This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Take the risk out of healthcare with Cincinnati's collaborative and community-led network. Learn more at this week, health.com/censinet. .

I'm Bill Russell, creator of this Week Health, where our mission is to transform healthcare, one connection at a time. This is an executive interview on the keynote channel.

Quick powerful Conversations with Leaders Driving Change. So let's get started.

You're the CEO of CEO and founder. CEO and founder of Sensenet. Yeah. That's exciting. We could spend the whole time just talking about that. What's it like founding a startup in healthcare? It's pretty easy, isn't it? No it's, it's one of the hardest. You did you go the fundraising route?

In raised funds. I did. Along the wall. Yeah. Oh, you did? Yeah, I did.

Ed Gaudet: I was cordially commanded to go back to work by my wife who wanted me out of retirement 'cause I was causing trouble. I think we talked about this earlier. We got, I was following these guys around again, you know, eight acting 18 years old.

Oh man. Having a good time. I'm an options trader. I was trading stock and I was writing a couple of screenplays and she was like, I can't, you can't do this. Sit at the kitchen table like this. You've been on the road for, you know, all of our marriage and now you're home and I don't know what to do with you and you're causing trouble.

And

And I remember the following year, I started really focusing in on the local market, and I was home a lot more. And she'll be the first to tell you, she's like, that was a significant adjustment for our marriage. Like, not having you around was an adjustment, but it was probably an easier adjustment than having you around.

Ed Gaudet: Even the kids at that point don't really want you around. They've gotten used to, they used to call me the bank. Oh, the bank is home. Like, wait. Who are you talking about? Is that me?

Bill Russell: That's like, man,

Ed Gaudet: I was 200 plus nights out last three years at Imprivado.

Ed Gaudet: Yeah. And from the vendor side, I had experienced it coming outta imprivata. You know, my team ended up marshaling a lot of these. SRAs, these risk assessments through the process. And I would always say if you saw one, they were all different. You could never really get leverage. I kept coming back to this term leverage and I reached out to a dozen or so providers I had relationships with and they also had difficulty with the process and so we set out to, to redefine risk management in a way.

Was community led and community leveraged. And so we built this network of providers and their ecosystem of third parties to facilitate risk. Our vision is to take risk outta healthcare

Bill Russell: Bill. Yep. And you really have a double-sided market. Right? We do not only helps the vendor a true double-sided market, not marketing speak, it's actually a true double-sided market.

Yeah. The other thing that we innovated

Ed Gaudet: on was the process and the workflows, and so we purpose built everything for healthcare. We worked with customers to define those workflows that were manually done, and we automated them on the platform and did it in a way that, again, gave you leverage so you weren't just getting another.

Canvas to customize, to take your process. That probably wasn't great anyway. That's why you needed technology and jam a process that needed to change into a piece of technology. So we come to the market with is purpose-built workflows, specifically designed with our customers and designed for healthcare, not for horizontal, every other industry.

And then you customize around that, but specifically

Bill Russell: for healthcare. So, is it harder getting it off the ground or is it harder to scale it?

Using data protection tools enterprise rights management authentication, identity access management, secure communications, and then risk management. And this problem of building a risk management network is very different. The first problem you have to solve is what side do you subsidize and what side do you monetize?

Because the first question. A paying customer will ask you is, well, how many are on the other side?

Bill Russell: And

The answer is

Ed Gaudet: zero, not, yeah. The answer is like, two, right? Myself and somebody else. And so you have to figure out strategies to ratchet up the network over time as you're building out your customer base.

It's really hard to do.

Ed Gaudet: to that first million dollars is hard in a RR.

Getting to that $5 million in ARR is hard. And then getting past the 10 and then getting from 10 to 20, those are sort of the milestones that we're scale and really understanding how to scale is so important, so critical.

Bill Russell: And and so, I put you in the category of one of the best. Marketers in the industry.

I know you give a lot of credit to your brother, but you have the the logo there. You do the Risk Never Sleeps podcast. And we talked about this before. Somebody came to us, said, oh, Ed's competing with you. I'm like. There's no competition in podcasting. I mean, we're No, we're all serving different markets and we're all doing stuff and I love the stuff you're doing and I love your approach to did you see it as marketing or did you see it as more like just connecting with your clients and having conversations?

