Bill Russell: 00:11 Welcome to this week in health it where we discussed the news information and emerging thought with leaders from across the healthcare industry. This is episode number 33 today. We discussed the data quake, a term that’s used to describe the transformation potential of data in healthcare and the emergence of an application ecosystem in healthcare. Plus we’re going to take a look at a healthcare data breaches for 2018, give you an update and have a discussion around that. This podcast is brought to you by health lyrics. Health systems are moving to the cloud gain agility, efficiency, and new capabilities. Work with a trusted partner that has been moving health systems to the cloud since 2010. Visit healthlyrics.com to schedule your free consultation? My name is Bill Russell. recovering healthcare cio, writer and advisor with the previously mentioned health lyrics. Before I get to our guests a quick update. Um, I want to thank everyone who’s participated in our listener drive. We were, we were able to raise $3,000 for hope builders, an organization that provides life skills and job training for disadvantaged youth. Uh, I’ve hired their graduates, their stories are amazing. Thank you for giving us the opportunity to support the, uh, the next round of students in this great program. Uh, today we’re joined by a nicer design me, the, the chief information officer for Thomas Jefferson University and Jefferson health out of Philadelphia. Good morning, Nasser and a welcome to the show.
Nassar Nizami: 01:26 Good morning Bill. Thank you for inviting me. It’s a pleasure.
Bill Russell: 01:30 Well, I’m looking forward to our conversation. Should be fun. So tell us a little bit about, uh, Jefferson University and Jefferson health. Sure.
Nassar Nizami: 01:39 So we have about 14 hospital health systems serving patients in Philadelphia and surrounding communities, including southern Jersey, Thomas Jefferson had been around for 200 years now, uh, at 30,000 and strong, reimagining healthcare education and about $5,000,000,000 in revenue in Academic Medical Center with Thomas Jefferson University being a flagship university and hospital. All of our hospitals, our hospitals are vision hospitals.
Bill Russell: 02:07 Yeah, that’s a, that’s a fairly sizable system. And so just Philadelphia and southern. Are you a Philadelphia and southern New Jersey? Are you, uh, are you doing a lot of, a lot of things like telehealth across those? Are you expanding into more retail retail type locations?
Nassar Nizami: 02:28 All of the above. Telehealth is big. We are expandeing in telehealth and we’re seeing more and more a fraction in our telehealth technologies both in our Ed and then books calling in and opting for telehealth, uh, or a video appointment instead of physical appointment and uh, we are working with in a local retail clinics as well. Um, a lot going on.
Bill Russell: 02:55 Yeah, I’m looking forward to it. I have a lot of friends. I grew up just outside philly. I have a lot of friends. My, I have family that lives there. So I’m there. They’re looking forward to hearing you describe what, what Jefferson’s a, with Jefferson’s doing in some of these areas. So it’s exciting. So let me give people a little bit of your bio. Um, so obviously cio for Jefferson prior to that, your, a vice president of it at New York presby and prior to that it’s a Yale new, uh, several it rolls at Yale new haven health system, including a CSO. So that’s why I’m excited, I don’t get CSOS on the show all that often or people with CSO background. So it’s, it’s good to talk security, uh, every now that it’s such a huge topic for us. Um, and then you have a couple of degrees. You have, you have an Mba from Columbia, uh, at Columbia University, a master’s of science in computer engineering and I’m, and a BS in electrical engineering. So I guess what we can surmise from that is that you’re a, uh, you’re either really good at school, or very smart.
Nassar Nizami: 04:06 So I’m a tachy that’s what I like to call myself. Yeah.
Bill Russell: 04:11 Yeah. So what, what’s it, uh, what’s it like living and give us an idea of Philadelphia in the area of Philadelphia. I mean, is, is it a good tech scene? Is it, are you a, are you able to hire the kind of people and attract the kind of people you’re looking for?
Nassar Nizami: 04:27 Alright. So I think there are two different questions. And remember I come from New York, so a, is it a good tech scene? This is an awesome tech scene, a tons of things start as a lot of cool things happening within healthcare and outside health care. I get to meet folks who are in startups and mature organizations that are in the forefront of innovation. So there’s a metro city point of view, you find everything that you’d expect in any metro city. Now hiring is a different story. Uh, so we have some really talented people but it’s not been easy to hire a it is not very different than what I experienced in New Jersey. I’ve been only in the area for a year now, be completeing my year next month. But it’s hiring talent has been a challenge, but that’s a story across the board. That’s not unique to us, but in metro cities. I think just the competition is so much we are competing with a number of, for profit and commercial organization. It just makes it a little bit tough.
