This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.

 Welcome to this Weekend Health It. It's Tuesday News Day where we look at the news which will impact health it. Today we're going to talk about a lot of stories. We're gonna do a gaggle of telehealth stories. We're gonna take a look at, uh, what's going on with cybersecurity. Since we have my friend Direct Ford in the house, we always talk a little cybersecurity.

$1.2 million paid out by uh, UCSF should be an interesting story. My name is Bill Russell Healthcare, CIO, coach and Creative. This week in health it set of podcasts, videos, and collaboration events dedicated to developing the next generation. Health leaders we're working on something called Clip Notes, which I am still not allowed to talk to you about, but we are excited about it.

Uh, the first one will be this Friday, and it's designed for you, uh, to make it easier for you to consume and share this content. This episode and every episode since we started the Covid 19 series has been sponsored by Sirius Healthcare. Uh, we closed out the series on July 1st, and. We'll be a weekly sponsor of this week in Health IT through the end of the year.

Special thanks to Sirius for supporting the development of the next generation of health IT leaders. If you haven't signed up yet for three X Drex, you are missing out. Text Drex, DREX to 4 8 4 8 4 8 and receive three texts every week with the stories that you need to know to help this service of Drex our guest.

For today's show. Good morning Drex. Welcome to the show. Hey, thanks. I appreciate it. It's good to be here. It's always good to be here with you. Yeah, well I'm looking forward to the conversation. It's, you know, the last couple times was really at the, well, I'm not sure we ended our covid series, but I wanna make it clear to people it's not that we believe that Covid is.

Beyond us are past us. We just, we buttoned up that series and put it in the archive. There's a lot of great stuff for people as they're scaling up and preparing and those kind of things. But you know, we feel like we've collected enough of that information for what health it should do and be prepared to do.

And now we're gonna sort of go on to really exploring some of the. Some of the other topics that we didn't explore as much during the Covid series, like, I don't know, infrastructure and operations, interoperability, 21st Century Cures. I mean, there's so much to talk about in healthcare. It doesn't all stand still.

It all still progresses forward, but Right. It's great to have you back on the show. What have you, what have you been up to? Man, I'm just working on a bunch of different stuff. Obviously I have a, I don't know if, can I say their name? CI, security. I just did, uh, I have a client, . I have a client that I'm doing a bunch of work with and we're actually working right now on what I think is gonna be a pretty interesting and kind of maybe a little bit of a head scratching report on the data.

That have been kind of going on there. So I'm working on that right now and I think we'll probably have that out in the next couple of weeks, and happy to share it as soon as I get it done. You know, one of the other weird things that I've been working on that I've kind of just not been spending a lot of time on, but you know, I sort of bounced back and forth between regular work in this.

So we have like, you know, the, the top 30, under 30, you see those lists, all the working on. I don't know exactly what it'll turn into, but the top 50, over 50 great. It was, so I'm thinking about, you know, and the beauty of it is, you know, since it's mine, you don't necessarily have to totally be over 50.

There might be a couple of, uh, squeakers that, that, that get in there and there may be more than 50, but it's a good, uh, it's a good little kind of, so if you've got suggestions about. Somebody over 50 who's in health it, who you think has been like a real leader in the business, uh, feel free to drop me a note.

It's easy. drex@drex.io. I'm, I'm happy to take nominations drex@drex.io. You know, I'll, I'll give that a a, I'll give that a, a thought. I, I, there might be some people who don't want to disclose that they're over 50 just. You know, for clarity . That's true. That's right. I know that's true. We'll figure it out.

Alright, so there's the, you know what, there's a lot of, a lot of news. I'm gonna kick us off. There's a gaggle of telehealth stories as is has been the case. So we're gonna continue to, to parse these for everybody and see where it takes us. So there's a healthcare finance news story. Three 40 Organizations tell Congress to make telehealth permanent.

