This Week Health

Don't forget to subscribe!

June 5, 2024: George Pappas, CEO, and Scott Mattila, CSO, from Intraprise Health delve into the intricacies of healthcare security. They explore how Intraprise Health aims to simplify and unify risk management for healthcare organizations. With a strong emphasis on automation and comprehensive service offerings, they tackle the pressing question: How can healthcare entities maintain high-level security amidst ever-evolving threats and budget constraints? The discussion also highlights the challenges faced by operational leaders in maintaining continuous security post-certification, and the critical need for a holistic approach to risk unification. Drex DeFord facilitates this insightful conversation, prompting reflection on how organizations can prioritize and manage diverse security needs effectively

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Welcome to This Week Health. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare, one connection at a time. Today , we have an interview in action

Special thanks to our sponsors, Quantum Health, Gordian, Dr. First, CDW, Gozeo Health, Artisite, and Zscaler. You can check them out on our website, thisweekhealth. com. Now, onto our interview

(Interview 1)  Hi, I'm Drex DeFord from This Week Health, and I'm here with our partner, Intraprise Health, and two of the company leaders, George Pappas and Scott Mattila.

Hey, welcome to the show, fellas.

Thanks, Drex. Great to be here.

I want to start with a little background. George, if you would introduce yourself and tell me, quickly about your background, and I want to hear from Scott, too. So we'll start with you, George.

Great. No, thanks, Drex. Yeah, I've been Intraprise software really my whole career.

Last decade in healthcare, I had about seven years with Dr. First. my primary role there was as Chief Operating Officer as we built out medication management, over a couple hundred partners. A lot of hospitals and medical practices. It's got a really good feel for, at a ground level, what are all these clients dealing with technologically every day.

And then, joined Intraprise Health just a couple years ago as CEO. Very pleased to

be here. Yeah, Scott. Drex, thank you. So I've been in healthcare for over 15 years. Started IT, went to audit, compliance and cyber security and, worked in a very dynamic set of different environments, from healthcare non profits to integrated delivery networks to executive consulting, And now on the services aspect, I've been with Intraprise Health just almost two years coming up this this September will be my anniversary and actually known Intraprise prior to my, my joining the team and our great relationship and, glad to be here with you today.

Yeah,

thanks. it's one of the things we've spent this isn't the first time we've met, but, we've spent a lot of time talking to each other. It's part of what I really like about the two of you is that you have real world ongoing, running gun battle challenges that you see every day the stuff that's happening healthcare.

And now you're leading Intraprise. George, tell me how this sort of came together and the vision for the company and all of that.

Yeah, it was really interesting. The company really started with the formation of two entities. The first one was Blueprint, and that company was actually the first high trust assessor in healthcare in 2011.

And in 2018, that entity joined with Intraprise Solutions, which had really an unbelievably strong software development team. And the vision, Drex, really was informed by the fact that. HITRUST has always been known as an extremely valuable security framework certification, but it's very rigorous, takes an awfully long time.

And we saw in our client base, I wasn't here at the time, so I really can't give you credit for it, but the company did this notion of here's this very high level certification, but it's not as accessible as it can be. How can we provide automation and services to bring that kind of rigor And a more accessible and easier to use forum for HIPAA, NIST, and all these other assessments out there, including HITRUST with automation and a combination of consultants and software at the same time.

That was really the founding vision of the company was to make the level of security that people can achieve easier because today it's still very hard.

And it's, I think, Even when you get those certifications are good at that moment in time when the certification is done, but the bad guys change, the environment changes software updates, all of that stuff goes on.

So it's the ongoing running, how do I make sure I continue to stay in that position, right? That's the hard part, Scott.

Yeah, that's the, an operational leader's biggest challenge. Is, okay, so this is just that one point in time, what do I do internally? That goes beyond that, right?

To be proactive instead of reactive. We've seen a lot of reaction given some of the threats and recent breaches and obviously constant increase that we're seeing year over year. But, from a pragmatic standpoint is how do I also get leadership adoption to get to that monitoring component to be in a more, secure position and unfortunately, you see a lot of organizations that are still struggling.

What does that look like? And being in that position previously it's an uphill lift. It's a journey that we all have to go through and we have to find, those partners that are going to go through it with us to essentially make us stronger, but it's all about learning and learning from the community that we work in it as well.

Healthcare is dynamic and unique to say the least, and, having a partner channel and network of individuals that you can trust and rely on and throw ideas off on is also another, component of building that and figuring out what's the right things to do.

It is an amazing kind of place to be right now.

One of the things in healthcare, we compete maybe on a lot of different things, but the one thing that we really don't compete on is security. You guys are working on a lot of hard problems. I know that in a few weeks we're gonna be doing a show with you, and during that program we'll really dig into the way the products and services work.

But Scott, in a nutshell you guys help execs build a unified view of organization risk. And help them figure out the transparency and the ownership assignments and the prioritization. Give me a little preview maybe of what we're going to talk about when we get together next.

Yeah, it's a new sense of terminology.

Unification of risk, what does that really mean? It's really bringing it all together. go through and let's go back many years, right? The whole integration and interoperability and standardization of nursing languages. That's now cyber. We have to really standardize and bring all that information together because just as much as a patient's, health information is important and seeing the holistic picture when they come in to be treated, so is risk.

Risk needs to be brought together, your vulnerabilities to your systems, to your third parties, so here at Intraprise Health with our Blueprint Protect platform that we have, it really brings in that holistic fashion to help security programs. and quickly, enable them to, correlate that information, to enable them to treat, identify, measure, the risks that they have from the various sources.