Bill Russell: 05:40 Yeah, absolutely. So one of the things we like to do with our guests is to just open the floor, give you a couple minutes to just talk about anything you’re excited about or what you’re working on today.
Nassar Nizami: 05:50 All right. So that’s a tough question because we are doing a number of cool things from innovation to Xr and Vr and expanding Emrs, and figuring out unique ways of using fire. There is a lot going on on our infrastructure team, so it’s difficult for me to pick one area, but that said, I will say one of the areas that I’m really excited about is the work working is doing in data analytics, especially predictive analytics. Um, and I really believe that we have an opportunity to influence patient care in a meaningful way. With a predictive analytics. I’ll share an example with you. Uh, the, uh, Jefferson. We have an Opi fast force, as you know, this is a national issue. Uh, we, our team developed a scorecard which we call a provider scorecard in the insights from the scorecard, like the changes in provider workflow that resulted in a 91 percent drop in prescribing beyond three days.
Nassar Nizami: 06:51 Our team has presented this work at national forums. We recently demonstrated it at the Vic Health Commissioner’s office is interested in disseminating it to other systems. And there even, this is just one example of there are a number of other use cases that we have worked on successfully and working on. For instance, we are, we are working on predicting substance, uh, and distressing Another example I just finished by saying that there’s a lot of buzz around ai, machine learning and predictive analytics and then believe, at least in the short, focused on point solutions that will give organization like ours. Most value this is, you’re seeing, this is where I’m really excited.
Bill Russell: 07:38 Yeah, absolutely. I mean that’s really exciting that you guys are. And you set up our first story really well in terms of how data can really transform a things like the opioid epidemic and really addressing it head on. And um, you know, we’ve been doing things like readmissions for years and those kinds of things. But now we’re getting very focused on things that are going to impact the community. Things that are going to impact quality outcomes. And it is, uh, it’s really exciting. The hard thing is there’s so many areas to get, to really focus in on predictive analytics that it’s hard to have enough staff and enough bandwidth to really do all the things that you want to do. I mean, that’s, that’s, that’s been my experience in analytics. Usually you really could quadruple the size of your team and be doing phenomenal things.
Bill Russell: 08:33 So, um, all. Alright. So, you know, on our show we do two segments in the news. We each pick a story and discuss and then we do soundbites where I’ll ask you a series of questions. Uh, you have a hard stop at about 33 minutes, so we will, uh, we’ll keep it moving. So my story is a cms just a completed their conference, the, uh, on interoperability and blue button two point. Oh. And there was a lot of exciting, a really vision casting kind of things. So now we all know that there’s challenges in terms of getting the data out and where we’re at today. But in terms of really a vision, you really got a very clear picture of where they see things going. So, uh, this stories from healthcare, it, news, health, a healthcare APP economy is coming, get ready for the data quake and uh, I’m going to bounce around to a couple stories, uh, data.
Bill Russell: 09:26 Uh, so a silicon valley venture capitalists drop the word one doesn’t hear everyday data quake. We’re going to look back at 2018, 2019. He, uh, he says, uh, those were the years of the data of quakes that John Doerr, a chairman, Kleiner, Perkins Caufield and Myers data was required to be interoperable. Innovators came together to move us to an APP economy. So they’re, they’re starting to paint this vision of a data getting to such a place that we’re going to start to see things like a, like an apple app store for health apps. So let me hit a couple, a couple of key things on this. So a administrator, Seema Verma or health insurer, health insurance companies to follow the senators, a cms, a lead to make claims data more readily available. Uh, she says we’re at the beginning of the digital health revolution. We have the ability to take that data and unleash it.