Providers to Congress, patients will lose access to care without permanent expansion of telehealth. That's, uh, fierce healthcare. Hundreds of industry groups call on Congress to advance permanent telehealth reform, healthcare IT news, and senators call for CMS to provide plan for telehealth changes. And by the way, that's all just one category.

I'm gonna, there's two more stories I'm gonna hit on with this context. Bipartisan senator released an asking secretary. From, uh, HHS and uh, CMS. Administrator Shema Verma to provide a written plan for permanent changes to Medicare, Medicaid, and children's health insurance program rules around telehealth.

We're hearing from patients and providers who are concerned about when Medicare temporary changes to telehealth rules will be rolled back and whether they will receive any advanced notice. The Senators led by LED by Senators Tina Smith, Democrat from Minnesota, and Bill Cassidy, Republican from Louisiana.

So patients are anxious about when private payers will change the rates for telehealth services and if they decide to rescind telehealth coverage altogether. They said so. Generally what you're hearing here is bipartisan support for extending the, the provisions around telehealth that were afforded to CMS as a result of the president's declaration of a national emergency and CMS using their.

Authority to grant allowances. I think it's allowances or provisions of some kind to really expand the use of telehealth. And there was some rumors going around that essentially those were going to be, uh, pulled in some way, shape or form. And, uh, so it caused people to get all angsty. And the reality is that there's a, there's a three month window.

The, the president has to re restate the, uh, national emergency every three months, right? So he can't like just do it categorically and hey, we'll end it when we end it. Every three months he has to reinstate that. Mm-hmm, in middle of July. And so.

Hs. CMS lose their ability to just grant those allowances. So that's the big one. President, national Emergency. Don't think. Don't think going back up. And that being the minor one, but I don't think in an election year that you're gonna see this president or any president for that matter, pull uh, something that has this kind of favorability rating amongst the, uh, electorate.

And so I think people are getting worried about. This thing being pulled. Now granted, there isn't a lot of information around it because it's, it's, it's a mishmash of laws coming together Yeah. That have allowed CMS to do this, these provisions. Right. And if, you know, it's, it's like a Jenga, right? So if somebody pulls out one of the blocks, then the whole thing sort of falls down.

But I don't think there's, you know, I think this, this, what you're seeing is, uh, secretary, secretary Azar has been consistent. Sema Verma has been administrative, Verma has been extremely consistent around telehealth and what she's saying. You know, the president's really on the periphery, periphery of the this, but what, what you would say about the president is that he's a, he would like to see healthcare disrupted by business, and nothing is more disruptive to the business of healthcare.

Telehealth. From a direction standpoint, I see this president pulling this and so I, I see people getting worked up about this, potentially going away and, and I'm not sure I see any signs that it's going away. I mean, what, what's your read on this right now? I, you know, and I wanna say, I can't remember if it was Verma or Azar or somebody else at HHS had tweeted something maybe a week ago, giving an indication that they were absolutely gonna extend this for another 90 days.

So now I have to go back and look in Twitter to. Yeah. Yeah. It was, it was, it was okay. Some, somebody underneath Seima Verma, I believe, tweeted out and where the rumor came from, I ended up, I called, uh, about this. Oh yeah. And just wanted to talk it through and say, okay, help me understand the laws and how they all fit together.

So we talked through, we had a great conversation, but evidently when, uh, Trump was doing the president.

About maybe not extending the, the national emergency. I didn't see the overt tweet, but that's essentially where people started to, you know, it's one of those Trump tweets that people were all sitting there going, does this mean this or does it mean this, or does it mean this? Yeah. I, and they, I try not to read his tweets.

It's just, it's so conflicting sometimes. Yeah. So, so essentially people are like, well, that's what he's saying. And so they came back in and said, no, we have no intention. So that's the, that's the direction This is. It seems to be heading what I've told people on. If you're a regular listener, you know that what I've been saying is if you're in a health system right now, plan for this to be in place for at least another six months.

