Blue Button 2.0, Big Tech Announcement, Apple, and others are signaling the start of a Data Quake that has transformed other industries. Are we almost there? Plus, Security breaches are on the rise again, we discuss what healthcare is doing.
Please follow the show on Itunes, Google Play and Stitcher
Follow This Week in Health IT on Twitter @ThisWeekinHIT
Take a look at the website www.thisweekinhealthit.com
Follow Bill Russell on LinkedIn and Twitter
Reach out to [email protected] if you want to discuss your next project.
AI Powered Transcription.
Bill Russell: 00:11 Welcome to this week in health it where we discussed the news information emerging thought with leaders from across the healthcare industry. This is episode number 33 today. We discussed the data quake, a term that’s used to describe the transformation potential of data in healthcare and the emergence of an application ecosystem in healthcare. Plus we’re going to take a look at a healthcare data breaches for 2018, give you an update and have a discussion around that. This podcast is brought to you by health lyrics. Health systems are moving to the cloud game it agility, efficiency, and new capabilities. Work with a trusted partner that has been moving to the cloud since 2010. So is it a healthlyrics.com to schedule your free consultation? My name is Bill Russell. recovering healthcare cio, writer and advisor with the previously mentioned health lyrics. Before I get to our guests a quick update. Um, I want to thank everyone who’s participated in our listener drive. We were, we were able to raise $3,000 for hope builders, an organization that provides life skills and job training for disadvantaged youth. Uh, I’ve hired their graduates, their stories are amazing. Thank you for giving us the opportunity to support the, uh, the next round of students in this great program. Uh, today we’re joined by a nicer design me, the, the chief information officer for Thomas Jefferson University and Jefferson health out of Philadelphia. Good morning, Nasser and a welcome to the show.
Nassar Nizami: 01:26 Good morning Bill. Thank you for inviting me. It’s a pleasure.
Bill Russell: 01:30 Well, I’m looking forward to our conversation. Should be fun. So tell us a little bit about, uh, Jefferson University and Jefferson health. Sure.
Nassar Nizami: 01:39 So me and a 14 hospital health systems serving patients in Philadelphia and surrounding communities, including set and juicy Thomas Jefferson had been around for 200 years now, uh, at 30,000 and strong, reimagining healthcare education and about $5,000,000,000 in revenue in Academic Medical Center with Thomas Jefferson University being a flagship university and hospital. All of our hospitals, our hospitals.
Bill Russell: 02:07 Yeah, that’s a, that’s a fairly sizable social. And so just Philadelphia and southern. Are you a Philadelphia and southern New Jersey? Are you, uh, are you doing a lot of, a lot of things like telehealth across those? Are you expanding into more retail retail type locations?
Nassar Nizami: 02:28 All of the above. We are expanding and down a healthy and we’re seeing more and more a fraction in our dental health technologies both in our Ed and then books calling in and opting for telehealth, uh, or a video appointment, history of physical appointment and uh, we are working with in a logan retail clinics as well. Um, a lot going on.
Bill Russell: 02:55 Yeah, I’m looking forward to it. I have a lot of friends. I grew up just outside philly. I have a lot of friends. My, I have family that lives there. So I’m there. Looking forward to hearing you describe what, what Jefferson’s a, with Jefferson’s doing in some of these areas. So it’s exciting. So let me give people a little bit of your bio. Um, so obviously cio for Jefferson prior to that, your, a vice president of it at New York presby and prior to that it’s a yell new, uh, several it rolls at Yale new haven health system, including a CSO. So that’s why I’m excited, I don’t get CSOS on the show all that often or people with CSO background. So it’s, it’s good to talk security, uh, every now that it’s such a huge topic for us. Um, and then you have a couple of degrees. You have, you have an Mba from Columbia, uh, at Columbia University, a master’s of science in computer engineering and I’m, and a BS in electrical engineering. So I guess what we can surmise from that is that you’re a, uh, you’re either really good at school, are very smart.
Nassar Nizami: 04:06 So that’s what I like to call myself. Yeah.
