AHLA's Speaking of Health Law

C-Suite Roundtable: Latest Trends and Developments in Health IT

AHLA Podcasts

Rob Gerberry, Senior Vice President and Chief Legal Officer, Summa Health, speaks with two health IT leaders, Daniel Clark and Supantha Banerjee, about the current landscape of health IT and some of the biggest challenges they are seeing. They discuss how to drive efficiency and value in health IT systems, how to engage providers in the use of data, how to manage artificial intelligence, the future of innovative delivery care models, and issues related to cybersecurity.

New Health Law Daily Podcast Coming in January 2025

Coming in January 2025, AHLA’s popular Health Law Daily email newsletter will also be available as a daily podcast, exclusively for AHLA Premium members. Listen to all the current health law news from the major media outlets on this new podcast! Subscribe Now

Speaker 1:

<silence>

Speaker 2:

This episode of A HLA speaking of health law is brought to you by A HLA members and donors like you. For more information, visit american health law.org.

Speaker 3:

Thank you everyone for joining us today for another edition of the American Health Law Association c-Suite podcast series. Today, we're excited to share with you insights from IT leaders on the latest developments and that sector of the healthcare industry. I'm Rob Berry, I'm the Chief Legal Officer at Summa Health, and I'm a member of the American Health Law Board. And I'm excited to introduce you today to our two panelists. So maybe I'll start with Dan, if you'd like to introduce yourself first.

Speaker 4:

Thank you, Rob. It's great to be with you. Uh, I'm Dan Clark. I am a healthcare veteran , uh, spent about the last 35 years exclusively in healthcare, the first decade or so as a registered nurse in critical care areas, both pediatric and adult. Uh, I transitioned to , um, healthcare IT about 25 years ago. I've had the honor of , um, a variety of different roles in healthcare it, including two , uh, two opportunities to serve two different health systems , uh, here in northeast Ohio University Hospital and Metro Health as their , uh, interim or chief information officer. Um, and , uh, most recently I was the Chief Digital Officer for health system in South Texas , um, post-doctorate. I've been a faculty person in the graduate program of healthcare informatics for first Ken State University, and this semester at , uh, the University of Cincinnati. So I'm great to be with you.

Speaker 3:

Great. Thanks for joining us. And <inaudible> ,

Speaker 5:

Uh , great to be with you. Rob. I'm sipan of energy. Um , my background is very similar to Rob's , um, uh, the, with the only difference being I I I would not call myself healthcare veteran, but have had enough experience in, in the health system , especially in the provider space. So I was a Chief Information Officer at iCare Partners. It's , uh, uh, it's , uh, 700 locations, optometry ophthalmology rollout . Prior to that , I was associate CIO at Aspen Dental. Uh, it is a thousand plus locations provider practice. So , glad to be with you. I'm looking forward to this conversation.

Speaker 3:

Great. Well, there's no short of challenges right now in the healthcare industry. Maybe we'll start with you Saha , to share, you know, what are the biggest issues you're facing in your space right now? You know, as you go into a weekend, what are you thinking about as I hit Monday that I've gotta continue to face and tackle?

Speaker 5:

