This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.

 Welcome to this Week in Health It, it's Newsday. My name is Bill Russell, former Healthcare CIO for a 16 hospital system and creator of this week in Health IT at channel dedicated to keeping Health IT staff current and engaged. Special thanks to Sirius Healthcare Health Lyrics and Worldwide Technology who are our news day show sponsors for investing in our mission to develop the next generation of health IT leaders.

We set a goal for our show, and one of those goals for this year is to grow our YouTube followers. We have about 600 plus followers today on our YouTube channel. Why you might ask, because not only do we produce this show in video format, but we also produce four short video clips from each show that we do.

If you subscribe, you'll be notified when they go live. We produce, produce those clips just for you, the busy health IT professionals. So go ahead and check that out. Uh, we also launched today in Health It a weekday daily show that is on today in health it.com. We look at one story each day and try to keep it to about 10 minutes or less.

So it's really digestible. This is a great way for you to stay current. It's a great way for your team to stay current. In fact, if I were ACIO today, uh, I would have all my staff listening to today in health it, so we could discuss it, you know, agree with the content, disagree with the content. It is still a great way to get the conversation started, so check that out as well.

Now onto today's, . Show today we're joined by Mari Vicki, VP of Public Policy with Chime. Good afternoon, Mari, and welcome to the show. Well, thank you. Be thanks for having me. Yeah, well, I'm looking forward to it. You're working outta your house. Pretty excited about working outta your house. Yes, broadcasting live from like the amazing headquarters of Fredericksburg, Virginia.

So exciting. I know that you and I discussed having a beach background bill because in my fantasy world where I like to live, I'm at the beach, but instead I'm here in like the cold tundra of Virginia. I. Is, is, is anyone getting up to the hill these days? I mean, we had the, we, we had the event that was there.

The National Guards is still there are, I mean, does the team actually go up there much these days or is it, is it pretty, is it still pretty locked down? Oh, it's locked down. We're not going up to the hill. You don't get, I mean, there was a little bit more flexibility before the insurrection, but No, we're not gonna The hill.

Yeah, it's very tightly controlled. So you, you, you, you just like everybody else, has to figure out how to do your job remotely and interact with the, with the key players, gather the information and get it represented up on the hill. You know, actually before we jump into it, I'd, I'd love to hear just an, a sort of a, a picture of what transition looks like.

So my, my picture is that almost everything comes to a stop around the election. Everyone's sort of waiting and then the elections, I. You know, decided, and then things start at a frenetic pace. I mean, you have, most presidents are judged based on their first a hundred days. That's just sort of the, the way it is, you know?

What have you accomplished? What direction have you have you set? So I'd imagine things just, just set out in a pretty hectic pace. Is that generally what happens when a new administration comes in? It. It is though. I mean, the handoff this time I think everyone knows was much more complicated. So the transition starts like very early on and you know, as in like it should have happened last year into the beginning of this year.

But I think this is well documented now that the transition was very bumpy and it has set things behind for a while. The transition officials weren't allowed access to the previous administration, so things are a little bit behind, but I think they're, they're playing catch up and, you know, every president looks to set, make their mark during their first a hundred days in office.

And we've seen like a blizzard of executive orders trying to walk back some of the last administration's policies. And one of the things that happens is . And this happens no matter, you know, it happens pretty commonly when there's a handoff in from one administration to the next. Particularly from when it's going from, you know, one party to another party, is that they're gonna hit pause.

They're gonna hit pause, and they're gonna take a look at what's actually in the pipeline and what was recent released, and they're gonna. Maybe pull things, things back. So we're waiting on, you know, a number of things to just see how that shakes out. Like, for example, the HIPAA rule was, um, released, I forget what day it was, like, maybe like the day before the inauguration and maybe it was the day of, and it.

That's, we, we have no certainty as to whether or not, you know, is this gonna get pulled back? We, we can't get an answer from the office for civil rights, and it's probably because they don't have all their transition officials in yet. Um, like the new administration's not yet in place. So yeah, it's, it's a, it's a little bit hectic right now, but I think they're picking up steam and they're busy, totally busy, you know.

Several administrations, actually. I know it's hard to believe that I actually know people in administrations, but they, they will say to you that what they want to do is get to this sort of normalcy and sort of portray that everything's under control. But in that first a hundred days, it's just every day is, is like chaos.

