This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Special thanks to our sponsors, Quantum Health, Gordian, Dr. First, CDW, Gozeo Health, Artisite, and Zscaler. You can check them out on our website, thisweekhealth. com. Now, onto our interview

Alright, here we are from 5 20, 24 and in beautiful Los Angeles, I keep saying beautiful. Los Angeles. Uhhuh . But I was from Orange County. This isn't exactly beautiful Los Angeles, but I'm here with Mike Smith with class research Vice President of research.

Mike, looking forward to the conversation. Hey, I do too. This is, this will be great. So best in class means something in the industry. Talk to us a little bit about what that means.

Yeah, so, CLASS has been around for about 25 years. And what we realized is that it's really important for providers to be able to see who's performing well in the marketplace. And so several years ago we started to measure the performance of vendors based on research that we did with providers.

And so each year we publish a report that basically is a snapshot in time of all the vendors, and how well they're performing in different market segments. And so, it really highlights who's performing well and who isn't. And the intent for Best in Class is to amplify the provider's voice and hopefully um, help light on those that are doing an exceptional job.

So

this is a way for providers to hear honest feedback about how their services are performing. Absolutely. They may not hear it directly from the provider themselves, but they definitely will hear it from the feedback that you're giving them. Yeah, I mean, they'll think about it. If you

Back in the day, so back 15, 20 years ago, if you wanted to know how a vendor was performing, you'd pick up the phone and call your buddies, right?

And ask them about their experience with the product. Now, they can pick up a report from class, and they can look at it, and because many of them have already participated in the research that we do, they can actually see with confidence who's performing well, who isn't performing well, what their strengths and weaknesses are, themselves from one another, and ask We actually see anonymized comments that will enable them to actually get more context around the performance of the vendor that they may be considering.

And so, really the hope is it can accelerate, we can cut out some of the work that they may have to do and allow them to be able to go and quickly see who's doing what and how well they're performing.

How does this differ from a Gartner, a Forrester, or Consumer

Reports, for instance? Yeah. It's quite a bit different.

And part of that is maybe the approach that we take. We We spend time, in most cases, on the phone. Usually it's about a 30 minute interview and we go through and ask them a series of questions and then we, based on what they, how they respond, try to drill in and understand what they're doing.

And so, in many instances, Gartner is, and I'm not as familiar with Gartner but many other organizations will do more forward looking research or they'll do research that's just all electronic. We like to get on the phone and actually, drill into the details and understand context and understand what's happening.

So will you actually meet with the vendor partner at some point and have conversations about, not only are you collecting the information from the consumer, which is phenomenal, but meet with the partner and say, okay, you take us through. Tell us about your solution.

Yeah, we do. We do. And so we actually have a lot of meetings with vendors to really take them through and dive into the feedback that we've collected from their clients.

And really the intent for those meetings is to hopefully identify what are some things that they can do better. And certainly help them understand what's working and what isn't working. So they can ultimately become better for their clients.

Do you ever have, so we're walking around this and I think there's obvious categories.

The EHR category and those kind of things. Yeah. There's so many solutions that I'm talking to and I'm sitting there going, I'm having trouble putting them into a category. Do you guys like create new categories as you're going? All the time, yeah. Oh really, okay. Yeah,

so it's, that's in process even right now.

So, so we have different There's a lot of different areas that we are trying to figure out we, how do we help encapsulate this type of solution and this problem that they're solving. And in some cases, to be honest with you, we it takes time. But typically the way we do it is we listen.

We go into conferences like this and we, talk to the vendors, we talk to the providers and their leadership to say, hey, what's important to you? And if there's an area that's of high interest to a provider we will start to focus in on that and act, if it makes sense, We'll actually start, creating new research in that area.

Because it takes some time for there to become a body of knowledge around how, how did the implementation go. I'm thinking specifically around computer vision. Yeah. So we have the Artisites of the world, and we have the CARE AIs of the world. Right. But it's, it's kind of a new area. A new, I mean, do you guys have a category for that?

So typically what we're doing now is we have a, an area we call emerging technology. Okay. And so that allows us to actually New technology, focus on a vendor, , even if they only have three or four live sites at least validate what they're doing, ask some performance based questions, and then give an early view into how that vendor's performing, and then once that market becomes more mature, then we actually will start measuring that in kind of a vesting class fashion.

