compliance Solutions. The company is PCIHIPAA and they’re part, like I said, they’re part of Rectangle Health and that’s just relatively recent, right, Jeff? That happened in March where this was your company, you were formerly the CEO of PCIHIPAA and then your company. And of course you were acquired by Rectangle Health.
Jeff Broudy:
That’s right. We closed the transaction in early March and hard to believe, that I founded the company back in 2012 and just a little background. I was at Intuit, I was working in their payment solutions division. So it’s a, I have a payments pedigree, so the, it’s very comfortable working with the Rectangle folks. It just, it feels right, it felt right all along. And when I was at into it, just to give you more background on how we started the company and how PCIHIPAA started, I was at Intuit, I’m working in a traditional payments company. We have a division, we’re integrating QuickBooks merchant services into the QuickBook software. And there are all these data breaches that were happening, 10 years ago and probably even longer and still happening today.
Jeff Broudy:
And the PCI Compliance was born probably before then, but it was starting to mature. And I was seeing a lot of the ISOs and a lot of the processors using PCI, obviously as a revenue stream and doctors and dentists were getting charged PCI fees and non PCI fees. And PCI’s part of our name. And we decided, what, if we approach payments from a compliance standpoint? So we’re actually just helping them get PCI compliant, helping them avoid the fines that they get charged. And the more we started to talk to doctors, the more they started asking us about HIPAA. And so we decided with really no imagination to just say, okay, PCI and HIPAA, let’s just call it PCIHIPAA, no creativity. And we created PCIHIPAA to do both, to really help practices with compliance. And then obviously knowing payments and trying to help them with their payments. Also, we kind of combined the two and PCIHIPAA was born.
Bill Neumann:
So I know this is your introduction here, but I have to ask this because we’ve got a pretty diverse audience. So we have people that run big DSOs, 1500 locations down to the doc that maybe has one or two locations looking to scale up. Tell a layperson what PCI means. What is that, if I don’t know?
Jeff Broudy:
So Payment Card Industry Compliance, you’re accepting credit cards. Everyone that’s listening to your show accepts credit cards. And if you do that, you have to be compliant. There is a requirement, it’s part of the Association’s American Express, Visa, MasterCard. They govern it, they got a lot of pressure from Congress to say, Hey, even though the big box retailers are the ones where there’s thousands of cards and they’re attacking those, it still goes down to the practice level. And definitely to the DSO level, they’re transacting a lot of data and that financial data needs to be protected. So there’s requirements that every single practice has to go through to make sure they’re protected. And it goes from, running a vulnerability scan if you’re transacting over the internet, which most practices transact over the internet today.
Jeff Broudy:
Whether you think so or not, you are transacting over the, even if you have a credit card terminal, you’re transacting over the internet. Because it’s plugged in to run it faster and make sure that you’re running those transactions, not delaying any practices in what you do in the practice. So you have to be compliant. You have to make sure that you don’t have any vulnerabilities within your IP address. You have to do a self-assessment questionnaire and really you have to make sure that card data is protected and that’s PCI Compliance. You have to do that every single year. You have to have a certificate and raise your hand on this call, if you have a certificate and you know what a certificate is. We talk to a lot of practices and we know that there, it’s just confusing and so that’s part of it.
Bill Neumann:
And that’s why Rectangle Health has you now Jeff, right?
Jeff Broudy:
That’s right.
Bill Neumann:
To help out with that. So you are now, you are the CEO at PCIHIPAA, and now you are the VP of Compliance Solutions for Rectangle Health. And that covers HIPAA, OSHA and PCI as well as data security solutions.
Jeff Broudy:
Exactly, exactly. So, when we started talking to practices and we were talking to them about PCI compliance and talked to them about their payment processing, we would often have conversations with the office manager. And she typically had the responsibility of everything that you just mentioned, Bill. She’s trying to handle PCI Compliance, she’s trying to handle HIPAA Compliance, OSHA Compliance. And we sat down with office managers and said, how can we help you? What do you need besides this? This was 10 years ago, besides the payment portion of your business. Where do you need help? And there, everything from what is HIPAA? What is the HIPAA Security Rule? What’s the HIPAA Privacy Rule? What do I need to do? How do I need, how do I train my employees? The, is my IT provider handling this? I thought they were handling this.
