August 7, 2024: Laura O’Toole, CEO at SureTest joins Bill for the news. How are health systems adapting to the changing demands of RPA, and what strategies are being employed to build centers of excellence around automation? The discussion also touches on the profound impact of recent cybersecurity incidents, including the CrowdStrike breach, prompting a reevaluation of cloud strategies and the essential skills needed for CISOs in the current environment. Additionally, the conversation explores the implications of appointing a Chief AI Officer at Cleveland Clinic, raising questions about role inflation and AI's true value to healthcare. As we consider these developments, how do they shape the future of healthcare IT, and what lessons can we draw from these experiences?
Key Points:
News articles:
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
This episode is brought to you by SureTest. Transform and revolutionize your health system's application testing process with SureTest ManageTest Automation Solution, SureManage. Eliminate 80 percent or more of your manual testing activities, reducing errors, and reclaiming thousands of hours for your staff to focus on more rewarding, strategic, Projects.
Continuous testing is critical and getting it right saves lives. Discover the future of healthcare IT automation with SureTest. Visit ThisWeekHealth. com slash SureTest today and elevate your healthcare system's performance.
Today on Newsday.
What worries me, to your point, is that Is I think traditionally they've had a certain level of skill set that's been so focused on their technical capabilities. But when you think about the ability to really lead influence. Really shape what a strategy is going to be.
I think we're going to have to move away from some of those tactical skills to far more strategic skills.
My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health. where we are dedicated to transforming healthcare, one connection at a time. Newstay discusses the breaking news in healthcare with industry experts
Now, let's jump right in.
(Main) All right, it's Newsday, and today we're joined by Laura O'Toole, CEO of SureTest. Laura, how's it going?
It's going great. How are you, Bill?
Good. it's interesting. I saw something the other day talking about RPA. And I thought about you and it's interesting because, RPA has it's morphing.
It's morphing from the more static testing and that kind of stuff to more it's smarter, is what I'm learning and what I'm reading. how are you guys adapting to the, that change that's happening on the technology side?
Yeah, it's really a whirlwind. It's interesting. I was just in last week and had this conversation with Emery and also with Chris at at Northeast Georgia. And I think what we're seeing is particularly from the revenue cycle side, it's becoming increasingly important to save time and.
You know how I feel. I don't want to go in and just do an RPA that's going to be a one time thing and not going to be long time value for all of our clients in building a library, but I do think that there are some consistent RPAs that happen on a regular basis that we're really beginning to see some leverageability for, and so it's very exciting.
It's exciting to be able to take the automation from saving thousands of hours with testing to now really defining some specific use cases that are going to be able to be leverageable across our client base. So we're excited about that.
And you're getting pulled more and more. I did used to be when somebody said short test, I would talk about EHR testing.
You guys are getting pulled more and more outside of that.
Yeah. I think as you look at what, the landscape is doing across the industry. And you're seeing now the need for real centers of excellence around automation. So we've begun to put together a strategy to work with some of our clients around what that center of excellence would look like.
And as a part of that, just naturally looking at how you can do application rationalization and be able to leverage what we do across different platforms and mediums. Okay. To be able to deliver value it's just becoming top of mind because they see that it works. And if we can do it in this area, why not leverage it, from a production environment and get additional bang for the buck,
yeah, it's pretty exciting. We are going to talk about CrowdStrike, but we're going to do CrowdStrike by just titles alone. We're not going to go into any one specific area. Story because there's so many of them.
So many. Oh, our poor clients. Oh man, I was feeling it.
Oh, absolutely. Yeah, they were out.
It was flat out. And I, connected with a lot of CIOs just to say, Hey, I'm thinking about you. And I w I was so proud to see some of the things that they were posting about how their teams were coming together. And, that's what happens, when you have a crisis, but, oh, did I feel for them.
was definitely an interesting couple of days, my flight got canceled because I was on a Delta flight and people were telling me, Hey, blue screen to death everywhere at all the stations and whatnot. And I thought, you know what? These health systems might want to sell their services to Delta to reset those workstations.
That was bad. We're talking like five days after the incident and my flight's getting canceled and the flight was full. It's not like it was empty. It was, I looked at the seating chart. It was a completely full, seven seats. I think 757 flight, and I'm like, man, that cost them ton of money.
We're seeing all the
insurance claims start to come in now. I just saw an article about that.
outage expected to cost healthcare 1. 9 billion. That's a Becker's article. Yeah, let's see. CrowdStrike says hackers are threatening to leak sensitive information about adversaries.