And, that continues to be the challenge again, and it's priorities too, right? And we help, through our platform and even through our services, is to give them the necessary guidance and support that really makes them more powerful. As opposed to just saying, here's a tool. Go figure it out, right?

That's what we've seen in the past and learning from those opportunities that I've seen, in my career and as well as my other operational leaders that report up to me that have been in the same space for many years it truly is, really bringing those components together.

You've got vulnerabilities that exist. You've got third party systems that are coming in. We evaluate the third party. Then you bring it into your ecosystem. It's operating, you've got vulnerabilities. Then who really owns it? And that's another component about unification of risk is transparency and ownership.

And that's one thing that we're really tackling each day and every day is to really let's get out of the momentum or the kind of the position of being reliant upon spreadsheets and these cumbersome platforms that take years. to really come to fruition and to adopt because, people become very frustrated.

And I think part of that is my informaticist background a little bit too, right? , it's about clinical workflow risk, it's cyber risk workflow.

it's exciting. So this whole idea of risk unification in the spirit of everything's connected to everything else you can't look at.

Things in just an individual lane and think that you're going to be able to deal with it like that. George, there's some pretty interesting use cases that we'll talk about in the next episode too, right? But the use cases are pretty easy to understand. Once I think people get their heads wrapped around it they can see why this turns out to be really important.

Yeah, and Drex, the other dynamic there is we recognize that a lot of our clients, they have a lot of budget challenges, right? And so essentially what they've done without having a picture said I want to put a lock in my front door. I want a smoke detector. I want a carbon monoxide detector, but is the whole house secure?

What about the floor window in the back? And that's where You know, what we're able to do is bring all these different assessments together, them in a way that lets that decision making group of the entity see it and say, ah, okay, I don't know, by the way, your chief medical officer hasn't let you shut down the MRI machine for two years and you're like three patch releases behind.

Oh. So that's where all these various pieces become very hard for a leadership team to prioritize and execute against. And with manual methods, sometimes they're not even covering many of these recipes because they just don't have the volume of time and energy to do it.

don't have them in one place.

And so it's really hard to see what the priorities are compared to each other. Exactly. Yeah. What makes Intraprise Health unique in the market?

Yeah, I would answer this one.

I'll let Scott correct me and give you the correct answer. Really it's a combination of a few things. The first is that. We have very deep experience in healthcare, all of us do, and you can't hope to help a client understand how to prioritize what they're doing if you don't understand healthcare operations, healthcare technology, and everything else.

The second thing is we do have a level of automation for assessments that people can't cover their full operation with, as well as risk management platforms for automation, the Unified Risk Manager and others, and third party. And the last thing is, We're a services and a product company, so we deliver a whole solution.

And the reason that's so critical is that a lot of our clients have trouble hiring people. So we can actually get it set up and running. They can run it themselves, we can run it for them, or hand them the platform they can run it themselves. But we recognize in the end, our clients want one party to be accountable to them.

We're that party and we'll help them get the job done.

Scott? Drex, thanks. And George stole my thunder on pretty much all of that. I talk to anybody that I work with, various executives and other CISOs and CIOs is, what really fundamentally sets us apart is our drive to make it better.

And the operational leadership team and the team that we have here really understands, if you look at some of the ratings that we've come out with and been, very pleasantly nominated, number two by Black Book and, with class and everything is, it's all about partnership, understanding and getting to know how their environment operates.

Everybody's unique. Everybody's different. There is no standard operating procedure here And our diverse experience really sets us apart. And then enabling it through our assessments and our platform, we're trying to tackle a very big hurdle that a lot of people are still struggling to get over.

And we're there, being that guiding light or hoping to be that guiding light for them. It's a truly wonderful company and team and just our, to Georgia's point, we are not just services. We are a product and services organization that really enables another company that , we may be working with to.

move further along down their path.

Yeah, I think the, experience and the perspective to me is a big part of that. And I think a lot of that leads to the empathy part of being able to see, From their seat, from their shoes, what they're up against makes a huge difference.

Yeah

We've both in software engineering been up all night doing a system test. We understand migration. Yeah. We see the Swiss cheese, right?

Yeah.

Cause it's everywhere in these older systems. That's what we help our clients with.

Exactly. George Scott, thanks for being on today. I appreciate it.

And we'll do this again in a longer form coming up pretty shortly. Thanks to everyone for listening and be sure to come back because we're gonna really dig in here in just a few weeks.

And Drex, we're really pleased to be a part of the 229 Cybersecurity and Risk Group, we really appreciate the way we're having quality collaborative conversations across, all different participants.

It's really important that we can work together to find the right way to crack these problems open.

I couldn't agree more. The challenges that we face today, we don't have to face alone. And I think. not just across security professionals, but the reality that the community as we continue to grow the 229 community becomes a lot of folks who are not technically security professionals, but they're just as involved every day in making the organization secure and safe and doing the right thing for patients and families.

So thanks for being a part of it too. I really do appreciate it. A

pleasure.

Thank you, Drex. Appreciate it.

Thank you.

Thank you.

  Thanks

for listening to this Interview in Action episode. If you found value in this, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that would be great, and we want to give a big thanks to our partners who make this possible.

Quantum Health, Gordian, Dr. First, CDW, Gozio Health, Artisite, and Zscaler. You can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That's all for now.

Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 268
Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved