Caddie Health is an up-and-coming start-up providing physicians with automation tools to save time, prevent burnout, and focus on their patients. Their flagship product, Ace, is an AI-powered medical billing software platform for family practices.
Phil Ballyk, CEO of Caddie Health, faced the same privacy challenge as any other technology company in the healthcare industry: How could Caddie Health ensure that their partners and customers were confident in the strength of their privacy program right from the start? Winning customers and building partnerships in the health sector is an intensive process, and privacy often stands as a bottleneck, doubling or tripling the contracting time. “We designed our product and operations with privacy in mind from the very beginning. To build credibility with partners, customers, and investors, we needed to demonstrate that we implemented best practices in all areas and have a documented plan to improve our privacy program over time”, said Phil. “Privacy Horizon helped us establish that credibility.”
Communicating a privacy and security program can be a big stumbling block for start-ups in the health tech space. You’ll likely be asked in-depth questions about your privacy program before you’ve even built a product. Your investors want to understand their risks and your pilot customers need to know their data will be kept safe. If you aren’t prepared then these conversations can quickly become requests for PIAs, TRAs, Penetrations Tests, or SOC 2 and ISO 27001 certifications. All of which are important steps in the life of your privacy and security programs, but not the steps start-ups have had a chance to take at the very early stages. Communicating the strengths of your privacy program and outlining your plans for continual due diligence will turn these roadblocks into an opportunity to build trust.
To ensure that Caddie Health was prepared to credibly answer these privacy questions, they began on Privacy Horizon’s Minimum Viable Privacy program. Through the MVP program they worked alongside a Privacy Coach to understand their privacy requirements, catalogue their current strengths and weaknesses, build policies and procedures, train their staff, and build a roadmap for future improvements. By the end of the 6-week program, Caddie Health had built a solid foundation for their privacy program and prepared to respond to the questions of customers, partners, and regulators.
Learning to communicate about your privacy program early on can pay big dividends. By providing a clear understanding of the strengths, weaknesses, and roadmap of their privacy program, Caddie Health can ensure that privacy is not a bottleneck for their partners and customers. They’ll continue to save time as they turn a painstaking due diligence process into a chance to build trust.