October 4, 2021: Drex DeFord and Bill discuss wearables, the VA EHR rollout, the Epic dental module, cybersecurity, remote work, the CHIME, HLTH and HIMSS Vibe conferences and even golf. SpaceX owner Elon Musk is donating $50 million to St. Jude Children’s Research Hospital. Walmart announced a new partnership with Epic to help customers simplify their health care. HP released a Security report titled “Rebellions & Rejection” showing that work from home is a cybersecurity “ticking time bomb. And Epic’s vaccine credential tech is now available to 25 million patients.
Newsday – Epic’s Big Week, St Jude’s Awesome Fundraiser, and Binge Watching Ideas with Drex
Episode 449: Transcript – October 4, 2021
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[00:00:00] Bill Russell: Today on This Week in Health IT.
[00:00:01] Drex DeFord: How do you make it easy for patients and families? First of all, the data has to be interoperable and shareable. It doesn’t matter if you’re like me and got your vaccine at the VA, or if you’re somebody who got your vaccine Rite aid or you went to your doctor who runs an Epic EHR. Ultimately I need to be able to get to that data and prove it for situations where I need to prove it. It’s an interoperability question at its base.
[00:00:28] Bill Russell: [00:00:30] It’s Newsday. My name is Bill Russell. I’m a former CIO for a 16 hospital system and creator of This Week in health IT. A channel dedicated to keeping health IT staff current and engaged.
[00:00:43] Special thanks to Sirius Healthcare, Health Lyrics and World Wide Technology who are our Newsday show sponsors for investing in our mission to develop the next generation of health IT leaders.
[00:00:53] Just a quick note, before we get to our show, we launched a new podcast Today in Health IT. We look at one story every weekday [00:01:00] morning and we break it down from a health IT perspective. You can subscribe wherever you listen to podcasts. Apple, Google, Spotify, Stitcher, Overcast. You name it, we’re out there. You can also go to todayinhealthit.com. And now onto today’s show.
[00:01:16] Today is Newsday and we are welcoming Drex DeFord back into the house. Drex DeFord with CrowdStrike. Are you wearing a CrowdStrike shirt? Of course.
[00:01:24] Drex DeFord: I am wearing a CrowdStrike shirt today. Yeah. Thanks. We have the same. We have coordinated on colors today, [00:01:30]
[00:01:30] Bill Russell: So thanks for putting the, the jacket over the same colors. Otherwise we’ll get all sorts of comments from your friends when we post it, it’s oh look twinsies.
[00:01:40] Drex DeFord: My friends are relentless.
[00:01:42] Bill Russell: Yeah. Your friends are relentless. I put a picture of you out there and they all come in and want to make some funny comment about, Hey Drex is on TV again.
[00:01:53] Drex DeFord: Yeah, they’re rough. They’re rough to hang out with.
[00:01:56] Bill Russell: Well, I’m excited to have you on. We’re going to start with the space program because [00:02:00] you’re a space nerd, we usually end with this story, and it’s kind of a, it has a healthcare related bent to it, which I kind of liked.
[00:02:08] So let me give some excerpts here of this. Space X inspiration for flight achieved at space exploration mission, and also hit its fundraising goal for children’s cancer research. Thanks to some help from Space X owner, Elon Musk Musk tweeted after the splashdown that he was going to donate an additional 50 million to the cause.
[00:02:29] The [00:02:30] inspiration for flight raised, as of the writing of this article $222 million that is going to go to the St. Jude children’s research hospital which is phenomenal. I think it’s in direct response though. I mean, we have Bezos in the billionaires landing in New Mexico, I think. they took a lot of heat, a lot of backlash of this is like a billionaires toy to go into space. And I think Musk is just, brilliant in this. That’s not what this is about. For him there’s an overarching [00:03:00] mission of being a multi-planetary species.
[00:03:02] And in order to do that, we’ve got to get civilians in the space. And this is sort of like the testing that, and it turns out you can get billionaires to pay to go up into space. So it gives them that experience. And what he did is he just said, Alright, we’re going to do, and I don’t know if it was him or this gentleman who went up on the trip with them.
[00:03:23] Drex DeFord: Jared Isaac.
[00:03:24] Bill Russell: Yeah. It might’ve been his brainchild, but at the end of the day, they decided, Hey, we’re going to tack this on to a [00:03:30] good cause. They raffled off one of the spots on the ship and raised, I don’t know, 17 million or 18 million through that. All in all, we feel better about this mission than we did the blue origin mission. Don’t we?
[00:03:43] Drex DeFord: Yeah. Well, I mean, I think the interesting part of this is that the actually went into orbit and they had made a few trips around the earth and then they came back. So it’s sort of like incrementally, there’s always one more thing. We already have space tourists who are paying to go to the [00:04:00] space station.
[00:04:00] I mean, they’re not many of them, but there are people who are paying a big bill to be launched and be able to spend time at the international space station. But this more like routine, every man, tourist space tourist kind of thing is, is kind of cool. And it calls into question, I think the last time we talked a little bit about what happens when the trips get longer and longer and longer, how do you deal with like medical emergencies and those kinds of things?
