Show Notes
After taking a few weeks off of recording Jonathan and Angela discuss everything from Star Wars to passwords to what keeps Angela up at night. There are some bloopers to keep it real and difficult conversations about balancing the users wants with the integrity of system. Angela and Jonathan deep dive into conversation to talk through a difficult product feature decision. In this episode listeners get a peek into real conversations behind the scenes of building a digital health product.
Password hygiene is a topic that we discuss a lot in this episode, there are some great articles if listeners wanted to dive into that information. Here are some articles:
Password managers are a great way to use unique passwords as Jonathan mentions in this episode. Examples of password managers are 1Password and LastPass.
Find Us Online
Credits
Produced by Jonathan Bowers and Angela Hapke
Transcript
[
00:00:00]
Jonathan: oh yeah, we got change to not Thursday.
[
00:00:03]
Angela: It's like perfect timing.
[
00:00:06]
Jonathan: changed the lawnmower now it's a different kind of lawnmower.
[
00:00:11]
Jonathan: Uh, hi, I'm Jonathan Bowers is wait, I'm doing the intro.
[
00:00:17]
Angela: Oh, no. Okay. Okay. Okay. Okay. Okay.
[
00:00:20]
Intro Jonathan: Hi, you're listening to fixing faxes. And I'm your host Jonathan Bowers
[
00:00:26]
Angela: and I'm Angela Hapke. And so I haven't watched any of the Star Wars movies.
[
00:00:39]
Angela: Ever at all. So I've watched bits. Like you, you always see clips of them or maybe bits and pieces, but I've never seen a full Star Wars movie.
[
00:00:50]
Jonathan: At all? And you are, you are, you are a member of society?
[
00:01:01]
Jonathan: Did, how does, how did you manage to avoid watching any Star Wars
[
00:01:05]
Angela: I'm not even sure. To be honest. I, I I'm unsure of how this has all came about. And I'm one of those people that don't want to jump in in the middle. So I always felt like I had to watch the previous ones before I could watch the new ones. And because of that, I've just never put in the effort.
[
00:01:23]
Jonathan: It is a lot. It's a,
[
00:01:24]
Angela: It's and it's an effort,
[
00:01:28]
Angela: I've started watching the Mandalorian.
[
00:01:31]
Jonathan: Oh, good for you. Do you like it?
[
00:01:37]
Angela: is, only, I'm only on episode three, I think three or four. And, um, I really like it.
[
00:01:47]
Jonathan: Why do you like it?
[
00:01:49]
Angela: Oh my goodness. Well, it was. I don't know. I like it. It feels like an old, like, it feels like a Western,
[
00:01:59]
Angela: right yet to set in some time. And, um, I don't know. There's something charming about
[
00:02:19]
Jonathan: I mean, I wouldn't say I'm a big fan. I would say.
[
00:02:22] I'm a pretty big fan. Yeah. I really like, I like star Wars. I like, uh, I've played some of the video games. Um, I have a board game, this like cool X-Wing game. That's that's quite fun. I bought just, just before COVID and now I have no one to play with. Um, Zach's too little and it's not Julie's kind of game.
[
00:02:38]
Angela: So I find fans always have an order that they suggest that other people watch the movies in.
[
00:02:47]
Jonathan: I, I, my belief is to watch it and it's how I think I want to watch it with Zach when he's old enough is, uh, four or five, six. one two, three,
[
00:02:57]Rogue One, uh, then four, five, six, again. Yeah, that's seven, eight, nine. Then you can go back and watch Solo and whatever the other one was.
[
00:03:08]
Angela: Okay. So I think I'll just watch them in release date order.
[
00:03:13] I think I might watch it with Alex. I think she's old enough to watch all of those.
[
00:03:19]
Jonathan: You never, you never not old enough. Yeah. Yep, two.
[
00:03:25]
Angela: But that's uh, what are we going to talk about
[
00:03:29]
Jonathan: I have no idea. Honestly, I have no clue. Um, I would like to get to some community stuff at some point and some interviews or some guests, but, um, we can just talk about like, what's going on in product land. Uh, we can talk about password resets.
[
00:03:50]
Jonathan: so , uh, it was hard to read your emotions in that meeting just now that we had, when we were talking about password resets. so I wasn't sure if you were upset, if you were disappointed, um, in like the way that product has been built, if you were disappointed in users,
[
00:04:03]
Angela: God, you're going down a rabbit hole, Jonathan.
[
00:04:05]
Jonathan: Yeah, no, it's just, it was very difficult to read you to read you on the video call. Like w there was very little, uh, body language to go off of. Um, and I was, I was watching, like, I flipped to, like, I often just flip to like see everyone mode so that I can, like, I just find that better.