Jeff Broudy:
And we started to dig in and realize, you know what, this is a big pin point. And, we need to help practices do this because they’re just not compliant. And HIPAA is governed by the Office for Civil Rights. And it’s part of the law, it’s not optional, it’s mandatory. And in this day and age, you have to do something. You can’t sit on the sidelines and do nothing because you’re just exposing yourself to more and more risks.
Bill Neumann:
Interesting, and potentially expensive if you’re not compliant and scary. So, we’re going to get into all that. I’d love to first talk about, let’s talk about the acquisition. So, Jeff, talk a little bit, like you said, I think you started back in, did you say 2012? Is that when you started your company?
Jeff Broudy:
Yeah. We started the company in 2012. I could talk a lot about the acquisition. What do you, think is most interesting to your audience about the acquisition?
Bill Neumann:
Well. It’s, that’s a great question. So what I would ask is where do you see, where did Rectangle Health see you? Were you working together? Were you partners? I mean, were there things that obviously that you were doing at your organization that were a compliment to maybe what Rectangle was doing?
Jeff Broudy:
Yeah. I’ll speak for it, and I know Brian can probably add on. So we were competing against Rectangle Health in a way, they probably had no idea, we were competing with them because only a small percentage, less than 20% of our revenue is payment processing revenue. But what made us unique to them is we generate compliance revenue. So we have thousands of practices, the same type of clients that Rectangle has. And we’re generating revenue from a compliance standpoint, from HIPAA compliance and PCI compliance and OSHA compliance. And some of those, approximately 20% are doing credit card processing with us, but we didn’t have a technology. So the only practices that wanted to do credit card processing with PCIHIPAA were the ones that were on a credit card terminal and a standalone terminal.
Jeff Broudy:
And when we started doing some research and we started having conversation with Rectangle in our minds, the light bulb went off and said, oh my God, you have this unbelievable technology that we’ve been looking for. And we could sell and help our practices save, not save time and collect more by having your technology. And they started talking to us and said, oh my God, you’re selling compliance, this makes a lot of sense. We have a lot of our practices that ask about compliance beyond PCI Compliance, which we do. And so it just, it, there was such a natural fit when we started having the conversations.
Bill Neumann:
So, Brian, do you have anything you want to add to that?
Brian Doyle:
Yeah, so I’ll piggyback on that. So we at Rectangle have been talking about PCI and very proudly saying, we’re going to assist with your PCI. We’re going to assist with getting you compliant. We’re going to tokenize your credit cards, but then we would kind of stop. Even though we know in healthcare compliance specifically, HIPAA is extremely important to every size organization. So the one doctor practice through some of the largest DSOs in the country would ask us, Hey, can you assist here? Do you have any CE, any training courses? Do you have any HIPAA certifications? Can you help us out with training and onboarding new staff? Because, there’s a lot of staff turnover right now.
Brian Doyle:
There’s a lot of new people starting in the practices and you have to train them on these compliance. So when we saw their tool OfficeSafe 360, it was a no brainer. It’s something we said, all right, this is something we can layer into everything we do, it’s a natural fit. And then lastly, it’s just the culture, right? We get along with Jeff and his team very well. We see the market the same way. So that’s why it was a very natural progression in integration to Rectangle Health.
Bill Neumann:
Okay. So you mentioned OfficeSafe 360 solution. So that was part of Jeff’s company, so tell me a little bit about that solution.