Bill Russell: 10:17 She said during the Blue Button conference, we’re unleashing the most powerful force in our economy. That consumer Firma added that cms is creating a new type of patient profile by making the agency’s massive amounts of claims data available to the public via blue button 2.0. And she said, we’re not stopping there. We’re leading by example and calling on all insurers to release data in an API format Firma said you’ll see through our regulatory process, that we’re very serious about that. Um, so, uh, you know, they talk about not only releasing the cms claims data, they talk about encouraging a payers to release their data. Uh, more than 600 developers signed up for blue button 2.0, to start experimenting. I think that number’s up over 700 now. Um, and that, uh, which will give them access to the developers can build integrations across more than four years of Medicare part a, b, d, a data for $53 million medicare beneficiaries.
Bill Russell: 11:16 And if that wasn’t enough, you had Amazon, Google, IBM, Microsoft, Oracle, salesforce pledge to remove interoperability barriers. So in terms of just visioning a big day for them, just laying out this vision for a freeing that healthcare data, putting it in the hands of developers and clinicians to really rethink how we use the data. Um, and so they’re putting it out there. So let’s just start with, let’s riff on this vision a little bit. So does the data have the ability to change healthcare as it has in just about every other industry or are we to see some barriers?
Nassar Nizami: 11:55 Absolutely. First of all, great news article, um, and I think one of the other, uh, uh, people quoted in the article and Asia said something about consumerization, you know, and I absolutely agree with that because like eco system, uh, and I think that the shift has been slow. It’s been happening for a lot. Uh, and, and truly I think it’s a matter of then not if, right. Uh, and there are many reasons to believe that now is the time. Okay. And there are many reasons to liberate the data versus direct patient care, uh, the ability for patients and providers to access something data, regardless of direct access to Emr, has a lot of good work being done in the name of interoperability, which needs to continue, right? And I absolutely believe to your point, that data in the hands of researchers and developers and entrepreneurs will truly change the way we, provide healthcare.
Nassar Nizami: 12:55 Uh, there is a ton of data in Emrs and other clynical system. Which is not used overwhelming majority of it. It just sits there for the legal or compliance or historical reasons. And this is the data that in the hands of entrepreneurs in the research community can do wonders that you asked about barriers. So yes, there are barriers, uh, for us, we have to think through a privacy implication. For instance, companies like apple are not covered by Hipaa, right? And there is a level of expectation from consumers, patients by the safety for last 20 years. We have told everyone that your patient information is covered by Hipaa and so forth. These third parties don’t have those, um, productions. I guess you have to just think through. It doesn’t mean that it should not be open. I’m all for opening. It’s just that they have to think about the implications of making sure that patient data, it stay, uh, protected, there are really real technical barriers to interoperability and openness.
Nassar Nizami: 14:02 And as an industry we have been trying to solve those for many years, there have been many successes. You know, this conference was blue button 2.0, there was 1.0, uh, so there are a lot of lessons learned and then there are going to be more lessons lerarned. I think the time is right. We need some push from our policymakers. Uh, we need engagement from organization like Google and Microsoft who have, um, the resources, uh, to make things happen. And I think research researchers will do their job and a good things will come similar to APP economy that we saw in last decade.
Bill Russell: 14:42 Absolutely. So, um, know. So one of the primary principles of Blue Button, 2.0, is to get the patient record in the hands of the consumer. So it’s, it completely frees It gets it on the phone once it gets on the phone. Then as you pointed out, you know, if there’s no hipaa on security on a apple, and part of the reason for that is apples, essentially the consumer’s giving it to apple and you know, they’re not really putting that requirement on apple yet. I think we’ll see that sort of emerge here, given the landscape that’s going on. But we put the, we put the record in the hands of the patient. Do you think that’s going to open up? Um, I don’t know, I’ve talked about this a lot on this show I’ve talked about, once we get the record in the hands of the patient that we’re going to see all sorts of new paradigms start to, uh, to emerge in that the patient’s going to be able to, uh, decide to sell their data.
Bill Russell: 15:44 It’s not going to be something that a health system decides to do or our claims data gets sold, uh, and in new industries gets created. But there’s going to be a, the ability for me, the patient to go, I want to participate in this cancer study. I want to participate in this hard study and potentially get, get compensated for it. Here’s five bucks for this, or 10 bucks for that. So we’ll create a sort of a data economy there. Plus we’ll create all sorts of new, uh, uh, really access of changes as I go from health system to health system where I moved from place to place or I decide to use telehealth from a different provider. I’m going to be able to provide them my record instead of them having to request the record from another health system. Um, uh, I mean, do you, do you. Well, let’s start here. Do you think the patient should own the medical record? Do you think we should put it on every phone? You’re a former security guy, so you know what that means. Uh, and then, uh, do you think that’s gonna enable more or different kinds of, uh, um, uh, I don’t know. Ways of delivering health to that population. And is that going to really impact the health systems today?