[00:04:27] So we’re getting there, right? We’ve gone from [00:04:30] a flight that liberally lasts a few minutes with blue origin to one that lasted much longer than that.
[00:04:36] Bill Russell: We didn’t really talk about this and I know you’re not a doctor, but there’s a difference between taking a trained air force pilot and putting them in a spaceship and sending them up there and they go through rigorous training, that kind of stuff. But when they come to, I mean, you’re better shape than I am, but when they come to me and say, okay, it’s time for you to get on one of these capsules, I have feeling my heart is going to race beyond its capacity. And by the time we get [00:05:00] into orbit, I’m going to need somebody there who can resuscitate.
[00:05:05] Drex DeFord: Take care of you? Yeah
[00:05:07] Bill Russell: I mean, I assume the reason they had air force pilots and whatnot was partially because if there was a problem, they were trained, they knew what to do. But the other aspect of it is just physically, this is pretty demanding to get on a ship that’s going that fast and breaking out of orbit.
[00:05:23] Drex DeFord: Yeah. I think from the early space program. A lot of these folks were test pilots, right? So they had been [00:05:30] through the rigors of lots and lots of training, push their bodies to the edge spend time in centrifuges figuring out how many GS they can take before they passed out.
[00:05:40] And a lot of ways they were sort of like test animals to go, to go into space. And I think what you see now and what you’ve seen sort of in the later space shuttle program and the programs we have today is that people still have to go through a significant amount of training. These people went through a lot of training, even though essentially the whole trip was programmed into the computer [00:06:00] and the computer ran the whole, like everything.
[00:06:02] The orbital burns through returning back to earth but they were trained on some things that they knew that they might have to do should there be a computer malfunction or should there be other things that happen while they were on orbit? So I think there’ll always be requirement that you have meet a particular physical threshold of healthiness and go through a lot of, sort of testing to make sure that you’re ready to go. I think that will be there, that sort of benchmark will be there for a [00:06:30]long time. I don’t think you’re going to see in the near term, anybody just that is kind of not very healthy and maybe you’re not going to see people sort of wheel up in wheelchairs and get on space craft. We are ways away from that yet.
[00:06:45] Bill Russell: Not at this point. And they actually pushed Elon Musk on the space tourism thing and he said, look we can’t just be taking astronauts to Mars. At some point, we’re going to have to be taking this and just a whole bunch of [00:07:00] other types of normal people.
[00:07:02] And so we have to figure this out. I’ll give you one more excerpt, St. Jude intends to use the 200 million to grow its reach. The ALSAC spokesperson said the goal is to expand research and find treatment secures and expand the scope of St. Jude’s efforts. Let me redo this one line, cause I think it’s really inspiring. When St. Jude was found by the actor, Danny Thomas star of the 1950s TV sit-com Make Room for Daddy, the childhood cancer [00:07:30] survivor rate was 20%. Now it’s 80%. He said we want it to be a hundred percent. So inspiring work that those guys are doing at St. Jude and the research. And if I’m not mistaken, all of that care is covered. It’s free.
[00:07:47] Drex DeFord: I don’t know. Have you ever been there?
[00:07:49] Bill Russell: I have not. And I’d like to get down there because I think
[00:07:51] Drex DeFord: It’s it’s amazing. I’ve been down there several times. I mean, I guess I can say this now. They were a client of mine when I was an independent consultant. I mean [00:08:00] talk about inspirational and people who are really into their mission. And you talked about ALSAC, they’re the sort of division of St. Jude that is responsible for raising money and people who are really into that job too. It is absolutely inspirational. If you ever get the chance to go down and kind of do the tour and see the hospital. It makes you realize you don’t really have any issues or problems, honestly. There are amazing people that do amazing work in healthcare and they do it, you’re right. They do it all at no [00:08:30] charge to the patients or families. So even to the point of flying them there putting them in housing. They cover it all. It’s pretty incredible.
[00:08:39] Bill Russell: A couple of things about golf here. One is I watched an interview from Lee Trevino. It’s probably maybe about 10 years old, but Lee Trevino was a friend of Danny Thomas and was a major champion in golf for those who don’t know. But huge supporter of the Saint Judes Center and he would always put them down as the charity. And one time he was [00:09:00] playing a skin’s match and there was a million dollar hole in one. And he knocked it in and won the million dollars. And after they were interviewing him and he goes he goes I appreciate that they’re going to give me a million dollar for the hole in one. I’m just happy to hit the whole one. He goes, I’m going to give, I’m going to give half the money to St. Jude’s. He said the next morning you got a call from the philanthropy guy at St. Judes. Hey, I just want to make sure that what I heard was correct, that you’re going to be sending us [00:09:30] $500,000. And he said, that’s correct. We’re going to send you $500,000. And he gave millions to St. Jude’s over the years, but I want to talk to you a little bit about golf because the Ryder Cup happened this past weekend.
[00:09:42] It was a really great event well received, but what they’ve been doing WHOOP. It’s one of those biometric devices where on your wrists and it’s interesting. Their marketing is really good, so they have a couple of the golfers who are wearing it.