Yeah . Aligning technology with unique complexities of healthcare is really constant balancing act between innovation and regulation, right? The, the biggest challenges lies in ensuring that seamless integration without disruption of clinical workflows happens. And, and it's, it's easy to say, but very hard to do. Uh, making sure that the, the technology gets implemented without impacting the patient experience or the overall business process negatively. And , uh, and while staying, being compliant with the regulations is very important. So, things that I really think about is long-term challenges in terms of interoperative interoperability barriers. Uh , so what I mean by that is , uh, one of the most pressing challenges that I see that , uh, even though the health systems hospitals has adopted advanced E-M-R-E-H-R systems con and connecting these with other health systems labs, even patient generated data, has been cumbersome traditionally. And the lack of standardized data for format , uh, often leads to incomplete or delayed information exchange. And that causes really an impact to the , uh, to the patient experience. And true integration will really require both technology advances as well as the regulatory oversight. So that's number one from my perspective. The, the second that I would like to call out is data privacy and security. Health systems must prioritize the cybersecurity protect sensitive patient data. As health data becomes more digitized and more interconnected, the risk of breaches are becoming , uh, uh, becoming gross exponentially, and they are becoming more and more prevalent. We see that implementing advanced encryption monitoring tools , uh, making sure that regulatory compliance such as hipaa , um, is met , uh, properly , uh, is very, very important. And the challenge lies really balancing the security with the need of agility and accessibility. It cannot be all about security. It cannot be all about accessibility and making sure that it is, it is really easy. And the third thing I would like to call , uh, call out Rob, would be, from my perspective, integrating with legacy systems , uh, whether we like it or not, many of the provider payer hospital systems still have a, a, a lot of legacy systems, and not by choice, but it is, it is cost of doing business and making sure that you are able to connect different systems together. So, however well that your IT strategy is hot through and however much you have funding, you would always run into a challenge of legacy platforms. Many of , many times the legacy platforms are less compatible with modern technologies and cloud-based solution , uh, making innovation really harder. So how do you think about managing the transition from legacy systems to modern platform without disrupting the care , um, is really a complex ongoing challenge. So these are the, these are the things that are coming to my mind at this point.

Speaker 3:

Great. Those are fantastic insights, Dan.

Speaker 4:

Yeah, I think just to open the aperture, maybe a little wider , um, at, at a system level one, one of the biggest challenges that I see particularly right now is we have a, we have a significant staffing challenge. We have 4.7 million registered nurses in the United States. Um, and the data shows that for new nurses coming out of college, about 18% of those nurses will actually leave in the first year, and then within five years, a quarter of those nurses will step away. So , um, today about , uh, the , the nurse , the nurse turnover rate is about 20%, which means that one in every five nurse positions will turn over this year. So we have a unsustainable situation where , uh, we don't have enough nurses and we don't have an environment where nurses want to come and stay and practice for a career. So we have a significant , uh, staffing challenge from a nursing perspective, I think we also have a , uh, a very significant issue relative to physician and particularly primary care. Um, we have a fraction of the primary care providers that we need in the United States. Uh, in , in some markets, if you can find a primary care physician who will, will see you, sometimes it's weeks or months away. And , uh, our ability to train those physicians through residency programs and those kind of things, and particularly in primary care specialties, have not kept up with , uh, with the demand. In fact , uh, many of our value-based care , uh, economic models require and , and put the focus really on primary care, and we're just not able to, to fill those, those , uh, physician slots. Uh, some have been , uh, supported through some alternate programs through nurse practitioners and physician's assistants, et cetera, but we really don't have as much primary care as we need, and frankly, we won't for a while . Um, and that's putting an amazing amount of stress on, on the system. The third thing that I would mention is , um, we have a healthcare finance challenge right now. Uh, the pandemic was wreaked havoc on lots of the margins associated with, with healthcare in the United States. And although some of the margins have definitely come back, we have health systems who have 10 and 50% margins. Um, it's much more typical to have single digit margins right now. Um , and for any organization of any size, really to deliver some of the programs and some of the services that , um, that we need, we need more healthy margins than we have. Um, to segue that into kind of a nursing model, nursing care is still figured in the cost of the bed. Um, we're still part of housekeeping and we don't have the right kind of economic models that support the, the funding for the appropriate level of nursing care. Um, which, and there's some programs that are trying to, to address that more specifically. But overall, we have some significant healthcare finance , uh, issues. And as was mentioned, I think we have some significant IT issues as well. We have the security issue, we have the interoperability issue, we have electronic health records now more as a platform than as a tool. Um, and , uh, we have fewer and fewer , um, third party applications that are kind of bolt-ons to , to main electronic health record applications as well. So,

Speaker 3:

So building on those comments, you know, we're all going into budget season here in the fall, and I saw this week just in our boardroom, more conversations about IT spend and actual for clinical equipment, you know, which is a little unusual. And so when we think about tackling that challenge and those financial challenges that the provider industry is facing that you just mentioned, danton, how do we make sure that we're getting actionable data from our providers, from our IT systems? How do we make sure we're driving efficiencies and values as you look at the global IT spend? Maybe I'll start with Dan on this one. Yeah,