Nassar Nizami: 16:55 First of all, absolutely. Patient owns data and up until now they just didn’t have way to access them. And, and other than, you know, getting a printed copy of their medical record in some cases going to, uh, portal and trying to figure out what’s happening. So the ways that we provide our patient data is inefficient and inadequate and there’s so many ways where we can, easily a patient can easily say, hey, physician, this is my record from a hospital and this is my xray, lab results and so forth. So that’s going to be pretty powerful. I think absolutely patient owns the data and we need to make sure that the transfer of data from patient to whoever the patient is seeing whether it’s a hospital or a physician its very easy. It’s very quick and it happens in a timely fashion. That is an absolute must. Um, uh, I think that what I’m concerned about is uh, uh, the lack of understanding with the security.
Nassar Nizami: 17:55 So, you know, we see in the news what’s happening with facebook and Google and Gdpr, especially in Europe, in just the realization by people their non health data, the social media data can be used in ways that nobody imagined, right? And can be mined in ways that nobody can ever imagine. And I think that’s an educated, there’s an educational component, first and foremost, to educate the patient that, that, uh, what can they expect once they share the data, because apple or facebook, they are known to share their data with third parties and I believe that apple already have in their terms and conditions will where they can share the data with third parties. So before a patient knows their data is going to be not only with companies like apple or google, but all the ecosystem that they support. And I think for some pharmacists in educational thing, the patient has to realize what they’re sharing.
Nassar Nizami: 18:54 And secondly, I think you will see some more rules and regulations around them. Probably it will be a catch up like Hippa was a catch up. But I think that that will happen. That’s a must. I’m not sure about the monetization piece because for most companies, the benefit of the data is, uh, is from skim the millions of data sets that I think for, for, for foreseeable future is still larger organizations will manage, um, uh, so, uh, but that does not mean, I still believe that giving data, to patient is very powerful. There may be organizations that are interested in a very niche studies. So can you mentioned cancerous. If I’m an organization and my interest in lung cancer, uh, I don’t need hundreds of thousands perhaps, uh, you know, and uh, contacting a various special population and target population could probably help an independent researcher, a who or a company who don’t have the means or have to spend a ton of money to get that data. So in what I think is liberation of data is going to be very powerful. Uh, there are going to be some issues in both technology, privacy insecurity that we’ll have to address, But I think at this point we are, if we don’t, even if we don’t address the barriers and the issues, I think the, the liberation of data will happen.
Bill Russell: 20:29 So, closing question, given the three, three key movements, fire, uh, the apple, the apple announcement and there partnership with health systems that they’re bringing data and, and blue button. 2.0, which of those three do you think has the biggest impact on, on bringing this app economy to, into fruition or bringing it to bear?
Nassar Nizami: 20:50 Sure. Instead of picking one I would say is the push from the government, right? Uh, on opening up probably the catalyst and the interest from organizations like apple and Google and Amazon. I think it’s just going to excellerate that. So all of the above is the short answer, but I think the roll of our policy makers probably is going to be most critical in, in, um, I’m not sure if forcing is the right word, but a forcing the opening of data, making sure that data gets open and interoperability actually happens
Bill Russell: 21:32 strongly encouraging based on reimbursements and payments
Nassar Nizami: 21:36 you have a better choice of words than I do
Bill Russell: 21:39 you know, it’s interesting. So we’re, we’re going to transition to the next story, but you know, uh, you know, we’re, we’re so worried about a privacy and security in giving the, the records of the patient, but we’re going to transition to this story and it’s gonna. It’s gonna look like, Hey, we’re not doing that great of a job as a, as health systems today in protecting the data. So why, why don’t you set this one up and, and then we’ll go into it.
