Get ready for an enlightening Q&A session with Rick Kuwahara, the Chief Operating Officer (COO) of Paubox, a firm that is changing how the healthcare sector communicates securely. Our conversation covers what influenced Rick to join Paubox, his operational strategies that enhance efficiency, the unique challenges associated with health care, and the company’s commitment to continuous improvement and security.
1. Could you share what led you to join Paubox?
It was a mixture of great timing and opportunity. I met our founder and CEO, Hoala Greevy, very early on. He was just starting Paubox when I worked at a local non-profit. His approach to solving communication problems in healthcare by making it easier instead of complex just made sense, and I could see the potential for growth. At the time, it was just Hoala and one other person, and I had the marketing background to help, so I asked to join, and that was that.
2. As COO, what are your primary responsibilities at Paubox, and how do you ensure operational efficiency across the organization?
I oversee the day-to-day operations so Hoala can focus on the big picture and continue innovating and developing our products with our Engineering and Product teams.
As a fully remote company, we’re always trying to leverage technology to make things more efficient, but at the same time, it comes down to communicating clearly and documenting processes so everyone is on the same page.
3. Paubox focuses on secure communication solutions for the healthcare industry. What operational challenges are unique to this sector, and how do you address them?
The biggest challenge is that there is a wide breadth of covered entities and business associates that make up the healthcare industry. You have the big national providers, the single-person private practice and everything in between. So communication between everyone to deliver patient care is increasingly becoming more complicated as everyone has different EHRs, processes and interests.
Thatʻs what Paubox solves. We make email, the most common communication method, secure and HIPAA compliant without extra steps.
Many of us have been forced to use portals or phone calls or even worse, faxes, if we wanted to communicate with our providers. Thatʻs because people think that to make email HIPAA compliant, it must be complex and you need passwords, verification codes, and the like. But that’s all security theater.
We make communication simpler, without sacrificing security, so that providers and patients can focus on healthier outcomes instead of trying to remember a password to log into a portal, or trying to type a keyword to send an encrypted email.
4. In what ways has Paubox adapted its operations to ensure ongoing compliance with dynamic healthcare regulations like HIPAA while maintaining a high level of service?
We have always been focused on security by design in all of our products. We donʻt develop a feature and then ask afterward how to make it compliant. We take that into consideration from the beginning.
To make sure we’re always up to date, we leverage the HITRUST framework and do annual audits by a third party. Having our products HITRUST r2 certified is a lot of work to achieve and maintain, but it has definitely made sure we’re always staying compliant as requirements change.
5. Can you describe a significant operational improvement or innovation that you’ve implemented at Paubox that had a major impact on the company’s performance?
A lot of smart people have built great companies using various frameworks, and it’s less about innovation than finding one that works for your company.
For us, the biggest operational improvement was probably implementing the L10 meeting format from the book Traction. We donʻt do it exactly like the book but have adapted it to fit our needs. As a management team, that’s helped us deal with issues faster, stay in alignment, and be more agile.
6. Paubox recently launched free HIPAA-compliant forms for secure patient data collection. Can you elaborate on the motivation behind this initiative and how you envision it benefiting healthcare providers and their patients?
It goes back to our mission to be the leader in HIPAA-compliant communication, making it easy and secure for everyone.
Using patient intake forms as an example – itʻs common practice when you go to a new dentist, the first thing you do is fill out a patient intake form by hand. The provider must input that information manually as well. Thatʻs really inefficient. We help make it much easier without sacrificing security.
With Paubox Forms, a provider can create a custom form and put a link to it on their website and then have new patients fill it out ahead of time and submit it securely. Plus, the provider gets an electronic copy of that form emailed to them so they can attach it to the patient record, saving a lot of time for both the patient and the provider.
Thatʻs just one use case, and there are tons of others such as surveys, registration forms, and requests for annual updates to records.
7. How do you foster a culture of continuous improvement and innovation within your teams to keep Paubox at the forefront of healthcare communication technology?
It really is driven by Hoala. He has a saying thatʻs pinned in our weekly all-hands meeting: “We’re here to be great. Greatness is continuously improving something that’s important.”
We have a form that anyone in the company can fill out with ideas for improvement that we review as a management team to evaluate.
Beyond encouraging that open communication, our team is great at being adaptable and open to trying new things if it will get us better results (meaning, you have to track results).
On the product side, that continuous improvement and innovation is really driven by our customers. We listen very closely to them, their pain points, feedback and use that to help drive our product roadmap.
8. With the increasing importance of data security, how does Paubox integrate security measures into its operational processes?
It really does come back to security-by-design. As a remote tech company, everything we do is online. So that means ensuring our tech stack is properly vetted from the beginning and locked down when implemented. Being intentional and up to date on best practices is better than trying to jump on the next trend.
One example is the requirement many still have to change passwords every few months. NIST has stated that this can actually be an additional risk and no longer recommends it. Yet, I still see it on many security questionnaires. Instead, organizations should be intentional in password policies. You can require complex passwords, MFA, leverage secure password managers, and train your teams on proper password hygiene and remove a point of friction in quarterly password changes.
9. Looking ahead, what are some of the goals and strategies you have set for Paubox to sustain its growth and competitive edge in the healthcare communication market?
I think it comes down to our focus on our customers. They will tell us what problems they need help solving, and as long as we keep listening, weʻll do some incredible things.