Speaker 4:

I, I think one of the strategies, honestly, Rob has to be, to think about everything we do in as quantifiable terms as we possibly can. Historically, healthcare has been very comfortable with kind of qualitative throughput, soft dollar , however you want to kind of frame it. Um, and through quality initiatives and , um, you know, CFOs who kind of hold our collective feet to the fire, I think we're getting better at thinking about nearly everything that we do as having a hard dollar throughput , um, kind of outcome. But I think we just need to exercise a brand new muscle around measuring the value of what we deliver. And some of the, some of the projects we do feel like it don't , they don't necessarily lend themselves easily to measuring the throughput and the outcome, but I think if we push ourselves and our quality people and, and other people in our healthcare organization , um, are pushing us appropriately to find some sort of, some sort of metric that we have associated with everything that we do and measure it, I think that would be, that would be step number one. I think. Um, the other perspective, I I , I , I think we've always had, but maybe we need a little bit more focus on is everything in healthcare. It should be change management. And I know as a consultant, we would often deliver proposals to clients on the first line item that always got scrutinized was, you know, hey, there's, there's a whole bunch of, of , uh, professional services hours in the project for change management. And usually the feedback was, you know, just give us the , the tool, teach us where to point and click, teach us how to kind of navigate. But there was undue scrutiny around kinda the process of change. And I think if we, if we see the change management as a , uh, an immovable object associated with the technology, and stop kidding ourselves that we're just kind of magically gonna gonna understand the new workflows, I think that takes us to a different kind of perspective of how we think about the integration of new technology and ultimately how we drive that value.

Speaker 3:

Great. Excellent. <inaudible> .

Speaker 5:

Yeah . So, so Rob, when I think about investment , um, as with any investment , uh, it is, it is sometimes harder for the technology groups to show the value of the investment. And obviously when the dollars are scarce and have become more precious, it is always a balancing act between driving innovation and at the same time making sure that you are, you are keeping the lights on, you are doing what is truly expected from the, the technology group, which is in, in nine out of 10 times, keeping the operations running smooth without breaking anything. And with, with m and a activities, with the companies becoming bigger , um, bigger, larger day by day , the complexity associated with technology is getting, getting really so big that keeping a tab on , uh, as , um, Dan mentioned about all the investments, all the expenses is really somebody's full-time job. Um, and it could be even more than that. So making sure there is a process, vetting process involved with it , just because a new shiny technology has come out does not mean it is right for your health system. It is not right for your business. So with the investment, just because another company, another health system, another provider organization has adopted one technology does not necessarily mean that is the right solution for you, or you don't have to join the bandwagon. You would , uh, sometimes it is good to good to be the , uh, uh, person number two and wait in the line to see whether that was successful or not. So balancing that, how much of your investment technology investment is going into run and how much is going against innovation is really important. And there is more of an art than science. But I do see the challenges would continue to be for the healthcare technology leaders to continue to balance. If you do too much of innovation and do not focus on day-to-day operations, there'll be one set of internal customers of you who would not like that. And if you continue to focus on the day-to-day operational aspects of it, and do not focus on what is the next best thing, there'd be another setup group. There would be your eventual customers, which are the patients and the providers who would feel the pain, that technology is not doing the right things, what they expect to do. Uh, so that to me, that is really one of the key challenges for all the technology leaders to continue to balance between innovation and , uh, and day-to-day operations.

Speaker 3:

So you are implementing, you know, exciting platforms that are allowing providers to have a whole new line of sight and a whole new level of data. How do we make sure those providers though, don't drown in that data? How do we prioritize it and work with our operational, or Dan, you mentioned our quality teams to make sure we're, you know, not getting too much data, but getting data that can really be valuable to providers as they try to attempt to make sure quality outcomes, improve patient experience, improves, et cetera .