So what,

what determines when it becomes more mature? Is it the number of players that have come into

it? Typically, yeah , usually It's based on the number of live sites that they have, so number of live clients that they have the number of vendors that may be performing in that marketplace.

you look at the big player, do you look at like the Microsoft that has, I mean, Microsoft has all sorts of tentacles all over the place. Right. And do you like just classify them based on the category you're looking at?

Yeah,

that's a good

question. , so I'm opening up research on public cloud.

And so, from a Microsoft Azure perspective. We're doing some broad research on Microsoft Azure, but then we have some very specific point solutions that we're also measuring with Microsoft. And so, with AWS, Microsoft, and some of the big players, we may take a broad perspective on how well they're performing, but then also hone in on two or three or four or five, in the case of Microsoft, categories that we can actually take and compare them with some of the other players in

the market.

You have

a booth. We do. happens in a class booth at this? At this kind of event. Oh man. It's

amazing, right? So obviously this is a great place for people to come and learn about class, what they're doing and certainly how they can get involved. It's a great place for them to see what kind of research and the breadth of research that we have and really how they can leverage , that research to help them in their organizations.

So, who's your client? Is your client? The health systems? That's a good

question. And it's both. So we have obviously our primary client is gonna be the health system. We work closely with them and our goal is to help hopefully provide them with honest, accurate, unbiased insights.

But we also work with the vendors too. And so we have a number of vendors that are class members and they use the data to hopefully help them learn how they can become better. and we believe that if we do our mission, if we, if we do our job right, we'll be able to help the providers make better decisions and we'll help vendors become better.

Fantastic.

Mike, thank you for your

time. Hey, thank you. Appreciate it. Thank

you.

  (Transition) 📍 📍 📍 ​

Ah, no. Not at all? How's it going? Drex, great to see you. It's good to see you too. Glad to see you in your new role. I have I have made the switch from a very close company that Amazingly enough, we were just talking about this. A year ago, we were here at this very conference, and I was with CrowdStrike, and our booth was like two booths down from this one.

And there was some conversations that happened at that conference that continued after the conference and on into the last whole year. And you have an announcement to make about

CrowdStrike. Right.

So we have a great partnership with CrowdStrike. We're built, as you can see, on the CrowdStrike log scale platform.

And it looks great. It looks great. It's been a great experience. We migrated all our data directly from our cloud where we Enrich the data, and then we send it directly into your LogScale repo. And we generated a lot of the queries, a lot of the background queries generated all the widgets and dashboards.

The thing I tell people is LogScale is built as a streaming, event driven database. As opposed to a 📍 lot of other databases that look at stats, that look for relationship between data. BlockScale is an event driven database, so we had to do some stuff to make stateful data for inventories of PHI and inventories of devices.

But in terms of picking out what happens in an event stream, this is perfect. How hard was it to do? Well, once we got through understanding the difference, I think it's a mental shift for people to say, Gee, I'm used to a relational database, or I'm used to a NoSQL database, which is all stateful to a Event driven database, which if you're done digital signal processing, everything's screen based, yeah?

If you're familiar with that, you go, forget everything you learned about databases, and think in terms of what happens in an event window, right? And generating these dashboards is incredibly easy. So I have a team of a couple of data engineers that basically, once they got over the first shock of, oh, I could do this like this, right?

One of the most powerful features we have is the nested group bys and the capability to add function lambda function Everything once you master that it's like oh my god. I can do all this stuff. You're off to the right two lines Insights that you can get by relating all this data is incredible.

I mean, I've been really happy with this. To be able to, on not only the log scale side, but all the other additional capabilities. Our ability to generate alerts, scheduled searches for remediation. We show real time data, real time risk, all calibrated using real data aggregator. Our sensors to the cloud into your And then, we know we have additional abilities to generate orchestration, to do remediations, to do reports, to do e mails.

And we did it all within like months. I mean, it was really amazing. Really amazing. You guys have been brilliant.

Not me guys. CrowdStrike guys. Folks were really amazing. We had some great folks on that team. They did. Anybody you wanna shout out? Well, I think Paul MacGyver. I think Paul MacGyver.

MacGyver,

yeah. When he first saw it, he goes, oh my God, you can do all this stuff. And I said, well, just, we, next week we'll show you what else we can do. And I think we exhausted a lot of. His capability is to go, stop, slow down!

  📍 📍   In the ever evolving world of health IT, staying updated isn't just an option. It's essential. Welcome to This Week Health, your daily dose of news, podcasts, and expert commentary.