So they've, they've actually taken a, a quarter of those Medicare patients and made sure that the provisions will continue. So you could see directionally that's, that's where they're going. I, I think you're right on this, you know, jingga part, right? And that there's a lot of stuff in here, uh, reciprocity of licenses across state lines.

There's, you know, are, are you going to pay for a telemedicine visit, the same amount that you would pay, uh, for a visit when the physician actually touches. The patient. A lot of those things are the things that are in this national emergency extension that lets all of this stuff happen. So the best way to do this, I mean in the spirit of never waste a good crisis, is that it seems you do have bipartisan support, uh, for telehealth right now.

Maybe this is a good time to go in and, you know, sculpt something under really. Conditions that allow this to continue into the future. I mean, you and I both saw, you know, health systems go from a few telehealth visits a week to thousands a day, and you know, almost overnight at the beginning of the Covid crisis, it's clear that that's something that patients and families.

Want something that they like from a consumerization perspective? I think from the, from the healthcare system's perspective, whenever they went into the mode of having to shut down and not do elective surgeries, it was one way they could still see patients and still get payments that they might not have been able to otherwise or might not have been willing to lean into it otherwise.

So I hope, you know, I hope Congress does something. Uh, I think it would be, you know, this sort of legislation by extend extension of a national emergency every 90 days, or, uh, presidential executive order or whatever it turns out to be, is not a great way to put a solid foundation under telehealth . So I think, I think we legislate it.

That's the best way to go. Yeah, no, absolutely. I mean, Congress, Congress is, uh, in control of the funding and they, they need to take care of that. But here, you know, here's, if I were the CEO and you were my CIO, what I would say is, Hey, you know, stop, stop worrying about this. Focus on what matters. How are we gonna use telehealth?

What areas makes, what, where does it make the most? Sense to expand its use. Do we have a mandate within our, our health system at this point? Have the physicians, are they, are they really buying into this? Do we need to build a story? Do we have the data? Do we have a new group of champions around telehealth?

I'd be, I'd be looking at the CIO saying, Hey, you know, figure these things out and then. For the most part, don't, don't come to me and say, Hey, I'm not sure if this is gonna be funded. Let let Mari and her team do their job. You know, and, and you do yours. You know, get the data, build the story. And, and in fact, if you want to support Chime, the best way to do that is to give them some data For sure.

And help them, give them the stories. For sure, for sure. And I, you know, you, you, you look at this, you know, from a long-term perspective, and this is part of the transition from fee for service to value-based care, right? I mean, we're, we're worried about this and telemedicine and isn't gonna survive under this national emergency because we're all using it as fee for service.

But realistically, looking down the line, as we continue to make a transition to value-based care and take more and more risk. Doing telemedicine makes great sense. It's a much less expensive, much less time consuming way to see patients and make sure they're healthy and that they're staying healthy and staying out of the sick side of the system.

That costs a lot of money. Use telehealth. It's a digital health program. You really should be, should be pushing for regardless of what the reimbursement model is now because that model is gonna change in the future. Yeah, so let me, let me hit on a couple of the other stories right now. Sure. So the successes and pitfalls of using telehealth for home-based primary care.

Uh, people could see roughly six patients a day. 'cause they were doing tons of driving. So they did telehealth. And what they did is that for that first visit, somebody went out, set it up, helped them to do that, that first visit. And you know, what they found is. Quite frankly, the results were subpar and it was mostly due to technical difficulties.

The EMS agency sent somebody out to the home who could actually troubleshoot and those kind of things. And so they were able to get a much higher success rate that second time around. I know that people in Silicon Valley are listening to this going, what? You're actually sending people out to the home to do a.

88, 89 years old. I, I can understand why they, they chose this model, but you know, the sec, the second round, they said either one of the, the physicians said, I like that I can touch 10 patients instead of five in one day, and I can see them on my own rather than relying on somebody else's assessment and in their home too.

Right. In their natural setting. Which, yeah. So you get that sometimes reveals a lot of stuff. Yeah. Yeah, absolutely. So, I mean, there, there are some areas where it works and where it doesn't. That's the first story. And the second is, uh, the Commonwealth Fund did a healthcare IT news again after initial spike.