Speaker 4:

Yeah , for sure . So yeah , Rob, I , um, one of the things that's really clear from the research is that our technology is stressing our clinical people out and the physicians more than the nurses as well. In fact, there's some really good , uh, outcomes research and other kind of , uh, background information that says that the use of our technology is , uh, not only stressing our physicians out, but it's causing our physicians to kind of reevaluate how long they stay , um, in their profession. In some cases, there's, there's some information that ties the amount of kind of administrative burden associated with our technology to physician suicide rates, which I , you know, to be clear, I think there's lots of things that go into those kind of things, but to the extent that our technology is causing us emotional distress, both as physicians and nurses and kind of other people who would use the system , uh, I , I think we just need to be , uh, cognizant that that kind of , uh, administrative burden is out there and is, is not frankly getting any better. Um, I think one of the things that we need to be always attuned to, to keep kind of the right information in front, there's some interesting , um, research from about a year ago from the University of Pennsylvania and their informatics groups that says that, you know, basically half of the electronic medical record is copied and pasted and carried forward. That level of data is not valuable to, to anyone. In fact , uh, I've had the opportunity in the last couple years to look at the medical records of one of my family members, and that was exactly the case. There was just daily copy paste kind of carry forward. So that's not information that's valuable to anybody. I think one of the ways to kind of keep the, the most important information in front of the clinic clinical people, is to have a super robust clinical informatics function that is physician and , and nurses who understand clinical workflows, but spend a hundred percent of their day job really focused on what is the right information that both physicians and nurses need on an ongoing basis. Dashboards are important, but, you know, dashboards, not for sake of dashboards, but information that's actually valuable and actionable to both physicians and nurses and the leadership of organizations on a daily basis. I think it's, it's this kind of constant , uh, lather, rinse, repeat kind of process to make sure that the information that would feel most valuable is actually the information that's being shared.

Speaker 5:

Yeah , and I will add on to Dan's comment that there is so much of information data exists in overall healthcare ecosystem. The challenge is not about the amount of data in , we have all heard about big data and big data truly exist in, in healthcare, healthcare, IT , health , health systems. But how do you leverage the right level of data to empower the physicians to be able to do their jobs easy , uh, to make meaningful administrative decisions and, and hopefully help automating the routine administrative task really is, is is the key, and it's continuously going to be the key. And with the advent of new technologies such as ai, of course, AI is not really a new technology. It has existed since 1960s, seventies, but the Democrat democratization has created that feeling that apparently AI just born in, in 2022. And, and we talk about how do you leverage data to help with better clinical decision support. Yes. Uh , and beyond that, overall patient experience data can do a great job. Uh , but you, you have to think that the most important part is clean data. Just because you have a lot of data does not mean much if it is not clean, if you cannot tie them back to a patient record, you are not going to be able to , um, drive meaningful clinical decision support. You are not going to be able to automating administrative tasks. You are not going to be able to , uh, use AI power virtual assistant . And that's where everybody is going today . So making sure that the , you have the clean data, as much data that you are going to be using, and have newer AI models applied on top of that data to help make clinical decision support, help the clinicians to make their life a little easier , uh, help be the co-pilot, not necessarily take away their, their , their work. And it , it just cannot. And it can be a great co-pilot from that perspective. There's a lot of routine UND administrative task happens on a day-to-day basis. So there are, by automating workflows , uh, leveraging the data, I do see that the administrative burden on the physicians and the clinical staff can go down significantly. I also know that there is always the workforce training and challenges with, as, as Dan has mentioned before, about , um, making sure the right talent is available. There are so much opportunities out there to be able to look at the existing workforce data, predict burnouts from making sure that the scheduling of the staff is, is done well in a thoughtful manner. Also, leveraging technologies to, to help with the pre-processing or the pre-check in aspects of it, such as leverage technology, leverage data, and help make meaningful change, meaningful, positive impact to patient's life as well as provider's. Life is going to go a long way.

Speaker 3:

Maybe building on the comments there about AI as we think , uh, to the future, is AI truly a game changer? And then how would you build some structure within a provider organization to manage that? Would it be a, a board level AI committee, a management level committee, you know, just how do we get our arms around what AI can mean to our different organizations?

