This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

we get in there and we start these conversations and sometimes it becomes misery loves company, right? But we don't leave them there very long . It's okay. Yep. Thanks. Everybody has that problem. What are we doing about it?

So we can move off of that. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health. where we are dedicated to transforming healthcare, one connection at a time. Newstay discusses the breaking news in healthcare with industry experts

Now, let's jump right in.

(Main) All right. It's news day. And today it is. Wow. It's just like old times. It's Drex and I. Not all

day is all over again.

It's been a while since we've done this. Let's see if we remember how to do this. This could be fun.

And part of what's worrying us tech industry observers is the idea that the Chinese startup has caught up with the American companies at the forefront of generative AI. At a fraction of the cost. So they've been able to train these models. I don't see the exact number in this story, but I vaguely remember reading before I had 10 percent of the cost and the processing power.

So they're using low end. NVIDIA chips and the rest of these people are commercially

available. NVIDIA chips, not not released chips,

which is where a lot of

the training occurs today.

you and I, former CIOs, we have to expect this, right? This is par for the course.

I think back to whatever it was.

It seems like it was an eon ago, but it was really just a couple of years ago that we first started talking about generative AI. And since then, it has just been on fire. And then, of course, today's. Deep seek our one revelation definitely put us on an interesting path for a new discussion.

I think there's a lot of, announcements are easy and it's interesting to hear how they talk about it. I don't know. The devil's in the details. We don't really know what we don't know. But if all this turns out to be true, this idea of. They've been able to figure out how to do this at a very much reduced cost.

They've been able to turn up the capabilities, shorten the training period. There's something new and interesting going on here. And we've just seen another leap in generative AI because it's less power, apparently. They've been able to do all kinds of stuff with

this.

it's the number one app download on Apple's, store right now, I've got to think that people within my healthcare system are downloading it and playing around with it.

Somebody's downloading it. Somebody's using it. It's certainly when tech like this comes along and like overnight.

Becomes a rock star people are going to use it. People are going to do things with it They probably shouldn't do they're not going to ask you as the executive leadership in your health care system whether or not they can do it They're going to do the we talked about it a little bit this weekend.

They're going to proceed until apprehended they're going to they're going to they're going to do this stuff and make their work easier and So ultimately it's a whole new thing, right? You're going to have to figure out how you're going to protect yourself from it, how you're going to protect your intellectual property from it.

is interesting to me because No, I have been using it to, and we have corporate licenses for two different models, actually.

And, we utilize it and we can turn on and off the security and that kind of stuff, as far as we know we're clicking the right buttons, we're configuring it correctly. But at the end of the day, I am taking now summarizing very quickly and that kind of stuff, just knowing what I know and knowing how people function.

The odds of a nurse or doctor or administrator or whatever who's saying, Oh, man, we've got this complex care patient. We've got all these PDFs and all these documents we just scanned in here. Let's get a summary. That's going on today. I can guarantee you that's going on today. And that's what I would be worried about as a CIO at my health system.

Yeah. If it's on our machines, a lot of this has to do with. Starting with policy and training, telling people, not to do it and that it's a fireable offense or whatever the situation might be.

=, you'd start with training and policy.

I think if you build a pyramid of the things that you're going to do, at least some of it starts there because. The figuring out technically because these sites and these apps pop up left and right, and because you're allowing people to bring in personal devices where, you know, they may not be able to so easily ship documents over from one, from their work machine to a personal machine to be able to put it into Claude or into our one, whatever the case may be.

Yeah but it is a good for you.

Yeah.

next level we did policy training. Secure browsers. I think that's interesting because that is the problem. We're going out to the Internet. Most people don't know how to get out to the Internet except through the browser so that and the browser is the oldest piece of technology on that computer now in most hospitals that just, active director, I guess it's one of the older.

Pieces. But you know the browser has been around forever. The enterprise browser, though, is a new phenomenon for not really all that new, but they're making advances in health care talk a little bit about how that secures. Is that just you're setting policies within the browser itself?

And in that browser build, you can create a whole. Ecosystem of rules about things you can and can't take screenshots of applications that you can get to or that you're not allowed to get to documents that if they come from here, . You can't move those documents to another drive or paste them into another tool.

And you can build all those rules into that enterprise browser. And then it also becomes really easy then to, with so many applications now that software as a service or even internally that really run as a browser, you sign up, you send a browser that's custom to build to bill. And Bill, you can put it on any machine that you want to put it on.

You're building a ton of infrastructure. You have to run and manage and update that infrastructure. And a lot of it is still being offered on commercial browsers that have to be as much as you can doctor them up to work for you and a private business. Sort of environment.

Let's talk the build and buy thing here.

One of the interesting things about this announcement to me was you're now making it something that. A health system, or at least a larger health system with enough resources is looking at it going low cost and video browsers training methods are becoming easier. You could do it quicker, that kind of stuff.