It starts perfect at like, you know, seven o'clock, everything's okay. And then by like eight, nine, everything's. You're just scrambling to, to make sure things don't spiral outta control. So that, I mean, that's, that's the nature. But you have a, you know, you have a president who's been a vice president and hopefully can surround himself with, you know, some people that know how to navigate that.

It's, it, it actually, I saw a story where he is already reaching out to rom Emmanuel, who was Obama's. Chief of staff, and, you know, and that's the kind of thing when you have, when you have that kind of experience coming in, maybe they can get through it. Let, let's, let's start with, I, I'd love to talk a little bit about your team and hit a couple regulatory things.

We're gonna hit some stories, and I think there's some fun stories that will give us the, uh, a backdrop to talk about, uh, some things that are really pertinent to health. It. Uh, let's start with your team who's, who's on your team at Chime? That's, that's working. The, the federal affairs and, and congressional work.

Sure. And you know, this is an interesting time for the team because we onboarded them all remotely in last March. So they actually started right as the pandemic was picking up. And so none of them have actually met each other in person. And in fact, I haven't met . Our administrative support. Lauren in, I haven't even met her, she's in Michigan.

So we have Cassie Leonard, who is our, uh, director of Congressional Affairs, and she comes by way of Senator Kennedy's office, so right off the hill. And then we also have Andrew Tomlinson, who is our director of Federal Affairs, and he is handling all the work with the agencies. And he Kims by way of ONC and then a brief stop over at United.

So they both bring a really deep bench and they're pretty darn fabulous. . I'm so fortunate to have them and you know, we've been able to, uh, increase our bandwidth with the addition of the threes. Three individuals. Yeah. Is there like a, uh, words per minute they have to be able to read in order to take those jobs?

right? I know, right? You must be able to devour regulations and statute at like an alarming rate. . Yes. No, it's nothing like that. . So that, that's an interesting idea. Well, you. Uh, you know, you guys are keeping, uh, chime membership abreast of things that are going on. There's some interesting things right around the corner.

Information blocking April 5th is the, uh, first deadline. Anything going on with regard to that or whatcha guys keeping an eye on there? Yeah, we actually have a ton going on. So, you know, we're really fortunate that we were able to advocate for some delays for our members. That was incredibly important, especially in light of the pandemic, and it's afforded them some additional time to meet this compliance online.

And while some we were told we're ready in November because they felt like they had no other choice, we know that some of our members were still struggling. And we actually have a survey out right now just to kind of get a better finger on the pulse of just how many will indeed be ready. So we're focusing our efforts on education, and in fact, tomorrow we are launching an information blocking center.

In conjunction with several other provider stakeholder groups that we work closely with, which is really exciting. And, um, we're gonna be able to direct our, you know, our members and their members to a single, you know, what we, we wanna call like one stop, um, location for their education. So we're pretty excited about that.

No, that's fantastic. I, I think the other thing that is top of mind, and we're gonna do a story on, on vaccination, you, you pulled a, uh, great story from the, uh, MIT technology review. So, we'll, we'll go a little back and forth on the vaccination, but talk specifically a little bit about what's, what's going on in the hill around the vaccination and maybe focusing on health it, uh, for that topic.

Well, there were actually, um, two hearings this week. So, um, the House Oversight Committee and the House, um, subcommittee on Health, both energy and Commerce committees. They, they had some hearings this week and we're still reviewing them. I don't know that there's necessarily a, an enormous focus on healthcare data, but.

I can tell you that the stories that are percolating up from the field are that not everything is going swimmingly, which I know that no one will find that shocking. Given our antiquated data reporting infrastructure for public health, it's something that we continue to push for more investment in. And while we did get some money in the stimulus packages last year, it's still, you know, it's an investment, but we need more funds to help strengthen this and

I guess like what better time to test out, you know, our pipes than during a pandemic? So that's, it's been a challenge. And the CDC has a requirement that you have to submit your, the hospitals have to send their data up, or the, the, I guess the state sits in between it, but within 24 hours. So you have to send that up.

And so that is creating challenges when you have to do things at like a really lickety spit pill, uh, pace. And you have, um, certain information you have to collect and you do this quickly and you do it on paper records. So you, you know, what happens when we use paper records. So it has been a challenge.

Why, I'm sorry. Why are health systems using paper records? Is this, I know. Is this like a needle across the record moment? Be I just, I , I, I'm kind of surprised. I mean, we had meaningful use which started, I don't dunno, like over a decade ago. I, I would think that almost all the health systems are using some sort of electronic tracking for this.