Jeff Broudy:
Yeah. So coming from Intuit, Scott Cook was the founder of Intuit. He created Quicken and created QuickBooks. And by no means, am I going to stand here and say, that OfficeSafe 360 is anywhere near QuickBooks. But you can say that we took some of those learnings about creating a great customer experience and really talking to customers about, and really office managers about what they need. And that’s how we developed and created OfficeSafe, our software platform. So as we spoke to more and more in practices, they said, well, what do you need to do for HIPAA Compliance? Where are our biggest risks? And what are, and how are you addressing those risks? So things like, do you have policies and procedures? Are you training your employees? Are you executing business associated agreements? Do you, have you created a incident response plan?
Jeff Broudy:
Have you done anything regarding all the requirements around OSHA? All the documentation and a lot of practices, especially Dennis were saying, well, we have the book from the ADA and we said, wait a second. Okay, that might work. But what would make it better? And again, you’re talking, when you’re talking about DSOs, it’s multiple locations, uniformity. How do we get everyone on the same platform? How do we make it easy? How do we make it simple? And we don’t advocate that practices spend all their day in dealing with compliance. What we advocate is you need a solution. You need help just in case something were to happen to you, and let’s try to work together so that we’re there for you. If something were to happen, we’re there to help you train. We’re there to answer the questions we’re there, if you have an incident.
Jeff Broudy:
So part of the 360 piece there’s OfficeSafe, which is the software, the 360 piece starts to address some of those other vulnerabilities, like a cyber attack. And I know you had Gary Solomon, at Black Talent on last year. And I actually listened to that before I came on, because I don’t want to sit and repeat a lot of the stuff that Gary said, because we’re in the industry together. They do a great job on the tech side. We do a lot more on helping you quarterback something that may happen. And that’s where the 360 comes in. If you have a cyber attack, we have cyber insurance for you, and we’re going to be your incident response team. And we’re going to, everything Gary talked about, we’re going to help you and walk you through that process so that you can continue to treat patients and we can help with that. So it’s a combination of handling all the administrative requirements, handling some of the technical requirements. And really being there, if you have an incident.
Bill Neumann:
That’s really interesting, you bring that up. And Gary was a great interview, had some really excellent insight. So it seems like every week, probably every day, you hear about a breach. Something that’s happened, a cyber attack. There was just, I won’t name the company, it was not a DSO, but it was a dental company. Big dental company just had a breach or just reported a breach. I think it had happened in Q4 where social security, sensitive information was leaked out. So talk a little bit about this impact that you see. I know healthcare in particular seems to be impacted, seems to be vulnerable, but it’s across all industries. So talk a little bit about that. Why are we seeing so much now? Or maybe it’s all, it’s been going on and now it’s a little bit more out in the open? I’d love to get your thoughts on that. Just I feel like it’s everywhere.
Jeff Broudy:
If I share something on this, is it going to not be great for the podcast?
Bill Neumann:
It should be great. What are you going to share?
Jeff Broudy:
Oh no. Because, you just addressed something that is just so interesting that people don’t oh, you disabled. So I can’t really share anything, so I’m not going to share.
Bill Neumann:
Oh share. Well we could share something, go ahead. You talk and I’ll just-
Jeff Broudy:
No, I just, I always think this is, people hear because I lecture on this all the time and people hear what you just said, Bill, which is, Hey, all these things are happening. And sometimes a dentist feels like it’s a, just a scare tactic. And it really, I tell people, I said, this isn’t a scare tactic. This is, it sounds scary, but I want to show you what happens. So this is the Health and Human Services: Office for Civil Rights Breach Portal. And if you have a breach of over 500 records, you have to self-report, that’s what HIPAA requires you to do under the HIPAA Security Rule. Some practices don’t even know this, but you mentioned, well, what is it? What are you seeing? This is what I see every day.
Jeff Broudy:
It’s every single day, it’s a healthcare provider. It’s every state, it’s their business associates. It’s unauthorized access into their system through some kind of penetration through their firewall or a fishing attack or even a theft. If you have a, we’ve had employees steal patient information. And Bill, let me ask you a question. How much do you think just randomly, how much do you think a patient record is sold on the dark web, on average?