I'd have to think about a SpaceX rocket to get there for my health system. Now it's I'm standing, I'm like reaching for it. It's it's right there, Drex. If it just went that far to that far, how long before I'm sitting there going, yeah, let's spin up another. Tool and model and we'll run our, it, how much more secure is

that?

, I think a lot of the devil in the details around this is the issue of.

We're reporting on a Monday. It happened on Monday. Somebody's going to start playing with the tool and go, Oh my gosh, these answers are horrible. I don't know.

But I think that, in the grand scheme of things, a lot of it is the data. And how would you build your own generative AI tools to do certain things? Based on the data set that you're going to give it to use to train on and then to be able to actually answer questions on.

I don't really care about that, but I care a lot about this. So this is a process. Ultimately, I think all organizations need to go through, but. Some are further along than others.

You just hosted a 229 event for CISOs.

Yeah.

I assume the number one topic is still third party risk, but I wasn't in your room.

So what are we hearing right now?

We had large IDNs and we had children's hospitals in there. And I think the reality of what came out of the room is that they all have. Even given different sizes, they all have very similar challenges and very similar problems. And so that need to connect and build a network and create that sort of alliance.

talk about it sometimes is we get in there and we start these conversations and sometimes it becomes misery loves company, right? But we don't leave them there very long from a moderator perspective. It's okay. Yep. Thanks. Everybody has that problem. What are we doing about it?

So this whole working together to make all the security programs better, it's a big part of this. And you can see naturally the mentor relationships that start to happen in the room and the friendships that happen in the room and it's and not just with the CSOs in the room, but with the partners in the room too.

It's amazing the amount of knowledge. Yeah. That the partners bring to the room because. The CISOs have been in one organization and the partners have been in 100 organizations in the last year. They've been able to see what good looks like and what terrible looks like in 100 different organizations.

So they bring good advice and guidance to the table to

As I was reading the article, I thought again, as a CIO, I would have a plan. I would have a plan to either acquire or be acquired and know that playbook looks like. And I talked to one CIO, one pretty savvy CIO. They do have a playbook. They have a playbook for acquiring it.

He said, I don't have one for being acquired because that would be defeatist. But he said, we have one for acquiring you guys to be honest with you. It wouldn't be hard to reverse engineer that if we get acquired, I'll just hand it to whoever acquired us and said, okay, we know what you're going to do.

We'll get y'all the information.

And then they show up to the CIO and the CISO and say, we've decided we're going to buy these guys. They need to be integrated within 90 days or something like that. It comes completely out of the blue. Now, when that happens it's your opportunity to spend more time with them and help them understand like doing an acquisition isn't acquiring your grandpa's group practice.

There's a lot more complicated than that these days. And here's 100 questions you should ask, because you could acquire something that's going to cost so much money to retrofit and make secure and resolve all their problems and issues that what you thought was a sweet deal is actually a terrible deal.

The letter of intent has always cracked me up. Letter of intent. There you go. It's literally like two pages. And you're going to bring two multi billion dollar organizations together,

right? But that does create then the opportunity to say, okay, we have a playbook These are the questions we want to ask so that we can help You the person making the deal, what the timeline is going to be, what the cost is going to be, where we've got challenges that are completely unresolved.

And again, once you get to that letter of intent stage to now, a lot of other people take interest, right? The state wants to see what's going on. You have to be really careful about what and how you communicate with each other so that there's not some collusion assumed. About , trying to make some kind of special deal behind the government's back.

It is we'll have to do this more often. And I'll let you lead next time. I we're dancing and I lead, but man you're doing the two minute drill. You could easily just start throwing stories at me.

I would assume.

There is so much stuff that's going on and a lot of the stuff and security is just stuff that's happening generally in health care like that story. We are opened up with the R1 stuff. I'll talk about that in a 2 minute drill tomorrow, Tuesday. And it just everything's connected to everything else.

So everything that you talk about usually in your shows are things that they all have security ties. Really? Yeah.

I don't want to be the stereotype CIO. It's no, actually one of the more things I heard over the weekend is this whole concept of the CIOs don't even want to see a deal until it's been vetted through CISO.

Yeah. I think we're just at this point now that anything that has anything to do with technology. And that really includes

biomed building

systems, right? Exactly. Or biomed equipment, management engineering, All those. tools that come in that have a technology component, you have to be this tall to ride the ride and this tall is you better go through some preliminary conversations with the CSOs and the security team to make sure that they at least can say, All right, good enough for now.

Go ahead and have some conversations. We'll get down to the details later. And obviously, if you're a security tool, then just, You're probably going to go to most CIOs who are going to say, have you met Joe? Or have you met Diane? And they're going to push you right back to the CISO.

Yeah, absolutely. Drex, great to catch up.

Always.

Thanks for listening. That's all for now