Bill Russell: 04:11 Yeah. So what, what’s it, uh, what’s it like living and give us an idea of Philadelphia in the area of Philadelphia. I mean, is, is it a good tech scene? Is it, are you a, are you able to hire the kind of people and attract the kind of people you’re looking for?
Nassar Nizami: 04:27 Alright. So I think there are two different questions. And remember I come from New York, so a, is it a good tech scenes? This is an awesome texting’s, a tons of his start as a lot of cool things happening within healthcare and outside healthier. I get to need folks who are in startups and mature organizations that are in the forefront of innovation. So there’s a metro city point if you find everything that you’d expect in any metro city. Now hiring is a different story. Uh, so we have some really talented people but it’s not been easy to hire a is not very different than what I experienced in New Jersey. I’ve been only in there for a year now, become reading my year next month. But it’s hiring and talent has been a challenge, but that’s a story across the board. Destiny, not any DWIS, but in metro cities. I think just the competition is so much we’ll be competing with a number of, for profit and commercial organization. It just makes it a little bit.
Bill Russell: 05:40 Yeah, absolutely. So one of the things we like to do with our guests is to just open the floor, give you a couple minutes to just talk about anything you’re excited about or what you’re working on today.
Nassar Nizami: 05:50 All right. So that’s a tough question because we are doing a number of things from innovation to Xr and Vr and expanding Emr is, and figuring out unique ways of using fire. There is a lot going on on our infrastructure team, so specifically for me to pick one area, but that set, I would say one of the areas that I’m really excited about is the work that working is doing in data analytics, especially predictive analytics. Um, and I really believe that we have an opportunity to influence patient care in a meaningful way. We a predictive analytics. I’ll share an example with you. Uh, the, uh, Jefferson. We have an Opi fast forest, as you know, this is a national issue. Uh, we, our team developed a scorecard which we call a provider scorecard in the insights from the scorecard, like the changes in provider workflow that resulted in a 91 percent drop in prescribing beyond three days.
Nassar Nizami: 06:51 Our team has presented this work at national forum. We recently demonstrated at the Vic Health Commissioner’s office is interested in disseminating it to other systems. And there even, this is just one example of there are a number of other use cases that you worked on success for and working on. For instance, we are, we are working on predicting substance, uh, and distressing men. Another example I just finished by saying that there’s a lot of buzz around ai, machine learning and predictive analytics and then believe, at least in the short, focused on point solutions with little give organization like ours. Most value this is, you’re seeing, this is where I’m really excited.
Bill Russell: 07:38 Yeah, absolutely. I mean that’s really exciting that you guys are. And you set up our first story really well in terms of how data can really transform a things like the opioid epidemic and really addressing it head on. And um, you know, we’ve been doing things like readmissions for years and those kinds of things. But now we’re getting very focused on things that are going to impact the community. Things that are going to impact quality outcomes. And it is, uh, it’s really exciting. The hard thing is there’s so many areas to get, to really focus in on predictive analytics that it’s hard to have enough staff and enough bandwidth to really do all the things that you want to do. I mean, that’s, that’s, that’s been my experience in analytics. Usually you really could quadruple the size of your team and be doing phenomenal things.
Bill Russell: 08:33 So, um, all. Alright. So, you know, on our show we do two segments in the news. We each pick a story and discuss and then we do soundbites where I’ll ask you a series of questions. Uh, you have a hard stop at about 33 minutes, so we will, uh, we’ll keep it moving. So my story is a cms just a complete their conference, the, uh, on interoperability and blue button two point. Oh. And there was a lot of exciting, a really vision casting kind of thing. So now we all know that there’s challenges in terms of getting the data out and where we’re at today. But in terms of really a vision, you really got a very clear picture of where they see things going. So, uh, this stories from healthcare, it, news, health, a healthcare APP economy is coming, get ready for the data quake and uh, I’m going to bounce around to a couple stories, uh, data.
Bill Russell: 09:26 Uh, so a silicon valley venture capitalists drop the word one doesn’t hear everyday data quake. We’re going to look back at 2018, 20, 19. He, uh, he says, uh, those were the years of the data of quakes that John Doerr, a chairman, Kleiner, Perkins Caufield and byers data was required to be interoperable. Innovators came together to move us to an API economy. So they’re, they’re starting to paint this vision of a data scan to such a place that we’re going to start to see things like a, like an apple app store for health apps. So let me hit a couple, a couple of key things on this. So a administrator, Seema Verma or health insurer, health insurance companies to follow the senators, a cms, a lead to make claims data more readily available. Uh, she says we’re at the beginning of the digital health revolution. We have the ability to take that data and unleashing a.