Speaker 5:

From my perspective, Rob, a AI is obviously , um, the, the buzzword, the new shiny tool, a lot, a lot of us are involved in , whether we like it or not. Uh , you, you are going to be called into, and both you and two of us would , would get called into multiple different meetings where, Hey, this is the new thing, let's vet it out and see if it is meaningful. So I do see that the impact of AI is truly , uh, truly profound, but how we use AI based on the data that is available is truly important . Truly the key to me making sure there is governance, there is ethics applied , uh, to it, hopefully , uh, hopefully we have, if we are implementing an LLL type of system and AI of our own model, it is only , uh, privy to your own data. It is , uh, it is not public open information, which is where most of the , uh, many people have made that mistake about thinking that it is private, et cetera. Nothing gets added to AI tools. It's really public unless you make it. Um , it's really private unless you really make it private. So , uh, I, I do see there , there is tremendous amount of impact of AI to position productivity, the corporations administrative work. But I do see the , in the long run, AI would become where human mind , uh, or human intelligence , um, would not want to do certain things. ai, the use of AI, to me would be most important, most impactful on administrative task , being virtual assistant in the backend focus systems where you can automate things that people do not want to do today or would not want to do in the future. That's where I think the most meaningful impact of AI would be. Now , uh, again, AI has become so much of a democratized , uh, discipline as such , uh, it needs to be governed. And that's where, as you talked about, many , um, committees, et cetera, many companies are going into that. I do feel that, at least at the starting point, when it is, it is, there are so many of tools and , uh, there are limited restrictions of what employees can do with those tools, and especially the tools being cloud hosted . Anybody can just sign up and do whatever they feel like doing. So having a level of governance and which is represented correctly by clinician leadership, by technology, leadership, by legal and privacy leadership, is the key. And probably the most important starting point. And the, in my opinion, the first thing to start with, what is the AI governance look like for your organization? It , for some organization, it may be okay for people to experiment with it . Uh , for, for others it may not be. So where do you start and how do you continuously refine , uh, and understanding, taking feedback from the, from the associates and not necessarily just the leader from the bottom up in the organization is truly meaningful. How, how much impact it would be if AI can help where we have clinician staff shortage or challenges with scheduling is , is truly going to be making a meaningful impact . And

Speaker 4:

Yeah, those are excellent points. I, I , I , I do think that AI is, is absolutely a game changer. I , um, it's interesting that some health systems are actually creating chief AI officers to be part of the artificial leader , uh, part of , part of the IT leadership , uh, team. Uh, sometimes that's a responsibility that's born by the CIO or the chief digital digital officer in certain health systems. But it's interesting that health systems as just as one step in the evolution of this kind of tool is kind of creating a whole nother c-level , um, person responsible for kind of integration and evaluation and , uh, kind of measurement of the outcome. Uh , I do think that AI is a particularly powerful tool in our toolkit to, to impact some of the things I mentioned before. Uh, AI, I think is, has holds great promise to reduce some of the administrative burdens that healthcare, clinicians and other people experience in, in , uh, in using our technology. Um, I think that's a great place, frankly, for AI to start. I think there's, you know, some concern, I think appropriate concern about the, the extent to which AI might kind of replace a human function. Uh, I'm much more excited about AI as a, as a tool that reduces some of the administrative burden and some of the repetitive tasks that all of us, whether we're employees of health systems or consumers of healthcare, we all experience those kind of administrative tasks that feel a little annoying. And if AI could be kind of in the, in , in the breach to try to reduce some of that kind of administrative hassle factor, I think that that would be , uh, a really, really good thing. I, I do think that the value of a AI comes back to how do we, how do we quantify the use of these tools? We're , we're early in kind of the AI evolution. I think the hype level is high, and the use cases I think are few. But I think where , where they exist, I think they're really important. We need some, some very specific and very tangible ways to measure the outcomes of artificial intelligence in terms of, you know, time reduction in administrative , um, administrative tools or tasks. Um, the increase in the speed of a diagnosis if their , if AI is supporting some sort of other diagnostic tool that a physician or others are kind of using. So we need to get our hands around how specifically to measure the outcome of artificial intelligence and, and then agree that we need some, some real specific governance processes. 'cause right now it's, it's the wild, wild west, some real specific , uh, governance processes to measure the implementation to kind of weigh in the what's valuable and what's not valuable to have a regular cadence around how do we see the outcomes, which, which part of the algorithm is serving us, which part of the algorithm is, is not serving us. And just to have this, you know, ongoing , uh, dialogue about kind of the value , uh, in both process terms as well as as quantifiable terms.