Telehealth visits are on the decline, but that's not the concerning thing. We, we knew that it was gonna come back as offices started opening up. But the, the reality is, you know, telehealth never went up to fill the void of all the, uh, in-person visits and coming back. The, the two aren't meshing. So essentially what they're saying is people are still deferring care, they're still not, they're not doing telehealth, nor are they doing in-person.

And people are deferring some, some care that is gonna have some significant ramifications long-term. So, you know, it's, it's interesting. There's a lot of promise here. And there's a lot of opportunity, but we have to look, be beyond the basic visit to visit. We have to start looking at all the different options that are gonna be available to us.

You know, it's, it's, we are gonna have IoT devices, we're gonna have, uh, just a bunch of different ways to do this, and it's gonna create. Better models than just this one-to-one as well. We're gonna have a care team be able to visit with a patient through telemedicine, and it will be not only much more efficient, but much more comprehensive of a type of care, I believe, moving forward.

Yeah, I, I think too, you know that we have sort of. Wrapped our hat around this idea of, uh, telemedicine being me using a Zoom like function to talk to and, and have discussions with a patient and, and see what's wrong with them and, you know, treat them that way. There's actually probably a whole broad range of things that fall into that telehealth category.

And so it's not just video, it may be, you know, remote monitoring it. Technology that ultimately helps move us down this. Yep. Absolutely. Uh, so I have a, I have a story here from a friend of yours. So you interviewed him for the show. It's Arm Yourself a Healthcare CIO's introductory Guide to Apple Silicon.

Yeah. And, uh, healthcare IT today. Mitch Parker, ciso, who you interviewed for the show is Yeah. So, you know, for the first time in 15 years, apple has announced a major architecture change in the Macintosh platform. They used to be, you know, on those Motorola chips and then they went to Intel-based chips.

Now they're going to ARM-based Apple Silicon. So essentially they're gonna be building their own processors. To power the iPhones, uh, that also power iPhones, iPads, and now they're gonna power their computers. Mm-Hmm. . And, you know, one of the biggest changes I think is with Apple silk and this, the iPhone, iPad apps will be able to run natively on the Mac.

Mac oss. Big Sir also has a control center just like iOS. Convergence, the app support and similar configurations means that the skills used to manage iPhones will transfer over these devices. So Mitch lays out sort of, you know, this whole thing of don't panic. We've gone through these things before. It's the same, you know, it's the same model.

We use MDM. We dere deprecate the legacy apps. We use virtual desktops and, you know, we, we learn a new set of skills and a new set of tools to, uh, secure the environment. Have have you kept track of this apple, silicon story at all? Uh, you know, so I've, I've read about it initially and I think my, and I, and I certainly read Mitch's, uh, article about it and it's, you know, good solid advice from a really

Good, solid CISO. The reality is I think that as we see this transition happen, there's always going to be a bunch of things that nobody thought about until you're in the middle of it. And then you have that, you know, oh shoot moment where you have a security, uh, issue. Or, or, or maybe you have an operations improvement thing that happens that you just.

You didn't know until you got out into the middle of that river. So hopefully there's been a lot of thinking that's gone into this. A lot of strong considerations. I'm an Apple ecosystem person, so I think it's really interesting to kind of watch how this is gonna unfold. And you know, I think the important part of this is just being agile and keeping your eyes open and thinking, thinking about your own organization and how you use Apple transition.

The work associated with monitoring and managing and securing those devices. You know, this is a, a classic simplification move, right? I mean, essentially what you're gonna end up with is a, a single oss. Yeah. Across all the Apple. Everything's an iPad. I mean, or everything's an iPhone at, you know, at some point.

Yeah, I, I never thought I'd be a fan of that, but you know, I can't tell you how many times I'm now picking up my phone to do my banking as opposed to using my computer. Mm-Hmm. . Better thought out on the on the phone. Yeah, there's definitely the situation too today where you have things that you can do on your computer that you can't do on your phone or vice versa, and that can be really aggravating.