Bill Neumann:
I’ve heard this before. I can’t remember, but I know it was a lot more than I could ever imagine. But-
Jeff Broudy:
It’s, right now it’s trending at about 250 bucks. So, so my, so what I advocate to practices, especially DSOs, Brian, you probably know better than I do. How many, what’s like on average, how many patient records does a DSO have?
Brian Doyle:
Oh, tens and twenties of thousands.
Jeff Broudy:
Okay. So without, I’m a CPA by trade. So every 4,000 records, it’s worth a million bucks. So if you have 40,000 records, your patient data is worth about 40 million to somebody. So arguably that could be your single most valuable standalone asset in a DSO could be your actual, your patient records. And obviously the recurring revenue that comes from that. But that data is obviously at risk. They, it’s worth money. And you can see just on the breach portal, that this is happening in every single state, every single day, it’s DSOs, it’s healthcare providers. And we, as part of our program, that’s why we started it to say, no matter what you do, no matter how much money you spend, no matter how great your IT provider is, and some of them are great and some of them are horrible.
Jeff Broudy:
You’re not going to be able to protect yourself from being on this list. It’s not, some of my colleagues call it the wall of shame. I don’t, it’s not shameful to show up there, but your mindset has to be, I’m going to show up there. What do I need to do to prevent myself from showing up there? And am I prepared if I do show up there, what to do next?
Bill Neumann:
So that’s the publicly reported page that, and you have to self-report. So if something happens, it’s your obligation to put that information, the number of records affected, I think I saw there. And Jeff, to answer your question per practice, a typical dental practice has about 2,000 active patients. So you’re going to have at least 2,000 patient records, then there’s the inactive patient records and-
Jeff Broudy:
Right.
Bill Neumann:
We don’t know how long they hold onto those, and how many of those are out there. So, you’d mentioned the value of each of those records. So in each location, you could be looking at a million dollars in value in that patient data per location. Brian, again, you’ve been in the DSO dental space for quite a while. Talk about what you’re seeing vulnerability specific to the DSOs, the emerging groups that you’re working with.
Brian Doyle:
Yeah, absolutely. So Jeff went through a lot of what’s happening, right? It’s scary and it’s real. And what we’re running into is a number of things. One, just pure vendor management issues, a lot of DSOs, and a lot of just healthcare organizations have a vendor in place for one piece of what Jeff and I have been discussing, whether it’s HIPAA, whether it’s OSHA or whether it’s PCI or whether it’s cybersecurity, they might have a piece of that covered. Where we’ve seen a lot of kind of growth or easy protections is, are we using a PCI certified software or a gateway? Are we, do we have P2PE certified hardware? If we are doing card on file, which we should all be doing card on file. Are we encrypting that data? Are we sending secure text messages? Do we have the portals to train new staff? Because, what we’re seeing in the market today is two main real problems with the amount of growth happening, shortage of staff and vendor management issues.
Brian Doyle:
We can’t juggle the amount of vendors we have because we don’t have the staff to do it. So inevitably things are kind of falling through the cracks, what we envision and what we’ve tried to do by bringing PCIHIPAA and Jeff and his team into the Rectangle family is a one-stop shop. I do believe firmly in consolidation having that one go-to presence like Jeff was saying, who are you going to call? That is what we want to be. And we want to bring that to the market and we want to make it easy to juggle the amount of vendors and streamline the staff shortages that each vendor is experiencing today. So things like tokenization, things like secure gateways, that is readily available, you have to go get it, but it’s readily available. And then everything else we want to layer on and add to our, not only our clients, but anyone that needs that assessment is go to the website, check it out and take the proper steps from there.
Bill Neumann:
Do you feel, and this is for both Jeff and Brian, are groups, DSOs in your experience, proactive or reactive? So I mean, it’s, when we hear about these breaches, right. In a way, we are, we figure, okay, well obviously things weren’t in place or that they most likely wouldn’t have happened. So then there’s the reaction, right? And then Jeff, you talked a little bit about, once you report, then that begins the investigative process, then there’s the reaction to that. So are you seeing a trend towards more proactiveness because of maybe the, just the news about all these breaches or do you still feel like there’s a lot of reaction to it?