Speaker 3:

So during the pandemic, you know, it, leaders were at the forefront of making sure, you know, needed care deliveries still occurred. As we start to think to the future and lessons learned from the pandemic, where do you see the future of telehealth? Where do you see hospital at home, some of the other innovations that may change the way that we deliver care going forward?

Speaker 5:

I personally think, Rob, that the importance of telehealth is going to be increasing on a, on a regular basis. And there were certain reimbursement challenges. Most of them have been already figured out or in the process of being figured out. And I think the platforms would truly enable patients to access healthcare services remotely, making it really easy for those who are in rural areas or with mobility challenges to receive care. I think , uh, this has, from my perspective, it has really expanded the access to care and reduce the need for travel and telehealth. Also, they can reduce the wait times , uh, uh, for appointments for improving the patient satisfaction. Nobody really likes to wait in a, in a waiting room to see a doctor. And, and , and we all know we all all have been to a physician where there was an appointment at a particular time, and we ended up not being able to see the doctor 15 minutes, 30 minutes, even sometimes longer than that. So, and , but at the same time, however , ensuring telehealth platforms are user friendly and secure would be essential for the continued success. I do see that many healthcare organization would probably have telehealth on the top of their funnel where a majority of the cases would go through that , uh, channel. And it becomes a decision tree after that. Whether it needs a specific personalized treatment, many things can be truly delivered. Um , many treatments can be delivered , uh, through , um, uh, telehealth platforms, but there are others which cannot be where a referral appointment should be created for the patients to come in physically and see a physician. So that's where I, I see in terms of telehealth , um, remote mon , remote, patient monitoring, et cetera . Another tools, technology that I, I do see that it , it will become more and more prevalent. Um, wearable technology is another one, which is, which helps continuous monitoring. I, I do see that , uh, the vital signs , um, and providing patients and clinicians with real time health data would be really helpful. The predictive aspects of the , uh, of the clinician's , uh, effort is going to be significantly reducing because of that. And, and the true health monitoring, the vital science monitoring would become , uh, critical as we , uh, as we see different types of newer pandemics that may come up, hopefully not touch it , but , uh, but who knows? And this , this type of remote wearable devices can alert providers, can alert the patients , um, can eventually improve the patient outcomes by reducing hospital readmission. So , uh, wearable , again, wearables also empowers patient to take more active role in their own health management and improving adherence to treatment plans. So I do see the technology, and I, I just took these two examples about telehealth and wearable , as you said, there are other technologies as well that I see that post pandemic can , uh, truly make an impact in terms of providing patient feedback satisfaction. Um , there are, there are things that, there are some health systems are experimenting with, with mobile. He , uh, mobile health app or self-management, their personalized treatments, et cetera, is happening , uh, in, in parallel of course. And then we have the traditional better patient portal , easier access to my own document. If I go from one health system to the other that are connected, why I can , why the other health system cannot pull up my records. A lot of those things are happening. And, and because of pandemic has definitely accelerated some of those transformation at this point of time.