And, and if not, I, I mean they're just asking for challenges, aren't they?

I mean, I don't think that the providers really wanna start doing, dropping back to paper, but you have the current reality. It's like, you know, shots in arms and they need to be done as quickly as possible, and you are collecting information that's required by the state. And so what they're doing is they're taking the paper records and the information they collect on site, and then they're later keying it in, which again would be after the 24 hour period.

And so it, they don't have, you know, the ability to work, I guess, that quickly click every single data point, key it in. And so what's happening is that in some cases, the data is getting communicated up to the state, and we have examples where the state is not absorbing that data. And for example, one member told us that the, the state requires that the, the, the patient's identifier number and the, like the electronic record number be included , and it wasn't included.

So they were basically . You know, several thousand records were put to the side, and the only way that the provider found out was by doing, you know, a quick like spot check to see if they were actually there and then they weren't. And so there are these issues that are happening. I don't think any providers like, oh yeah, she totally dropped back to paper records.

That's a great idea. They're just trying to, you know, do the best they can with the requirements that have been in placed on them, and again, work expeditiously through the system. The other, um, issue too that we've heard is. I, so if the, if there's not an accurate tally in the database that the state holds, which is sort of, you know, determines how many vaccinations a provider gets, then you may be looking for more vaccinations 'cause you actually administered them.

But the state, state may not have that reflected in their database. And so that affects your number of, uh, vaccinations sent to you. And so then you're, I mean, we have one member who tell us they actually had to close their clinic. For vaccinations. Yeah. I mean the number, the number of vaccines going to places.

So the, the, the thing I was, and by the way, if people are listening to this going, why is the interviewer going back and forth? Because this is a Newsday show. This is what we do on the news show. We go back and forth. So the, it's interesting because I talked to several health systems today and, you know, just through the course of my, my normal work that I.

The two phone calls I had today, they were like, Hey, it's, it's going great. We integrated this. We have QR codes. People are showing up, they're in and out. Within 10 minutes, the information's going right into the EM march, generating the reports. We're setting it up to the state. Now, everyone in the world will tell you that the states are, uh, notoriously underfunded from.

Kind of a patchwork kind of thing. And sometimes they can take the data and they're so, they're underfunded, understaffed, so they're, they are gonna set aside 7,000 records and not let you know. So that kinda stuff happens. Nobody, nobody doubts that. They also, you know, sometimes you struggle, you send 'em information the way they tell you to send it to 'em, and it doesn't go into their system correctly and falls by the.

Some health systems with their EMR are able to set up pretty efficient processes while others are struggling. Is this a, an education thing? Is it a different EMR thing? I, I'm not asking you to answer it because I'm not sure you have an answer for it. I'm just sort of, I'm just sort of wondering out loud, what, what makes one health system able to do it and another health system not, anyway, I, I'll move on.

Anything around cybersecurity. I mean, there, there were so many very visible incidents leading up to the election and I that didn't really slow down after the election. There's still a lot of things going on in healthcare. What, what, what, what can we expect? What do you, what are you keeping an eye on or what's, what's the movement right now around cybersecurity?

It's hot. I mean, it continues to be our . Our hottest policy priority and year after year, and it's, it hasn't abated. So the challenges are, I think they're well chronicled and well documented, but we have a lot of problems. I'd say that, you know, while the health sector, which is one of many sectors across the country, we've got like energy and banking and, uh, retail healthcare is one of them.

And we've been behind the eight ball, but I think we've been working hard the past few years to catch up. That being said, we still have challenges. You know, we, they, you know, even the best resource . Members that we have still have, you know, issues. And so we have, uh, a constant barrage of cyber attacks and they increased exponentially in 29, 20 20 when the pandemic started because people are opportunistic.

And you know, there were two major issues that happened last year. There was a credible and active threat that pretty much brought the industry to a standstill the last day of October. And so that had everyone in an extremely high alert and several hospitals did actually get, um, attacked. And there's, you know, ones that were in the news, like there was a hospital in Vermont that was brought down for several days and then there was, you know, then there was also the solar winds issue.

And so it hasn't really abated Bill. I mean, there's a lot of attention that's being brought to bear on cyber and I think that most, you know, there's a bipartisan consensus that this is an issue that warrants . You know, warrant additional attention and, you know, we're gonna keep fighting for additional funds for our, for our members.

