JJ'Studio - Fotolia

Selling UCaaS in the highly regulated healthcare vertical

Before selling unified communications-as-a-service solutions to healthcare organizations, channel firms should understand the industry's strict regulatory framework.

In healthcare, time is of the essence when it comes to patient diagnostics and communication, and UCaaS has become a game changer by providing the opportunity for streamlined communications and better quality of care.

The UCaaS market for the healthcare vertical is expected to grow at a CAGR of 15.24% through 2021, according to Mordor Intelligence, while Global Market Insights forecasts the unified communications market overall to reach $96 billion by 2023. The bottom line? UCaaS is an area ripe for expansion in the channel.

UCaaS includes technology for telephony, enterprise messaging and presence, video conferencing, and online meetings. UCaaS products are making significant headway in healthcare organizations in particular because of the advantages it offers, such as enhanced communication capabilities between hospitals and doctor offices, increased operational efficiencies, cost savings and reduction in travel.

UCaaS and compliance in the healthcare vertical

Jason Smith, director of solution design engineering, West Unified CommunicationsJason Smith

Communications and IT are not core competencies for healthcare organizations, and channel partners are seeing an opportunity to step in and take on these tasks. "A lot of dental practices are not focused on IT and telephony services, and a company like ours comes in and gives them the ability to take advantage of cloud services," said Jason Smith, director of solution design engineering at West Unified Communications, a communication and network infrastructure provider. "We help augment their deficiencies and let them focus on their core business."

But with new opportunities come challenges in the highly regulated healthcare industry. Just ask Seth Woodward, vendor business development specialist at Telecom Brokerage Inc. (TBI), who said reselling UCaaS in the healthcare vertical required a learning curve in meeting compliance issues.

Seth Woodward, vendor business development specialist, Telecom Brokerage Inc.Seth Woodward

Reselling UCaaS meant "understanding the chain of liability in supplying IT and tech services to those customers -- specifically, signing a BAA [business associates agreement]," Woodward said. "If you are a service provider providing some form of service to a healthcare company and you sign a BAA, it's saying you are essentially owning or taking responsibility for your portion of what you're supplying ... and that you're HIPAA [Health Insurance Portability and Accountability Act] compliant."

Woodward said there are several UCaaS providers in the market that say they're HIPAA compliant, "but very few will say they'll go to the length of signing a BAA with a doctor's office or healthcare organization," because it means they can be held liable if their software is found to be noncompliant.

The [healthcare vertical] is too large to ignore. The reward is worth the risk as far as taking the time, effort and energy to provide a product that's sound for the industry.
Jason Smithdirector of solution design engineering, West Unified Communications

Compliance rules also change, requiring resellers and service providers to stay up to speed, Smith added. "We work with our internal counsel to understand the rules and regulations and apply what needs to be done to stay compliant."

The effort, he said, is well worth it. "The [healthcare vertical] is too large to ignore. The reward is worth the risk as far as taking the time, effort and energy to provide a product that's sound for the industry," Smith said, noting that the providers they work with feel the same way and are focused on building products that adhere to the rules and regulations.

Colleen Schmidt, director of partner success, CoreDialColleen Schmidt

Colleen Schmidt, director of partner success at CoreDial, a white-label cloud communications vendor, said the company decided to invest in making its platform HIPAA compliant after getting feedback from their channel partners that healthcare was in the top three markets they were interested in getting into. CoreDial made a "significant investment" before entering the healthcare market, including an analysis of the company and how it handles information and voicemail data.

"Based on feedback and influence from our channel partners, we made the strategic decision to invest in making our SaaS platform HIPAA compliant so that our partners could satisfy the needs of their UCaaS clients in any industry that deals with the handling of sensitive information," she said.

UCaaS and telemedicine

UCaaS also provides the ability to support telemedicine. "Conferencing and collaboration solutions, for instance, allow for interaction regardless of where you are or how large or small the group may be," said Wade Wing, director of channel operations at West Unified Communications. "Mobile applications allow you to connect from anywhere from a voice, data and video perspective as well."

For example, West's UC interactive voice response services allow intelligent call routing for appointments, prescriptions and reminders, he said. Salesforce also recently launched a telehealth tool on top of its Health Cloud platform, signaling the company's desire to gain a portion of the healthcare market.

The company also increased backup of voicemail storage and had to deploy detection and breach notification rules in its system in the event a voicemail is accessed by someone other than the intended recipient.

"HIPAA continues to be the long pole in the tent because of the sensitive nature of patient information and the need to streamline communications in general to increase accuracy and speed of care," observed Wade Wing, director of channel operations at West UC. "New cloud technology vendors enter the market almost daily, but as long as partners and clients work with established and proven solutions providers ... they can take comfort in the fact that the proper safeguards are in place and the growing compliance requirements are continually being addressed."

West UC targets partners to work with that are focused on a large clientele in general and bring a wide range of expertise to the table as it pertains to helping clients source and manage technology-related projects, Wing said. "With healthcare being such a prominent component of our economy, many of these partners do have dedicated resources around the healthcare vertical."

How to select UCaaS technology

TBI's philosophy "is to only provide best-of-breed solutions with the belief that what works best for the customer provides the most value," Woodward said. "If you're thinking about their environment in healthcare, what they're concerned about in an UCaaS solution is being able to connect with patients -- those calling in and ... trying to schedule appointments -- so you have to make sure there's high availability of your voice solution."

Internal collaboration capabilities for staff are also important, so a provider must ensure they are deploying "a highly secure and trusted platform that is not going to cause a breach of patient data," he said.

That also means ensuring security controls and procedures are in place. Schmidt said CoreDial has offered its channel partners a 10% to 15% discount from the third-party provider they worked with so the partners can assess their organizations to make sure they are HIPAA compliant.

While she said she is not sure how many CoreDial partners took advantage of that, there were some "that were already very anxious" because they understood the implications of adding in voice services for their doctor clients and not safeguarding the data properly.

"From our organizational standpoint, we had to lock down some things to support the [CoreDial] infrastructure so engineers couldn't access data stored on the network," such as voicemail, which meant a change in business processes, Schmidt added. CoreDial also added in another layer of security for its stored data.

Smith said West UC makes sure to work with providers of products that are PCI DSS compliant since it is an issue that comes up with the company's clients. Although the rules vary by vertical, he said, it's important to have conversations about encrypting patient data in transit and at rest. "All of those things are able to be achieved, but it's how you enable it for the particular client," he said.

Next Steps

Learn about barriers to cloud adoption in healthcare

Read about growth in the cloud UC market

Get channel tips for targeting the healthcare market

Dig Deeper on Vertical Market Sales Strategy