Designed specifically for healthcare professionals like yourself. Discover the future of health IT news with This Week Health. Our new news aggregation process brings you the most relevant, hand picked stories from the world of health IT. Curated by experts, summarized for clarity, and delivered directly to you.

No more sifting through irrelevant news, just pure, focused content to keep you informed and ahead. Don't be left behind. Start your day with insight at the intersection of technology and healthcare. This Week Health. Where information inspires innovation. 📍  Increase

 so before I go on, because I love, I mean, one of the things I love about you, you have a huge amount of enthusiasm for the work that you're doing to make healthcare better and safer.

Thank you. Let's Talk more broadly about Taasite. What does it do? if somebody has what kind of a problem, why would they talk to you? I

tell people Taasite is really about lowering the liability and the risk. to an organization that has to deal with PHI. PHI is the most powerful commodity in healthcare today.

is about understanding how do I help you lower your liabilities and risks, and how do I streamline any kind of incident response. So today, cyber security is not only about protecting your perimeters and privacy. Keeping the bad guys out is about cyber resiliency. How do I get back to business?

How do I file all those disclosures? How do I keep the legal requirements down? So I'm not spending endless dollars and hours filling out these forms about the details of an incident. The 8K. The SEC. Now it's a thing. And you're going to have to basically prove that you've done everything right. Because the shareholders are going to say, Hey look, that's what they did for protecting the assets and the mining investment in their company.

That's not good enough. You've got to be able to describe, right? You've got to describe, you've got to verify and prove that you've done a good job. I think that's going to be a huge change. So our goal is not only help that organization not only understand the risks and what the OCR calls the potential.

Right, which is really, I mean, if you read the hypersecurity rule, you go, oh my god, how am I going to do this? Complete and thorough assessment of all the variables. vulnerabilities, and potential risk to CI and A for all the electronic patient records. That's an insurmountable task, and you can't just do it by saying, I surveyed 20 machines, I surveyed these folders.

No, you need to actually know where everything is. You need to know

in real time what that risk looks like. It's kind of the next version of like, you can't protect it if you don't know where it is. That normally means the things that are on your network. If you're the different version of that, you're like all of the PHI and where it is.

And it's in a lot of strange places, right? When you do a test, when you do an initial POV with somebody or something, you find a lot of, they're really surprised. I don't know if these are shared desktops. You've

seen these shared desktops? Look at all the files that have everyone access. Why? It's because they put discharge handoff notes in there.

Or, look at the recycling folders that nobody purged. There's tons of data in there. They're log files that applications have generated. They're files sitting on servers belonging to users. that aren't even there anymore, but they're still sitting on your There are files that are 10 years old. There are files that are in excess of 20, 000 files by a single user.

Why? Because somebody

It's just kind of It's sloppy work. It was the easy way to do it. People change jobs and do other things, and they put different stuff in. Right, yeah.

So, those are the things that we know. You can reduce that. Either in a preventative phase, pre breach, or get to a remediated point where you say, I have a good security posture around it.

How I'm handling PHI. Then, because we monitor the stuff continuously, and dump the data into a CrowdStrike environment, we can generate queries and background searches to look for things that you need to worry about. Oh, why is Dr. Jones, again, sending PHI using her personal email? Yeah, well that never happens in Ohio, so we know that.

But they do. Or, why are you, USB drives still being used so prevalently by certain people while they're taking their PHI. Oh, Yeah. And then, a real simple thing. The alerts that generate interventions, where interventions break then and their name is needed. Those are the anomalies. Why is the encryption all of a sudden turned off on these machines?

And that machine is going out the door. I should stop that.

I should quarantine that machine. You get an alert when somebody has Encryption on and then they turn it off or it's turned off. Very

interesting. Or they turn off security tools. Monitoring. Yeah. It's all the little edge cases that you go, Yeah, it might be nice to know that in real time.

Is that a repeated behavior?

So. One of the other announcements you had was Office 365 integration. Tell me about that. So, Office

365 is, as we all know, widely used in healthcare, but the risks there are how many files are there, or how many emails and how many attachments are in those folders, that should that user's account be compromised somewhere, you have a huge exposure.

It's not uncommon for people to keep their entire work histories, I know I do, in my email. I want to know who I talk to, I go and search for my email. Doctors do the same thing. So, there has to be controls, at least to say, look, these are sensitive data, and You should tap it and then put the rest, in a more safe, protected archive, right?