I have a couple of couple of products that I use to help manage my home, that there are things that I can do on the computer that I can't do on the handheld. Frustrating sometimes, and it's, it's not just that. I know there are a lot of apps that sort of have that problem. This is what I'd like from Epic and Cerner and Meditech and Athena.

If they would just sit back and think through, you know, I, I don't want 'em to rewrite the entire EHR for the phone. I don't expect that, nor do I. I do want them to start to layer interfaces. It's not like, it's not like JP Morgan and, and Schwab sat back and rewrote every backend financial system that they had Yeah.

To make the, the apps work on the phone. But they thought through, uh, certain workflows that were consistent, that happened over and over again, and then they made an interface to get to those things. If they just took a small team, and I wouldn't do anything more than that. A small team over to the side, work off the APIs that they're already providing and say, look, we're gonna, we, we would like interfaces for these five things that clinicians do every day.

Mm-Hmm, or these 10 things and just keep building it out and building it out and building it out. I think that eventually they could rewrite the entire. Experience on top of, you know, the existing data structure, the existing set of APIs, or at least they should, they should be able to. I just mean, I think, you know, when you think about how we should be thinking about these things, this goes back to our tele of medicine conversation too.

It's don't, you're not trying to solve world hunger here, right? So, so telemedicine isn't gonna replace all medicine and all treatment that we do, just like this device isn't gonna replace all the stuff we do with electronic health records. There will always be things that will say it. Look, it just makes more sense to do that on a computer.

It's too complicated, it's too hard to do on a phone. But if you take the things you think would work on a mobile device and you have a mobile attitude. About your product and then you prioritize the work that you should do. This is where we get the biggest advantage first. If we do these things on mobile, then yeah, you should.

You should certainly have a mobile first development flight plan if you're an electronic health. That says, these are the things we're gonna put on the phone first, and these are the things we're gonna put on the phone later and, and work through that process. I think you're totally right. I want as many things on my phone as I can, 'cause I have it with me all the time and that's what I use 90% of the time.

But, but there are still things that are just easier to do on my, on my computer. And so those should probably stay there. Yep. I mean, the, I think the, so what on this is, is his statement of don't panic. I mean, we, we know, we know how to secure things in the environment. I. Just follow good sound hygiene procedures.

You're gonna be fine. Alright, next story. Five G. So I, you know, five G, there's a, uh, next iteration of the spec, additional power savings. It is kind of a power hog at this point, as all technologies are when they first come out. So there's some power savings stuff in it. The use of unlicensed.

All the time. It's just part of how they get additional bandwidth and speed. There's some things around positioning for cars and stuff to get more exact and precise positioning, which you'll want if your car's being driven by five G. Uh, and there's some new deployment models. But let's talk about healthcare for a minute because here's what I've been saying and I'm wanna bounce off somebody else.

I've been saying, Hey, these specs, these take time. And over time there's really no. If I were ACIO, I'd be reading these stories. I'd be staying up on the spec. I'd be, I'd be looking for that point, that inflection point that says, okay, we're ready. We're ready to start thinking about what the deployment model might be and those kind of things.

Mm-Hmm. . But I still feel like, and, and this story even goes on, it says, uh. You know these, these changes won't be happening overnight or even within a year. It's been almost three years since the five G Spec was approved, and though we're starting to see networks and devices take hold, the protocol is far from widespread.

It's likely we're years away from seeing the power saving and bandwidth benefits in the real world. So they talk about, even the specs we're talking about that just came out, we're not even gonna see proliferate for another couple years. And that's what I'm saying. I'm saying, look, this is probably not something.

Be aware of it, but it's not something you're working on for another two to three years, even though I know some health systems are, you know, diving into this deep, I, I think there's some challenges with diving in deep unless you have a big budget and lots of people, I think this is, uh, if you have a small group of people who are looking over the curvature of the earth at things that are coming as part of your digital health technology.

