About the Client

Global pharmaceutical company wanted to increase and automate
enrollment in its U.S. patient support program to better coordinate
patient care, disease management, and education.

Challenge

• Manual processes
• Low adoption
• Lack of encryption
• Security and compliance concerns
• No record keeping
• Procedural inflexibility

A global pharmaceutical company wanted to increase enrollment in
its U.S. patient support program. Once enrolled in the program,
patients are assigned case managers who help them navigate the
complex processes involved in receiving care, from understanding
available treatment options and clinical studies to obtaining services
and working with insurers.

Beyond supporting patients, the program also impacts company
revenue, as enrolled patients are more likely to adhere to their
treatment plans.

Despite the program’s benefits, enrollment was cumbersome and
relied on manual processes to keep patients’ personally identifiable
information (PII) secure at all times. Patients needed to download, print,
sign, and then either fax or mail their enrollment forms to the
program. Once received, their data was manually processed into a
protected system and confirmed over the phone before it was passed
to case managers.

While this paper-based approach offered more security than emailing,
the friction-filled process led to fewer enrollees. And since patient data
was not encrypted, it had to be anonymized during system transfers,
making it impossible to track patient communications.

The organization wanted to find a secure system to easily gather and
share enrollee data online, as well as track patients’ communication
preferences and any information sent to them. But according to a
director at the company, finding the right implementation partner was
a challenge

“I went to Dreamforce and spent four days trying to propose a solution
to different companies there. Nobody could deliver what we wanted,”
he said.

Strategy & Solution

• Custom-built, secure, and compliant consent webform
• End-to-end encryption of patient data
• Seamless integration between Sitecore and Salesforce Marketing Cloud
• Automated email notifications for patients and case managers

To address the company’s needs, Ciberspring built a custom solution
that seamlessly integrates Sitecore and Salesforce Marketing Cloud to enable end-to-end encryption of patient data and ensure HIPAA-
compliance.

Patients can now digitally provide consent to enroll in the support
program via a secure webform built in Sitecore. The data they share is
funneled into a secure channel, encrypted, and sent to Salesforce
Marketing Cloud for storage. From there, SFMC triggers an encrypted
email that gets routed to case managers from the company’s email
server.

The email contains a secure link to access patients’ decrypted data
via a secure browser, which case managers can view at their
convenience and easily share with the customer service team for
processing. The webform also enables patients to digitally opt out of
receiving communications from the company, which was unavailable
on the original form.

To address patient privacy, “the system is architected to be
extendable,” says Mike Hepworth, Ciberspring’s Salesforce Marketing
Cloud Practice Lead. “It includes several layers of identity checks to
ensure that only the right individuals are able to access patients’
information and the system could be further extended if needed for
protections.”

Securely stored in SFMC, the data can only be retrieved by people with
private keys that are matched against the SFMC database. Hepworth
says additional security features, like destroying messages after a
period of time, requiring checks on IP addresses, or only allowing those
with personal keys to access certain messages, can be added at any
point in the process.

Results

• Secure transmission of patient data
• Greater adoption
• Automated management Easier enrollment
• Faster processing Decreased costs
• More flexibility

Ciberspring’s solution was able to provide significant value to both the
company’s patients and case managers, with full encryption of patient
data from submission through to storage, keeping sensitive
information safe from cyberthreats.

The solution is highly customizable, and additional security features
can be layered in at each module to further verify a requestor’s
identity, offering even greater data protection.

With a custom integration between Sitecore and SFMC, the company
was able to decrease potential system costs. “We got the same
functionality with Salesforce Marketing Cloud this targeted approach
but at a lower cost and with less complexity than alternative systems,”
says the client director.

The convenient, frictionless webform continues to increase patient
sign-ups and offers a unified experience for enrollees, who can
complete the form right on the company’s website. The webform also
eliminated time the customer service team spent manually entering
patients’ information. Now, they can access this data in real time and
immediately follow-up with patients or make contact with doctors.

For case managers, automated emails triggered by SFMC when new
forms are submitted have enabled quicker processing and less lag
time in getting patients support. Case managers have instant access
to enrollees’ information via the encrypted portal, allowing them to
conveniently maintain patient records in one database—including
patients’ communication preferences—and track communications
they have received.

Ciberspring’s solution has allowed the company to increase revenue
and decreasing operating expenses and manual labor, all while solving
a critical security concern to protect patient data.