Yeah. And, and, and we're gonna, we're gonna start with a, a HIPAA story. They, my thing on, on cybersecurity, I, I heard somebody say this once, that he goes that he, and it resonated with me. He, he was like, you know, the, these nation states and these crime syndications are essentially attacking our corporations in the United States.

And he said it's the equivalent of they've all set up aircraft carriers off the coast and they're just flying in and, and doing runs and, and they're, you know, they're shutting down places, they're stealing money and that kind of stuff. And his, his premise was, you know, if that were actually happening, if aircraft carriers were off our coast, we would, we would mobilize and do something about it.

But in cyber, for some reason, we haven't, uh, up until now, really mobilized. Enough to protect. And we were sort of saying, Hey, every health system has to come up with their own plans to protect themselves. And every corporation has to come up with their own plans to protect themselves. So I'm really hopeful in this space that we see movement.

And I, I'm glad to hear that it's bipartisan. That, that we really need to do something to, to protect organizations like our hospitals who, who function in the us. All right. You ready? I like, um, sure. Before we move on, bill, I would like to share, like, I'm gonna try to insert some good news into, you know, into our conversation.

'cause it's not always, you know, bad news at the very, I guess it was the end of last year, beginning of this year, probably one of the last bills that President Trump signed was HR 78 98. And you know, this may have been . Maybe overlooked by some folks. So we try to get the word out. This is a really good bill and we're very happy that it was signed into legislation.

It's gonna give our members, the provider community credit for using cybersecurity best practices. So when you know OCR, the Office for Civil Rights starts considering maybe like the length of an audit, they're gonna have to take into consideration whether or not. A hospital system or or provider was actually using some best practices for the last 12 months.

So this is really a nice step in the right direction and, you know, more of a carrot that is stick and we've been trying to find ways to provide more incentives rather than penalties to incite the right behavior. So we're really pleased about this. No, that's fantastic. It's, uh, you know, cybersecurity is one of those things that is so challenging and you need a, a fair amount of funds to.

Stay up and stay ahead of it. And actually that takes us to our first story. Our first story is the Fifth Circuit Court of Appeals Vacates, the MD Anderson HIPAA penalty. And this sort of speaks to some of that, right? So essentially what happened here is the, uh, circuit vacated, the penalty vacated for reasons is.

Mechanisms in place to encrypt the PHI on mobile devices, but it was the employees who failed to use the encryption control before the laptop and USB devices were, were taken. Therefore, the, the health system had, uh, done their d their duty and had done the things they were supposed to do. They vacated for that reason.

And they also said that the, the penalties were, I think the word was like capricious. And these were words they used, arbitrary and capricious in, in that the OCR was not enforcing their penalties evenly across, uh, all health systems. So they vacated that penalty.

You pull this story up, what are, what are your thoughts on this story? Yeah, this is another morsel of goodness that I feel like got lost in the shuffle of the madness of January. And you know, we only saw like one or two articles on it and we're like, whoa, this is a really big deal. So it actually is in some ways, you know.

Just, you know, similar to the, that, that bill we just discussed, is that, is that they, I mean, they're, we're gonna have to put the bill in place, right? It's gonna have, be operationalized. We'll have to be a rule making people weigh in what's considered every, every little nuance of a best practice. But this is great.

It's it, it says that, you know, you have tried really hard that the provider tried very hard and there's never, you know, there's never gonna be a time where you're gonna come be completely inoculated from a cyber threat. That just is not gonna happen. You can, so I think that this ruling is very instrumental.

Providers the best, like give them credit for the best practices. So I think this case will play into that and I think it's really, really a, a good news story. Yeah. It's, uh. By the way, I I agree a thousand percent with that. They, they, they, when they say it's arbitrary and capricious, I, I think there is a certain amount of truth to that.

So they, they have to go back to the drawing board and essentially say, okay, we need a uniform process for measuring this. Uh, you wouldn't send out, you know, accountants around the country and say, you know, Hey, there's gonna be, you know, a in the south.

You actually have standards that the CPAs, you know, study and they follow those standards. Same thing should be true here. We should know that when they come into audit they're gonna be looking at these things and these are the things we're gonna have in place. So I agree with that a thousand percent. I actually, I actually did post this on my LinkedIn kind a couple of interesting back and forths and you know, one of.