[
00:04:20]
Angela: Oh, I like the gallery view better on
[
00:04:21]
Jonathan: yeah. Gallery view. Thank you. And, uh, yeah, you just, you were just seemed like maybe something was going on. I thought I'd check in.
[
00:04:30]
Angela: this is so funny. my nonverbal can be quite loud sometimes.
[
00:04:35]
Angela: Yup. And I think when it's not, people tend to be like, What's up. What's going on,
[
00:04:43]
Jonathan: The silence is just as
[
00:04:45]
Angela: Okay. No, no. I think for me what it is is, um, Things have gone relatively smoothly with product development thus far. We have always kind of had this good, a flow of, of maybe not knowing exactly what our user needs next, but having a really good idea of what they need next.
[
00:05:12] And I feel like with this password reset, um, or lack of due to the the encryption, the end to end encryption that we have on this, on this product is I, not that I feel like we're letting our users down because I think there's massive pros to this and we have to communicate that somehow. But I also feel like this is like a bit of a disappointment factor with them that we can't just do a password reset.
[
00:05:41]
Jonathan: Yeah, it seems like uneasy feature. Like it seems like something that everything does. I forgot my password. I'll just reset it.
[
00:05:48]
Angela: Exactly. And maybe talk a little bit about why we can't just do that because I don't think I can talk that well about it.
[
00:05:56]
Jonathan: That's fair. Um, yeah. So the previous episode, I think we talked about the fact that this Clinnect is encrypted end to end. We, we, as the builders of the product, can't see anything. There's, I mean, there's bits of stuff that we don't encrypt because we need to, like, we need to know who the referral goes to, that sort of thing, but we can't see any patient information.
[
00:06:16] So all of that information is completely hidden from us. The only way to unlock that is with the password from the user that unlocks that data. Right. So if they that's the key, that's literally the key. If they lose that or forget that they've lost the key. And so we can't go in and recover that data for them.
[
00:06:38]
Jonathan: So it different than, uh, and the example that Chris was giving like Facebook, right? Like if you lose your password on Facebook, you just go in and request a password reset. Really, all they're doing is just verifying that you are who you claim to be. So they follow up with maybe a message on your phone or an email or something, and they give you a little link.
[
00:06:59] That's just proves that you still have access. Like you are. Still Angela. Um, the person requesting this password reset is Angela. So they go through something that they trust, like an email to send you a link, and then you click on that. And then that's like, okay, cool. We'll just throw away their old password, give them a new password, except that for us to do that, um, that would literally mean throwing away the key.
[
00:07:21] We don't have another key like that. That was the key. And so if you've forgotten the password or. Um, lose, you know, lose that password. You have lost the key to accessing the system. That's that's its strength. Um, but also the weakness from the perspective of the user, because now they can't access the data and we can't get it back for them.
[
00:07:43]
Angela: And we, and that's the key right there too, is Facebook can give me back my password because they can see everything.
[
00:07:50]
Angela: We don't see it all. We can't give you back your password. So we've had some users that have bumped into this, and we've had users that have reached out to me personally and gone we need this feature.
[
00:08:00] We need a password reset on, on, um, this application. And I think it's the first time that, you know, It seems like you say an easy fix. It's not an easy fix. It's not, it's not. Yeah. Um, it would compromise the integrity of the whole application if we just allowed a password reset. So we can't do that. Um, we've built this product, um, to be as secure and private as it is.
[
00:08:28] I mean, we just can't compromise that. So we're stuck in this really hard place where we have users that want to feature that they're used to seeing on many of them, their applications that they have without, you know, without even the need to understand why they, they don't have it here. Um, yet frustrated that they don't.
[
00:08:49] And so that was what you were seeing today in the call, I think was just my, my inner turmoil around really wanting to please the customer on this, but knowing, um, that pleasing the customer would, um, would degrade the integrity of the product. And I'm just not going to allow that.
[
00:09:05]
Jonathan: Yeah. I think that's a good stance as uncomfortable as that can be sometimes, um, is to do what is right for the product. And in that, in that case, it's actually what's best for the patient.
[
00:09:17]
Angela: exactly. And we do have to, we do have to go back to that. Um, and I think you often see that in our meetings is, you know, I'll kind of go, okay, well, hang on at the end of the day, what we're doing is we're ensuring a very safe product for our patients. We're ensuring that their information is being handled in the most appropriate way.