Bill Russell: 10:17 She said during the Blue Button conference, we’re unleashing the most powerful force in our economy. That consumer from added that cms is creating a new type of patient profile by making the agency’s massive amounts of claims data available to the public via blue button. Two point. Oh. And she said, we’re not stopping there. We’re leading by example and calling on all insurers to release data and an API format pharmaset you’ll see through our regulatory process a very serious about that. Um, so, uh, you know, they talk about not only releasing the cms claims data, they talk about encouraging a payers to release their data. Uh, more than 600 developers signed up for blue button two point. Oh, to start experimenting. I think that number’s up over 700 now. Um, and that, uh, which will give them access to the developers can build integrations across more than four years of Medicare part a, b, d, a data for $53 million medicare beneficiaries.
Bill Russell: 11:16 And if that wasn’t enough, you had Amazon, Google, IBM, Microsoft, Oracle, salesforce pledge to remove interoperability barriers. So in terms of just visioning a big day for them, just laying out this vision for a freeing that healthcare data, putting it in the hands of developers and clinicians to really rethink how we use the data. Um, and so they’re putting it out there. So let’s just start with, let’s riff on this vision a little bit. So does the data have the ability to change healthcare as it has in just about every other industry or are we to see some barriers?
Nassar Nizami: 11:55 Absolutely. First of all, great news article, um, and I think one of the other, uh, uh, people quoted in the article and Asia said something about consumerization, you know, and I absolutely agree with that because like eco system, uh, and I think that the shift has been slow. It’s been happening for a lot. Uh, and, and truly I think it’s a matter of then not right. Uh, and there are many reasons to believe that now is the time. Okay. And there are many reasons to liberate the data versus direct patient care, uh, deputy do for patients and providers to access live. And Nita, regardless of access to Emr, has a lot of good work being done in the name of Rod, which needs to continue, right? And I absolutely believe to your point, that data in the hands of researchers and developers and entrepreneurs will provide, provide healthcare.
Nassar Nizami: 12:55 Uh, there is a ton of data in Emr and other political system. We just not used overwhelming majority of it. It just sits there for the legal or compliance or historical reasons. And this is the data that in the hands of entrepreneurs in the research community can do wonders that you asked about barriers. So yes, there are barriers, uh, for us, we have to think through a privacy implication. For instance, companies like apple are not covered by Hipaa, right? And there is a level of expectation from consumers, patients by the safety for last 20 years. We have everyone that your patient information is covered by Hipaa and so forth. These third parties don’t have those, um, productions. I guess you have to just think through. It doesn’t mean that it should not be open. I’m all for opening. It’s just that they have to think about the implications of making sure that patient data, estate pro, uh, protected, that are really real technical barriers to interoperability and openness.
Nassar Nizami: 14:02 And as an industry we have been trying to solve those for many years now have been many successes. You know, this conference was blue, but in two point. Oh, there was one point. Oh, uh, so there are a lot of lessons learned and then they are going to be more or less than some of the time is right. We need some push from our policymakers. Uh, we need engagement from organization like Google and Microsoft who have, um, the resources, uh, to make things happen. And I was the research researchers wouldn’t be with their job and a good things will come similar. Do a APP economy that we saw in last decade.
Bill Russell: 14:42 Absolutely. So, um, know. So one of the primary principles of Blue Button, two point Oh, is to get the patient record in the hands of the consumer. So it’s, it completely freeze. It gets it on the phone once it gets on the phone. Then as you pointed out, you know, if there’s no hipaa on security on a apple, and part of the reason for that is apples, essentially the consumer’s giving it to apple and you know, they’re not really putting that requirement on apple yet. I think we’ll see that sort of emerge here, given the landscape that’s going on. But we put the, we put the record in the hands of the patient. Do you think that’s going to open up? Um, I know when I’ve talked about this a lot on this show I’ve talked about, once we get the record in the hands of the patient that we’re going to see all sorts of new paradigm start to, uh, to emerge in that the patient’s going to be able to, uh, decide to sell their data.