Planning program, that's a good thing. And five G should be something that's in their window, like everything else that we've talked about today. Back to your don't panic kind of strategy on this stuff. I think this is another one of those where you go, it's coming. We don't know exactly what it's gonna look like yet.

It's getting clearer every day. Fog is being sucked out the room. We're starting to understand a little bit more about what it will and won't be able to. If you're going to consider deploying it, where do you deploy it first, right? So if you think it's an unproven, untested technology and you wanna try it out on some things, don't put it in mission critical systems first, right?

Find some non-mission critical stuff that you can try it out on first and see how it works, and learn how to use it and make your adjustments and then deploy it to, you know, to the next level of the organization or. Replacing wired infrastructure or whatever it's that you're going to do. So, I mean, I'm, I'm with you.

This is, um, like a lot of things. There's a lot of cool stuff that's coming and, um, you know, don't, don't get wrapped around the axle. Don't bet the farm on some of these things. They're just. They're not solid enough yet to say, I'm not gonna make investments in wired infrastructure anymore 'cause we're going to five G.

Well, that just isn't a good plan, I don't think. Yeah. Well, I, we'll, we'll, this is gonna be one we're gonna have to keep an eye on. I'm gonna let you, so I'm gonna hastily go through the last four stories here that I wanna hit. This one's in your wheelhouse. So UCF, the UCSF pays 1.14 million to decrypt files after ransomware attack.

And essentially, uh, the medical school was hit by an opportunistic malware attack on June 1st. And the encrypted data was important to some of the academic work that they pursue as a university serving the public good. Official said so essentially.

They, then they, they saw the attack coming, but before they could cut off the attack, they actually, you know, triggered the malware to, to lock up some of this, some of these files, some of the servers, entire servers. Yeah. The sad thing is we never really hear the post game on this, right. So we don't really know.

We never really get the full information on, you know, what happened. Did they not have backups? Were they not patching? What weren't they patching? You know, what, what was their. Was there a situation with user accounts? Did they have two broad of access? There's tons of stuff that could, does anyone hear the, the backstory eventually?

Yeah. I mean, does who, who, outside of, you know, the, the people obviously in the IT department at UCSF, is there an agency that would hear the full story? Is there, uh, how would we get the full story so that, I mean, I don't want, I don't want it out in the public. We're not share it on this, this. I mean, there should be forums where these people are sharing these, this kind of information.

Like, hey, here's how they got in, here's how they attacked, here's the mistakes we made. And that, you know, those best practices sort of proliferate as a result of that. Yeah. I think you see, um, some of that work now happening through the healthcare isac, but a lot of it still, I mean, and you know, and maybe rightly so, right, as a.

Cybersecurity interested guy. You know, I'm really thoughtful and careful about any client that I work with. Actually even talking who the client is, you know, talking about who the client is or anything else, because sometimes that just paints a target on the, on the individual client. Likewise, discussing publicly in detail what has happened to that individual breach.

Might make them more vulnerable in a, in another, another attack scenario. The best you can do probably is take that stuff, gather it centrally, talk about the challenges and issues that are, you know, that are. Kind of anonymous for a larger group of, of organizations that have been hacked so that you can take steps toward protecting yourself.

Some of it is, uh, and I don't know that H ISAC or any of the ISACs sort of keep a tally of if you only do one thing, it should be patch or computers. Right? That's probably where the biggest problem is. And you know, you hear people talk about that, but I don't know if there's any sort of underlying metrics around that.

Good general cyber hygiene lists exist all over the place. It's, it's likely that that one of those, or more of those was the problem at at uc. Yeah. All right, so the next story, I'm just gonna do the headline. Yeah. And, and ask you what you think. So the headline from Healthcare IT News is Hasty Rush to Cloud Hosting during C Ovid 19 crisis could set the stage for a cyber pandemic.