Nassar Nizami: 22:01 Sure. This, this was a, an article that was published yesterday is the news and Becker’s health, uh, and uh, it’s an article that is summary of breaches reported to OCR. So all organizations under Hippa are supposed to recode breaches up over a certain threshold in the orc, and ocr then makes that information public and this article was a summary of all the regions that were reported in the first half of this year. And it stood out because of some interesting trends. First we have already surpassed the number of records that were breached in 2017 and we still have five more months to go in this year, uh, and incidents reported as hacking on the rise and if the something continue the number could be 40 to 50 percent higher than what we saw in 2017. Um, so I think that’s an interesting aspect and it tells us as an industry on where we have, we should be putting our resources in. And this is, I think supported by some positive aspects.
Nassar Nizami: 23:08 The incidents reported as capital loss have the steadied over the last three years and probably because of the requirement to encrypt by many organizations, so as you know, if the laptop or device that is lost or stolen, uh, and is encrypted then it’s not a reportable incident and there is some requirements on encryption and so forth. But I think that over the last five or six years, seven years this requirement or, or, uh, sort of incentives to input data forced organizations or strongly encouraged organizations to encrypt. And because of that, we are seeing the results of steadying of instruments there. So now that you see a rise in hacking rated incidents, I think that’s an area where we need to, um, focus, uh, um, uh, so, uh, and I think there are other areas, you know, the, the inappropriate disclosure is also steady but all expected. But the reason I thought that was interesting is that, you know, this and you think about this in the context of everything else. Um, you know, hacking by Russians in the news and so forth. And this just highlights an area which we still are as an, as an industry are struggling.
Bill Russell: 24:30 So let me, let me give a few more, uh, just data points. And then, and then I’m going to ask you again, I rarely get a cso on the, on the show or someone who used to be so. So 2016, a 450 breaches, 27.5 million records, 2017, 477 breaches, five point 6 million records breached. Um, the, uh, you know, over a one breach a day, uh, at this point, a 2017, 18 primary cause was hacking as you pointed out. Uh, so that’s, that’s on the rise. But here’s some other numbers which I think are pretty staggering. Between 2009 slash 2017, there have been a 2,181 healthcare data breaches, um, those breaches have resulted in the theft exposure of 176 million health records, which is over 50 percent of the population in the United States. So over 50 percent of the people have received those, hey, we’ll protect your identity papers.
Bill Russell: 25:31 Uh, the two causes, we talked about hacking incidents and then insider breaches is the other primary cause. Um, so, uh, let’s see, couple, couple more. Hacking it incidents resulted in the exposure theft of 3 million records, although detailed data is only available on 144 of those breaches in 2016, 86 percent of the breaches were attributed to hacking incidents in 2016, 120 hacking incidents were reported, which resulted in exposure of a 23 million records. The severity of hacks, insider threats was therefore far lower in 2017 even though hacking incidents were more numerous. A couple couple of other things I think are insider breaches continue to plague the healthcare industry. Data is available on 143 of those, they actually break it down into two categories inside a wrongdoing, which includes theft and snooping, and that’s just a, somebody trying to find Brittany Spears’ a record or whatever the breakdown was a 102 inside errors.
Bill Russell: 26:35 And 70 cases of insider wrong doing four incidents were classified as both. So you have, I mean these are two big categories, right? You have a, you have incidents that are attributed to your employees, you have incidents that are attributed to hackers. And, um, and I think the last thing I wanted to point out, so reports of healthcare data breaches in 2017, a show that many cases breaches are not detected until many months after the breach occurred, the average time to discover a breach based on those incidents that they looked at was 308 days. Uh, and the average in the prior year was 233 days. Uh, and it, it actually, they say it should be noted that the data was skewed because some breaches that occurred, uh, they didn’t detect for more than a decade. So, um, so I’d like to break our conversation down into three areas, prevention, detection and response. So from a prevention standpoint, a ransomware is on the rise. What can health systems do to prevent a or prepare for these types of hacking attacks?