Bill Russell: 15:44 It’s not going to be something that a health system decides to do or our claims data gets sold, uh, and in new industries gets created. But there’s going to be a, the ability for me, the patient to go, I want to participate in this cancer study. I want to participate in this hard study and potentially get, get compensated for it. Here’s five bucks for this, or 10 bucks for that. So we’ll create a sort of a data economy there. Plus we’ll create all sorts of new, uh, uh, really access a changes as I go from health system to health system where I moved from place to place or I decide to use telehealth from a different provider. I’m going to be able to provide them my record instead of them having to request the record from another house system. Um, uh, I mean, do you, do you. Well, let’s start here. Do you think the patient should own the medical record? Do you think we should put it on every phone? You’re a former security guy, so you know what that means. Uh, and then, uh, do you think that’s gonna enable more or different kinds of, uh, um, uh, I don’t know. Ways of delivering health to that population. And is that going to really impact the health systems today?
Nassar Nizami: 16:55 First of all, absolutely. Patient owns data and up until now they just didn’t have me to access him. And, and other than, you know, getting a printed copy of their medical record in some cases going to, uh, have that and trying to figure out what’s happening. So the, that we brought our patient data is inefficient and inadequate and there’s easily a patient can easily say, hey, physician, this is my record from a hospital and this is my extra lab results and so forth. So that’s pretty powerful. I think absolutely patient owns the data and a need to make sure that the chancellor of data from patient to whoever the patient is seeing that as a hospital or a physician is very easy. It’s very quick and it happens in a timely fashion. That is an absolute must. Um, uh, I think that would I’m concerned about is uh, uh, the lack of understanding with the security.
Nassar Nizami: 17:55 So, you know, we see in the news what’s happening with facebook and Google and Gdpr, especially in Europe, in just the realization by people that are non health data, the social media data can be used in ways that nobody imagined, right? And can be mined in ways that nobody can ever imagine. And I think that’s an educated, there’s an education component, first and foremost, to educate the patient that, that, uh, what can they expect once they share the data, because apple or facebook, they are known to share their data with third parties and I believe that apple already have in their terms and conditions will we’re the, the, can share the data with third parties. So before a patient knows that data is going to be not only with companies like apple or google, but all the ecosystem that they support. And I think for some pharmacists in educational thing, the patient has to realize what they’re sharing.
Nassar Nizami: 18:54 And secondly, I think you will see some more rules and regulations around them. Probably it will be a cash up like Heb as a cashier. But I think that that will happen. That’s a must. I’m not sure about the monetization piece because for most companies, the benefit of the data is, uh, is from the millions of data sets that I think for, for, for foreseeable future is to larger organizations will manage, um, uh, so, uh, but that does not mean the ice really. The given data, the patient is very powerful. There may be organizations that are interested in a very niche studies. So can you mentioned cancerous. If I’m an organization and my interest in lung cancer, uh, I don’t need hundreds of thousands perhaps, uh, you know, and uh, contacting a various special population and target population could probably help an independent. I’m a researcher, a who or a company who don’t. Do they have the means or have to spend a ton of money to get that data. So in what I think is liberation of data is going to be very powerful. Uh, there are going to be some issues they bought, technology, privacy insecurity that we’ll have to address a bar. But I think we are, if we don’t, even if we don’t address the barriers and the issues, I think the, the liberation of data will happen.
Bill Russell: 20:29 So, closing question, given the three, three key movements, fire, uh, the apple, the apple announcement and there partnership with health systems that they’re bringing data and, and blue button. Two point. Oh, which of those three do you think has the biggest impact on, on bringing this app to, to, into fruition or bringing it to bear?