[00:09:57] They’re giving you their heart rate [00:10:00] while they’re playing in this thing. And so you can look at it and you can see when they get to the first tee, their heart rate is 142. When you get to whole number, by the time they get the whole number three, it’s calmed down a little bit to 125. I love their marketing and whatnot.
[00:10:15] Are you doing anything right now for monitoring yourself? Cause I’ll be honest with you. Their marketing was so good I went out and got one for me and my wife.
[00:10:22] Drex DeFord: Sure. I’ve worn an Apple watch for awhile So I’m closing my rings every day. As far as like exercise and [00:10:30] number of times that you stand during the day and number of steps, sort of like a full blown, distance that you’ve gone. Those kinds of things are monitored by the watch, but there’s a lot of other things the watch monitors too, if you want to track it, including sleep, for example. Mine takes my heart rate. I’m involved in a couple of the studies that are going on right now. So I can run sort of the Apple version of the EKG for my watch. And that happens. It [00:11:00] asks me regularly to run an EKG, to see if I just get a normal EKG out of it, or if something else is going on.
[00:11:07] I certainly have my Peloton and the whole Peloton program and the Peloton app tracks workout inside and outside, either on your bike or if you’re out walking or running. And so mostly it’s for me, tracking how much exercise I’m getting and realizing that if I’ve had a really lazy day, I still have time to save it at the end of the day.
[00:11:29] I also [00:11:30] fortunately have a dog and the dog actually helps a lot with the get outside and go off because you have to do that. So my good boy Jackpot over here is always keeping me on my toes too. I think that’s pretty much it.
[00:11:45] Bill Russell: Yeah. I love the competition coming about here cause I think it’s just gonna, it’s gonna continue to spur things on. I know Amazon had their announcements this week with some new devices and it’s interesting cause there Echo is getting more sophisticated. I’m hearing more [00:12:00] and more hospitals that are putting them in the rooms, in the patient rooms as a patient satisfier. anyway, we’ll cover that at a later time.
[00:12:07] Let me hit two Epic stories. EHR. So Walmart selected Epic to help customers simplify their healthcare. I covered this on Today in Health It but you know, Walmart announced a partnership for their clinics. They’re gonna put it in there four clinics that they’re opening in Florida in early 2022.
[00:12:28] And then there’s a couple of quotes here [00:12:30] from Dr. Cheryl Pegas, Executive Vice President of Walmart health and wellness. The Epic system compliments our omni-channel healthcare offerings, letting customers and healthcare professionals, access to health records to lead to more personal, personalized care.
[00:12:44] We’re excited to power Walmart’s vision to bring comprehensive, accessible health to patients across the country said Alan Hutchison, Vice President of Population Health at Epic. Across medical dental, and virtual care patients will have a unified [00:13:00] experience.
[00:13:00] It’s interesting that they’re all talking about experience. I think that’s indicative of the focus that a Walmart would have on the acquisition. They’re going to have a focus on, first of all, being able to do all those things, which you know, one of the things I noted in today was the Epic dental module is now legit. It used to be the forgotten stepchild, which Epic does this, they bring something online, it’s just okay, if not [00:13:30] bad. And then you fast forward three years and it’s a legit solid performer while they signed a deal with Pacific dental out of California, which is a billion plus a dental practice.
[00:13:41] And so now this thing has scaled. They helped them to develop it to their practices. And now in walks Walmart, and they go yeah, that runs the dental practice really well. That’s part of what our offering is. And we like the fact that we can now put that information right alongside the medical record. Right alongside scheduling. Right [00:14:00] alongside all those things. Was there even an option here? Do you think if they’re looking at it, is there anybody that can even compete for this kind of comprehensive solution that also has the ecosystem at this point. I don’t want to put you in a hard spot. I mean, any EHR provider. They all do what they do well, but some of them just don’t do as much.
[00:14:22] Drex DeFord: It’s interesting to read these articles and to read Walmart’s comment because they do feel super [00:14:30] consumer centric, right? And they’re not talking about patients. They really are talking about consumer experience. And so I think that was probably super high in their criteria when they started doing this evaluation. What do we use that would make it as easy as possible for patients to be able to exchange information, especially in the places where these pilot programs are going in.
[00:14:52] But when they look across the country they see Epic is in a lot of places, in a lot of big health systems and they understand how [00:15:00] My Chart works and all the other things. They’re much more comfortable with making it easy for patients by probably using Epic right. I’m sure that was a big part of the criteria.
[00:15:11] Bill Russell: But the big business case here is Walmart’s never going to open a hospital, right. They’re never going to go into the high acuity care. They’re not going to open a trauma center. That’s not the direction. That’s not their focus for business. So they’re always going to have to partner with somebody. And so if I’m sitting there making the business decision, I’ve gone [00:15:30] yeah we’re going with Epic. And here’s why we’re going to go with Epic because we’re going to partner with. Mayo. We’re going to partner with Geisinger. We’re going to partner with … you just start rattling them off and you go, all right, 70%, 80% of them are on Epic and so they can come to us.
[00:15:43] We’ll put the information in Epic. They go to Mayo. That information follows them. The information gets put in there at Mayo and then they come back to receive their primary care essentially from Walmart. And that medical record is going to follow them. So they have a better chance of really creating that [00:16:00] experience for the patient where, Hey, this really starts to feel like one health system, even though I went to Walmart for this, and now I’m going over here.
