This Week Health

Don't forget to subscribe!

March 25, 2024: Drex DeFord, President, 229 Cyber/Risk Community at This Week Health joins Bill for the news. Does the integration of AI devalue the nursing profession, or does it offer a pathway to enhance the care they provide by offloading mundane tasks? Furthermore, we explore the accountability quandary posed by AI's increasing involvement in patient care. Who bears the responsibility when AI fails to catch a critical health issue? This episode also takes a deep dive into the recent cybersecurity breach at Change Healthcare, shedding light on its far-reaching implications for the healthcare industry. How prepared are healthcare organizations to handle such disruptions, and what can be done to bolster their resilience against future threats?

Key Points:

  • AI in Nursing Roles
  • Accountability and AI
  • Change Healthcare Ransomware Attack
  • The Role of the CIO in Cybersecurity

News articles:

This Week Health Subscribe

This Week Health Twitter

This Week Health Linkedin

Alex’s Lemonade Stand: Foundation for Childhood Cancer Donate

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on Newsday.

It's incredible to me how fast this has happened and how fast, I mean, in a year, we're going to look back at this conversation and say like, well, it's like, It's just changed. β€Š πŸ“ πŸ“ My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health. where we are dedicated to transforming healthcare, one connection at a time. Newstay discusses the breaking news in healthcare with industry experts and πŸ“ we want to give a big thanks to our Newstay partners, ClearSense, HealthLink Advisors, Order, SureTest, and TauCite.

Now, let's jump right in.

it's Newsday and today it is Drex and I are going to talk about the news. Drex, welcome back. you. I've had people essentially send me little notes of concern about my background.

My office is actually almost redone from the flood. And people have said, you look like you're recording a hostage video. There's nothing but a blank background behind you. You should hold up a newspaper. I've gotten all sorts of just wisecrack kind of comments that it is a very indistinct, nondescript background.

And yeah,

I am waiting for you to hold up the little, like the newspaper or the thing you get when you're arrested. Not that I've ever been, but, the little thing that you hold up there and has your number on it could be any day. I'm just waiting for that to pop up at the bottom, well, I

don't want to start rumors. I have been arrested once, and I will tell that story another time because it is a funny story. But anyway let's get to the news. We have to talk about change and we'll talk about HIMSS I wanna start with this Nvidia story.

So, NVIDIA's having their conference and Gizmoto has an article and I had to reshare it on LinkedIn just because the headline was such a grabber. It's like Nvidia wants to replace nurses with AI for $9 an hour. Yeah, and I posted out here. I've gotten some really good comments out on LinkedIn on this Taryn Shipley says this is already happening to a certain extent people are using LLMs, ChatGPT and other things She has three questions, does this devalue the role of nurses?

Who is held accountable when something serious is missed? And there's so much potential for AI to streamline administrative tasks in healthcare. Are we pushing AI in the wrong places by using it in the higher stakes area? Patient facing versus use case first. And those three questions were so good. I thought, that'll form the basis for our conversation.

What are your thoughts? Does this devalue the role of the nurse at all? I, so I, there's a part of me that thinks like, I don't know that it devalues the role of the nurse. I think that if this kind of stuff is used in the right way, it might take some of the more mundane, more boring, more routine things off their plate so they can focus on the stuff they need to focus on, The world continues to change and there aren't enough nurses and it doesn't look like there's going to be enough nurses for some period of time.

So we got to, this whole embrace AI, embrace the automation to help extend their capabilities is going to be

really important. This headline does not help CIOs everywhere, especially healthcare CIOs, as they're trying to go, Hey, look, there's a nurse shortage. There's a lot of low level tasks that you don't want to do.

I mean, we're doing our best to position this well, and then you have this kind of headline in which case, it's just like, what's going on, but, Drex, to be fair, this is happening in every role. Across our economy, people are asking this question. It's like, Hey, what part of my job can AI do?