Nassar Nizami: 20:50 Sure. Of speaking. One I would say is the push from the government, right? Uh, on opening up probably the catalyst and the interest from organizations like apple and Google and Amazon. I think it’s just being excellerate. So all of have is the short answer, but I think the roll off, uh, off of her policy makers probably is going to be most critical in, in, um, I’m not sure if forcing is the right word, but a forcing the opening of data, making sure that data gets open and interoperability actually happens
Bill Russell: 21:32 strongly encouraging based on reimbursements and famous you have a better tress of fours. And I do have, you know, it’s interesting. So we’re, we’re going to transition to the next story, but you know, uh, you know, we’re, we’re so worried about a privacy and security in giving the, the records of the patient, but we’re going to transition to this story and it’s gonna. It’s gonna look like, Hey, we’re not doing that great of a job as a, as health systems today in protecting the data. So why, why don’t you set this one up and, and then we’ll go into.
Nassar Nizami: 22:01 Sure. This, this was a, an article that was published yesterday is the news and Becker’s health, uh, and uh, it’s an article that is summary of breaches reported to OCR. So an organizations under breaches certain threshold rule, the crn, ocr then make that information public and there’s already good with a summary of all the regions that are already floated in the first half of this year. And it stood out because of some interesting friends first. We have already served as a number of records that were breached in 2017 and Mr in this year, uh, and incidents were bordered as hacking on the rise and continue the number could be 40 to 50 percent higher than what we saw in. Um, so I think that’s an interesting aspect and it tells us as an industry on Rehab you shouldn’t be putting our resources in. And this is, I think supported by some positive aspects.
Nassar Nizami: 23:08 The incident have you quoted as pepper last steadied or the last three years and probably because of the requirement to encrypt by many organizations, so as you know, is the laptop or device that is lost or stolen, uh, and is interrupted then it’s not a reportable incident and there is some requirements on encryption and so forth. But I think that over the last five or six years, seven years this requirement or, or, uh, sort of incentives to input data source organizations are strongly encouraged organizations to encrypt. And because of that, via seen the results of steadying of instruments there. So now that you see arise in packing related incidents, I think that’s an area where we need to, um, focus, uh, um, uh, so, uh, and I think there are other areas, you know, the, the inappropriate disclosure is also steady but all expected. But the reason I thought that was interesting is that, you know, this and you think about this in the context of everything else. Um, you know, hacking by Russia is in the news and so forth. And this just highlights an area which we still are as an, as an industry are struggling.
Bill Russell: 24:30 So let me, let me give a few more, uh, just data points. And then, and then I’m going to ask you again, I rarely get a cso on the, on the show or someone who used to be so selfish. So 2016, a 450 breaches, 27 point 5 million records, 2017, 477 breaches, five point 6 million records breached. Um, the, uh, you know, over a one breach of day, uh, at this point, a 2017, 18 primary cause was hacking as you pointed out. Uh, so that’s, that’s on the rise. But here’s some other numbers which I figured pretty staggering. Between 20 2009 slash 2017, there have been a 2000, 181 healthcare data breaches, um, those breaches have resulted in the theft exposure of 176 million health records, which is over 50 percent of the population in the United States. So over 50 percent of the people have received those, hey, we’ll protect your identity papers.
Bill Russell: 25:31 Uh, the two causes, we talked about hacking incidents and then insider breaches is the other primary cause. Um, so, uh, let’s see, couple, couple more hacking it. Incidents resulted in the exposure theft of 3 million records, although detailed data is only available on 144 of those breaches in 2016, 86 percent of the breaches were attributed to hacking incidents in 2016, 120 hackney gets reported, which resulted in exposure of a 23 million records. The severity of hacks, insider threats was there for foreign lower in 2017 even though hacking incidents were more numerous. A couple couple of other things I think are insider breaches continue to plague. The healthcare industry. Data is available on 143 of those, they actually break it down into two categories inside a wrongdoing, which includes theft and snooping, and that’s just a, somebody trying to find Brittany spirits is a record or whatever the breakdown was under to inside errors.
Bill Russell: 26:35 And 70 cases of insider wrong doing for incidents were classified as both. So you have, I mean these are two big categories, right? You have a, you have incidents that are attributed to your employees, you have incidents that are attributed to hackers. And, um, and I think the last thing I wanted to point out, so reports of healthcare data breaches in 2017, a show that many cases breaches are not detected until many months after the breach occurred, never signed to discover a breach based on those incidents that they looked at was 308 days. Uh, and the average in the prior year was 233 days. Uh, and it, it actually, they say it should be noted that the data was skewed because some breaches that occurred, uh, they didn’t detect for more than a decade. So, um, so I’d like to break our conversation down into three areas, prevention, detection and response. So from a prevention standpoint, a ransom moyer is on the rise. What can health systems do to prevent a or prepare for these types of hacking attacks?