Wayne Sadan, who's a transformational C-I-C-T-O-C-D-O, and he goes, my take,

he says Control, especially for a portable device. Especially for one containing PHI then doesn't deploy it and enforce the use throughout the system. And what internal audit compliance function would, would let said CIO CISO get away with that. And what CEO Board upon hearing of all this worked or didn't work during regular IT cyber refuse.

Didn't order everyone to make it sell. Employees can choose to encrypt PHI or not question mark and no fine for such systemic negligence. And you know, I, I sort of agree with that. I mean, actually this was one of my breaches, , to be honest with you. When I was CIO, we, we had purchased a group, uh, it was either a lab or a bunch of ambulatory.

And before. Somebody had backed up the information on AUSB drive, put it in her purse, and her purse got stolen. Well, we had already purchased them, but we, you know, we didn't go in there with our full it on day one. And that happened like within the first week. So we lost, uh, we lost that information and, and so that was a reportable event.

It was a findable event and all those things. Now, and, and I understand you.

Encryption, arrest, encryption and, and transport. We had, uh, iron key for locking down USB drives. We had all those things. We had just purchased this organization. We just didn't have a chance. And, you know, and we ended up getting fined, is that, I guess under this ruling, they're gonna have to step back and say, look, th this is an extenuating circumstances.

They had all the procedures. That. That's exactly right. I mean, it's like if you could picture a door like is four are four double bolts enough or is it five? Right. So I mean, the HIPAA security rule does give some latitude in terms of like, you know, how you establish meeting your security requirements.

But that's also like another reason why we, so we. Chime and ais one of our organizations that comprises CISOs underneath Chime, has worked really hard to develop a, these set of cybersecurity best practices, or they're known in the field as 4 0 5 DA super unsexy name. I know. So DC lingo. But they've been developed and they're voluntary, right?

They're voluntary sometimes. So they're also called Hiccup, another weird name. But either way, they're a set of best practices that . That CISOs and CIOs can deploy, and they, and there's some that are for smaller to medium sized, you know, lesser, uh, sophisticated, and then ones for larger ones. And so what this bill is gonna do, and what this, you know, hopefully will, um, I think take into account what just happened with MD Anderson is that we'll say, you know, you're working hard and, and, you know, cybersecurity, it's a, it's a journey.

It's not a destination. So, you know, some, some of these are maturity issues, right? And so you were saying you just bought the stuff, right? You were on your pathway to, you were increasing your maturity, but you were like a week , you know, it happened the, the week after you bought the stuff and you hadn't implemented it yet.

So it's about depicting that you are making an investment, certainly providers who are not doing the right thing, and they've been like, worn by OCR and then they're like, you left the door unlocked. Well, no, that's not gonna work. I mean, that is not gonna work. So you have, I mean, that has to be like credible investment has to have been made an effort.

Yeah, I mean, the hard thing about that is I could hear people right now saying, you know, we, we wouldn't judge banks this way, you know, but the banks are, are measured by their ability to keep our financial systems. Strong and, and that kind of stuff. When they, if somebody were walking in, I, I'm going back to a western here, you know, we're able to walk in, you know, blow up the safe and take the money and walk out.

We would, we would wanna hold that bank accountable for, for not putting the right, uh, things in place. And I, I think there's a, a, a set of the population look, amount of breaches over the last.

Missing or, or just outright stolen from our systems. And I think we all agree we have to do better. And the question is, is it incentives or is it sticks? And you know what I hear you saying is we need more incentives because a lot of these systems are, are trying to do this with without, without enough.

Yeah. We have a lot of experience with, um, sticks and . Carrots. And you know, like meaningful use is definitely a, uh, stick. And so you, what you're doing is you're skidding to the puck, right? So you don't want to establish a situation where you have like a checkbox. I mean, some of our, you know, very strong advocates for better cyber rules.

So you don't wanna have a checkbox mentality, 'cause that's not gonna get you, it's not gonna increase maturity. You're just gonna go check, check, check. And so that's not gonna necessarily like, result in the kind of security that you need. And so it is. You know, incenting, we think is a better pathway forward.

I mean, sometimes you, I mean, providers never like pen uh, penalties. I mean, I'm not gonna sit here and be like, oh yeah, we love penalties. That's like said, said, no provider ever. Please bring me a penalty. I can't wait. No . I mean, but there's ways to, you know, there's ways to do this and like it's, and but to just hammer them and just

Feel like you're gonna have this protracted two year long audit. You're gonna be like, your head's gonna be in a dark cloud, we're gonna put you on the naughty list. I mean, it just goes on and on and on and on. And instead of focusing on like, hearsay could actually, you know, improve yourself. It's more like you're now you're dealing with some crazy protracted audit.