Brian Doyle:
Yeah. Jeff, I could start there just on the PCI side. PCI, seven, eight years ago, if we said the words, PCI, not, nobody would know what we’re talking about. Absolutely, nobody, we, it was a scare tactic in the industry to get in the door, right? Today, a lot of people know what PCI is and whether they’re concerned about PCI, the problem is to get compliant is extensive. It takes a lot of time, to sheer time to do it, whether it’s the questionnaire or the scanning. So we might do it 2021, and then, ah, we forget to do it in 2022. So it is a reactive step to that one little isolated compliance that is regulated for card processing. So we might do it, we might forget to do it. Or we just don’t have the time to do it, even though we know instinctively that it is on a radar that we need to do.
Jeff Broudy:
I agree, and I think it’s a combination of education and resources. I don’t think anyone is intentionally, not wanting to be proactive, but it’s the resource allocation. I always say, I’m older than both of you or I definitely look older. I know I am, but I always say, my, the most valuable resource we have is time. And when you’re a DSO that is just getting going and you may have, let’s just, let’s just segment them out. You have ones that are less mature than others, when you’re less mature, you just don’t have the resources to really be as proactive as you would want. And you have to prioritize other things in every business, all of our businesses, you have to make that choice because you don’t have all the time in the world and you don’t have all the resources.
Jeff Broudy:
So the there’s different stages. And then as you, as the DSO matures, they start to identify some of those opportunities. And some of those, they start to make some of those moves to be more proactive. But I’m still finding that they don’t have the solution and they, they’re not at, they still don’t have all the knowledge and the education of what needs to be done. And that’s where we found to be successful is being able to educate them on where their vulnerabilities are and then be able to be able to fill those vulnerabilities and solve those vulnerabilities in a way that saves them time, right. And so that they can reallocate those resources somewhere else. That’s a big part of it.
Bill Neumann:
So we talked a lot about PCI. Brian, can you talk a little bit about Point-to-Point Encryption?
Brian Doyle:
Yeah. So it’s a fancy term that basically means when you run a credit card transaction, that transaction, that 16 digits becomes what’s called a token. Those 16 digits no longer exist. So I use an example of Home Depot. You go to Home Depot, you swipe a credit card, that token lives with Home Depot. The 16 digits are gone though, they no longer exist. Even if there was a breach, that card data is secured because it becomes a one time pass, only token. So what we want in healthcare is to make sure every piece of hardware, even though I’m not a huge fan of hardware, I’m more of a software guy, but every piece of hardware in the market is P2PE. Because it’s step one, and it’s a very easy step to secure your data, your financial data via a piece of hardware.
Bill Neumann:
Okay. And that’s something that Rectangle Health is doing for the DSO clients, emerging groups, everybody in the-?
Brian Doyle:
Yeah. Anyone that uses Rectangle Health will have, or does have P2PE certified piece of hardware.
Bill Neumann:
So, no credit card information’s being transacted. It’s a one time token, that is what is transferred?
Brian Doyle:
That’s right. That’s absolutely right. And that includes cards on file, Bill. That includes your recurring payments, your subscriptions. That is all tokenized.
Bill Neumann:
Okay. Moving on to HIPAA, Jeff. Talk a little bit about that.
Jeff Broudy:
Yeah. It’s a bad word that people hear HIPAA and they, they’re a lot of doctors just because it’s from the government it’s, comes down from the government. It was actually enacted by President Clinton back in 1996. And it was intended to make things easier on practices. But we like to focus on the intent of HIPAA to keep data private and secure, like we talked about is, should be forefront, more forefront than it is in a practice. And that falls under the HIPAA Privacy Rule and the HIPAA Security Rule. And there’s a lot of issues that come up in figuring out and what to do and what not to do. And that’s kind of a gap we fill. I mean, there’s a lot of questions, everything from, can I have a sign in sheet? Can I post something on social media?