Nassar Nizami: 27:45 So I think, you know, do think about preventing that and respond is the right, we do things right. And, uh, so, so, uh, and I think the best, uh, controls are preventative control, so things never happen hopefully. Right? And I think as an industry we have made some good progress in the last six or seven years and falls, we all had, most organization had far was for last 15, 10, 15 years. So that’s a given. Now there are new generation of firewalls that are happening that are really good at application level analysis and so forth. Um, and um, but I think the biggest bang for buck and organization you can probably get from a prevention point of view is, uh, probably from a technology I, we’ll talk about this technology and then human sense. So two categories from a technology point of view, in my opinion, is Monday for authentication and it just makes it very difficult for someone who is actively trying to access information. It does not, it’s not a cure all, it’s not a silver bullet, but I think that multifactor authentication has been a challenge in healthcare to implement because of cultural reasons and the need for physicians to give to a patient record immediately and so on. And so forth. So there have been reasons that it has not, a industry has not adopted it wholeheartedly, like is for instance, in banking or other commercial industry is, um, most of them they’ve workforce, uh, has to use two factor authentication or multifactor authentication.
Nassar Nizami: 29:24 The, the, in almost no, most of the breaches at vc of which are under hacking in or you mentioned ransom better. I’m in, was some, uh, some person doing something that they’re supposed to be opening an email or going through a website and installing something and that cannot be emphasized enough I think, uh, because, uh, the only, I think the real production that you can do is train your workforce at different levels. So many organizations now have dedicated security teams. You’re the experts that, but, but those people are probably, you know, a handful of people in any large organization. They’re a handful, but then you have your folks in technology, uh, who I think money is a as training them on security to make them your first line of defense. And then population in general. Right? Uh, so, so there are technological solution. I mentioned mfe mentioned firewalls, there are data loss prevention solutions, there are many technological solutions that we implement, some of which I mentioned, but I think, uh, we, any organization that is interested in securing and proactively protecting the human side with the technology that they’re implementing.
Bill Russell: 30:52 Yeah, the weaknesses. So let’s, let’s shift gears to detection. So one of the things I changed the way I think about security is one of our vendors came in and said, uh, you need to start designing as if they’re already at. Just assume they’re already in your network. There’s no wall she could put up that can keep them out. I’m like, okay. So that actually transformed how I thought about a security and prevention. The other thing was a cio told me, uh, he contracted with one of the firms, so could be our RSA or one of the firms. And what he wanted them to do was to see if he could get physician credentials on the black market. And they were able to, within 24 to 48 hours, you’re a about five or six of their physicians, actual credentials which works on their system. So they were able to get into a, you know, a citrix environment, get into the medical record and start moving around.
Bill Russell: 31:45 Um, and so, uh, detection becomes a little, uh, becomes almost the front line now because you’re assuming that they’re there in your network there they’re tooling around. So you almost have to look at patterns of usage, you know, if that doctor is looking at the wrong records or records that aren’t, there’s a, you know, are we tracking all those things? So from a detection standpoint, um, what are some things we can do to detect first of all, a decade to, to track a breach is kind of amazing. What are some things we can do a to find those, those incidents is quicker. Uh, it, it sort of moved that, that cycle forward.
Nassar Nizami: 32:24 Good. So again, I’ll talk to them about technology and people’s side of it is I think people are really, again, really important. So technologies now. So I mentioned needle loss prevention, technology’s a security and incident management systems. A bat can log in in real time alert and this is an area. So we spoke about artificial intelligence and machine learning in the context of health care, but this is an area where I’m seeing some really promising technologies and products that are coming up with is off detecting, very intelligent based on correlating important events in an alerting, oh, this is an area that had already some advanced technologies available and we are allowing some technologies in this area of sin is a mosque. That’s a baseline. Dlp I think is, I manage many healthcare organizations, actually. The people part is a challenge. So you can have the technologies, but do we have the people who are going to look in, respond and sift through all the false positives, these technologists to create a number of false positives.