[00:16:07] And if nothing else Walmart’s still the largest employer in the US I believe. It’s going to create a pretty good experience for their employees because I think this is part of what we’re seeing. They’re doing it for their employees first, and Amazon is doing it for their employees first.
[00:16:26] And again, I don’t think, I don’t think any of these players are [00:16:30] going to open an acute facility, so they have to partner.
[00:16:32] Drex DeFord: Yeah. And they’ll do things inside the store and they’ll do things adjacent to the store, but the ability to be able to sort of trade that information back and forth and have continuity of care, that’s a good customer service. And that’s again, I think that’s how they’re looking at it. This is all about how do we service the customer and make it easy for the customer. So that Walmart is the place they want to come back to when it’s time to get any kind of medical care dental whatever [00:17:00] the case may be. I also think this whole integration, like I read something the other day and somebody said I’m still confused about why I have to have separate insurance for my teeth and my eyes. Right. And this whole idea of like, how do you put all these things together? Not to go on too much of a rant, but dental health is so critical to the rest of your health. It’s still amazing to me that we think about them separately. We don’t necessarily share this information.
[00:17:24] My primary care doc looks in my mouth, but doesn’t usually ask me a lot of questions about my dental health. [00:17:30] But as we see in study, after study, after study, bad dental leads to not eating well. And all the other things, they kind of go with that. So I’m glad to see that we’re continuing to, you’re right about Epic, I mean, if you were selecting an electronic health record for a hospital in 2000, or maybe even earlier than that, you probably didn’t select Epic because they were only mostly ambulatory and they were just starting to play around in the inpatient space and they just, that’s how they do [00:18:00] it.
[00:18:00] They keep adding things and adding things and making them better and making them better. And they they continue to become a holistic product for everything in healthcare.
[00:18:10] Bill Russell: Yep. All right. So let me hit on the other story. oh yeah. Epic. The electronic health record vendor, Epic said it’s vaccine credentialing technology is now available to 25 million individuals through their My Chart account.
[00:18:23] Once we got buy-in and we went up to 25 million over the course of four weeks at Nick Frenzer [00:18:30] Implementation Executive at Epic. We’re really excited about this project. We need all the tools we can get right now said Frenzer. Epic is founding member for VCI vaccine credential initiative, which has been in working for months to develop technology aimed at making it easier for users to share their COVID-19 vaccination records as Frenzer said.
[00:18:52] Although the technology has been at hand since the summer states and other customers weren’t quite ready. He says now [00:19:00] millions of My Chart users can access their credentials through their account. If my chart does not have the patient’s vaccine information, which is a question people will have, the patient can use it’s query connected to state immunization registries to obtain vaccination information, which will then be verified by a provider.
[00:19:17] The credential is being built on VCI’s smart health card framework. We’ve covered VCI on the show a couple of times. And I like VCI because it proves the interoperability cause you’re seeing this is coming [00:19:30] up on Cerner, Allscripts, Athena health, Dr. Krono, Metatech and Epic. So it’s a case study.
[00:19:38] I believe it’s a case study for what is possible when all the players, because all the players literally were at the table saying, okay, we need this to get through the pandemic. It’s interesting what a crisis will do. It focuses the work. And they said, yeah, we can do this. And we’ll build it on BCI smart health card framework because historically, and this, my only knock on [00:20:00] Epic historically epic yeah, we’re not building it on your framework. We’re going to build our own. And in this case they said, no, we’re going to build it on this smart health card framework. And I’m glad they did because it’s better for us. It’s better for the world.
[00:20:13] Drex DeFord: It gets to the interoperability question too. If we can figure out how to do it for this, and then there’s the other part of it too, which goes back to the previous story. How do you make it easy for patients and families to be able to get this information into, okay, I’m not [00:20:30]on Epic. They talk about the apple wallet and the ability to be able to pull this stuff in the apple wallet.
[00:20:35] How do you make it easy for patients and families? And I mean, ultimately it comes down to, first of all, the data has to be interoperable and shareable. It doesn’t matter if you’re like me and got your vaccine at the VA, or if you’re somebody who got your vaccine Rite aid or you went to your doctor who runs an Epic EHR.
[00:20:54] Ultimately I need to be able to get to that data and prove it for [00:21:00] situations where I need to prove it. It’s an interoperability question at its base.
[00:21:04] Bill Russell: I didn’t pull any of the VA stories, but what’s your sense of how the VA EHR rollout is going?