And to a certain extent, there's an excitement to it of, Oh, great. I don't have to do that anymore. And to the other extent, it's like, Hey, wait, that was 20 percent of my job. What, do I still have the same value as a human that I used to have, if 20 percent of my job can now be done by a computer and hasn't this kind of conversation been going on for the last, you 40 years?

30

guy who makes horseshoes, right? I mean, there used to be a lot of them and now there's a lot fewer of them. They had to get, retrained and reskilled and figure out how to work on cars. I mean, I think that this list of stuff is endless and has been going on forever. And I think this idea of AI, like you said, in every industry, even in cybersecurity, there's a lot of conversations and a lot of products now that are being built.

That specifically allow early stage SOC analysts to, because they have an AI working partner, to act much more like a more mature SOC analyst, because there are things that the AI can be programmed and tuned to do. that makes them up skilled. They can do harder, more complicated work, not just the mundane stuff.

And the AI does it more consistently and better, maybe, than the human does. Well, and

that's sort of the point, right? So my investment platform has started to utilize AI. And essentially, you tell it about you. And then it says, well, it seems like you want a balanced portfolio and these kinds of things.

And then, the thing is finance, and I'd be the first to say this, because healthcare CIOs take a lot of flack. They're like, hey, we could do this in finance. Finance is a lot easier. A lot of, discrete data sets and the market moves. And we just have a ton of discrete data that we can slice and dice in a million different ways.

Well It's good quality data, and in those environments we're seeing, hey, when you have good quality data, discrete data elements. You plug that in with the natural language front end of saying, Hey, Bill, tell me about you. I tell you about me. And then it then can pour over that information as good, if not better than any analyst who's going to come back to me and say, Bill, this is where I think you should invest.

and so these online platforms are, that's becoming a distinction of. I use Schwab. So, yeah, another piece of information , for the hackers to go after me. But essentially, their whole claim to fame is, Hey, you don't have to go to Edward Jones. You don't have to go to, these, face to face brokers, because quite frankly, we could do the same thing on an online platform and, the reality is that's a good example of.

There are still going to be a lot of people that are like, look, I want the person sitting across from me and I want to have the discussion.

There's a trust issue. I still want that. And a lot of it too, is like how complicated are some of these things in your life? Obviously, if Medically, you're having some really serious challenges.

That's why you call and they say, if this is an emergency, hang up and dial 911. Like, you need real people to intervene on your behalf. That's not something you're going to take to the AI. And like, just like financially, if you don't have a really complicated financial situation, you're not trying to figure out how to build tax shelters and all those kinds of things, the AI might be able to do Everything you need and that would be great because that means that somebody else you don't have to pay to get good advice

So Taron asks the million dollar question, which is who is held accountable when something serious is missed or something goes wrong Right.

So we talk about the portfolio thing what happens if it like misunderstands what I said to it and it gives me this hyper aggressive portfolio I invest and lose a ton of money. Am I accountable or is, and healthcare is even, more, obviously we're talking about lives here. It's more sensitive to this kind of stuff.

Like people could get hurt and that kind of stuff. Who is held accountable? Is it the AI platform? Is it, The doctor or nurse, is it the health system? I mean, who's accountable?

I, it's, I mean, it's interesting, right? Because for years and years, we have done this. It always comes back to lawyers.

There's probably some kind of a. 180 page thing that you click agree to makes that all very clear, even though you didn't read it. And what are the responsibilities that fall to you versus the responsibilities that fall to the health system. You use these systems at your own risk.

You're checked multiple times in there. You agree to the advice that's being given. I can't imagine that there's not going to be lawyers involved in all of this and they're not going to do a lot of work to make sure that their health system clients are not the ones that are at fault if something goes wrong.

That doesn't mean the publicity, the other things that will come with a problem that happens, even if they're not found at fault, still can do a lot of reputational damage. So I think you have to be thoughtful as you go through that kind of a process of what do you use and what do you put on your, web page and, what do you give your patients or direct your patients to access?