Nassar Nizami: 33:39 And in some cases, you know, the before spotters is many, many times more than real incidents, right? Do we have the manpower, the manpower, and I think that we don’t have, has healthier, um, in, in, in particular, um, as a can. We don’t have enough security professionals. There is a lack of security. Freshman for everyone to pool is pretty small to begin with. Especially, there is an acute need for more security professionals within healthcare. So I think that I’m looking into a third party’s partnering with Third Parties for Twenty four by seven monitoring, uh, is a, at least in the short term. And is that a stop gap solution? And in these are folks like a semantic or like Dell or others who have a teams of professionals who can monitor the system 24 by seven. Again, it’s not a squirt blood things probably, um, things can get through without detection even if you have 24 by seven monitoring.
Nassar Nizami: 34:50 But I think in today’s Day and age 24 by seven monitoring is a must and if you’re a health system that can afford it to build your own security operation center or SOC, fantastic. Uh, but I think most healthcare system, even our size or even larger than us, cannot afford a 24 by seven monitoring in this human capital is just not there. So, so having the right technology is like seeing like the LP, um, and, and having people who can respond to it in and then some external power. But it’s, I think, one way of dealing with it, with, with, with a, a effective detection scheme or plan. This is one of those areas where you need to have a, it takes a village.
Bill Russell: 35:38 It’s a series of a highly trained experts outside of your organization. Experts within, uh, monitoring. Uh, yeah. So I, I couldn’t agree more with what you’re saying. Alright. So we have about seven minutes ago, five quick questions for you. So we’re going to transition to the soundbite section. Uh, I throw out these questions actually short answers, um, mostly because of time at this point. But, uh, uh, so sima verb as a first question, Seema Verma from cms just announced a healthcare as a fact free zone by 2020. I think most people would hear this and say, oh, that’s not a big deal. But, uh, from your perspective, how big of a left do you think it is going to be for health it, uh, to eliminate faxes by 20 slash 20?
Nassar Nizami: 36:24 Well, first of all, a deadline is necessary if you want to get rid of faxes in American medicine, you know, uh, so, uh, therefore I think it’s a step in the right direction. It goes hand in hand with interoperability, a initiative that we just discussed about by cms and onc. Uh, my, uh, my health ed, it as another one of the easier, it becomes the exchange data lesser than need relief for faxing, right? Fax Machines are dying a slow death vc less and less of them, but they’re not gone and did kill it in the next few years is going to be a heavy lift. Right? Uh, we have made advances in Improv comedy. There are a lot more to be done. I think there’s going to be a challenge. Uh, we really stopped to think about other ways to exchange data, for instance, is much easier to find a fax number of a physician office print and fax than funny email address and then sending it encrypted email. Right? So we are working with a startup that is an electronic fax on our end, but it leaves our factory, stores it on our secure web server and sent beige to the recipient with a youtube link and password. That’s a stop gap that you’re working with this startup to a solution. But like I wholeheartedly support the initiative but I think is going to be a heavy lift.
Bill Russell: 37:43 Yeah, I agree. Um, second question. So last year about this time, uh, you know, ransomware really became a really prominent, uh, and so from your perspective, how has healthcare really addressed the specific challenge? We’ve talked about security but this specific challenge of ransomware.
Nassar Nizami: 38:04 So, uh, last year was bad because a number of organizations as you sit, right, I mean especially when I cry and Petya had huge impact on a number of health systems. Uh, and this first year has been quieter. I believe that the site is not gone. So I have to say that first, I don’t think it’s gone much in, can I come back anytime but something that many organizations steps, like implementing or enhancing email protection or blocking websites which has helped. But again, and the thing that, the common theme here is that the bad guys are targeting people and technology, right? And I think we need to continue to focus on people centered approach in many of the cases where organizations or Hitler and some common theme is a phishing email that mentor someone and then someone clicked on that email and as a result of the computer system or multiple systems got impact. And so the, the, the assuming that your people at the first line of defense in every important line of defense at that training needs there cannot be emphasized enough.