Nassar Nizami: 27:45 So I think, you know, do think about preventing detect and respond is the right way to think. And, uh, so, so, uh, and I think the best, uh, controls are preventative control, so things never happen hopefully. Right? And I think as an industry we have made some good progress in the last six or seven years aroubf prevention controls, we all had, most organization had far worse for last 15, 10, 15 years. So that’s a given. Now there are new generation of firewalls that are happening that are really good at application level analysis and so forth. Um, and um, but I think the biggest bang for buck an organization you can probably get from a prevention point of view is, uh, probably from a technology I will talk about this in a technology and then human sense. So two categories from a technology point of view, in my opinion, is multifactor authentication and it just makes it very difficult for someone who is actively trying to access information. It does not, it’s not a cure all, it’s not a silver bullet, but I think that multifactor authentication has been a challenge in healthcare to implement because of cultural reasons and the need for physicians to give to a patient record immediately and so on. And so forth. So there have been reasons that it has not, a industry has not adopted it wholeheartedly, like is for instance, in banking or other commercial industry is, um, most of them they’ve workforce, uh, has to use two factor authentication or multifactor authentication.
Nassar Nizami: 29:24 The, the, in almost no, most of the breaches at vc of which are under hacking in or you mentioned ransomware. I’m in, was some, uh, some person doing something that they’re not supposed to do, it can be opening an email or going to a website and installing something and that cannot be emphasized enough I think, uh, because, uh, the only, I think the real production that you can do is train your workforce at different levels. So many organizations now have dedicated security teams. They are the experts that, but, but those people are probably, you know, a handful of people in any large organization. They’re a handful, but then you have your folks in technology, uh, who I think money well spent is training them on security to make them your first line of defense. And then population in general. Right? Uh, so, so there are technological solution. I mentioned mfe mentioned firewalls, there are data loss prevention solutions, there are many technological solutions that we can implement, some of which I mentioned, but I think, uh, we, any organization that is interested in securing and proactively protecting the human side with the technology that they’re implementing.
Bill Russell: 30:52 Yeah, the weakness is the human. So let’s, let’s shift gears to detection. So one of the things I changed the way I think about security is one of our vendors came in and said, uh, you need to start designing as if they’re already in. Just assume they’re already in your network. There’s no wall she could put up that can keep them out. I’m like, okay. So that actually transformed how I thought about a security and prevention. The other thing was a cio told me, uh, he contracted with one of the firms, so could be RSA or one of the firms. And what he wanted them to do was to see if he could get physician credentials on the black market. And they were able to, within 24 to 48 hours, procure about five or six of their physicians, actual credentials which worked on their system. So they were able to get into a, you know, a citrix environment, get into the medical record and start moving around.
Bill Russell: 31:45 Um, and so, uh, detection becomes a little, uh, becomes almost the front line now because you’re assuming that they’re there in your network there they’re tooling around. So you almost have to look at patterns of usage, you know, if that doctor is looking at the wrong records or records that aren’t, there’s a, you know, are we tracking all those things? So from a detection standpoint, um, what are some things we can do to detect first of all, a decade to, to track a breach is kind of amazing. What are some things we can do a to find those, those incidents is quicker. And sort of moved that, that cycle forward.
Nassar Nizami: 32:24 Good. So again, I’ll talk about technology and people’s side of it is I think people are really, again, really important. So there are technologies now. So I mentioned data loss prevention. Using technology’s a security and incident management systems, that can log in in real time alert and this is an area. So we spoke about artificial intelligence and machine learning in the context of health care, but this is an area where I’m seeing some really promising technologies and start ups that are coming up with ways of detecting, very intelligent ways and correlating events and then learning, oh, this is an area that had already some advanced technologies available and we are allowing some technologies in this area. SIM is a must. That’s a baseline. Dlp I think is a must. Many healthcare organizations, actually the people part is a challenge. So you can have the technologies, but do we have the people who are going to look in, respond and sift through all the false positives, these technologists tend to create a number of false positives.
Nassar Nizami: 33:39 And in some cases, you know, the before spotters is many, many times more than real incidents, right? Do we have the manpower, the manpower, and I think that we don’t have, ss health care, um, in, in, in particular, um, as a nation we don’t have enough security professionals. There is a lack of security professionals for everyone the pool is pretty small to begin with. Especially, there is an acute need for more security professionals within healthcare. So I think that I’m looking into a third party’s partnering with Third Parties for Twenty four by seven monitoring, uh, is a, at least in the short term is a stop gap solution? And in these are folks like a semantic or like Dell or others who have a teams of professionals who can monitor the system 24 by seven. Again, it’s not a sure method things probably, um, things can get through without detection even if you have 24 by seven monitoring.