Speaker 4:

Yeah , virtual care was quite literally the savior during the pandemic, right? Telehealth plus kind of other virtual mechanisms of seeing patients, hearing patients. It was the difference between 20% of our US economy continuing to function or completely grinding to a halt. And it was exciting through kind of the early days of the pandemic and even, you know, through most of the subsequent waves to see our health system respond , uh, using that kind of technology is , is one of the very few ways that we had to continue to provide our care. And for me, it was, it's been equally disappointing to see health systems and other kind of healthcare organizations pivot away from that. And it always makes me wonder, it , it feels like virtual, virtual care, telehealth, other kind of mechanisms, feels like it's externally focused on these are the things that the patient needs versus, you know, maybe the old school workflow of, you know, you coming to the office. That's what I need as the provider. So it , it feels like organizations who continue to push their providers and push their, their care kind of to virtual mechanisms is , is kind of a, is kind of a way to think that those health systems are focused on the patient's needs and not only exclusively focused on what is convenient to us as kind of healthcare organizations and healthcare providers. Um, you know, telehealth itself, I , I think there's lots of , uh, there's been really good research that, that came out of the pandemic and even kind of pre pandemic about the types of information, the types of conditions that can be totally effectively managed virtually. I think there is some entire medical and kind of other specialties that can be entirely practiced, virtually follow-up care seems super , uh, convenient. And, you know, if it's a difference between taking off a half a day of work, driving across town, waiting in a physician's office or other kind of waiting area for 30 minutes or, or longer in , in order to have kind of a five minute interaction with provider to say, I'm better. That doesn't seem like a very valuable use, frankly, of anybody's time, including the provider's time or my time as a patient. So I do think that we need to continue to focus on things like, not just telehealth for providers, but programs like virtual nursing. We have a whole nother way of remote monitoring and programs that are developing really all over the country that are showing some amazing impact by having somebody who's not physically , uh, in the same place as the patient monitor, using telemetry and kind of other physiological monitors to, to , to evaluate the patient and kind of notify the people who are on site when a patient's condition changes. So it , it's all part of the, you know, the technology , uh, the sea of technology that I think can and can make a huge difference in how we deliver care and how we as clinicians feel about the care that we provide.

Speaker 3:

We can't leave a conversation about IT and healthcare without talking about cybersecurity. It's at the top of everybody's enterprise risk management list right now. Um, a problem that we can't solve during this , uh, podcast, but if you were to give some advice to our listeners, you know, how would you , uh, within an organization, you know, best say to put in place the best plan you could to tackle this big issue?

Speaker 5:

Great question, Rob. And I think we can probably have an entire podcast on this particular topic, right? So <laugh>, but , uh, I'll, I'll try to summarize and, and hit the, some of the highlights. I, I think really with, with cybersecurity , uh, and with cyber threats and complex regulations, I do see that the legal teams are the unsung heroes of overall technology and digital strategy. So , uh, ensuring that the IT leaders stay protected, the overall technology , uh, technology footprint of the organization is , uh, is secure, it is compliant, and working in, in hand, in hand with the technology leaders is really important. Now you talked about cybersecurity. So I, I will highlight a few things. Number one to me is data sharing and privacy policies. It , and I'll tell you why I am , I am saying that and how I, this would be related to cybersecurity. There would not be a cybersecurity event if there is no data involved. Really cybersecurity events . Main reason from my perspective is getting access to the right data that has value. And data sharing and privacy policies have a, an , an very important part to do with it. We, we have seen cybersecurity attacks from best of the best companies who have spent millions, in some cases, billions of dollars, but still they had to go through these unfortunate situations. So making sure that , uh, the legal teams and technology teams and partnering with drafting what data sharing agreement should be, where the, what type of guardrail should be in place, what is right, what is not right , uh, is important, what can be shared, how the data should be shared, et cetera, is very important. With increasing focus on interoperability and integrated care . The data sharing between healthcare platforms and payers and the other stakeholders are becoming very common. But that's where having the right partnership with compliance, privacy, legal, and technology group is absolutely important. The second one that , uh, I'd like to highlight is the importance of intellectual property protection. And especially in the era of ai, as health system develops proprietary technology solutions, whether it is AI or a telehealth platform or a virtual care clear , uh, virtual virtual care platform, the, the legal teams can truly protect those innovations and ensuring that the patents, the copyright, the trademarks are filed properly. And the legal teams can also assist in negotiating license agreement , uh, and , uh, and, and help the company overall think about the overall intellectual property ecosystem of the company beyond mergers and acquisition. Again , mergers and acquisition is another area that I would say that has an, has an impact on overall cybersecurity. As soon as there is an m and a activities happening, we do see that mergers and the, the, the cyber activities increase , whether we like it or not, increase around that area of the companies that are looking to purchase or looking to sell. And how do you think about protecting it? Making sure that especially at those time , there are guardrails in place, there is active monitoring in place, the basics of the cyber security are in place. You have a log monitoring system, you have a , um, sim , which is security information event management system in place. There is a security operation center or a network operation center in place that are constantly monitoring user activity. Anything that is abnormal, that is being flagged for review, that the systems are being caught up to patches at the same time, making sure the patches are tested. Some of the recent , uh, in our content situations tell us that there should be enough guardrails to even implementing the newest, greatest and latest patches. So having that , uh, that focus enterprise level focus from information security and compliance per perspective is, is truly the key while the chief information , uh, security officer is the owner of from the information perspective, but as , uh, anybody would say information security is truly , uh, truly everybody's response. When you see something, say something, when you see something that is outta ordinary that you cannot explain rationally, you should flag it, you should flag it to your technology leadership team, your legal leadership team, and go from there.

