The Signal: Searches related to HIPAA and HIPAA compliance have spiked as healthcare providers, and those building healthcare applications, have scrambled to keep patient data secure while responding to the unprecedented challenges of COVID-19.
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a series of laws governing the flow of healthcare information in the US. It was designed with the goal of guarding patients’ healthcare data, usually referred to as Protected Health Information (PHI).
HIPAA lays out clear physical, technical, and administrative safeguards that all businesses must have in place if they manage PHI. For example, entities managing electronic PHI must implement systems to encrypt and decrypt that data where appropriate, to avoid it being stolen en route. This includes healthcare providers, their business partners, and any subcontractors or vendors, including those who make apps that transmit patient data.
The Opportunity: Compliance can be costly, demanding time, energy, and resources from providers. But failing to comply can cost even more. Entrepreneurs who can ease either of these burdens may find opportunities where others are not looking.
Niche compliance training: While the full HIPAA legislation is far-reaching, one of the most important sections is known as the Security Rule, which outlines the steps providers must continually take in order to protect PHI. Failure to conform to these rules carries heavy fines and, in some cases, jail time.
For this reason, providers are constantly looking for guidance on HIPAA compliance. Data from Ahrefs shows that some of the most common relevant searches related to HIPAA training include:
It’s worth noting that while the search volume on keywords like "HIPAA Compliance Training" and "HIPAA Compliance Checklist" are not high, advertisers pay high CPCs, indicating this could be a lucrative customer base to target, likely generating B2B contracts.
While companies like hipaatraining.com and hipaaexam.com already offer general HIPAA training, opportunities exist for niche training programs designed to protect employers from costly and unsuspecting breaches caused by human error.
A stolen laptop, for example, averages more than $880k in HIPAA fines if the provider was found to be negligent. A single thumbdrive, stolen from an employee’s car in Alaska, cost that state’s Department of Health and Social Services $1.7m when OCR found the agency to be lacking in HIPAA compliance. Improperly responding to Yelp reviews ($10k), improperly providing a patient’s personal information to the media ($125k), and failing to vet vendors ($500k) all compromise the security of patient data, carrying heavy price tags and putting providers at risk.
Opportunity lies in creating training targeting these high-cost threats, which can be monetized directly or used as a lead magnet.
A chart from Paubox’s 2019 HIPAA Breach Report shows the various challenges faced by employers based on the number of breaches. This, along with OCR’s full breach database, offers ideas on the kinds of training that health offices may need to shore up their systems.
Other interesting niches may include country-specific courses designed for those outside the US who still need to understand HIPAA regulations. India, for example, almost always ranks 2nd (yet significantly behind the US) in monthly search volume on HIPAA-related inquiries, likely due to the number of outsourced support staff there. Canada, the UK, and Australia are all nearly always in the top 6 as well.
Physical products: HIPAA deals mostly with information, and so doesn’t require much in the way of physical products. However, many providers err on the side of caution when storing or transporting patient information, and at least one company is finding surprising success on Amazon with an unexpected niche: document bags.
Cardinal Bag Supply is currently the main contender on Amazon for locking document bags. Their Locking Document HIPAA Bag with Handles retails for $45.99. Subtracting the cost of procurement ($4.98), Amazon Referral Fees ($6.90), and Amazon Fulfillment ($4.71) leaves a profit of $29.40 per bag. With monthly sales of 700+ units, Cardinal is profiting around $20,580 per month on this product alone, according to research we did using JungleScout.
And that’s just on one design. They have 2 other bags marketed as HIPAA-specific, which retail for $27.99 and $34.99 (same design, just different sizes). Those bags bring in an estimated $20k in combined profit each month, with a ~200% profit margin.
Reviews of the 16x20" Locking Document HIPAA Bag with Handles (far right) reveal a few un-met needs. Several customers said that the bag is not large enough to easily carry X-rays, while others suggested the need for a shoulder strap.
Interestingly, suppliers offer versions of these locking bags that are waterproof, but no one seems to be advertising those with the HIPAA designation.
Help for researchers: Healthcare providers aren't the only ones who need to worry about HIPAA. Many researchers in the medical field have found it increasingly difficult to do their jobs, and face mounting costs as the time required to finish a project grows.
One review of a cancer treatment study found that a team of researchers working at a VA Hospital in Chicago faced significant challenges recruiting subjects after HIPAA was enacted. Due to HIPAA’s privacy laws, researchers were no longer able to search clinic logs for the names of patients who were eligible for their study. They also weren’t allowed to approach the patients directly, and needed an introduction by a nurse or clinician who worked in the hospital.
As a result, their recruitment protocol went from 12 steps to 20, and it took researchers 3x as long to recruit patients, leading to a 244% increase in the cost of recruiting. This is a huge problem for researchers, whose funding is already limited.
The same study showed that by refining their HIPAA-compliant recruiting protocol, the cancer researchers were able to tame some of those costs, decreasing spend by 61%. As the chart below shows, the field of medicine gave rise to more citable papers last year than any other. If you’re able to help researchers decrease their costs, there may be a large opportunity to create a repeatable HIPAA-compliant process that can be leased to medical research teams nationwide. With countries around the world adopting similar data protection laws, like Europe’s Directive on Data Protection, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), this model could be replicated in several other countries.
Leave a Comment