[
00:09:39] And, um, that's what it comes back to with this one again. Um, yeah, I'm just, I'm not compromising on the quality of the product on this one. But damn, it makes it hard to have that conversation with the users when it's, they don't understand it. They're not supposed to understand it. That's not for them to, I don't, I don't want to expect them to.
[
00:09:57]
Jonathan: I don't think that they need to understand the technical details, but I think, I think there is an opportunity here to really show the users what good password hygiene looks like and why that's so important
[
00:10:10] um, we still, we need a way to allow them to recover because it's equally, it's equally bad for the patient. If,
[
00:10:17] if a specialist has received referrals and they can't get access to them
[
00:10:22]
Angela: Exactly. Exactly. So, yeah, we, and I think that's why in the end, what we ended up talking about was, um, a multilayered approach to this in that we have like plan A, B and C around account recovery.
[
00:10:39] And how are we going to ensure that our users can get back into their account? Um, cause like you say, if you know. We can't just reset the password because that compromises it. But we also, can't not let them get back into it. Cause that compromises too.
[
00:10:57]
Jonathan: Yeah, and it, it just brings up so many interesting problems in this space and it it's the, it's the intersection of sort of, of technology and security and, um, the users, um, you know, the ease, the ease of
[
00:11:10]
Angela: Exactly and that's yeah, that was what was frustrated with is I'm like, Oh, we are the ease of use.
[
00:11:19]
Jonathan: I do think though. I really do think that if you can somehow treat this as an opportunity to show our users why this is important, um, that will benefit them, not just for this product, but across all of like other,
[
00:11:36]
Jonathan: if they're reusing the same password, um, that's not great if they're also using pastors that are just easy to
[
00:11:43]
Jonathan: Yeah. That's and that that's that hints at this like weird problem in, in, in security, which is you want passwords that are very secure. but you also want them to be usable,
[
00:11:54]
Angela: but not too usable, but somebody could pick to guest them.
[
00:11:58]
Jonathan: Yeah. So it's, it's very, very tricky, but there are, there are tools that exist to help you with this. So we require everyone on our team to use a password manager. And so, um, like no one, no one on our team knows any of their passwords.
[
00:12:14]
Jonathan: It's, it's managed by a tool that generates this randomly long, like this random string. That's very long. It's very, very hard to guess. I have a high degree of confidence that, um, all my passwords are unique.
[
00:12:26] I don't even know what they are, and even if they were to, even if they were to, uh, find my password, you know, say, say my password for Facebook was compromised. Like somebody, all of Facebook's, um, the database and. Like let loose all of the passwords. And this has happened lots of times.
[
00:12:43] There's lots of examples of large sets of data being hacked. And you can go and look like, look up your passwords and see if they've been hacked. Um, but the only thing they'll be able to get into is that one account, they won't be able to then get into a bunch of what other things, um,
[
00:12:58]
Angela: you're not using the same password for
[
00:12:59]
Jonathan: not using the same password for everything.
[
00:13:01]
Angela: So the, um, I think the interesting part here though, is you guys are a sophisticated tech company.
[
00:13:15] Our users are not sophisticated tech company or sophisticated technology users and, um, almost most cases too. Right. And so that's where yes, that's where the turmoil was that you were seeing on my face in their meeting today is just really trying to figure out what's the best thing for our users and how to manage.
[
00:13:33]And I think the solution that we came up with is a tailored solution to the users that we have. If we had some very sophisticated users, we would probably suggest something like you just mentioned that you guys use for them. It's not going to be the case. It would be more of a sophisticated account recovery,
[
00:13:57]
Angela: but it can't be this time. Um, it'll work, it'll be secure, but it's tailored for our users to, yeah. And so, yeah, that was an interesting one though. Like I say, up to this point, we were. I think we've really, we've really like, kind of had like some bumps, but not, not too many bumps.
[
00:14:16] And I feel like this one was the first like bigger usability bump that we've had.
[
00:14:23]
Jonathan: I'm going to come back to the, like the education piece here. I actually think that if, if, uh, if someone is relying on password reset, um, That like, that's not good practice regardless. Like you shouldn't be doing that. So, so, you know, if you sign up for a thing and you're like, wow, just whatever, I'll just put in a password cause they make me, um, and I'll rely on password reset. Um,
[
00:14:46]Doing a way with it passwords is, is actually a pretty good sss arguably that's an interesting take on security is you just don't have passwords every time you want to log in. We just send you a special thing in your email because we trust that your email hasn't been compromised.
[
00:15:03] So we just send you a thing, an email, and you just click on the thing and it opens up and that's, that works for certain types of applications. It doesn't work for us because, because everything's encrypted and we can't send you that thing, because we can't get in.
