Building Trust to Scale a Startup
“We need to be ready with clear answers about the security of our platform so we can build trust with some of the largest companies in the country,” says Geoff Woodburn, VP of Engineering for Reperio Health. Reperio was created to address strain and inefficiency in the healthcare system and bring convenient biometric screening solutions to consumers, employers, and providers.
Staffing shortages, health inequities, and clinician burnout have made a significant impact on the healthcare industry—with many patients and consumers in the dark about their health status. According to the American Heart Association, nearly half of U.S. adults have some form of cardiovascular disease, and many don’t know it. Reperio’s flagship wellness kit enables individuals to measure blood pressure, cholesterol, glucose and more from home with instant results in less than 30 minutes.
With a strong background in tech startups and the development of cloud-based applications, Woodburn joined Reperio nearly two years ago to lead their engineering team and scale the organization. It wasn’t long before Woodburn added Security Officer to his role as well.
Woodburn says Reperio had a strong HIPAA compliance foundation thanks to its founders, who prioritized HIPAA from day one and enlisted the help of a consultant to establish a baseline program. But as the organization grew and further developed its solution on Amazon Web Services (AWS), he realized they would need more help to take data privacy and cybersecurity to the next level.
“We needed a partner that could give us clarity into how we could ensure our platform was secure,” Woodburn explained. “We talked to a few companies, but Clearwater was the only one that brought security engineers to the call and gave us the technical answers we were looking for.”
Further, Reperio was looking for an organization that would be an extension of their engineering team and help them think through future architecture decisions. Since Reperio was already planning for SOC 2 certification, extensive knowledge of HIPAA and SOC 2 was also non-negotiable.
Reperio focused initial efforts on leveraging regular penetration (“pen”) testing, which simulates a cyberattack to identify security weaknesses. Woodburn says that this, along with monthly advisory calls with the Clearwater team, has helped them improve their DevSecOps over time. “The first cloud security assessment was enlightening; we immediately identified some gaps and missing best practices within our cloud environment due to building so quickly as a start-up. Our engineering team quickly remediated those gaps, improved our security score in AWS Security Hub, and added automation/monitoring to catch any future issues from making it through to production.”
Woodburn says that because their mobile app is a key component of Reperio’s product, mobile penetration testing was critical to ensuring they are developing the software with security best practices in place.
Winning the Trust of Corporations and Individuals
For Reperio, driving adoption of its solution means not only winning the trust of employers and health plans but also employees and plan members who want assurance that their data will be kept secure as it flows through the cloud-based application. Woodburn says they often take calls with individuals or teams with technical backgrounds who ask well-informed questions about the security of their personal information. Clearwater helps Reperio anticipate and plan for these questions, ensuring that cybersecurity is a business enabler and not an impediment to growth.
Prioritizing HIPAA and Cybersecurity Early
Woodburn says incorporating HIPAA compliance and cybersecurity best practices into the software development lifecycle early is key to positioning a digital health company for growth. Employers, health plans, and healthcare providers have become increasingly attuned to their technology partners’ compliance and security practices, as nine of the ten largest healthcare breaches in 2022 were tied to a third-party vendor. The Department of Health and Human Services recently reported that supply chain risk was pervasive across hospitals in the U.S.
Woodburn says working with a trusted partner can help you establish a good security posture more quickly. “It’s really hard to fill a role with someone who has the depth of experience in cloud and application development as well as security and compliance,” he said. “Having the Clearwater team focus on security and compliance and inform our engineers what they need to be looking for has helped us the most.”
And through this work, Clearwater is helping Reperio advance its mission of eliminating barriers to care. In early June 2023, Reperio announced a strategic partnership with Access Care Health, a management service organization (MSO) that enables clinicians to extend the reach of their services through pop-up, mobile, and installed clinics at workplaces, schools, universities, Medicare Advantage clinics, and multi-tenant business parks.
Access Care is expanding its menu of preventive and restorative care services offered to its multinational client base to include Reperio’s biometric screenings. The MSO is one of several companies embracing the innovative solution that keeps data privacy and security at the forefront.