So evidently they got in, somehow they got into CrowdStrike and collected their crowdsourced information on what the attackers do and what their signatures look like and what their activities look like. And they got that database, they're releasing that database. That's interesting. So again, no private information is being shared there.
It's just Now the attackers know oh, they found us out. This is how CrowdStrike's figuring out who we are. So that's tough. Let's see man, there's so many, let's see.
There's so many,
CrowdStrike's, yeah, CrowdStrike says flawed update was live for only 78 minutes.
, 78 minutes.
Yep, I saw that one. And I don't know, do you know how many, because some health systems, I know, were affected much more directly and some more because of some of their third party affiliations. But I got to believe this touched most every health system in one capacity or another.
Any health system that had the combination of Microsoft Windows and CrowdStrike.
So it required the CrowdStrike the agent on the actual workstation. And in that 78 minutes, they essentially did a worldwide release, which is how CrowdStrike defends against attacks. So I understand how that happened. I'm not sure. what their change control process is to allow that to happen.
The thing that's not being talked about, and, CrowdStrike is a partner of ours. I'm about to throw Microsoft under the bus here. A Mac, nothing happened on a Unix box. Nothing happened on a Linux box. Nothing happened. My guess is if you had rolled it out on Solaris or an AS 400, Windows crashed across the board, and no one's really talking about that.
Hey, what's wrong with the Windows operating system that it just crashed? I don't know. it felt a little fragile to me that they couldn't catch that and then keep the machines from going down.
And you gotta wonder where's all the QA and where's all the testing?
And I live and breathe in this world. But it just goes to emphasize how important some of these things are, and I don't know. If it was something they could have caught or not. But it's just mind blowing to me that it could just have crippled these organizations this way and how long it took to get things stabilized.
That's the even bigger concern.
Yeah. 78 minutes. Wow. One of the things I talked about on one of my today shows was CrowdStrike incident has CIOs rethinking their cloud strategies. And it's really interesting to think about because this is not an isolated incident.
We just had the outage with regard to change healthcare. Ascension had a ransomware attack, that's a little different. But we've had the Kronos attack, or the Kronos outage as well. These cloud systems require a different way of thinking with regard to architecture and with regard to business continuity and disaster recovery.
And I think some CIOs, now this article was written and they interviewed a lot of people outside of healthcare, but I think a lot of people are recognizing, wait a minute we can't provide the continuity that we once were able to provide before because we really haven't thought through this, or we haven't written the contracts in such a way, or we're not holding these cloud providers accountable to certain types of things.
And I think there is a lot of. There's a lot of discussions happening right now hey let's re look at all of these applications and determine if this were to go out, how long it would be out and how much of an impact. It would have the traditional business impact analysis, I think is becoming in vogue again.
I agree. I agree completely. And I think the downstream effect on all of this is, going to continue to slow things down. But I understand where clients are coming from, and there needs to be an additional layer of caution. I don't blame them at all.
no, absolutely not. This obviously was a CIO level event. The role of the CISO, we have a 229 meeting this week of the Chief Information Security Officers. And I'm looking forward to having a short conversation with them because Drex is going to lead that one.
Yeah.
I'm curious how their role has shifted over the past year. It would feel to me that as these events get more public, as they get more impactful that they more and more are being asked to do things present to the board directly.
Oh,
yeah, absolutely.
To the executive cabinet directly and be able to answer those kinds of questions. And I'm wondering. How they're adapting to that. Maybe that's good for some careers and not so good for other careers. Do they have the skills to actually handle those conversations?
I don't know. It's interesting to think about. Cause when you hire a CISO I'm not sure when we hired them, we had this environment and now it's okay, we've got this environment now, are they ready? And what's skill? You coach some people, I coach some people, what skills would you say that a CISO.
really has to be able to develop and have in this environment?
I think, obviously, over and above all the security and technical deep domain expertise, I think that they have to very quickly have the ability to see through the muck to the other side and formalize a plan of action and then be able to influence.
And to your point, I think that CIOs are relying on them so much more heavily. And I've actually seen some clients where the CISOs are absolutely reporting to the board and coming in and doing updates. They're certainly on the quality advisory boards, but I'm seeing it more and more at the main board where they're coming with the CIO.
So it doesn't surprise me at all. What worries me, to your point, is that Is I think traditionally they've had a certain amount or certain level of skill set that's been so focused on their technical capabilities. But when you think about the ability to really lead influence. Really shape what a strategy is going to be.