In other words, we've all gone to the cloud and now if they take out a cloud. You know, they could take down several hospitals. I mean, how real of a problem is this? Uh, I mean, generally speaking, I would say that if you use a, uh, reputable cloud provider, there's probably a significant amount of redundancy there that you.

In the grand scheme of things compared to hosting it yourself on your own servers and your own data center, you're probably in in a, in a better place. The challenge with that is in the military, we always talked about a center of gravity. So the center of gravity now has moved, right? So if somebody can successfully take down a cloud provider, they could take down.

Lots of different organizations, not just one. As opposed to if I was running into my data center, would I be better protected or less protected? And if they attacked me and took me down, I would be an N of one instead of a cloud provider, which might be an N of a thousand. So it could be, it could be a much bigger deal.

I mean, I think there are a lot of things that happened as we went through this, you know, as we are still going through this first wave of. Medical equipment and put it on the network maybe without all of the stuff that we were supposed to do to make that happen. I think we connected to new suppliers because we were desperate.

You know, PPE and other things, and maybe we did that without hitting all of our gates. Hopefully what happened in healthcare is that, and I have a, I have a whole list of those, but hopefully what happened in healthcare is that they, they kept good track of any place that they made exceptions and they've gone back and, and, you know, resolved those exceptions to the rule.

But I, I, I wonder about that because of some of the data that I'm starting to see in the. Wall of shame report I referred to earlier Wall of Shame. Uh, so for our listeners, the wall of shame is, so, HHS asks healthcare providers to report to them if they have a breach of more than 500 patient IDs, patient information.

And that data goes on to, it has an official name and I . I can't think of it right now. , I just refer to it as the Wall of shame. Wall of shame. If you Google, if you Google or bing AHHS, wall of shame, you'll find it. And it basically lists out all the organizations. It talks about the number of, you know, what, what the breach was about, how many records were compromised, whether it was a hacking incident or a loss of data or something, you know, stolen data or something like that.

And it's a, it's really interesting because then those are, those are the kinds of things that trigger those, um. Inspections that you definitely don't want those visits from the government that you definitely don't want. So, you know, stay off the wall of shame. But there are plenty of people up, there are plenty of organizations up there and, and is it still the case that a majority of these are human error?

You know, the, so the answer is it depends, um, on how you define that. So you could even say hacking it, incidents, a lot of those probably were human error or somebody fat fingered something and you know, left a port open that. Had an organization got attacked through, or they opened an email, then you know they got phished, which then allowed ransomware in.

That's human error. And some of these are literally the kinds of things, exactly what I think you're thinking of, which is, oh, we put that spreadsheet with a thousand. You know, patients in our research project on what we thought was a common drive, but it turned out that that drive was exposed to the internet and Google Crawl crawled that drive and now that information is available, um, on the internet.

So all of those things, um, ultimately kind come back to, you know, what I put in the category of, of human error, human error. The reality is those ports being open, you know, it's, it's interesting. Because, uh, I had somebody on the show who did I have on the show? Nebraska of Nebraska Medicine, and we were talking about architecture.

'cause I'm horrible with names, I apologize. That's okay. The, we were talking about architecture and how they were, they were looking at utilizing VMware on, in front of, um, in front of Epic. And the reason they were doing that was because it closed down like couple hundred ports that. By, by funneling it through there.

And they're like, and they just looked at it like, Hey, you know, those couple hundred ports all represent an opportunity. Mm-hmm. for somebody to come in that door. And I think that's one of the things we have, we, we, intelligent design, architecture. Architecture is a thing. We need good architects who are looking at things like, Hey, how many ports do we really need to have open?

A lot of times what happens is people install the server and just assume, hey, these ports are open because. You know, application. Application needs it. Yeah. Needs it. And, and the reality is, in fact, that's not the case at all. Yeah. Yeah. You could just shut those things down. So Yeah. A lot of organizations don't have standards designed for, you know, when you build a server, these are all the things you turn off, and then you only turn on the things that are needed.