[00:21:10] Drex DeFord: Only have experience, I mean, the really experienced that I have is at my local VA, which was one of the early rollout sites. I’ve only been there a couple of times, fortunately relatively healthy. So everything’s good. But from the folks I talked to there, I think that the kind of feedback I [00:21:30] got was it was another system deployment and there were problems and issues, but we’ve resolved them. And I think it works pretty okay now right. In the world of EHR is I don’t think anybody’s in love with having to use electronic health records and how they work but
[00:21:46] Bill Russell: Yeah, my comment on this early on was this too shall pass. The worst day of customer satisfaction is the day you go live. And Congress is involved, everybody oversight’s involved and they’re like [00:22:00] collecting the complaints over the first month and they’re going to say, and they said, put this on hold. We’re not we’re not moving forward to all these things are addressed, which is really normal project management procedure anyway. You’re going to sit back and go, okay we’ve got to optimize this a little bit, learn what we did wrong. Go to the next site, learn a little bit more. By the time they get to site number three and four, this thing should be almost clockwork. But then you have to go
[00:22:23] Drex DeFord: A lot of this is perspective too, though, right? I mean, for people who have deployed systems, computer [00:22:30] systems, applications in big health systems or in other environments you have perspective about, I mean, this is why we stand up war rooms on those initial deployments, because we know, there’s a 0% chance we get this a hundred percent right out of the gate. So there’s going to be a lot of complaints. There’s going to be a lot of issues. We want them all to come to one place so that we can see them. And when they reach a particular threshold, that’s when we pull the end on court and say, hold up, we need to wait, we really missed something [00:23:00] big or are these just sort of the machinations of the friction that we have to go through to get this thing deployed? And you’re right. Once you get through thosefirst couple of days, you usually get into a much smoother operation. A lot of those little irritants you’ve resolved. And now this is for a much bigger health system, the VA, and a much more complicated group of issues and challenges, but that whole theory scales. So I think a lot of this is perspective, right? I mean [00:23:30] congressmen and senators in Washington, DC, who are watching this and stain complaints and don’t have perspective. It looks like a much bigger mess than maybe it really is. And again, I’m, I’m just sort of talking generally. I don’t, I don’t know exactly the details of all the things that are happening in the VA deployment, but perspective counts for a lot here.
[00:23:50] And the people who are running the show or sort of driving the stop start, stop, start maybe don’t have all the perspective that they should. [00:24:00]
[00:24:00] Bill Russell: And maybe we don’t have all the perspective of trying to run a government program. It’s one level of complexity to run it for a 16 hospital system. It’s another level of complexity to do it in front of the Washington post in front of, I mean, it’s being played politically it’s being played out everywhere. I mean, you and I are reading like the complaints that the doctors have. Imagine if your implementations had played out that way. Like all the doctor complaints were editorial material that people could comment on. Some of the [00:24:30] complaints, the first one we did, we did Texas first, some of the complaints were valid. I mean, I’m sitting there going, yeah, we missed that. And you don’t get to respond and say, okay, let’s address that. Let’s fix it if it’s playing out in the local newspaper, that’s a hard thing.
[00:24:43] Drex DeFord: It’s a different world too, right? I mean, it’s really easy for people to hop on Reddit and start a thread and making comments and then a bunch of other people pile on or any other social media platform that we have to. So we play in a much more public world now. It’s a lot easier for people to be heard [00:25:00] if they don’t feel like they’re getting instant satisfaction from the help desk.
[00:25:04] Bill Russell: Alright Drex, it would be amazing if we went a week without talking about cybersecurity, but we’re going to talk about cybersecurity mostly, cause I, I appreciate your expertise.
[00:25:13] HP did a survey and they came back with some interesting findings. This is an article from Tech Republic, work from home as a cybersecurity ticking time bomb, which is a quote from one of the users who was surveyed in their report.
[00:25:27] I’m going to read a couple of the findings. I just want to get your [00:25:30] thoughts on this. So according to the HP report 76% of the respondent IT team said security took a back seat to continuity during the pandemic. 91% have felt pressure to compromise security for business continuity and 83% believe remote work has become a ticking time bomb for a network breach.
[00:25:50] It’s important to note that this is not healthcare specific. This is industry-wide. When you hear that continuity took precedent over [00:26:00] security. What are your thoughts when you hear that?
[00:26:01] Drex DeFord: Well, I mean, you’ve heard me talk about this kind of from the beginning of the pandemic. I think there were a lot of things that health systems did to bend over backwards to make sure the mission continued and that they were able to take care of patients and families and that ranged from buying new equipment and bringing it on board, maybe without all of the security testing that they would have normally done through signing up new suppliers to ship them equipment, ship them supplies that maybe didn’t go through the normal [00:26:30] process of a vetting before those suppliers came online and those connections came online through all the work from home stuff and telehealth stuff that, again, a lot of it was we need to get this in. We need to send people home. We’re going to send their desktops with them. Or if we don’t, we’re going to open up RDP to the network so that they can get to what they need to. The challenge in all of that, as I’ve talked to CIOs and CISOs has been keeping track of all those exceptions that you made to your normal policy, and [00:27:00]then going back and making sure that you have a program to sort of fix those things and clean them up and set them. Right. So I’m not surprised to see security professionals say it feels like we compromised a lot to be able to keep doing the work that we’re doing. I think, I think we did to some degree in healthcare too.
[00:27:18] Bill Russell: Yeah. I’m not sure it was compromised as much as it was, no, it is pressured compromise. It’s exactly what it said. I’m not sure that’s the right word. It was pressure to move faster than they ever had before. [00:27:30] And and so. If we had continued, I joke about this, but I get set up as a vendor from time to time with health systems. And I am a small consulting firm and I’m typically just talking to the executive. I’m not collecting Phi. I’m not connecting to their systems. I’m at nothing. And I get this, I get this form to fill out. I just look at it like. It’s Zero 0% of it pertains to the work that I’m going to do.