Yeah, this will be interesting. First of all this represents a cultural change. And not just within healthcare, it represents cultural change that's impacting every area of our lives. So, this will take on many different facets. You will have people pushing back significantly. You will have government regulation.

You will have campaigns talking about this and potentially a populist saying, Hey, I'm going to protect your job from AI and that kind of stuff. We know historically that those kinds of promises are pipe dreams. But they just, they make us feel so good. It's

amazing how fast this has gone. I mean, if you think about conversations we were having a year ago, we were just barely talking about AI and there weren't a lot of good examples of how these tools existed or what they could be used for or what people were thinking about them.

And a year later, it's like there's generative AI and, LLMs that are built into everything that we already use. Like, we don't have to go out and build these things. If you open up any application on your machine or any application in your health system, there's some AI capability that now is built in and is helping, not to use the Microsoft term, but helping to co pilot you through that whole piece of work that you're doing and giving you advice and guidance and drafts and, other things.

It's incredible to me how fast this has happened and how fast, I mean, in a year, we're going to look back at this conversation and say like, well, it's like, It's just changed. You

are absolutely right. It's showing up in every one of my applications now. Of course, I use a lot of web based applications, and it's just showing up.

It's just like, Hey, would you like it? Yeah, tell AI, would you like to do?

β€Š πŸ“ πŸ“ β€Š In the ever evolving world of health IT, staying updated isn't just an option. It's essential. Welcome to This Week Health, your daily dose of news, podcasts, and expert commentary.

Designed specifically for healthcare professionals like yourself. Discover the future of health IT news with This Week Health. Our new news aggregation process brings you the most relevant, hand picked stories from the world of health IT. Curated by experts, summarized for clarity, and delivered directly to you.

No more sifting through irrelevant news, just pure, focused content to keep you informed and ahead. Don't be left behind. Start your day with insight at the intersection of technology and healthcare. This Week Health. Where information inspires innovation. πŸ“ β€ŠIncrease

β€Š

Drex, we have to talk about change healthcare. I saw a great graphic of I think Chillimark Research did a post on what they saw at HIMSS. And they had a person standing on stage, and they had a ghost behind them. With change across the, the ghost's chest.

It's like, Change Healthcare, that event was the ghost at both Vive and HIMSS. I think the article I'm going to reference, and I think it's really well done article, it's Becker's, The Change Healthcare Cyberattack, a timeline. Okay, so this one, it starts on February 21st, OptumReports, Enterprise wide connectivity issues.

22nd United Health Group suspects nation state attack, and then it goes on from there until, and we now know major ransomware attack, Black Cat, and other things. And it's all highlighted in here, this timeline. I went through it on Tuesday on the Today Show from last week. So if people want to listen to that, and I go through this in detail.

This is still going on, isn't it? This is not they've restored some things, but this is still an active situation. Yeah,

and I think it'll, it will probably go on for a while. When you have a big cyber event like this, it sometimes takes months to fully recover. And for me personally, in the sort of the weird way the universe works, taking this role at This Week Health leading cyber and risk, the timing was almost like, eerily perfect.

I showed up, I was here for a week, and then I started getting these text messages that day. My signal chats started blowing up. People were like, there's something weird happening we're disconnecting. And then you go to Vive and, as we sort of talked about, Vive, it was AI and it was cybersecurity and cybersecurity specifically around change.

People that we wanted to talk to and people that we were in meetings with had to step out of meetings and go take phone calls back home because of stuff that was happening. And the same thing, maybe to a slightly lesser extent, a couple of weeks later at HIMSS, If there was a topic that was talked about more than AI, it probably was change and the issues that were going on there and it's still today.

I mean, even as I'm talking to CIOs and CISOs across the country very often, the first thing that comes up is that we're still struggling with the change in a bit. We're still struggling with new contracts that we're putting in place to improve. bridge us until change is back up and running.