And again, some are warranted, but we we're just, we've been trying for years to try and move this ball forward. And again, it's voluntary, bill. These best practices are voluntary. So, I don't know. I, I get so passionate about this. Well, we're, we're gonna move on to vaccine. I will share one, one last story is, you know, we had an internal auditor and when I came in, I, I couldn't get my, my security team out from underneath the audits.

They were essentially internal audit would do a, an audit. They'd give 'em a list of things they needed to fix, they'd fix those things. The next audit would come through, they'd get another list. They'd have to fix those things. And I, I finally went to the internal auditor and said, you got, you have to give us a six month reprieve, no audits for six months.

So that we can actually strategically get ahead of this. Otherwise, this is gonna continue forever. You know, you're gonna find things, we're gonna have to fix them, so forth. How about if we put a strategy together, we come, we work with you on it, you can look at it, give us, you know, some feedback, and then we'll put something in place and that, that was a huge, uh, game changer for our health system.

Almost everything we, we did as a result of doing that. And when once you get on that, that hamster wheel, it's hard to get off and it's, it's, it doesn't get any closer to where. As if, as if that topic wasn't, wasn't interesting enough. , get a vaccine. Alright, so you pulled out an article from the MIT journal, the Technology review and it is, this is how America gets its vaccines.

I'm gonna hit this real quick. So there's a handful of steps. There's a pre-step where there's a two, two systems, Tiberius and vs. Tiberius pull stuff in and uh, ITAR system.

Really cool overlay stuff and whatnot is what we would call a legacy system. And there's an awful lot of uploading things via human interface, if you will, downloading them from one system and uploading them manually into that. So that's, that's, that's, we're gonna call that pre-step one. Step one is actually HHS receives regular updates from Pfizer and Moderna, as you would expect, and I guess soon.

JJ uh, step two is HHS decides, uh, determines the numbers to send to each state. Right now they're sort of hovering at about 4.3 million per week. And then Tiberius is used to divvy up the vaccine on the basis of census data. So it's a simple algorithm. It's not fancy machine learning. It just sort of looks at, you know, the census data says, Hey, we're we're sending out 4.3 million, where are we gonna send it?

And that's what it does. Okay. So Tiberius pushes the. To other systems. It ends up getting to the CDC where a technician manually uploads and sets order limits in VRAs. VRAs, uh, is something like an online store, if you think about it that way. And that's where orders are placed for the vaccine. And, and then we get to step three.

Step three is the states and the territories distribute the vaccine locally. This is where it gets interesting. This is where it's, you know, the. Uh, what's the, what's the best way to say this? So it, it gets to the states and what's, uh, a lot of the article is, is pretty negative in terms of the states and they've been underfunded, they're understaffed and they're trying to get all this stuff.

But anyway, it gets to the states and then the states determine where it's gonna go. It goes back up into VT tracks, which I think is. They actually put the addresses in there and then it ships the vaccines. Step four is ships the vaccines. And actually, amazingly, this is the easy part. FedEx and UPS know how to do this.

They've been doing this for years and they ship it. And then step five is administer the vaccine and report back. And that's where we were talking about a little bit earlier. And that's probably where I wanna start with you is . You know, this is where the, the, the vaccine gets down locally. They're talking about the fact that the, uh, states are struggling to divvy it up.

The scheduling systems are a little uneven as some states are using Salesforce, some. Eventbrite is another one that's being used. Some are using, some health systems are using their portal. Some retailers, and I don't think retailers have a lot of the vaccine. They've been sort of tapped to do the long-term care facilities, but I'm not sure they've been opened up to, to do the general public yet.

But they, they're gonna use their, their retail portals as well to do that. But then you have to report back and if you don't report back and report back effectively, then . Your, your vaccine sort of goes down. So that's, that's a little bit of the, the lay of the land of the, the five steps from that article.

And we'll share that link to that article in the, uh, in the show notes. Alright, so you shared this story, you, you sent it over what, you know, what, what are your thoughts and, and, and where do you wanna take the conversation? I'm a perpetually an optimist Bill. Okay. So I like to think that, you know, everyone is really doing the best that they can do.