[00:27:58] Drex DeFord: But every field is [00:28:00] required. So you still have to answer something.
[00:28:02] Bill Russell: And, and I just laugh because I look at the whole report. It’s not applicable, not applicable, not applicable, not applicable. But I wonder, anyway, I wonder a lot of things about that report.
[00:28:11] Like who said, Hey this kind of vendor needs to go through this process, but I say that to say our processes insecurity are cautious. And because they’re cautious and they err on the side of safety they’re generally slow, which is going [00:28:30] to get into the next point of this report, which is they’re generally slow.
[00:28:33] And they’re generally on the side of caution. So according to the HP report, virtually all responded IT teams 91% say they updated security policies to account for work from home with 78% restricted access to websites and applications. And you go down a little further. Here’s the implicatation. The findings also identify frustration among office workers who feel these IT security restrictions impede their day [00:29:00] and their workflows. For example, about half the respondents who are office workers said security measures result in a lot of wasted time. 37% thought security policies and technologies are too restrictive according to report. Interestingly, the age of the remote workers may impact their sentiments regarding the company’s security policies.
[00:29:20] According to the report, 48% of workers between the ages of 18 and 24 belief security policies are a hindrance and 54% were more [00:29:30] worried about deadlines than exposing the business to a data breach. And 39% were unsure of their company’s cybersecurity policies. We’re cautious. So we err on the side of caution. We put in restrictive policies and then you have people who are working from home in a different environment than they have before.
[00:29:47] And they can’t get work done because they used to go home and they could access any website they wanted. And now all of a sudden they’re, getting blocked on certain websites and whatever. They’re like, what just happened here.
[00:29:59] Drex DeFord: I think some of [00:30:00] this. I’m a total you know production system guy. So I’m all about continuous performance improvement. And I think when we started the pandemic we did realize pretty quickly, like we have a bunch of really onerous rules that are kind of challenging and difficult to get through. Especially when it comes to all those things, like with outside vendors we were talking about, but what the best cyber security teams did was take that as an indication of they had created rules that were really brittle [00:30:30] and easy to break and hard to maintain and enforce in some ways. And all the other things that go with it. So the best ones, sort of took that opportunity to say, how do we change our technology? How do we change our processes? What are the things that we do that starts to create more of an environment where we feel like we’re doing things for our partners, for our partners being engaged in the provision of great health care to our patients and families. How do we change things to make it [00:31:00] feel more like we’re partnering with them?
[00:31:02] We’re not doing something to them, we’re doing something for them, right. We’re helping to support their work and their delivery of healthcare. And so when you look at this things like hardening active directory, but doing it by using tools that allow you to multifactor authenticate the right people at the right time, trying to get to the right thing, as opposed to just putting in these blanket rules that say, everybody has to do this particular kind of activity, this [00:31:30] particular kind of work.
[00:31:31] How do you customize it so it’s less burdensome to the end user. That’s where your programs have to sort of continue to evolve to.
[00:31:39] Bill Russell: So talk to me about leadership here, because I’m going to read this next quote and it strikes me that leadership is leaving security out a little bit here. So according to the report, 80% of the respondents in the IT team said they experienced pushback from the workers who do not like the control being put on them at home with surprising frequency and 69% said they’re made to [00:32:00]feel like the bad guys for imposing restrictions on employees. And 80% felt IT cybersecurity has become a thankless task. That’s a problem of leadership, isn’t it? I mean, CIOs and even CEOs and COOs need toIprovide the air cover for these people to do their job effectively.
[00:32:19] Drex DeFord: Yeah, for sure. I mean, I don’t think you can take CISOs and their teams and put them out on an island and kind of join in the chorus. If you’re a CEO join in the [00:32:30] chorus of why do you guys make this so hard? Right. If you’re doing that, you’re not, you’re absolutely right. Bill, you’re not doing your job. As a CEO, COO, CIO you have to be involved with that program and understand what’s going on. It’s all about risk. How much do you want to bear?
[00:32:48] And then you have to support the team who’s trying to help you meet your own expectations about managing risks. And that then turns into sort of the security culture of [00:33:00]yeah, we’re going to do this, but it’s not because C ISO is a jerk and is just wants to make our life miserable.
[00:33:06] We’re doing it because I said we need to do it. I’m the CEO and we have to do it and here’s why. And that training kind of takes on a whole new level of importance, right? It’s not just about don’t click on this email because it might be phishing. It’s a lot more about, here’s why we have to do the things that we do to protect the business, our [00:33:30] clinicians, patients, and families. That’s a whole different ball game and the highest performing organizations embrace that kind of a culture.
[00:33:39] Bill Russell: Yep. No, I can see that. Well, let me ask you this. We have a lot of different attacks. We hear ransomware all the time. It’s potentially 30 day downtime for the entire health system. So that’s taking top of mind, but we saw a firmware tax. We still have unpatched devices. We still have data leakage. We have man in the middle of tax. We have IoT [00:34:00] threats. We have biomed devices, whatnot. And this is a part of me that’s so happy I’m not a CIO anymore. If you told me which one of those do I have to worry about? The answer is yes. You have to worry about all of those.
