March 4, 2024: Charles Boicey, Chief Innovation Officer at Clearsense joins Bill and Drex for the news. They delve into a multitude of topics surrounding the modern healthcare technology landscape at VIVE 2024, LA. What are some of the prevalent risks in the cyber world that health professionals are being confronted with today? Dig into these and other questions in this episode as Charles discusses his work in India, recent happenings in Change Healthcare as well as the controversial implications of OptumHealthcare Connectivity. The conversation also shifts to the importance of privacy in today's digital era and whether uniformity truly holds the key to addressing cyber risks. Experience the wave of future healthcare technology as we analyze and unpack these discussions in this episode.
Alex’s Lemonade Stand: Foundation for Childhood Cancer Donate
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today on Newsday.
I think we've come to the point, finally, where we've admitted this is all adjunctive. This is not replacive. This is adjunctive.
So what we're going to do from a machine learning and AI perspective is We're going to help you be a better clinician. We're going to help you be a better pharmacist. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health. where we are dedicated to transforming healthcare, one connection at a time. Newstay discusses the breaking news in healthcare with industry experts and we want to give a big thanks to our Newstay partners, ClearSense, HealthLink Advisors, Order, SureTest, and TauCite.
Now, let's jump right in.
(Main) here we are from VIVE 20 24 in L A and this is a live Newsday episode and I'm looking forward to this. I have Drex DeFord with me. How you doing? President of the Security and Privacy? No.
Dang! Cybersecurity and Risk. Cybersecurity and Risk. We also talk about privacy though.
There's all the things. Risk makes sense. So many of the cyber guys keep talking to me about risk. It's like, you need to talk more about risk. Yeah. I appreciate that. Does he work with you by any chance? He does. In fact, that's why we both have a uniform on it. You don't have a uniform on.
And we have Charles Boicey, my favorite CTO of Clearsense. And my gosh, you do work in India. You do a lot of stuff. It's fun. Well, we're gonna go off the news. We could talk about the conference and we probably will at some point. Yeah. And the cool thing is I could just go to the app now.
Oh, that's really cool. Yeah, it's right here. Just looking at all the things. Let's see what. what's top of mind? Hey,
something happened at Change Healthcare. Let me take a look at this. Change Healthcare, OptumHealthcare,
Connectivity. We have additional recommendations from HISAC. And we have the story, obviously, in here of the breach.
This is cybersecurity, so
Those that don't want to talk about breaches are not talking
about it. The CIO community, they've been popping in and out of this thing to go to updates, talking, I mean, even if they're here, they're like not here mentally. that gets back to the age old thing.
trains aren't running on time, the rest of the really cool stuff you're doing ain't happening. It doesn't really matter.
Hierarchy of Needs.
I think this is a really good opportunity for all of us to learn. This is it. If we can learn from this collectively, then we're gonna be in a much better place.
And if change does the right thing and lets everybody know exposes what they need to expose, we can get to a better place.
This is what I've appreciated about AWS. Whenever there's an AWS outage, it is as transparent as it can be. It's posted. You can read all about, it's like, Hey, we found this bug, we found this thing.
And on the flip side, I'm talking to the CIOs at least two days ago, and they're like, what do you know? And I'm like, we've met with them twice. We don't know much. Like, they're not revealing much. Now, since then, this is what I've heard. We'll compare notes here.
Since then, what I've heard, and we're recording this on Tuesday. This will air on next Monday, so we'll know a lot more by then. What I'm hearing is three entities. Healthcare, Optum, and Change. And most organizations are connected to all three. I did find some that aren't connected to change.
I did too, yesterday.
Yeah. I found somebody who said like, I'm not affected. The first person that I've ever
talked to. Yeah. Because alternatives to change. Although they are the, what is that? 100 pound gorilla or whatever it happens to be. Yeah. So there's three networks. What I'm hearing from the floor is people are hearing they have the green light to connect back to UnitedHealthcare.