[
00:15:15]
Angela: Yep. So you're, you're wondering, is this a really good education opportunity or an awareness opportunity for our users to say, Hey, what'd you call it? Password hygiene
[
00:15:28]
Jonathan: Yeah. Good password
[
00:15:30]
Angela: Yeah. Here's some ideas. So. Um, the only reason I hesitate and don't jump, I think that is, I just feel like, Oh my gosh, is it another thing that we're going to have to awareness, educate, et cetera, et cetera about, um, do we have the bandwidth to also do that
[
00:15:50]does it take a lot of bandwidth? I don't know, but I think when you're so heads down in a startup and then you realize your is bumping into something like this. And then someone like yourself is like, this is a great opportunity to teach them password hygiene. I just feel like, Oh my God, another thing really, um,
[
00:16:10] I'm just like, I feel like I've just fatigued a wee bit.
[
00:16:14]
Jonathan: that's fair. That's fair. And it's a funny, it's a funny piece though. Like it's different if it was, you know, if, if, if users were, you know, boy, I wish it did this feature. Right. And we can, we can kind of talk about how, um, okay. I mean, we don't really see the value in that, at least not right now, but this talking about access to the whole thing.
[
00:16:34]
Angela: Yeah, like this is integral
[
00:16:37] in into the application. Yeah, I know. Yeah.
[
00:16:44]
What Keeps You Up at Night?
Jonathan: what else keeps you up at night?
[
00:16:48]
Angela: You know, so this was a, um, somebody said to me the other day, when I was explaining to them what Clinnect was and what we were doing. And he says to me, he's like, Oh my gosh, all that patient data. Doesn't that keep you up at night? And do you know, because of that, what we were just talking about with the systems that we've put in the fact that no, you know, it's very hard to get into an account.
[
00:17:16] And even if you're just to get an account, you get into one account know, that's it like, because we've put up, we've done privacy by design. That actually does keep me up at night. What keeps me up at night now is like, We got to get more users.
[
00:17:36]
Angela: what's keeping me up at night right now. I'm like, we've got to get more users and we're at a weird, um, balancing point because we have specialists and we have primary care providers.
[
00:17:47] So we have two sets of users. One type of user wants more of the other type of user on before they jump on both ways.
[
00:17:58]
Angela: Chicken and egg. And so, so, you know, like, and I think that's why you just kind of use the double barrel approach and just kind of push both at the same time. And hopefully you get to that balancing point, but that's, what's keeping me up at night right now is everybody's just a little bit sitting back and waiting and I'm like, no, just do it.
[
00:18:25]
Jonathan: And it's, it's funny, like back, we talked about this eons to go, how there is this, it is kind of a marketplace. in that you've got specialists who need to receive referrals from a primary care providers and primary care providers who want to send a specialist and you're right. They both want more of the other because it becomes more valuable. If there was all the specialists on the system, then all
[
00:18:49]
Jonathan: providers would be like, Oh, sweet.
[
00:18:51]
Angela: And if all the primary care providers were using there'd be specialists, clamoring to get on.
[
00:18:57]
Jonathan: it does feel like a little bit more weighted towards one, like one way, like the primary care providers have no reason to sign on if there's no specialists. So, but the specialists can sign on, even if there are no primary care providers. Right.
[
00:19:16]
Angela: Correct, but what would be the value for them if there's no primary care providers
[
00:19:20]
Jonathan: No, I, yeah, I get that, but, but there's also no risk.
[
00:19:25]
Angela: Correct? The idea is to get all the specialists and all the primary care providers from our area on. And if we can do that, we can accomplish a couple of different things we can accomplish. Um, I mean, I think eyebrows would be raised in other areas to go, Whoa, what, what are they doing in Kamloops?
[
00:19:43] They have all the referrals going through one portal. It's all tracked. It's all secure. What an amazing, um, system that they have happening there. Um, what it also starts to do is you start allowing your specialists and your primary care providers to accurately track the referral management and numbers.
[
00:20:07] So we actually start to see, um, an really interesting thing happening with specialists. They're able to look at it and as a group go, Oh my gosh, the demand for our service is here and it's even broken down by these categories. And what that arms them with is really interesting data if they ever want to sit at tables.
[
00:20:29]Um, you know, when they're talking about, uh, additional resources for their hospital or additional resources for their area, and, and when you have, I have a whole geographic region on one system where they can start actually pulling accurate data from that becomes really, really interesting. So that's our focus right now.
[
00:20:49] Our focus is to get the users on from both sides specialists and primary care provider from our area on and, and really, um, you know, that's why we call Kamloops our beta community is because we've, we do truly want, um, that, and I think it would be powerful.
