Protecting patient data with secure digital consent solutions

• Manual processes
• Low adoption
• Lack of encryption
• Security and compliance concerns
• No record keeping
• Procedural inflexibility

A global pharmaceutical company wanted to increase enrollment in its U.S. patient support program. Once enrolled in the program, patients are assigned case managers who help them navigate the complex processes involved in receiving care, from understanding available treatment options and clinical studies to obtaining services and working with insurers.

Beyond supporting patients, the program also impacts company revenue, as enrolled patients are more likely to adhere to their treatment plans.

Despite the program’s benefits, enrollment was cumbersome and relied on manual processes to keep patients’ personally identifiable information (PII) secure at all times. Patients needed to download, print, sign, and then either fax or mail their enrollment forms to the program. Once received, their data was manually processed into a protected system and confirmed over the phone before it was passed to case managers.

While this paper-based approach offered more security than emailing, the friction-filled process led to fewer enrollees. And since patient data was not encrypted, it had to be anonymized during system transfers, making it impossible to track patient communications.

The organization wanted to find a secure system to easily gather and share enrollee data online, as well as track patients’ communication preferences and any information sent to them. But according to a director at the company, finding the right implementation partner was a challenge

“I went to Dreamforce and spent four days trying to propose a solution to different companies there. Nobody could deliver what we wanted,” he said.

• Custom-built, secure, and compliant consent webform
• End-to-end encryption of patient data
• Seamless integration between Sitecore and Salesforce Marketing Cloud
• Automated email notifications for patients and case managers

To address the company’s needs, Ciberspring built a custom solution that seamlessly integrates Sitecore and Salesforce Marketing Cloud to enable end-to-end encryption of patient data and ensure HIPAA-compliance.

Patients can now digitally provide consent to enroll in the support program via a secure webform built in Sitecore. The data they share is funneled into a secure channel, encrypted, and sent to Salesforce Marketing Cloud for storage. From there, SFMC triggers an encrypted email that gets routed to case managers from the company’s email server.

The email contains a secure link to access patients’ decrypted data via a secure browser, which case managers can view at their convenience and easily share with the customer service team for processing. The webform also enables patients to digitally opt out of receiving communications from the company, which was unavailable on the original form.

To address patient privacy, “the system is architected to be extendable,” says Mike Hepworth, Ciberspring’s Salesforce Marketing Cloud Practice Lead. “It includes several layers of identity checks to ensure that only the right individuals are able to access patients’ information and the system could be further extended if needed for protections.”

Securely stored in SFMC, the data can only be retrieved by people with private keys that are matched against the SFMC database. Hepworth says additional security features, like destroying messages after a period of time, requiring checks on IP addresses, or only allowing those with personal keys to access certain messages, can be added at any point in the process.

• Secure transmission of patient data
• Greater adoption
• Automated management
• Easier enrollment
• Faster processing
• Decreased costs
• More flexibility

Ciberspring’s solution was able to provide significant value to both the company’s patients and case managers, with full encryption of patient data from submission through to storage, keeping sensitive information safe from cyberthreats.

The solution is highly customizable, and additional security features can be layered in at each module to further verify a requestor’s identity, offering even greater data protection.

With a custom integration between Sitecore and SFMC, the company was able to decrease potential system costs. “We got the same functionality with Salesforce Marketing Cloud this targeted approach but at a lower cost and with less complexity than alternative systems,” says the client director.

The convenient, frictionless webform continues to increase patient sign-ups and offers a unified experience for enrollees, who can complete the form right on the company’s website. The webform also eliminated time the customer service team spent manually entering patients’ information. Now, they can access this data in real time and immediately follow-up with patients or make contact with doctors.

For case managers, automated emails triggered by SFMC when new forms are submitted have enabled quicker processing and less lag time in getting patients support. Case managers have instant access to enrollees’ information via the encrypted portal, allowing them to conveniently maintain patient records in one database—including patients’ communication preferences—and track communications they have received.

Ciberspring’s solution has allowed the company to increase revenue and decreasing operating expenses and manual labor, all while solving a critical security concern to protect patient data.