I think we're going to have to move away from some of those tactical skills to far more strategic skills.
Some of my coaching is when somebody gives you a chief title, like when they put chief in front of your role, whatever you think that the break of tactical to strategic work is you just dial it like it needs to be a lot more strategic.
A lot less tactical. If your hands are on the keyboard and whatnot, then because, in a smaller health system, you wouldn't give somebody a chief title. You'd give them like a director of information security or that kind of stuff. If you're getting that chief information security officer, typically you're looking at a couple billion dollars or more health system, but at that point, like you just got to turn that dial.
When you wake up every day, if you're looking at your calendar and it's mostly strategic or mostly tactical work, it should be the other way around. It should be like 75 percent strategic. You have to get the funding, you have to build coalitions, you have to move things forward, make sure that your team has what they need to be, all those strategic items.
More and more, address the board, get buy in for the budget, all that stuff. That's the role.
And I think historically it hasn't always been that. Even , in some of the larger systems, I think a lot has been reliant more on the CIO and the CISO was in Is it the CISO or CISO?
Whatever you want to say. I've heard it both ways from people who hold the title,
okay. I think they were more of a backdrop, really, in feeding the CIO the information that they needed and now , I've seen a dramatic shift. With everything we've seen going on in the space for them to really be out in front and stepping up in front.
And, I think it's going to be equally important for the CIOs to allow them to do that. There's that whole dynamic too. And I think it's going to be important.
📍 📍 📍 📍
📍 Hi, it's Sarah Richardson here, president of the 229 Executive Development Community for This Week Health. I'm excited to share details about the upcoming SOAR conference, happening September 18th through the 20th, 2024 in Midtown Atlanta. SOAR is your opportunity to elevate your career in healthcare IT.
Join us for dynamic sessions, interactive workshops, and keynotes from trailblazing women in the industry. This event offers actionable strategies and fosters genuine connections. Whether you're a health system employee or a vendor partner, SOAR provides unique networking and growth opportunities.
Sponsorship packages are available, offering visibility and engagement with industry leaders. Don't miss out. Register today at bluebirdleaders. org slash 2024 SOAR Atlanta. Let's empower the next generation of women leaders in healthcare technology together. See you in Atlanta. 📍 I want to talk to you about this one as well. So Cleveland Clinic, Names first chief AI officer. So this is a big name.
They appointed Ben Shahshahani, PhD, as first chief artificial intelligence officer to spearhead AI implementation across the health system. Two decades of experience in AI and machine learning. Shashashani will develop and execute an enterprise AI strategy aimed at improving patient care, caregiver experience, and organizational efficiencies.
Chief digital officer, who's the person this reports into, does not report into the chief information officer said this person will focus on leveraging AI while adhering to safety, ethical standards and data security regulations. Previous roles include SiriusXM, Pandora, Verizon Media, Google, Nuance, and IBM.
A lot of things to talk about here. The role itself, Chief AI Officer. What do you think? not even going to give any context. What do you think, Chief AI Officer?
not surprised. I worry again about having these titles much like we saw with Chief Digital Transformation Officer. And in the end, we saw that come back around to some extent in a lot of places full circle and the expectation just fell back on the CIO and now we're seeing CIOs be elevated into these roles.
I worry that we're getting ahead of ourselves before some of the governance and some of the thinking of what this is going to actually look like over time. And we talked about these centers of excellence around intelligence, automation, intelligent document processing. There's a whole host of things not just in all the specialized AI and the predictive medicine piece that comes with all of this.
I don't know, I worry maybe it's a little too soon and I hope it doesn't, just fizzle out the way that we saw that happen a little bit with the Chief Digital Transformation Officer landscape. I don't know, Bill, what do you think?
I think it's role inflation. Clearly a PhD, clearly somebody 20 years experience in this space.
and required that level of title and asked for that level of title. You already have a Chief Digital Officer, which probably acts as a Chief Transformation Officer too, if I thought about it. That person really should be over the AI strategy and hire somebody into that role. My guess is when they went to hire that person said, look, I'm a chief or I'm not taking the role.
Or they had a salary challenge in order to get there. Now I'm sure somebody from Cleveland Clinic is like rolling their eyes as they hear this, but that happens all the time. All the time in healthcare.
All the time. All the time. All the time.
I'm not sure that adding another chief helps with the. Quadruple AIM does not decrease the cost of healthcare at all.