[00:34:11] And then probably 15 more that I didn’t mention. It’s still a pretty daunting task. Which one though right now has the most mind share that people are focusing on?
[00:34:20] Drex DeFord: Yeah, I think the one that has the most mind share today is ransomware. Just because you see it and read about it every day, but in the spirit of everything is connected to [00:34:30]everything else.
[00:34:30] Ransomware. You can be hit by ransomware in lots of different ways, through lots of different vectors, all of which you just mentioned. Right? So ransomware isn’t necessarily the beginning of the game or the beginning of the challenge that you face. It’s usually the end of the challenge that maybe has been going on for a while and you haven’t noticed. So somebody compromised an end point and then they’ve gotten into the network. And then they have very [00:35:00] quietly explored the network to find out where the vulnerabilities are and where the crown jewels are. And then they have that company, that cybersecurity bad guy company has handed that off to another company who’s then become really good at going in and making sure that they can upgrade credentials and get access to all the things they needed to get access to. And then they set off ransomware. After they’ve exfiltrated data. And so it’s ransomware, but [00:35:30] ransomware is usually the end game. It’s not the thing that just happens right out of the gate.
[00:35:34] Bill Russell: Yep. All right. So let’s switch off cybersecurity. I was going to go into interoperability, but I’m going to save that for another show. CHIME’s coming up. HLTH is coming up. CHIME’s coming up. You have the CHIME Vive event and the HIMSS event. I wanted to talk to you a little bit about events. Are you going to any of those at this point?
[00:35:52] Drex DeFord: As it stands right now, we will go to CHIME. And so we’re kind of
[00:35:57] Bill Russell: As it stands right now. Meaning that will be evaluated on a [00:36:00] day-to-day basis.
[00:36:00] Drex DeFord: Never know. It really is evaluated on a day-to-day basis for sure. And then when we look out at those other conferences that are a little further out. We certainly hope that things have calmed down a bit by then. And we anticipate that we’ll be part of both of those.
[00:36:17] So yeah a lot of this too has to do with how do we feel about the number of people that are going to be there? How do we feel about the COVID protocols that the organization has put into place? But I can [00:36:30] tell you there are still a lot of folks that I’ve talked to about, are you going to be at the CHIME conference, fall forum who have said we’re still on travel restrictions or we don’t have budgets for travel. So a lot of people that I really anticipated were going to be there have said that they’re not going to be there at this point so
[00:36:47] Bill Russell: Yeah, I’ve so I will be at CHIME and I’ve already booked the flight booked the hotel and I will be going. Partially because it’s been two years since I’ve been back to [00:37:00]Southern California where we lived for a number of years.
[00:37:02] And I mean, I want to see all of my peers, whoever does show up, I love to just sit down and talk to them. On the flip side, my wife and I will also go and visit some friends and whatnot. So that was just a given. I’m not sure my wife would have not let me go to him to CHIME in San Diego. So I am going to the HLTH event as well because it’s a different group of people that I ended up talking to at the HLTH event. And I want to keep [00:37:30] those relationships. It keeps me really tuned into the VC private equity side, the health tech startup side. And that was a part of my CIO role towards the end there. I was doing the innovation stuff and it’s really just fascinating to me how these companies are evolving and what they’re talking about. So I will go to that. The interesting one to me is you have the CHIME Health Vive event, or we’re just calling it a Vive.
[00:37:54] Chime and HLTH have partnered. There’s a Vive event. It’s in Miami. It’s the week before before HIMSS. And then the [00:38:00] following week you have HIMSS in Orlando. I mean, do you think people are going to take two weeks off and go to both events? I don’t think anyone’s going to take two weeks off and go to both?
[00:38:11] Drex DeFord: Everybody kind of knows this, that HIMSS and CHIME used to have a long-term relationship that was sort of managed by an agreement between the two organizations. And then I think in the past year or so, it kind of came apart. And so I think you’re going to see [00:38:30]decision-makers have to probably make another really tough decision. Are they going to go to Vive or are they going to go to HIMSS?
[00:38:35] Bill Russell: Well, I think it used to be under the surface that hey, maybe HIMSS and CHIME didn’t get along. But when you partner with the number one competitor and then put your event the week before, like right down the street, I think it sort of spells a little bit more than hey, we’re going to go our separate ways. Generally what I’m hearing people are like man when you put an event that close to the other event full well you’re causing people to make a decision.
[00:38:59] Drex DeFord: [00:39:00] Yeah. The dates were announced pretty far in advance, too. Right. So I’m just guessing here, but I would imagine that everybody knew what they were doing when they put the conferences in, on those dates. So yeah. I, I think there are some former seeing of a decision here about who’s going to go to what conference. Are you going to use the divorce analogy? Are you gonna go live with mom or you’re going to go live with dad?
[00:39:25] Bill Russell: I’m probably one of the few people I will be going to both events as media just to cover [00:39:30] it and see. But I don’t expect HIMSS to be 40,000 people if you’re having the Vive event the week before.
[00:39:35] Drex DeFord: I would think it would peel to some of the traffic off.