Jeff Broudy:
Someone is talking about my practice on social media, one of my patients, what could I do? What can I do? That’s all under the HIPAA Privacy Rule. And there’s very specific things that practices need to do and understand around keeping data private. And I know you’re probably going to ask, well, what’s the number one enforcement of HIPAA because everyone asks that and believe it or not, right now they are enforcing the right of access. So patients have under the HIPAA Privacy Rule, they have the right to access their data, makes a ton of sense, right? If I go to a doctor and I want to know what is going on, and I request data from that doctor or dentist, you got to give it to me and you got to give it to me quickly and you need to respond. And for whatever reason, that is not happening in a timely way. And guess what, when you’re a patient and you’re not getting what you want from your practitioner, you are going to file a complaint.
Bill Neumann:
Okay. Any other things you’re seeing out there from an enforcement side for HIPAA, anything? Anytime you hear enforcement and HIPAA, it scares people.
Jeff Broudy:
Yeah. I mean, we didn’t talk about OSHA at all, but because of COVID and because of respiratory requirements going up and down. I think there’s a lot of exposure there for practices to not have the proper documentation of what they’re doing to make sure that they’re protecting their patients and their employees. But under HIPAA, it, what we have seen for the last 10 years is just a lack of understanding and because the HIPAA laws are confusing. And so what we try to do and what I push my team to do is to simplify the process. And that’s what I loved about Rectangle. They have a simple process for very challenging tasks, very challenging. And that recipe of taking something challenging, like recurring billing or text to pay or QR code billing or reconciliation of payments, those difficult tasks that traditionally take people a long time.
Jeff Broudy:
If you can simplify that for them and you can save them their most valuable resource time, then you’ll be a partner and you’ll be, you’ll really be partnering with the practice, not just selling them something. And that’s what we did with OfficeSafe too. We tried to take very difficult tasks that traditionally, that they were using a book to train or faxing business associate agreements and trying to get them signed or not even know where to go with them and saying, all you need to do is click here, send here, get the a and now it’s stored. And now you can show that you have that, or you can add a person here, get them trained here, show them what they need to do, and have proof that you’ve done that. We are in the business, I like to say we’re in the business of putting smiles on people’s faces, but I’m not sure HIPAA falls into that category, but we are in the business of saving people time. We really want to save them time and make, and that you have to do that with simplicity.
Brian Doyle:
Yeah, agreed.
Bill Neumann:
DSOs like to save time, right, and of course money. But let’s talk a little bit about best practices, what are you seeing out there, Brian and Jeff, as far as what are the DSOs doing right? What could they maybe be doing a little bit better? But you talked about saving time. So you see anybody out there that’s, what would be some strategies that DSOs can glean from this?
Brian Doyle:
Yeah. I mean, what I’m seeing is the less we’re juggling and what I mean by that is the less vendors we have in place, the better, just in general. There are a lot of really good vendors. Yes, I believe Rectangle Health is one of them, of course I do. But there’s a lot of really good vendors out there in the market. Interview them, talk about this. They should have a very clear compliance arm of their organization and be able to speak intelligently on PCI, on P2PE, on OSHA, on HIPAA. So the more consolidation we can see in the market, and there are a lot of DSOs doing this right now, which kudos to them. The more consolidation we can see, the more enhanced their feature set becomes. Because, you don’t have to jump in multiple portals and multiple logins and multiple training access and multiple just pamphlets, right? So the more consolidation we see in the market, we’ve seen the better and more immediate success to the private practice in the DSO level.
Bill Neumann:
Great. Jeff, anything you want to add to that?
Jeff Broudy:
I would just say, the clients that love us and the DSOs that love us, they’ll tell us one, we pick up the phone here in America and we talk to them and they have a relationship because there’s a lot of questions in our world. And two, we’ve brought a solution that has uniformed their compliance, which they hadn’t had before, because they’re purchasing multiple locations that are doing either nothing or something very different. And for the compliance officer or the HR director, someone who’s responsible for that to be able to have one solution that now, hundreds of employees can access and they can do their training and they can read the policies and procedures and understand them. They could execute business, associate agreements and those kinds of things. It just, again, it makes their life easier. And that’s what we need to continue to push the bar on, making their lives easier.
