Howdy Logo
Howdy Expert

By Frank Licea

CTO & Co-Founder

Frank Licea is the CTO & Co-Founder of Howdy.com, a groundbreaking platform revolutionizing outsourcing for US companies, backed by Y Combinator (W21), Greycroft, and Obvious. Fueled by frustration with the traditional outsourcing model, Frank and his co-founder sought to transform the industry. They secured significant investment from YCombinator, aiming to offer competitive salaries, insurance benefits, and a genuine full-time experience for remote professionals.

Howdy.com integrates remote software experts into teams, bridging Silicon Valley and Latin American talent. Frank’s visionary leadership, backed by 18 years of experience, continues to reshape the outsourcing landscape, allowing companies to access top talent seamlessly.

Content

    You can learn a lot from scaling your company with global talent, but cross-border growth comes with unique challenges for medtech companies.

  1. Security and Accountability
  2. HIPAA & International Teams

    Nearshoring can be a tremendous efficiency gain for medtech companies, but all team members must be held to the same standards, trained on best practices, and be made aware of the regulations that the company must operate within.

    Having a management structure in place helps create a chain of accountability that prioritizes data security and communication. Partnering with a nearshoring firm like Howdy gives your US-based team access to nearshore offices staffed with managers who act as additional compliance officers and HR trainers, ensuring that your remote team is always meeting the most stringent HIPAA and data security regulations.

    There are three fundamental layers of safeguards to establish and maintain HIPAA compliance: administrative, technical, and physical.

    Administrative safeguards include initial and updated staff training, risk assessment plans, and action plans in the event of a data breach.

    Technical safeguards incorporate software-based security measures such as data encryption, monitoring systems, and e-audits of databases.

    Physical safeguards are just what they sound like, such as keeping protected health information (PHI) behind locked doors under CCTV surveillance or with security guards.

    [@portabletext/react] Unknown block type "customImage", specify a component for it in the `components.types` prop
  3. Data Localization and Remote Access
  4. Implementing controls that prevent PHI from being transferred outside authorized systems is more than just providing users with the best experience when interacting with your software — it’s also the right thing to do. Even though HIPAA sets clear guidelines on data handling, international data transfers can be subject to additional layers of regulation. If a company deals with (or is planning on dealing with) EU-based patients, GDPR compliance would also apply.

    However, there is still some uncertainty in the medtech industry about how offshore data breaches would be legally handled, as the Office for Civil Rights’ handling of HIPAA violations for offshore entities has not been extensively tested.

    [@portabletext/react] Unknown block type "customImage", specify a component for it in the `components.types` prop
  5. Tools & Roles to Consider
  6. Keeping patient PHI should be a top priority for everyone in medtech, but there are a handful of roles that are integral to maintaining data security. Here’s a short list of some of those roles, as well as their expected responsibilities.

    DevOps Engineer

    • Design and maintain infrastructure and ensure sensitive health data is stored and processed securely
    • Set up and maintain secure data pipelines
    • Implement monitoring and auditing tools to ensure secure remote team access

    Data Security Engineer

    • Ensure that all data handled by offshore teams is encrypted and protected to standards
    • Establish and monitor data loss prevention (DLP) systems
    • Implement role-based access control to ensure least-privilege access

    Network Architect

    • Design and implement secure network architecture to allow VPNs or other secure connections
    • Ensure offshore team members use secure endpoint devices to access healthcare data
    • Set up and maintain firewalls and network segmentation to prevent unauthorized access

    Cloud Security Architect

    • Ensure all cloud infrastructure used for healthcare data storage and processing is compliant and secure
    • Build and maintain secure, scalable cloud environments that offshore teams can access without risking data breaches
    • Oversee the implementation of encryption standards and secure storage solutions
    [@portabletext/react] Unknown block type "customImage", specify a component for it in the `components.types` prop

    As nearshoring tech-based jobs surges in popularity, US-based medtech companies in particular must be meticulous about vetting and onboarding the right candidates. In addition to ensuring that their team receives up-to-date compliance training, these companies need a team of architects and engineers to establish and maintain the rigorous safety protocols designed to keep PHI secure.