Nassar Nizami: 34:50 But I think in today’s Day and age 24 by seven monitoring is a must and if you’re a health system that can afford it to build your own security operation center or SOC, fantastic. Uh, but I think most healthcare system, even our size or even larger than us, cannot afford a 24 by seven monitoring in this human capital is just not there. So, so having the right technology is like SIM like the LP, um, and, and having people who can respond to it internal and then some external power. But it’s, I think, one way of dealing with it, with, with, with a, a effective detection scheme or plan.
Bill Russell: 35:34 This is one of those areas where you need to have a, it takes a village. It’s a series of a highly trained experts outside of your organization. Experts within, uh, monitoring. Uh, yeah. So I, I couldn’t agree more with what you’re saying. Alright. So we have about seven minutes to go, five quick questions for you. So we’re going to transition to the soundbite section. Uh, I throw out these questions actually short answers, um, mostly because of time at this point. But, uh, uh, so sima verb as a first question, Seema Verma from cms just announced a healthcare as a fax free zone by 2020. I think most people would hear this and say, oh, that’s not a big deal. But, uh, from your perspective, how big of a left do you think it is going to be for health it, uh, to eliminate faxes by 2020?
Nassar Nizami: 36:24 Well, first of all, a deadline is necessary if you want to get rid of faxes in American medicine, you know, uh, so, uh, therefore I think it’s a step in the right direction. It goes hand in hand with overall interoperability, a initiative that we just discussed about by cms and onc. Uh, my, uh, my health something is another one of the easier, it becomes to exchange data lesser than need will be for faxing, right? Fax Machines are dying a slow death we less and less of them, but they’re not gone and to kill it in the next few years is going to be a heavy lift. Right? Uh, we have made advances in something already. There are a lot more to be done. I think there’s going to be a challenge. Uh, we’re interoperably need to think about other ways to exchange data, for instance, is much easier to find a fax number of a physician office print and fax than find and email address and then sending an encrypted email. Right? So we are working with a startup that is an electronic fax on our end, but it takes our fax, it stores it on our secure web server and send a page to the recipient with a new link and one time password. That’s a stop gap that you’re working with this startup to a solution. But like I wholeheartedly support the initiative but I think is going to be a heavy lift.
Bill Russell: 37:43 Yeah, I agree. Um, second question. So last year about this time, uh, you know, ransomware really became a really prominent, uh, and so from your perspective, how has healthcare really addressed the specific challenge? We’ve talked about security but this specific challenge of ransomware.
Nassar Nizami: 38:04 So, uh, last year was bad because a number of organizations as you said, right, I mean especially wanacry and Petya had huge impact on a number of health systems. Uh, and this first year has been quieter. The threat is not gone, So I have to say that first, I don’t think it’s gone it’s very much ther and can come back anytime but organizations took some something steps, that many organizations steps, like implementing or enhancing email protection or blocking extermination websites which has helped. But again, and the thing that, the common theme here is that the bad guys are targeting people and technology, right? And I think we need to continue to focus on people centered approach in many of the cases where organizations are hit with ransomware, a common theme is a phishing email that went to someone and then someone clicked on that email and as a result the computer system or multiple systems got impact. So the, the, the assuming that your people are the first line of defense in a very important line of defense I think is critical and that training needs there cannot be emphasized enough.
Bill Russell: 39:09 So innovation is a big part of Jefferson health. Uh, give us some idea of how cause your, your innovation team a is separate but work closely. So it give us an idea of how it and the innovation team worked together at Jefferson.
Nassar Nizami: 39:24 Great question. Look at Jefferson. Uh, innovation, uh, has a special place. It is one of our pillars that go along with healthcare and academics its that important to us? It, my team we all work hand in hand with our innovation teams. Uh, at Jefferson. We have three innovation tracks. We are an academic institution and our researchers are often working with uh, uh, innovation and on innovative solutions. We have a group that works on pattons insuring that our intellectual property is safe and secure and then they work on ways to bring it to the market. So this is an inside out innovation that is happening at Jefferson. We also have a group of people working on startups were aligned with, you know, interested in code development. This is an example of outside in. Last thing, we have a group of very talented developers who are developing solutions in inhouse, uh, based on the needs identified for Jefferson. We work with all of these groups very closely, close collegial relationship in most cases. We work with them from the very beginning we were, it’s an idea being developed or if a vendor, if it’s a vendor that we had talking to. End of the day for most of the innovation that happens, whether it’s inside or outside in ours developed it is the implementers and the longterm, a keeper and manager of the system a, overall the relationship is great. And together we are working on some really good initiatives.