There's just a ton of distraction besides the cyber event, besides the transitions that people have had to go through to continue to be able to make claims and check eligibility and all the other stuff. There's just the general distraction that's come with this problem. I'm

going to put you on the hot seat in a couple of minutes, but I want to point out something from this article, which is just one of those things that just makes your.

Fitch and Moody's credit agency essentially said the incident carries legal and reputational risk for UnitedHealth Group, but will not affect its credit rating. Okay, then you go up a little bit and Fitch Ratings said the attack could negatively affect the credit profiles of smaller healthcare providers, pharmacies, and other companies that rely on change services. Higher rated companies are assumed to have flexibility to withstand these kinds of disruptions.

And it's, I find it hard to believe because, the last post in here says, United Health Group has advanced more than 2 billion to providers and is launching software for medical claims preparation, etc. in this thing. But that's a interesting case. We've been unable over the years to have those contracts signed.

Like we forward these contracts to our partners that says, no, you're at risk and we can come after you for damages and all this other stuff. And they invariably get, their lawyers push back, our lawyers push back, and we're like, well look, we're ChangeHealth, they're the biggest player in the world, we'll go with your contract changes or we'll be more lenient and that kind of stuff.

And so they lose all their teeth in that thing. But still, they can really dramatically impact the financial standing and stability of a health system because they shut down major parts of the process.

Yeah, monopoly might be too strong of a term but there were clearly only a few people that really understood the effect that change going down could have on the entire healthcare ecosystem.

And that just wasn't accounted for in all of the disaster recovery business continuity for the most part. in health systems across the country and so to go down and to stay down for a long period of time created a really bad situation for a lot of smaller health systems or a lot of physicians offices or pharmacies or right on down the line who aren't operating with a big war chest, right?

They're not operating with 260 days cash on hand. They can't survive. Sometimes they're just swinging from one payroll period to the next payroll period. And so, you saw stories about small physician practices where the physicians were, Putting a mortgage on their house to be able to get their hands on cash to be able to make payroll for their staff.

Actually, I mean, terrible, scary stories. If there's any question about how fragile our healthcare ecosystem is in this country, This was the perfect example of like one right domino got knocked over to really expose the seedy underbelly of the entire industry and how weak we

really are. So now you're on the spot and you gave me the metaphor, which is the domino.

So one domino got knocked over. What other dominoes should we be worried about?

I think that's a really great question and I wish I knew the answer to that. I think there's probably a lot of soul searching right now as folks are going through their inventory of third parties and agreements that they have and thinking about if we couldn't do this with this third party, what would be the effect on our organization?

And that really is that. Disaster recovery, business continuity conversation, especially the business continuity conversation. You got to look at every one of those systems, including all the third party stuff. And that includes not just systems, right? But one of the big things we did at One of My Health Systems was we made a concerted effort to get out of the hospital supply warehouse business.

And we converted a lot of that to just in time deliveries. I'm not going to keep 60 days of this particular kind of material on hand in the warehouse. And as a result, we were able to shrink warehouse space and there were less expired supplies to get busted for during the joint commission inspections and all those kinds of things.

But that's another supply chain. challenge. It's another third party challenge that you have to explore and say, am I willing to take this risk? If this supplier is, maybe they're hit by a cyber event or a tornado and they're not able to deliver within two days, what's my backup plan? Do I have a backup plan?

How are we going to handle this? And that's a lot of the work I think that health systems have to go through to figure out how are they going to stay in business when things go south? with a supplier. That could be an electronic system person, organization, or it could be any number of other things.

Yeah, so what every CIO in the country should be doing, if it has not already been done, and even if it's already been done, they should be updating it, is, the risk assessment document.

I can't remember what we called it. Anyway and I brought this methodology with me from the world of finance, cause it's where I spent a bunch of time. and I was a part of doing some of this stuff at MasterCard and they had every application and they had a data supply chain, they saw where the data was coming from for all the different things, they had a process or workflow supply chain where they said this process and this workflow feeds this one and whatever.