    Breaches in security are more frequently the result of issues with the support systems or resources in place than with the remote workers themselves. US companies subject to HIPAA requirements can absolutely employ international developers on their teams safely and securely — but there must be a well-structured architecture of training, safeguards, and accountability in place.

Building MedTech Teams Without Borders

At the intersection of medtech and nearshoring lies an incredible opportunity for US companies looking to grow while keeping protected health information secure.

Updated on: Nov 22, 2024
Published on: Oct 18, 2024

Share on LinkedInShare on TwitterShare on Facebook
Building MedTech Teams Without Borders featured image

You can learn a lot from scaling your company with global talent, but cross-border growth comes with unique challenges for medtech companies.

Security and Accountability

HIPAA & International Teams

Nearshoring can be a tremendous efficiency gain for medtech companies, but all team members must be held to the same standards, trained on best practices, and be made aware of the regulations that the company must operate within.

Having a management structure in place helps create a chain of accountability that prioritizes data security and communication. Partnering with a nearshoring firm like Howdy gives your US-based team access to nearshore offices staffed with managers who act as additional compliance officers and HR trainers, ensuring that your remote team is always meeting the most stringent HIPAA and data security regulations.

There are three fundamental layers of safeguards to establish and maintain HIPAA compliance: administrative, technical, and physical.

Administrative safeguards include initial and updated staff training, risk assessment plans, and action plans in the event of a data breach.

Technical safeguards incorporate software-based security measures such as data encryption, monitoring systems, and e-audits of databases.

Physical safeguards are just what they sound like, such as keeping protected health information (PHI) behind locked doors under CCTV surveillance or with security guards.

Data Localization and Remote Access

Implementing controls that prevent PHI from being transferred outside authorized systems is more than just providing users with the best experience when interacting with your software — it’s also the right thing to do. Even though HIPAA sets clear guidelines on data handling, international data transfers can be subject to additional layers of regulation. If a company deals with (or is planning on dealing with) EU-based patients, GDPR compliance would also apply.

However, there is still some uncertainty in the medtech industry about how offshore data breaches would be legally handled, as the Office for Civil Rights’ handling of HIPAA violations for offshore entities has not been extensively tested.

Tools & Roles to Consider

Keeping patient PHI should be a top priority for everyone in medtech, but there are a handful of roles that are integral to maintaining data security. Here’s a short list of some of those roles, as well as their expected responsibilities.

DevOps Engineer

  • Design and maintain infrastructure and ensure sensitive health data is stored and processed securely
  • Set up and maintain secure data pipelines
  • Implement monitoring and auditing tools to ensure secure remote team access

Data Security Engineer

  • Ensure that all data handled by offshore teams is encrypted and protected to standards
  • Establish and monitor data loss prevention (DLP) systems
  • Implement role-based access control to ensure least-privilege access

Network Architect

  • Design and implement secure network architecture to allow VPNs or other secure connections
  • Ensure offshore team members use secure endpoint devices to access healthcare data
  • Set up and maintain firewalls and network segmentation to prevent unauthorized access

Cloud Security Architect

  • Ensure all cloud infrastructure used for healthcare data storage and processing is compliant and secure
  • Build and maintain secure, scalable cloud environments that offshore teams can access without risking data breaches
  • Oversee the implementation of encryption standards and secure storage solutions

As nearshoring tech-based jobs surges in popularity, US-based medtech companies in particular must be meticulous about vetting and onboarding the right candidates. In addition to ensuring that their team receives up-to-date compliance training, these companies need a team of architects and engineers to establish and maintain the rigorous safety protocols designed to keep PHI secure.

Breaches in security are more frequently the result of issues with the support systems or resources in place than with the remote workers themselves. US companies subject to HIPAA requirements can absolutely employ international developers on their teams safely and securely — but there must be a well-structured architecture of training, safeguards, and accountability in place.

What to read next