And so then you have to ask yourself, if the quadruple AIM is the aim where is AI going to have the most impact? Is it cost, quality, access to care, or the experience. I agree with you, we have so many questions to answer before we're dropping a chief AI officer in there.
Of,
What's our focus? What are we being asked to do? where have we already implemented it? By the way, I blame John Golobka for this. I blame John and I blame Mayo, because they have done a fairly good job of, and there's others in the industry. They've done a fairly good job of articulating an AI strategy.
And bringing partners in and implementing internally on those things. And because they have done that, I think, anything Mayo does, Cleveland looks at. Cleveland, of course, would say we're the leader. But I think in this case, Mayo has really established themselves as somebody who's out AI strategy.
And the reason I blame John is John went over there and put a very. Sound let's just say he did the foundational work to enable AI to progress in a safe way. And I think they see the need to do the same thing. And I think in this case, they're following.
And I think other systems are going to follow as well.
And it doesn't surprise me that all the people coming in from out of industry because it doesn't surprise me at all. We saw that as well on the digital and on the transformation side, bringing in people from out of industry with different perspectives.
Can I just say for the record, like the.
Don't do it. If you're an academic medical center, I get it. You may be forced to do it. It's a me too kind of thing. Everything's heading in that direction. But if you're smaller and you have a chief digital officer and an information officer and a chief information security officer or whatever, put a team together.
You know what, you need clinical people at that table anyway.
I agree. Let the people you have rise up, get the right expertise around the table, create a strategy, create a center of excellence, figure out what's going to be centralized, what's not, pull in the right people from outside your business partners and your organization and figure it out first.
I agree.
Exactly. Laura, it is always great to catch up with you. I really appreciate it. And I look forward to seeing where SureTest continues to go. Every time I turn around, somebody's asking you to, Hey, can you do testing around this platform and testing around this platform?
Because it's such a, if you're testing the EHR, it's so complicated to begin with, these other systems are probably actually easier.
They are. And we're really excited. Hey, before we go, I want to talk about SOAR for a minute. I'm really excited about that. Of course I see what Sarah's doing.
I'm trying to work my schedule to get there. I know I've been encouraging a lot of my women leaders to go, but, I completely understand. I had a brief conversation with Sarah, but can we talk a little bit about why you're getting behind this? And like I said, I'm going to try to be there.
And I know several of my female CIO colleagues are definitely going to be there. So I'm excited for it.
Yeah, we for the better part of a year and a half to two years have been talking to different leaders in the industry about a couple of things. One is the disparity between women leaders in health IT and the need to fill that gap and to promote women.
And then the second thing I've been looking at is what the industry has to offer in terms of helping to develop those women. And, we stepped back and said, is this a gap we should step into and decided not to. It didn't seem like a gap that a male owned company should step into. And so we started talking to different people that had a passion for it and that were looking to do it.
Obviously, Sarah has a passion for it.
And then I had a conversation with Rebecca Woods, who has already started a couple events around this and she last year held a meetup at HIMSS, which had a hundred people at it. And so she already has some momentum, but she has a full time job and is doing other work and that kind of stuff.
And it looked like what she was doing was great and she just needed some support in order to make that happen. And we brought our 13 people of our team behind her and said, all right, we'd like to help you to promote this and to support the event. And so we're helping them from a marketing standpoint, getting the word out.
She's doing a great job selling tickets and getting that out as well. my hope is. That we can just come alongside somebody and help them to get their thing really going and off the ground and then support, every time we do a 229 project meeting, you've been at them.
It's it's 4 women and 12 men. It's 3 women and, 12 men. Again, it's just like, why is this? It doesn't register because every other room I'm in, it's, it's 50 50.
Yep. That makes sense. Obviously it's something I'm very passionate about, something Sarah and I really share, so I'm working hard to arrange my schedule.
I gotta move some things to try to get there and be supportive of it and certainly have been directing a lot of people to it. I hope to be able to see her in Atlanta. I'm trying to make it work.
Atlanta, September 18th to the 20th. If you want tickets, if you want information, go ahead and hit our website.
The banner is right there on the top. Thanks for bringing that up. Appreciate it. Sure.
It was great to see you.
Great seeing you. 📍 📍 Thanks for listening to Newstay. There's a lot happening in our industry and while Newstay covers interesting stuff, another way to stay informed is by subscribing to our daily insights email, which delivers Expertly curated health IT news straight to your inbox. Sign up at thisweekealth. com slash news.
Thanks for listening. That's all for now.