They have the green light to connect back to Optum. they do not have the green light to connect back with change. And even if they did, it's in kind of disarray and there's nothing to connect back to. That's what I'm hearing from the floor. So that's completely anecdotal. I'm curious if you guys are hearing something similar.
Yes. I think that No
more details than that. No more details.
One of the really important and interesting things in all of this is that it also It also helps light up health systems to better understand, because this is a thing now that everybody in the health system knows about, but it helps light up this third party risk management issue that everybody has, and then the idea that when a third party goes down , and it's because they have a cybersecurity incident, and you disconnect from them, now there needs to be some rules of the road about how and when and who makes the decision, accepts the risk, to reconnect.
What do you need
to be able to get that through? Like, you're not going to fully audit them. So how do you make that determination?
And again, a lot of this goes back to risk. The other thing that happens is as soon as you disconnect, you start to disrupt business and clinical operations inside your organization.
And then over time, and it usually doesn't take very much, the clinical or business leader is coming to you saying , to my guys on the other side, they say everything's fine, you should reconnect. Now you start to get pressure to reconnect, maybe before you're willing to do that. You can reconnect then.
If you're willing to accept the risk, some people will say, I want a third party attestation that they've reviewed your systems and everything looks good.
And the other thing is you've got to make sure that it didn't affect you, right? Right. You've got to look at your own house right. Yeah, did anything, during this episode, come into my own hands?
Come
Do you typically have one way, are we just like calling APIs and pulling the data across or are there like VPNs connected between these things?
Depending on what the tool is that's being used to transfer that data, it may very well be that there's actually a connection all the way into systems in your network.
That's not decent architecture. Like, you could protect yourself by creating another layer.
Yes, you can.
Alright, I'm going to get into your space where we can talk a little bit. So, this is actually not a story, but at South by Southwest, there's a panel discussion called, Will AI Replace Healthcare Workers? Question mark. No. But it will turn them into tech workers. And I put it on the site because I thought, that's an interesting concept.
I'd never really thought about that.
How about technology enabled clinicians? Yeah. Technology enabled financial people. Operations. Research. Absolutely. So, you'll see this in here, right? I think we've come to the point, finally, where we've admitted this is all adjunctive. This is not replacive. This is adjunctive.
So what we're going to do from a machine learning and AI perspective is We're going to help you be a better clinician. We're going to help you be a better pharmacist. We're going to help you be a better operations person.
But do they have to become a tech worker and understand?
No, absolutely not.
So they don't have to understand prompt engineering and stuff.
No, Bill, you use AI quite a bit, right? Right. And it works at your level, right? Sometimes. It also works at this level, and it works at this level. So,
I mean, to your point, I've seen a kid interact with it. Absolutely. And they're able to interact with it. And you
see a PhD interact with it at that level.
So that's the key to this generative AI as a mechanism for bringing what we're doing in the background to you. if you're a clinical, I can summarize a whole bunch of stuff that helps you, but if you're the patient, I can summarize a bunch of stuff that helps the patient at their language level.
Anything. If I can't read or write, then I can do it verbally now.
If we can get the transparency and the quality, summaries is one of the biggest opportunities . I think the second one is natural language. Nuance is here, Bridge is here, and others are here . There's just been a plethora of those kind of companies come and say, Hey, we'll be the natural language front end to healthcare.
And they're starting to pop up. How away from that are I can see it being like the Star Trek moment, that we look back on and say, that's where it started, and now everywhere across healthcare , we're naturally interacting with computers.
Yeah, from a natural language understanding, absolutely, but then the
delivery.
In India, there's 10 dialects of Hindi. Actually, there's more. So what we're doing, is we're working with those various dialects. And the literacy rate is very low, right?
Directly with the
patient? Actually right with the patient, from a summary perspective. And think about it, there's a lot of patients that are deaf.
So American Sign Language. You can AI to bring that back in a sign language perspective. Those that are blind, back in auditory and or from a braille perspective. So we can now, we now have the ability at the patient level to deliver what we're producing from an AI ML perspective. And in the clinical perspective, we also Could deliver it.