And I mean, you, you know, we could go into whole cybersecurity. Uh, diatribe here. It's, uh, yeah, but that's, that's one of the reasons I, I love having you on here. So, you know, here's the, I I'll just, I'll jump to the last story. We're, we're getting close to the end here, so, okay. Uh, major health orgs create National Patient Identifier Coalition.

Patient ID now.org. Um. You know, it's, it's interesting and I, and I've, I've gone on off on rants on this before, so if you go to patient id now.org, and I think the site says it all because when you go there, it's not an SSL site. So on Chrome it says not secure patient id Now , and I think that is starting right there.

Starting right there just sort of says it all. And you know, at the bottom it has founding members. AHIMA Chime. Mm-Hmm. himss Intermountain Premier. They all should know better. There should not be a site like this that says not secure. Patient id now with any, if my brand were on there, I would be embarrassed.

Yeah, and you know what? It's, it leads to the problem and the problem on this is not that patient that, not that a national patient identifier is bad in its intention, but we haven't shown our ability to secure the patient record. We haven't shown our ability to, to share the patient record effectively.

We haven't, you know, we, we really need to rethink our approach to this.

I, I will have this debate with anyone who wants to go on the show. The patient should be the carrier of the entire health record. By law, they're the only constant at the point of care. They should be given the entire record electronically. And you know, what else If, if the health system doesn't provide the entire patient record, I think there should be a little.

Button on the app that they push, and it's a direct link to ONC that says, I just visited this health system. They gave me my data. It didn't go into my app correctly. It puts stuff in the wrong places, it, whatever. And you know, and, and then they should get fined. You know, we've had about 20 years to get this right and we haven't done it, and I don't think we deserve another two.

An individual can be a good carrier of information from point to point to point. It's, it's very possible to do, and it's, it's probably the, in my mind, it is the best method to make sure that their health record gets from one location to the next. But anyway, yeah, man, that's the national patient id, I'm, I'm curious, I'll let you have the last word on this since I went on a rant.

I clearly have an opinion about this , and you know, I, and I, I don't necessarily think it's wrong, right? I, I've been kind of yelling from the rooftop since I was a Air Force Second Lieutenant that we need a single patient id. We spend way, much time, way too much time reconciling patient records in our own EHR, not.

Having all the information that we need because we don't get data from other electronic health records or from other health systems or from other sort of, you know, odd casual visits that a patient may do to a MinuteClinic or something like that. So, you know, the, the, the, the data doesn't flow and I don't know that that's solved with a single patient id, but I've always felt like having some kind of an ID that you could attach everything to.

Gives you the opportunity to make that happen. I'm with you. I think you know, Google and Microsoft and others just may have been too early on a personal health record to make it work. It was super complicated. The technology was complicated. How do you get data out from an electronic health record and into a personal health record Was too complicated.

But I think we're maybe at a point where a personal health record could be the right way to go. Not only could you take information from lots of different health systems into your own personal health record, you then have the opportunity as an individual to be able to make decisions about what studies you may want to participate in.

And perhaps you could even make a little money on the side by sharing your information with those studies and participating in those studies. Yeah, it puts control of your data. Where it belongs, which is with the patient. And I think that this whole idea requires like walking to the other side of the room and looking at the electronic health record with a completely different view of the world.

Yeah. Well that's gonna be all for this week, Drex. Thanks again for coming on the show. Uh, three x Drex, if you haven't signed up. 4 8 4 8 4 8. Text Drex to 4 8 4 8 4 8. Get signed up. Uh, special thanks to our sponsors, VMware Starbridge advisors, Galen Healthcare Health lyrics, Sirius Healthcare and Pro Talent Advisors for choosing to invest in developing the next generation of health leaders.

This show is a production of this week in Health It. For more great content, check out the website this week, health.com, or the YouTube channel. If you wanna support the show, share it with the peer. Please get back. We're gonna continue to drop three shows a week, Tuesday, Wednesday and Friday. Thanks for listening.

That's all for now.