Last Friday was one of those low points as an entrepreneur.
I was on a trip to Mississippi to meet up with 8 of my friends from college. I’ve been dealing with feelings of stress and burnout lately. At Krit we’re both extremely busy and unsure of where our next project is going to come from.
As the plane lands on our first leg I switch my phone off of airplane mode. I was immediately hit with a flood of messages from a client. I read the first message and my stomach dropped…
“All patients can see other patients texts today. Huge problem. HIPAA violation.”
For those who don’t know, HIPAA is the incredibly strict set of privacy laws governing US health data. Violations can carry fines in the millions. One of our clients runs a HIPAA compliant software company and we’d just had a breach. It was entirely our fault.
This is when entrepreneurship is the hardest. Our team had been working our asses off on the product and we’d finally been getting rid of the bugs and seeing growth. Only for this to happen.
I went into full stress mode. I was stuck in the Atlanta airport with only my phone and no computer. I called my partner first. Then I called our lawyer to find out how bad this might be, and what we needed to do.
Ultimately, our team banded together. Thanks to the incredible hard work of my two partners we replicated the issue and had it fixed in under 24 hours. We took the system down, so only one patient experienced the breach. Only a small handful of other patients’ data was affected, and the data was mostly harmless. I was even able to enjoy the rest of my weekend off (eventually).
We still don’t know exactly what will happen next, but we’ve reported the incident and done everything the right way to handle it. Chances are we’ll get hit with a small fine or requirements to tighten security. It’s possible, but unlikely, we get hit with a big fine that could kill our small company.
I share this story because it’s so important to share the bad times along with the good. If you mess up today, at least know you’re not alone. And be thankful you didn’t cause a potential HIPAA violation like I did.
It’s often in the worst moments that we get the most clarity. I realized a couple of important places where I had failed during this time:
- I hadn’t pushed the client for the time we needed to make updates to the platform out of fear of upsetting them. As a result we crammed the work in on top of other work, and this mistake wasn’t caught. That’s on me.
- To make matters worse, I had snapped at my team a couple of times about all of the bugs in the product. During my next flight I read an important chapter from Rand Fishkin’s book Lost and Founder. Rand talks about the importance that Google found in creating psychological safety on teams. This, more than IQ or any other factor, determines the success of teams. By snapping at mine, I had done the opposite. Also on me.
Moving forward I’m going to work to set clearer boundaries and expectations with our client and be sure we have the resources we need to do the job the right way. Otherwise, it just isn’t worth doing.
And I’m going to work even harder to create a safe environment for myself and my team to make mistakes, indentify them, fix them and get better. To any of my team reading this, I’m so thankful to work with all of you. You make the hard times worth it.
Cheers from Charleston ✌️
P.S. Thank you to everyone who filled out last week’s survey! You rock. There’s a link below to fill it out if you haven’t had a chance yet. It takes 5 minutes, please consider filling it out. I want to learn more about you. ❤️