Now at the level of the clinician,
So, but that's what. AI has done for healthcare. Allows for the delivery.
I think the other interesting part of it is that we think about generative AI mostly as chat GPT but in fact, it's the capabilities that you're building into the tool that you're targeting toward the specific use case that you have which makes it I don't have to understand how to do all the specific kinds of prompting to get the output I want.
You're building that
in. Yep. And from a prompt perspective, since you mentioned it We know that the large language models are going to be very small and very extremely precise, so what we're doing is prompt orchestration, right? This is the prompt that came in. Which language models do we need to grab and assimilate and then bring it back?
And then from an actual prompt engineering perspective understanding tonality, understanding the content so that we can help you build a better prompt. You may think you know what you're asking, but you might need a little bit of help with getting, to that point. That's
the kind I want to hear from CIOs, health system CIOs at this point, is the fact that they're going to have multiple language models that on very specific things that they're going to have to interact with.
And start to think about it from an architecture standpoint instead of a, signed the Microsoft agreement, we're using ChatGPT or Copilot, whatever they're branding it at this point.
Is there going to be an interoperability problem?
Oh yeah, there you go.
One article on here is they were talking about application sprawl, and , the premise of the article is it's only going to get worse with Gen AI before it gets better. Like, we're going to sprawl again
and just like everything else, we sort of come back later and go , wow, we have too many of these
You know what, from a healthcare perspective, it's up to us. As technologists, it's up to us to learn and stay on top of it. It really is. If you don't do your due diligence, if you don't educate yourself and your team, then you're going to be at a loss.
history repeats itself part of this, right?
Unfortunately, the cycle is usually so long, or long enough. The people who are doing application consolidation and all that stuff now, hopefully those people are like Looking at the stuff that's coming and saying, let's consolidate before we have to consolidate.
At any given time, you have to stand in, front of a moving train.
Oh yeah. And say, no, that train is not coming into this station because it hasn't been vetted, it doesn't integrate, it doesn't, I mean, some of them are obvious, but a lot of them are integrated , are a better experience for the clinician, that kind of stuff.
How do you stand in the way of that train? people will naturally say, oh, governance does.
I think the other challenge is that with cloud, sometimes the train never actually comes to your station.
There's a whole new way of, you know, Bypassers. Exactly. So the department
just reaches into their backpack and pulls out their credit card and goes, Whoo, we don't need IT. I've heard that statement. Like, hey, we don't need IT, that's why we went in this direction. I'm like, yeah, until you do need IT. There we go.
Shadow
AI and ML. I love it.
You can see that in Academic Medical Center. Oh, it happens. Yeah, it happens.
In the ever evolving world of health IT, staying updated isn't just an option. It's essential. Welcome to This Week Health, your daily dose of news, podcasts, and expert commentary.
Designed specifically for healthcare professionals like yourself. Discover the future of health IT news with This Week Health. Our new news aggregation process brings you the most relevant, hand picked stories from the world of health IT. Curated by experts, summarized for clarity, and delivered directly to you.
No more sifting through irrelevant news, just pure, focused content to keep you informed and ahead. Don't be left behind. Start your day with insight at the intersection of technology and healthcare. This Week Health. Where information inspires innovation. Increase
Closing question. You guys have been on the floor now for at least a day. What have you seen?
What's interesting? I think what's interesting
to me, and I stated it before, is that we now, from a community perspective, from a technology perspective, we understand that we're here to enable people and not replace them. Not make them look stupid. Make them look better. And then, from patient perspective, actually be able to deliver on our promises.
So they get what they need, and you see this, through here, all of these adjunctive applications. That help us as, clinicians and, folks that work in healthcare, as well as the patients. There's as much patient focused vendors and technology here as there is, on the clinical side.
is great. And Bill, we talked about this years ago. Someday, they will come to us because they've had a traumatic injury, they have a bacterial viral infection, or they're genetically predisposed. We will get to a point where people take care of themselves and they come to us for those. And I think we're seeing the genesis of that.