Right. I mean, I'm sure you can find some bad apples and actors out there. And this is maybe me speaking personally, but I like to think that people are doing hard work during, uh, this difficult time. And so, you know, there was a, there was a . Quote in here about, there was a lot of money and effort spent to develop the vaccine very quickly, or vaccines, but there wasn't nearly as much effort, um, spent on the distribution process.

And this is really, you know, these are the, you mentioned, you know, UPS and FedEx, like this is a logistics operation. Right? And so it's not all. Situations where, you know, someone is maybe entering things, um, manually, and there's, there's no electronic record. I mean, we had another member, for example, and this is like, it just varies.

Every state's different from what they require. I mean, it's a morass of different policies cobbled together quickly to try to, you know, get everyone vaccin as quickly as possible. I mean, it's, it's very, very difficult. But we just spoke to another member who has a very large EHR vendor that you would know, and they use their scheduling system to

You know, to facilitate the appointments, right? But say you're not, you know, they, they take all comers, right? So if you're not in their system, then they have to create a record for you. But at the point of when they reach out and say, I need a vaccination, they will look for you in the system and they're picking up certain pieces of demographic information.

But if they don't get enough and they don't get the right match, I know you're gonna find the shocking bell. Where am I going with this? You're gonna go national Patient id, there you go. The dark. Whole of every single piece of interoperability policies that we have to deal with. And so this has become, you know, again, now there are, I'm sure there's lots of providers that are doing things successfully though I would hope they're going back and spot checking their state registries.

Note to CIOs, if you haven't spot checked your registry, have your staff go do that. Make sure the data is actually in there. Because we've gotten some very alarming stories in the past two weeks that we plan on sharing publicly. And we're not gonna be naming any providers, but we're gonna make sure that lawmakers and policy makers know that this isn't working necessarily as seamlessly as you can.

And again, so because this data wrapped up in such a way where they, when they hit into the state database and they don't have all of the, you know, patient information because they can't use social security number bill, guess what they're doing? They're using data aggregators. Oh my golly. So here we go.

It's like . If you had a patient identifier number, you wouldn't have to be, you know, working with data aggregators to fig to have a better match. So it all comes back to not everything, but like lots of things come back to being able to accurate identify the patient or the co the consumer at the point of care.

So these are the things when we, you know, there's a lot of things with the vaccine administration that are not technology oriented. This is the piece that we're focusing on. Yeah, it's, um. You know, that's, that's interesting. I actually, I I'm not gonna go down that, that road, you, you so eloquently put the, the need for a national patient id.

The, the, the road I'm gonna go down is, I'm, I'm actually really optimistic, you know, most IT projects, most projects in general start and they're bumping, right? So we've, we've acknowledged that they're, they're bumpy to start, but, you know, I'm looking at this going a hundred million vaccines in a hundred days.

This is the administration's stated goal and objective we're already at with all these bumps and bruises. I mean, according to the Washington Post, according to Bloomberg, according to Thea, today we're at about 30 million people vaccinated, and that's with this. You know, all these problems that you read in all these, and I mean this, this article included, has a bunch of things like, oh, this is broken, this is broken, this is broken.

Okay, great. And I agree with you. I don't, I don't, you know, I don't put any nefarious, you know, intentions behind any of this. I'm just saying Yeah, okay. You identified all things that are broken, but 30 some odd million people have been vaccinated and. The military because we're probably not counting them in those numbers.

And so you, you up that number by a fair amount. Let's just say you get the 35 million. 35 million have been vaccinated since December. We didn't have a huge quantity of the vaccine itself, and we had all these logistics issues. Okay? That's, that's the start of the project and that's not all that bad of a start.

And to be honest with you, if the number of of of vaccines being produced continues. The direction. And yes, they were overstated in the beginning and we all acknowledge that now. But still we're looking at the potential for almost a hundred to 200 million doses being produced between the two Pfizer and Moderna.

And I'm not even including j and J at this point. So by April we might be looking at 200 million doses being available in the US to be distributed. I, I'm really optimistic. I have, I think we're gonna have more of a problem once we get through everybody that wants the shot than we are going to have getting to a hundred, you know, a hundred million people vaccinated.

I, I think that that number is gonna be achieved and it's gonna be achieved relatively quick. I, I'd be surprised if we're not there. The president's, you know, stated date of April, what's the first days? April 28th. For the administration. So I, I'd be surprised if we're not at that a hundred million number and with the a hundred million number and the number of people who have already had the, you know, who have had covid and have developed some immunities to it, at least as far as we know, we're, we're gonna make a serious dent in this thing.