Bill Russell: 40:53 That’s awesome. So um, you’re an academic medical center. Are there specific challenges in health it for academic medical centers versus a nonacademic medical center?
Nassar Nizami: 41:04 Absolutely so I’ve worked in nonacedemic setting as well. And I can tell you that there are some significant difference. Emcs have a unique culture, a different from most types of organizations. So we have health care and what we have also academy, our mission is to improve lives and to reimagine healthcare and our mission is to further education, right? So which means we have researchers who are bringing cutting edge research. They have unique requirements of openness, free access to inner resources. For instance, they wanted to use file sharing systems without being tied to a specific technology prescribed by corporate it. In most other organizations, patient corporate ID is able to see hey look, use box.net or dropbox. And that is it. That’s not the case in Emc’s it is just the requirements because they are working often with many other organization and their needs. There are needs to collaborate with other systems. Um, they have very intensive needs. A, our student population is unique and have different needs from a skilled workforce. Uh, they want to bring their own devices and expect that will work everywhere rightfully so, uh, where students are often fighty and challenging us and early adopters of consumer technologies. So I think that the culture is the biggest different. There are different needs, uh, but overall it’s a different culture and makes an interesting and challenging environment to work in.
Bill Russell: 42:29 So, uh, so we’re almost out of time, so I’ll have, I’ll skip the last question. Give you an easy one to see if you’ve made the transition to Philadelphia. So will the phillies make the playoffs and will the eagles be able to repeat a superbowl champions?
Nassar Nizami: 42:44 So I think I’m much more closer to eagles than phillies. So I would say that, you know, eagles have a really good shot. We are very excited. And uh, I was in New York, which is a huge sports fan, but the craziness around all this force in Philadelphia is I think unparalleled. I mean, uh, the city is just crazy about it’s sports and you would know this Unh. So I’m rooting for eagles.
Bill Russell: 43:08 Yeah, it’s something else when they do win a championship and they have to grease the poll so people don’t climb them and all sorts of other stuff.
Nassar Nizami: 43:16 absolutely.
Bill Russell: 43:17 Nassar. Thanks for coming on the show. Uh, is there a way for people to follow you to publish things on twitter or anything like that?
Nassar Nizami: 43:24 Yeah. So I have a twitter account is @Nnizami so please follow me and I like and post occasionally and don’t have a huge following like you, but I’m on twitter, or friend me on Linkedin. I’m a, I’d love to connect and if there’s anything I can assist or help with Absolutely.
Bill Russell: 43:42 Yeah. It’s hard to run a 15/16 hospital system and be active on twitter and social media. But uh, uh, awesome. You can follow me @thepatientscio on twitter, my writing on the Health Lyrics website. Don’t forget to follow show on twitter @thisweekinhit and check out the website thisweekinhealthit.com. Catch all the videos on the youtube channel thisweekinhealthit.com/video. And please come back Friday for news information and commentary from industry influencers and that’s all for now.
The security posture of healthcare is the foundation for trust that we have to build our digital experience. Ed Marx and Vugar Zeynalov of the Cleveland Clinic share their approach to getting the foundation right.
Mount Sinai is accelerating the development of a digital front door for many health systems. We sit down with Dr. Ashish Atreja to discuss this platform for innovation.
SCL Health is laying the foundation for the future while addressing the needs of the present. Craig Richardville, MBA, FACHE, FHIMSS, and Steven Michaels sit down with #thisweekinhealthit.
#healthcare #cio #healthit #leadership
The Healthcare CIO Look Back / Look Forward series with James Brady, Chief Information Officer at Los Angeles County Department of Health Services
The Healthcare CIO Look Back / Look Forward series with Erica Williams, Chief Information Officer – CHS Southwest Market
The Healthcare CIO Look Back / Look Forward series with Chani Cordero, Chief Information Officer at Carl R. Darnall Army Medical Center