Bill Neumann:
So as we wrap up this podcast first off, great information, I appreciate it. It’s a little bit scary, but I think the message here was positive. There’s, there are things you can do. There are strategies that aren’t incredibly difficult, but they have to be done, right. You have to take the step, right. And do that, and I think soon. So one of the steps would be go to pcihipaa.com and take that assessment and then find out for yourself where things stand.
Jeff Broudy:
And it’s one P and two A’s on HIPAA.
Bill Neumann:
Okay. That’s all right, I’ll make sure we link it. We’ll have that URL in there, but thanks. That’s great. For the people listening in, for sure. That’s a good point. Brian, anything you’d like to add to this before we wrap everything up?
Brian Doyle:
Yeah. I think overall, I think the market is going in the right direction. I think everyone does want to make sure we’re secured across the board. So again, I would just challenge you to talk to vendors, talk to what’s out there, go to the website, take the assessments, see what you have and what you don’t have. And then you can make a plan from there. So be open minded and talk to industry leaders like Jeff, he’s a wealth of knowledge.
Bill Neumann:
Yeah. And that’s great. And you see, you’ll hear Jeff on the podcast or you’ll watch him on the podcast and then we’ll most likely see, we’ll definitely see Brian, at one of the many DSO meetings out there. Jeff, are you going to be coming along as well?
Jeff Broudy:
Only if Brian invites me, I will. I’ll show up. But I wanted to, I wanted to thank Brian. Actually, I’ll use this opportunity to thank him for, he’s been very welcoming to myself and my team, it’s never easy to do something for 10 years. And then all of a sudden you’re part of something new and Brian, along with the rest of the team has been great. So it’s been a good fit and you Bill, thanks for having us on. I don’t have any there’s no, Hey, aha thing, when it comes to this stuff, you have to take the steps. You have to continue to do your research and talk to a bunch of companies. But I would just tell people that if, you’re running a larger organization, I don’t care if it’s one practice or a 100 practices, you have to take the steps to make sure that you’re addressing the safeguards that are required because that’s going to protect you ultimately.
Jeff Broudy:
And again, you have limited resources, so focus on the bigger ones. And like Brian said, we can help you with that. And you take the questionnaire and we’ll walk you through it, but you got to do something in this day and age. You can’t sit on the sidelines anymore. It’ll eventually catch up to you.
Brian Doyle:
Yeah.
Bill Neumann:
Yeah, absolutely. It’s in the news every single day. We see it everywhere across all industries. And I think Brian’s point that I just want to hammer home a little bit about use, trying to limit the amount of vendors you’re using is super important. I mean, it used to be more difficult to do that.
Brian Doyle:
Right.
Bill Neumann:
And it’s becoming less difficult as we start to see organizations like yours partner together, right? And then you have, you can go to one source to solve all sorts of compliance issues, right. Whether it’s HIPAA, whether it’s PCI, whether it’s OSHA, where you used to have to go in some cases at three different organizations.
Brian Doyle:
Right.
Bill Neumann:
And most likely you probably weren’t going to three different organizations, so you were missing something. And so I think that’s the one thing that I look at the consolidation is really a good thing. It gives you the opportunity to have a point of contact that can help you in a lot of different ways. So thanks to Brian Doyle and thank you, Jeff Broudy, great information. And thanks to Rectangle Health. We’ll make sure we drop links in there, email addresses and you could stop by in take that assessment too. It makes a lot of sense. Appreciate you guys being on today.
Brian Doyle:
Thanks a lot, Bill. Thanks for having us.
Jeff Broudy:
Thanks Bill. Thanks a lot.
Bill Neumann:
And thanks for the audience. Appreciate you listening in and watching. This is Bill Neumann for the Group Dentistry Now Show, until next time.