[
00:21:06]
Jonathan: Do you think that there's a feature that we could build that would entice the specialists? Even if there wasn't, there wasn't a primary care providers and possibly never going to be primary care providers
[
00:21:22]
Angela: I've never thought about a system that didn't have both.
[
00:21:25]
Jonathan: Well, I like the, what you just described, you know, being able to analyze some of that demand data. Um, and that's, I mean, that's kind of what you started doing in the way back in the beginning was looking at the demand
[
00:21:38]
Angela: we still, we still do like the consulting arm of central referral solutions. We'll actually do deep dives into your offices and EMR, and actually pull out that demand data. It's hard, it's expensive and it's labor intensive. Um, Clinnect is a product that was introduced that would help you do that a whole lot easier and a whole lot cheaper.
[
00:22:04]
Jonathan: Right, but it, but it relies on the data coming through from primary care providers. Could, could we build, is there something small that we could build that, that lets the specialists sort of retroactively start, like putting in some of this data, like, like it's not hard for them. Well, maybe, maybe it is, but, you know, could they take, could they take the referrals that they've had in the last month or quarter or whatever, and then just like, okay, I'm going to, I'm going to put these in and just see, you know, see where our demand is.
[
00:22:35] If that's, if that's valuable, then can we just, you know, type in all the referrals that came in and start to see some of that demand to data. And so use it as a bit of an, uh, a bit of an analytics tool, um, without, without actually getting any of the referrals coming through.
[
00:22:50]
Angela: so Jackie has kind of built that. she has built programs that do the analytics around. So what it involves is, is us going into each individual office. And there's a reason for that to like, to actually physically go in their space is to understand how do they receive referrals?
[
00:23:09] Like as soon as you get a referral, is it put into your EMR right away? Is it not. Yeah. Like how do you manage those? And, um, with that tailored and customized approach, then you get true demand data. We've gone the, I like the extra hundred steps to actually analyzing wait time data along with that. So it's not just referral and demand data.
[
00:23:35] It's wait time data. But this is when we also get back into what we've talked about in a previous episode around categories. There's no categorization right now.
[
00:23:45]
Angela: Remember these, all these, all these referrals come in with no standard categories. So we do that in on top of, so like the, the, the consulting that we do is highly tailored and highly customized.
[
00:23:59] Um, it comes at a price, but it is very much worth it. judging from the results that we've we've had with giving that data back to the users themselves. So we're armed, we're literally just arming them with their own data. Jackie has built that, that tool. I'm not sure that it would be valuable in a, in a, like a smaller tool or a paired down tool.
[
00:24:28]
Angela: I'm not sure how that would even look. And like I say, there's so many, so many things that we've learned through this, and this is why Clinnect came out of that. Mmm.
[
00:24:39] Starting this fall, we're going to do a big marketing push. Um, we, because we are focusing on the geographic area, we are literally going to go door knocking. Um, we're we have an intern that we've hired. Um, her whole job is, is to like, just go door knocking, have people understand what Clinnect is, why they want to sign up and then just literally help them sign up.
[
00:25:02] Just walk them through the process, which isn't a hard process, but it's, it's um, I think at first to get those numbers, so we talk about chicken and egg. We need one of those. We need the, we need one of those to tip. And I think to get us to the tipping point, we need to do a very tailored marketing approach where we go door to door
[
00:25:28]
Jonathan: When you say one of those, you mean that like the primary care providers
[
00:25:32]
Jonathan: I th but I think it's, I think it's gotta be the specialist. Like what, like, there's no reason for, uh, like there's no use to it. As a primary care, but there's no use to anyone if neither one neither side is on that, but there's less use for the primary care provider to sign up because they can't, they can't do anything.
[
00:25:50]
Angela: Correct. That being said, we already have one specialty on, so they are there and we do have two more specialties. Queued. If anybody knows anything about healthcare is that July and August are like classically slow down
[
00:26:09]
Jonathan: for everything like everyone's on vacation. No, one's responding to emails.
[
00:26:14]
Angela: So then we're battling that right now, too. So yeah, I think that's why that's keeping me up at night right now. Password resets and user numbers.
[
00:26:30] Thanks for listening to Fixing Faxes, building a digital health startup. I'm Angela Hapke. My cohost is Jonathan Bowers music by Andrew Codeman. Follow us on Twitter @fixingfaxes. You can find us wherever you like to listen to podcasts. And please do us a favor and tell a friend. Thanks for listening.
[
00:26:47]
Jonathan: It's it's almost as if you haven't, uh, been gone for three weeks, not practicing this.