You know, by the end of the spring? I think so I, I, I'm very, I'm very positive even with all these negatives, even with all these challenges that we are, we are really making a dent in this. That's, that's my personal, my personal view of this. I think I'm nuts. You know what I mean? I, like I said, I'm like, I'm an optimist too.

I mean, you've clearly given this a lot of thought. I can't say that I sit here and handr over. Is everyone gonna get vaccinated? Like, oh my gosh. Like, I mean, I'm just, I'm just trying to focus on the hair now, bill. And, you know, we were just picking apart one problem and I think what we try to do is identify like the single biggest use case ever for patient identification.

A pandemic, right? So I'm sure that we're the United States, we'll figure this out. You know, we, we will, you know, we'll persevere and it will get done. I think, you know, we'll have to do some, you know, post-mortem on this afterwards and just figure out like where we could have done things better. Heaven forbid we have another pandemic I, that's even hard to even fathom, but you know, I'm sure we'll get it done.

I think we're just trying to figure out like along the way, how do we mitigate some of these bumps? I. You know, I mean, my parents for example, they're not snowbirds, but they are on Medicare. They live in Virginia, but they're providers in Washington DC You have, you know, you have elderly patients who maybe lose their card, don't maybe know which

Vaccine. They got, you know, they got vaccine one, but was it Moderna? Was it Pfizer? They're not sure. So you can see there's gonna be some hiccups here, but I'm, I'm sure we'll figure it out. I just think that there's a lot we could do better. Yeah. I'll tell you, health IT leaders who are wondering, you know.

You know, bill talked about systems that have QR codes and they're checking in and they're in and out in 10 minutes. Boy, that isn't us. What are we doing wrong? I reach out to chime, reach out to me. Uh, more than happy to connect you with health systems that, uh, really feel like they have this pretty well wired.

I. And, and, and you know, you have systems like Atrium that are doing mass vaccination events, CIC and Massachusetts uc, uh, university of Colorado Health System doing mass vaccinations in, in, uh, Colorado. So I, I think that's the next thing we're gonna see. We're gonna see these mass vaccination events. and you know, in order to do those, you have to have a pretty sound process for bringing people in.

People that aren't necessarily in your EHR tracking them. Now it, you know, if you're in a major metro, the reason the patient ID stuff doesn't resonate with me is we had to figure this out a long time ago. I mean, we had, we had, you know, 15% of the people in our ERs were, did not have social security numbers.

Let's just say it that way. So we had to figure out this, this how patient matching and how do you handle people who are showing up for the first time and how do you handle consumers that you're trying to reach out to that aren't necessarily gonna be in your EMR and you're not gonna track them. Now granted our budget was significant.

We had, you know, 700 people in our IT department and what not everybody can do this, but, but there are absolutely ways around needing a national patient Id. To, to do this effectively. But I, I agree with you. If you put it down on every health system, I, I've already sat across from CIOs who have six people on their staff that were doing the same thing my 700 people were doing.

And that's just, there's, there's no way you can do it. I, I agree. You have to rely on other people to do it. So I, I empathize and I appreciate it, Mari. Thanks. Thanks for your time. I, I really appreciate it. This was a, this was a fun conversation. Alright. Yeah, I mean it's, it's always nice to be invited on Sobel.

We really appreciate that opportunity and it would be okay if I made, uh, a shameless plug for our information blocking center and our, would that be okay? ? That would be fantastic. Go for it. So, so again, launch, we just launched our, our information blocking center, so it's information blocking center.org.

And then back to the point about patient id, we actually have a patient ID coalition and so you know, we welcome our members to join us. Patient id now.org. Yeah, and, and everyone, I hopefully knows where to find me and we're happy to answer any questions and always happy to talk to a member. So thanks very much, bill, for having me.

What a great discussion. If you know of someone that might benefit from our channel from these kinds of discussions, please forward them a note. Perhaps your team, your staff. I know if I were ACIO today, I would have every one of my team members listening to this show. It's it's conference level value every week.

They can subscribe on our website this week, health.com, or they can go wherever you listen to podcasts. Apple, Google. I. Overcast, which is what I use, uh, Spotify, Stitcher, you name it. We're out there. They can find us. Go ahead, subscribe today. Send a note to someone and have them subscribe as well. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders.

Those are VMware, Hillrom, Starbridge advisors, Aruba and McAfee. Thanks for listening. That's all for now.