Speaker 3:

Thank you, Dan.

Speaker 4:

I think the biggest error we could probably make in relative to information security is to think about this as an IT issue. Only the, the issue of cybersecurity is a business and business continuity issue. It's certainly has, its its roots in technology and kind of the workflows and the , and the vulnerabilities of those systems. But we need to think about information security in terms of a risk , uh, a risk profile for the entire organization. And when you talk to hospital leadership board , hospital leaders, or , uh, hospital boards, health system boards, I, I think what's helpful in my experience has been to talk about it in terms of business continuity. In fact , uh, we created a presentation , um, not long ago where kind of the, one of the very first slides was, this is not an IT conversation next slide. And it was really just to emphasize that what we're gonna talk about is everybody's responsibility. It becomes, you know, keeper of the, of the technology keeper of the software keeper of the kind of physical barriers that prevent some of these kind of things. But this is a business continuity discussion. One of the other ways we can also talk to hospital boards and hospital leaders is to say, you know, if our, if our systems went down for X period of time, and sometimes I'll just use the, the conversation of a million bucks, say you take in a million bucks, or you send , uh, you post cash of a million dollars, or you send bills for a million bucks if your systems were down for 90 days, which is not unheard of given some of our recent large scale cyber risk, if you were not able to, to process payment or send bills to say nothing of kind of the clinical care for 90 days. And that was a $90 million kind of , um, issue. You think differently about how you invest on the front end about security training , um, simulated penetration testing , um, kind of other hardware and software kind of pieces. And you'd also think very differently about how do you train anybody who has a hands on a keyboard any place in your organization. So I think we need to, we need to almost extricate ourselves from the whole conversation about information security, make it, you know, work with our, our , uh, our legal and risk and compliance and physician leaders and kind of the whole organization to hold hands and say, this is not an IT only pro problem or issue. This is an , uh, a problem and issue that all of us need to rally around, monitor closely and , um, and move forward with. But, you know, the, the, the organizations and the individuals who are trying to get this information from our health systems are getting more sophisticated by the time everything plugs into the hospital network these days. So even the things like telephones or fusion pumps or those kind of things that are network enabled now become potential ports of vulnerability for, for a cyber issue. So we just need to think about it differently from kind of , uh, uh, a risk kind of stratification perspective , uh, and get the right people involved around, around that theme.

Speaker 3:

So up with that , Dan, thank you so much on behalf of our organization for presenting all your insights today. I think it was extremely valuable for us in the legal profession to hear both , uh, of you share your insights and to what IT leaders are facing. Thank you very much. And for our membership, we look forward to bringing you our next c-suite podcast , uh, coming soon. Thanks again.

Speaker 2:

Thank you for listening. If you enjoy this episode, be sure to subscribe to a HLA speaking of health law wherever you get your podcasts. To learn more about a HLA and the educational resources available to the health law community, visit American health law.org .