Of personalized care. Personalized healthcare. Yeah, where we take care of ourselves.
seeing Tausight next to CrowdStrike booth, and then sitting down with the Tausight people and looking at, they have a M365 that they just announced.
So they're looking at All your PHI there. They're finding all your PHI on your data stores, in your teams. I mean, they're finding it everywhere across. And then they're reporting it directly into the CrowdStrike console. So it's what you're used to if you're a CrowdStrike client. I thought that was really interesting.
And then they're integrating with ServiceNow. And so you're sitting there going, oh my gosh, so there's the remediation path to start. And by the way, I'm looking at these, I'm like, are these the kind of numbers you're finding? How the hell? System. They're like, yep. Yeah
that's the surprising part.
When folks roll up, Tausight, there's always this like, giant surprise of like, what that
isn't supposed to be there. Right? Yeah. And that email piece to me is really interesting, especially in an academic setting. There was a time where these people were emailing this data all over the place.
That was the way they got it. We used to have servers under our desk. Yeah. Well, yeah, that's true. And even now, I mean, I think if you go back and look at. Old emails that positions hold on to, or others hold on to, for years and years. Those reports that have been sent to them because they've asked for a report, still in their mailbox, still contains a lot of PHI, and is just, this gets to data retention
policies all the time.
Isn't this the age old, like my wife and I always say, they can break into our house, there's just nothing to take. Yeah. Like, they can take the big screen TV, but we can go to Costco and get another one. It's not, there's really nothing to take in our house that has significant value.
Right. Right. They're not going to target our house. With PHI, if remediate it, if you put it where it needs to be, and you put the security controls around it, they can break in and they're going to go, hey, we can't find the crown jewels. There's nothing here. When it comes
to straight up sort of data theft, that's true.
When it comes to creating chaos and shutting the business down, that's a different ballgame. I think we've
talked about that earlier. There's
also the, like, with ransomware and those kinds of things, shutting the business down and creating chaos. And also now puts you in a much more higher profile target with the FBI and the other agencies to take you out because you're really disrupting things.
When you steal data, you're still a target, but I don't think you, you're not, you don't move into sort of like the terrorist organization
category. Did you and I talk about the week that MGM and Caesars got hacked? I was in Vegas
that week.
Alright, so Caesars paid, MGM didn't pay. Which was the right approach?
It
depends. Again, it's totally up to the organization and the risks they can tolerate and
what they want to do. So Caesers paid, do they become ongoing target? Whereas MGM, you're looking at it going, hey, they didn't pay.
No, these guys have a code of ethics now. They don't hate you twice.
It is amazing on the dark web, though.
There are some rating systems and there are some rules of the road. I'm not kidding you. There are. Where it says if these guys paid, we leave them alone
for some period of time. And everybody else leaves them alone. Oh, really? I'm Not everybody gonna adhere
to that, right? These are a bunch of cyber thugs, and somebody is going to get a wild horn and decide to do it.
It's a community too, and that whole underworld, they can be shut out if they
Break the norm. So I took the cyber security one, you get the last word, what have you seen on the floor?
Oh gosh, no, I think this, this same path of like, it's really interesting to see companies that have really sort of turned the corner and from a health system computer user standpoint It feels a lot more like we're building products to help them do better with patients and families.
We're not doing something to them, we're doing something for them. Wes Wright says this all the time, but I see that almost like culturally start to be built into some of the companies here now. And it's great to see. That's
good. Gentlemen, it is always great to catch up
with you.
Thank you. And Drex, we'll keep catching up, so I'm not going to shake your hand. We're good to go. We're good.
Thanks for listening to Newstay. There's a lot happening in our industry and while Newstay covers interesting stuff, another way to stay informed is by subscribing to our daily insights email, which delivers Expertly curated health IT news straight to your inbox. Sign up at thisweekealth. com slash news.
Big thanks to our Newsday sponsors and partners, ClearSense, HealthLink Advisors, Order, Shortest, and TauCite. You can learn more about these great partners at thisweekealth. com slash partners. Thanks for listening. That's all for now