[00:39:38] Bill Russell: So that’s one thing. Hey, curious what are you watching on TV these days? Have you watched Ted Lasso?
[00:39:45] Drex DeFord: Oh man. I love Ted Lasso. I love Ted Lasso. I really just had, I mean at first I throught, when I first saw like the ads for it, I was like, this has to be like the dumbest show on television. But [00:40:00] once I watched the first few episodes it is a master’s degree in leadership. Isn’t it? I mean, it’s pretty awesome. So yeah. I love Ted lasso. On the opposite end of that spectrum we’re binge watching Vikings right now. So a whole different leadership style.
[00:40:19] Bill Russell: Exact opposite leadership style. What’s that on?
[00:40:24] Drex DeFord: Amazon prime. Yeah.
[00:40:25] Bill Russell: Ted lasso we’re watching and just love it. The murders in the same, is it [00:40:30] murders in the same building or something? This is Steve Martin and Martin short and Selena Gomez. It’s phenomenal. I think it’s on Hulu. It’s really exceptional. It’s funny.
[00:40:41] Drex DeFord: We should do a whole show at some point and I’ll just get like my binge-watching list out. You get your binge-watching list out and we’ll just turn everybody onto a bunch of good TV that mabe they haven’t seen yet.
[00:40:52] Bill Russell: I’ll tell you a watch that one cause somebody, somebody put us onto that and we’re now like, can’t wait. It comes out every Tuesday. Can’t wait till it comes out.[00:41:00] But the other thing is I went back and watched some of the ESPN and the specials, I watched the tiger woods, the two episode thing. It’s just an amazing story. Watching the Jordan dynasty story and that’s really interesting as well.
[00:41:12] And I watched one on Larry Bird which was Larry Bird and magic Johnson. And it was really interesting the relationship that they formed after just really being strong adversaries. Did not like each other essentially magic
[00:41:29] Drex DeFord: NCAA [00:41:30] championship game. I mean, it really started there and they had sizzling rivalry for their whole NBA careers.
[00:41:38] Bill Russell: Yeah. And it’s interesting because one of the moments that magic talks about is when he announced that he was HIV positive, he got a call from Larry Bird and he said, it’s amazing how much that meant to them. And Larry Bird talks about that after magic retired he lost passion for playing the [00:42:00] game. He said every night I would go in, I’d look at the stats. What did he do? He was the only player in the league that I looked at. What did he do? And it was like, he was the person I compared myself against.
[00:42:12] He’s the person I competed against, even though we were playing other teams. That was for sure. It’s interesting. I it’ll be interesting next year. Hopefully we’ll get past the pandemic. We’ll go back to where we were. But this has been an interesting two years spending a lot more time with family, a lot more time, reading books, [00:42:30] consuming things, listening to podcasts.
[00:42:32] Actually early on in the pandemic, our podcast listenership went down and then it just spiked which is interesting. I think early on people were just so busy and their habits changed, right. They were walking, they were driving to work and that’s when they were listening. And then as the pandemic went on, they adjusted their habits and they’re like, no, we still need to be connected. And they started to come back and it’s maintained through this year as well. So it’s pretty exciting.
[00:42:57] Drex DeFord: That’s awesome. I mean, I think it is [00:43:00] it is a changing of habits, right. So we do we see people go back to their same habits that they used to have, as hopefully the pandemic starts to wane here in the next few months. Do we see people sort of revert to their old behavior or did they learn something during the pandemic that they’ve just decided, this is how it’s going to be. And a lot of this gets back to the work from home issue like a lot of businesses, a lot of companies. A lot of individuals have decided that works from home is there, that’s their [00:43:30]thing. They’re going to do that now. And yeah,
[00:43:32] Bill Russell: I’ll leave you with this. My wife and I drove for 20 hours and we listened to Matthew McCoonaghy’s Greenlight’s book. Have you heard that? If you like Matthew McConaughey, you’ll like the book. He’s a great storyteller.
[00:43:44] It’s just a lot of fun to listen to. I’m sorry, I’m just going long here. We’re coming up on the up on the hour. I just wanted to close out with some of that stuff. Drex, always a pleasure to catch up. Thanks for coming on the show.
[00:43:57] Drex DeFord: Same here anytime. We’ll I’m sure. [00:44:00] I’ll see you at CHIME. I’ll see you soon in person. It’s going to be amazing.
[00:44:03] Bill Russell: In-person. Well, I don’t look like this anymore, but this is just like a screenshot video filter. Yeah, exactly. All right, man. Take care.
[00:44:12] What a great discussion. If you know someone that might benefit from our channel, from these kinds of discussions, please forward them a note, perhaps your team, your staff. I know if I were a CIO today, I would have every one of my team members listening to this show. It’s conference level value every week. They can subscribe [00:44:30] on our website thisweekhealth.com or they can go wherever you listen to podcasts, Apple, Google, Overcast, which is what I use, Spotify, Stitcher. You name it. We’re out there. They can find us. Go ahead. Subscribe today. Send a note to someone and have them subscribe as well. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders. Those are VMware, Hill-Rom, StarBridge Advisers, Aruba and McAfee. Thanks for listening. That’s all for now.[00:45:00]