Right. If you need to look at it, you know where to find it. It shouldn't be in an active email, right? Preferably, it's covered by a separate account, so you're not logging in towards using the same login, or better, have an MFA approach. Yeah. So all these are steps that I think you should take. will gradually help tighten down the infrastructure so that we don't leave our PHIs ready to be attacked by some nation state actors or who are always out to get you.

So, I'm sure you know the probabilities and the success rates for phishing attacks. It's high. It's not impossible to get into a system. So, once you get into a system You're doomed. Yeah, I mean then the only thing you can do is compartmentalization, right? No, why should the admin account be open to everything?

They should be compartmentalized. It should be firewalled into rings. Yes And so those are the things that we start to want to promote because these aren't

costly things They're just changes in your process.

They're best practices And you're giving them a way to sort of find where they're not doing those best practices and then building alerts to tell them where somebody is violating that practice.

So it's a continuous performance improvement kind of loop that you're It's using

quantified data. It's using the quants as opposed to subjective assessments of, Hey, you know, I took a sample of these 20 different machines and they all look good. Yeah, I know. It's knowing what happens on all those points.

Actually knowing. Correct. In real time. I showed somebody this and I said, think of your security risk assessment that you do annually. How broad a sample do you take? Take a sample. What if you had a 100 percent sample? This is continuous, in real time, across all your machines. Yeah. So, one of the numbers I always like to talk about is, 12, 000 endpoints, 10, 000 users.

You've got 12, you've got what? 120 million at that point. Multiply that by the number of files that you're dealing with across the system. Multiply that by the number of emails. That's the space that you're trying to protect. Where's my RISC? It's all those endpoints. And your surface area is huge. You cannot do this by hand.

You need technology. You need to know where everything is and be able to prove it when the time comes. And then, hopefully, you have all that immutable data, audit data, in a place that attackers can't get to. Right. And so, the idea, I have all the event logs, oh look, I can hand this off to the rensing team.

Right. A good attacker will have wiped that out. Yeah. Good stuff. Yeah. I mean, I was covering my tracks when I was 📍 a student.

Yeah. So I want to ask you, so one other kind of big, broad, general question. Besides those two like tiny little projects you've been working on, what else, what's next?

Or what are you looking at as you look into the future?

Improving our AI so that we have our, what we call our gen four ai starts with. tie all the data around PII information, different unstructured content, emails, etc. to say, these things all tie to the same individual? Are they all, do they all plug to David Ting so I can go backwards and say, hey, I'm David Ting, I'd like to know where you have all my data and you can find all of them.

We want to do this in a privacy preserving manner. I don't want to have your demographic data in my database. I want to do it in a privacy preserving manner that leverages all the, quote, PII like terms about you so I can correlate them. So all of a sudden, dude, those files, that email, they'll talk about the same person without actually having any of that data in our cloud.

Is there, Is there some part of this that might also help us with Patient identification. We have a lot of duplication in that kind of stuff that happens. So today we see that already for

files, attachments. I sent out an attachment that has information, so you see lots of duplications all over this place.

Duplication everywhere. Right? It just speaking on the M 365, the first thing you notice is attachments get sent to 20 different people. Super areas just increase. Right? It's the same freaking file. Yeah. And you have that multiplied by. The number of emails, because attachments are sent everywhere.

And then they get forwarded. They get forwarded. So, this again, another thing that you might want to consider. Do I really need to send this attachment to all these people? Just because it's easy to have them on the to list? Yeah. It's just, once you understand the risks and the sensitivities to the overall equation, you can say, yeah, let's just train people to not do this as an automatic response.

Right.

Hey, thank you for the time today. I really appreciate it. David, you're awesome. Great to see you. I'm looking forward to continuing to sort of have this conversation. See all the other stuff that's coming up. Because I know you have a million ideas about what's happening. No, no, No. Thanks for your time.

Thank you.

  (Transition) 📍 📍 📍 ​

Thanks

for listening to this Interview in Action episode. If you found value in this, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you could do that would be great, and we want to give a big thanks to our partners who make this possible.

Quantum Health, Gordian, Dr. First, CDW, Gozio Health, Artisite, and Zscaler. You can learn more about them by visiting thisweekhealth. com slash partners. Thanks for listening. That's all for now.