Bill Russell: 39:09 So innovation is a big part of Jefferson health. Uh, give us some idea of how [inaudible] your, your innovation team a is separate but work closely. So it give us an idea of how it and the innovation team worked together at Jefferson.
Nassar Nizami: 39:24 Great question. Look at Jefferson. Uh, innovation, uh, has a special place. A is wonderful. Our pinners that go along with healthcare and academies is that important to us? It, my team vr work hand in hand with our innovation teams. Uh, in Jefferson. We have three innovation. We had an academy institution and our researchers are often working with uh, uh, innovation and on innovative solutions. We have a group that works on Peyton’s ensuring that our intellectual property is safe and secure and then they work on ways to bring it to the market. So this is an inside out innovation that is happening at Jefferson. We also have a group of people working on startups were aligned with us infrastructure in code development. This is an example of outside in that’s we have a group of very talented developers who are developing solutions in inhouse, uh, based on the needs identified for Jefferson. We work with all of these groups very closely, close collegial relationship in most cases. We work with them from the very beginning we were, it’s an idea being developed or if a vendor, if it’s a vendor that we had talking to and if the day for most of the innovation that happens, whether it’s inside or outside in ours developed it is the implementers and the longterm, a keeper and manager of the system a, the relationship is great. And together we are working on some really good initiatives.
Bill Russell: 40:53 That’s awesome. So um, you’re an academic medical center. Are there specific challenges in health it for academic medical centers versus a nonacademic medical center?
Nassar Nizami: 41:04 Absolutely sovereign in nonorganic setting as, as, as well. And I can tell you that the rest of the significant difference emcs have a unique culture, a different from most optimization. So we have health care and what we have also academy, our mission is to improve lives and to reimagine healthcare in our mission is to further their education, right? So which means we have researchers who are doing cutting edge research. They have unique requirements of openness, free access to inner resources. For instance, they wanted to use file sharing systems without being tied to a specific technology prescribed by corporate it. In most other organizations, patient corporate ID is able to see Haleigh, use box.net or dropbox. And that is it. That’s not the case in Emc is this is just the requirements because they are working often with many of their organization and their needs. There are needs to collaborate with other systems. Um, they have very intensive needs. A, our student population is unique and have different needs from a skilled workforce. Uh, they want to bring their own devices and expect that will work every rightfully so, uh, where students are often had a fit and challenging us and early adopters of consumer technologies. So I think that the culture is the biggest different. There are different needs, uh, but overall it’s a different culture in a nice and interesting and challenging environment to work in.
Bill Russell: 42:29 So, uh, so we’re almost out of time, so I’ll have, I’ll skip the last question. Give you an easy one to see if you’ve made the transition to Philadelphia. So will the phillies make the playoffs and will the eagles be able to repeat a superbowl champions?
Nassar Nizami: 42:44 So I think I’m much more closer to egos and phillies. So I would say that, you know, eagles have a really good shot. We get very excited. And uh, I was in New York, which is a huge fan, but the craziness around all this force in Philadelphia is I think unparalleled. I mean, uh, the city is just crazy about his boats and you would know this Unh. So I’m rooting for eagles.
Bill Russell: 43:08 Yeah, it’s something else when they do win a championship and they have to grease the poll so people don’t climb them and have absolutely. Now sort of egg. Thanks for coming on the show. Uh, is there a way for people to follow you to publish things on twitter or anything like that?
Nassar Nizami: 43:24 Yeah. So I have a twitter account is Ami and I z am I, so please follow me and light and post occasionally and don’t have a huge following like you, but I want you to friend me on Linkedin. I’m a, I’d love to connect and if there’s anything I can assist or help. Absolutely.
Bill Russell: 43:42 Yeah. It’s hard to run a 15 slash 16 hospital system and be active on twitter and social media. But uh, uh, awesome. You can follow me up. The patient cio on twitter, my writing of the Health Erik’s website. Don’t forget to follow show on twitter this week in hit and check out the website this week and help it to catch all the videos on the youtube channel this week in health it.com/video. And please come back Friday for news information and commentary from industry and that’s all for now.