And then they had the application. And they looked at them all through those different lenses so that they could see, all right, if this flow of data stops, this is going to break these processes downstream. And so they not only looked at applications, which I think a lot of health systems do, but they also looked at the data.

They also looked at the process and the workflow. And if you don't have that done, you should, Do that immediately, I think it will be eye opening. It's one of the first things I do when I go in as a CIO. It's one of the first things I did at St. Joe's, was to do that analysis. and it was interesting, because I know how systems don't do it, because when we started doing it the staff were looking at me like I was insane.

Like, what do you mean breaking down the applications by process and workflow? They're like, you know how hard that is? I'm like, yeah, I do. I understand how hard it is. And do you understand how important it is? And this is the reason it's so important. But once you do all those things, then you can truly identify the risk.

It's like, all right, if that third party feeds this feeds all the rest of this. That becomes a mission critical system and we need to understand it better. And I think having that lens. It just gives you a better framework for discussion about risk with your executives. And

where you need, a second supplier or at least a second supplier on standby.

At least you've identified. a potential second supplier, right? I think that was all part of this too. We've also made over the last couple of years, last few years, a big transition in healthcare from running things on prem to running things in the cloud. And in the cloud is also a really interesting conversation because running something in the cloud, and we say it, doesn't mean the same thing as when you're talking to, AWS or Azure or Google Cloud people.

When we say it, we're normally talking about we, we've moved this to a third party partner who now provides us a web based solution to this application that we used to run in our data center. All of those situations create another supplier that's running that stuff somewhere else in another cloud that I don't have insight to, that when there's a particular vulnerability in a piece of software or there's a breach we've seen it, sort of time and again where Khronos and others That system went down and it took down a multitude of health systems who never considered that to be, hey, part of the reason that we went to the cloud version of this, part of the reason we went to the third party version of this is that we thought it would be more secure and more stable than it would be running in our data center.

Again, that requires a lot of conversations with all those third parties to understand how they run things, how they do security, how they do backups, how they make sure that they have business continuity. Because when one of those parties goes down, it's not just one health system that goes down, as we saw with change, it's multitudes.

of health systems that can go offline and be offline for a long period of time. You don't think about timekeeping being like, oh, this is a thing that's gonna break our back, but it is. And you don't think about necessarily things like, of course, filing claims, but sometimes Even products like Change the folks in the information services department are probably not the people who made that contract, they're probably not the people who were like the core critical they built the EDI exchanges and the other things that made it work, but it was probably somebody in RevCycle or other places that helped put these contracts into place.

The point being. When we talk about business continuity, it is not the responsibility of the CIO. It's not the responsibility of the people in information services. It's the business operators who use these systems, the clinical operators, the research operators. They have to understand they have to understand the systems that they use and why they're critically important to their processes and what processes break when those things don't work when those systems don't work.

And that's, I think, still a hard transition for us in healthcare to wrap our heads around.

it's interesting. I think of all the years we've done it, I've not disagreed with you much, but that's the statement of this is not the role of the CIO. I couldn't disagree with more. Like it's just, I agree with you that the business has to understand, what are we going to do in the case of a situation of that kind of stuff, but they do not have the wherewithal to understand the flow of data, the contractual, this is why you have a CIO John Halamka in the last interview I did with him said he famously early on said the role of CIO has changed totally and we.

have that clip. The last time he was on the show, he said the role of the CIO is gone. It's done. It's over. It's not needed anymore. And I was like, whoa, like, oh, slow down. But the reality is it's bifurcating at this point. You have the innovation side and you have the operational side. And my comment to him was like, who's going to do this?

Who's going to do this? Who's going to do this? And he's sort of relented and he says, yeah, all those things still need to be done. And part of that is the continuity. It's the keeping the systems running and making sure that you have good cyber security practices in place and all those things.

And I understand that cyber security is the, role of everybody in the health system but, putting those tools in place, putting those mechanisms in place, the responses in place but sort of what you said is saying we don't need a fire department because it's everybody's job to put out a fire.

But we still need a fire department.

Yeah, I don't know if I agree with you on that. I mean, yes, I agree with you on the fire department part. what I mean is that, When business or clinical or research leaders essentially abdicate their responsibility for business continuity and they look at the CIO and they say it's your job to make sure that you know everything about our business, So that if something breaks, your job is to help us get back up and running.

I think that's a bad situation for health systems because it's a misplaced responsibility. I would say that I think business and clinical and research operators should strap on the reality that they live in today, the additional responsibility, that they are information people now. that their business doesn't work without the flow of information through their operations, and they have a responsibility to know and understand what those information flows are and what systems are involved in those, and they have a responsibility to understand what breaks when those information flows are fractured.

And what their plan is to continue business or clinical or research operations when that happens. That really is their responsibility for running those parts of the business to make sure that they understand how they can keep taking care of patients and

families. I'm trying to figure out how I feel about that.

It's interesting. Because I think if I go down that path I get firmly in John Halamka's statement and saying, yep, the role of the CIO has changed, or the role of the CIO has become irrelevant.

The role absolutely has changed. No, it becomes irrelevant. And I don't know, it's become irrelevant.

I think there's keeping the trains running on time. There's still that chief technology officer part of the business that I think is incredibly important because it's CTOs, CSO, all of that. By the way, he did

say you still need a CTO. He just said he didn't think you needed a CIO anymore.

So I think this is where you see health systems break into these different ideas.

If there's a Chief Information Officer, in some places there's a CIDO, Chief Information and Digital Officer. Some places These are separate people because one is really more tasked with keeping the trains running and the other one is more tasked on thinking about the future delivery of care and that kind of work.

And then you have innovation offices officers. And when you've seen one of those, you've seen one of those. So there's a lot of, Depending on the health system, the culture, and the thinking, what are the

responsibilities of these folks? For those of you who enjoyed this conversation, it will be continued.

I'm sure.

This was Newsday. This

is Newsday. And we got to two things. We got to change healthcare and we obviously the, replacing nurses with with AI is an interesting discussion. 30 seconds or less. Comments on HIMSS?

Maybe smaller than I expected the floor had open space that I didn't necessarily expect this year.

Some benches and some other things in places that were nice and welcome for people who wanted to sit down, but I think Still a very vital conference. I mean, from the perspective of a lot of people there, a lot of partners there, there were a lot of great conversations that happened and good presentations.

And so, I think if there's some rumors of HIMSS demise, I think there, I don't believe it. I think HIMSS is going to be around for a while.

And that's my two cents on it, I think. Yes, smaller. I actually really welcome that it was smaller. Actually, yeah. But, smaller meaning, for me, more manageable.

Like I could get from one end to the other. I didn't feel like I missed anything. the pre conference stuff I thought was best day. I mean, it was a great interaction with other healthcare leaders and understanding different topics at a deeper level. You went to the cybersecurity forum and I bounced around.

I went to the AI one. I went to the interoperability one. I even went to the nursing officer one just to hear what they were discussing and talking about. And really good discussions, really in the weeds kinds of discussions. And I thought that was really valuable. right, Drex, that's all for today.

Again, if people want to hear Drex and I battle back and forth on this topic, I'm sure we'll we'll do it again at another time. So, thanks again for being a part of it. Appreciate it. Of course. Yeah.

Happy to be here.

Thanks for listening to Newstay. There's a lot happening in our industry and while Newstay covers interesting stuff, another way to stay informed is by subscribing to our daily insights email, which delivers Expertly curated health IT news straight to your inbox. Sign up at thisweekealth. com slash news.

Big thanks to our Newsday sponsors and partners, ClearSense, HealthLink Advisors, Order, Shortest, and TauCite. You can learn more about these great partners at thisweekealth. com slash partners. Thanks for listening. That's all for now

Contributors

Thank You to Our Show Sponsors

Our Shows

Related Content

Healthcare Transformation Powered by Community

Β© Copyright 2024 Health Lyrics All rights reserved