And I feel like vendors should have a balanced view of that type of mission strategy because we serve alongside our customers and everyone in healthcare. This is What I love about healthcare the most is that shared mission, that you don't have in any other industry, bill, like no mission, no margin, no mission.

Bill Russell: We do the CISO round tables and the I can almost tell you what the conversations are gonna be. 'cause one of the things we say is, you know, what's a proper challenge that you're dealing with? And then they talk amongst themselves around those problems. Third party risk is always number one or two.

third party risk is a really challenging problem for these health systems to get their arm around. It's like you it's not quite whack-a-mole, but I think what it requires is something we're unwilling to do, which is to essentially say, if third parties don't meet this criteria, we're walking away.

And we're unwilling to do that and say, look we've gotta find secure partners. We gotta find partners that are serious about their security posture and hygiene and all those things. Or we can't do business with you 'cause we can't give you the data.

Ed Gaudet: I thought long and hard about this problem.

Barry Chakin just wrote this nice piece on LinkedIn and he mentioned that I love that technology does not create transformation. Leadership does, and everyone pushes third party risk down to, you know, to directors of IT or risk management, and. Those are the folks that do the work and it needs to go there, but it needs a level of vision and strategy and transformation because it's different than what we've been doing 20 years ago.

It needs to be different than what we've been doing 20 years ago. It can't be a checkbox certificate any longer and I think they always lean on those. Well, I got a SOC 2. Well, that's great. By the time the SOC 2's published, it's already outta date.

It's exponential. I would say 80% of the vendors right now in healthcare that have been part of the inventory for the last couple years are AI enabled in some way, and healthcare leaders don't even know about it. They're looking at the new things that are coming in the door, which you have to do. It's necessary, but it's not sufficient.

We're just scratching the surface of the problem, in my opinion.

Bill Russell: I want to go in two directions here. One is I want to ask you about budgets, and then the second is I want to ask Yeah. About AI Are we funding in healthcare, a, this is too broad of a question, but are we funding cybersecurity and privacy and security well enough in our health systems?

I mean, and what is well enough?

Bill Russell: The answer is always you have more. Just give us more we'll of it. But yeah and it

Ed Gaudet: may not be more, it may actually be less.

Most people look at one thing when they're trying to solve a problem, but everyone talks about the holy trinity of it. People process technology, but then in practice. When you actually have to go and implement technology, people are pushing their old process. If the technology is not informing the process in a way that actually drives new outcomes, that drives mission critical outcomes, that drives the ability to keep your systems up.

Forget about breaches, I worry about shutting the system down, diverting care to another hospital that might be stepping off. Right? That's what we saw

Bill Russell: last year. I mean, that was serious.

Ed Gaudet: No, that's right. That's right. And we've set up all these artificial constraints, like for example, change health happened because quite frankly, for a number of reasons, number one.

Right. It's a huge clearinghouse. It became this clearinghouse that was acquired. Year after year with all of these products in these third parties in supply chain, right? Became constrained, became consolidated. Consolidation is a risk. Many CIOs will say one of my strategies is consolidation. Okay, that's great, but guess what?

You're creating risk in your business by consolidating too. You can't just look at consolidation as an economic benefit. You also have to look at it. In the context of the risk you're creating in your organization. Many of the change health issues were because they signed exclusivity clauses with change and they couldn't build a resiliency or continuity plan that lined up alternative solutions.

Bill Russell: Well, the interesting thing about change is that the event happens. It's much more broad than we had anticipated. Yeah. Then we say, okay here's what we identified. We identified that we had a essentially a single point of failure around this clearinghouse, if you will.

And you know, a couple months later, I'm just talking to a couple CIOs. I'm like are there any more of these that we haven't identified? And they sort of looked at me like, that's a good question. I'm like, yeah, that's right. That's a good question. Like. if I were a CEO or a board member, that's the first question I would've asked.

The CIO I'm like, exactly. Well, and I'm not even sure. It's just the CIOI would've asked that question too. I would've asked the COO like, Hey what other things? 'cause that's a business risk

Ed Gaudet: it's a business risk. It's a clinical risk. And it goes back to my point that cyber security.

And if you live in that world, you're never gonna get past yourself. You're always gonna stay in that world. To your point, the way to, to identify the next change health is to understand all of your business processes. Which ones are critical functions in your industry, and then have all of your vendors and all of your products mapped to those so that continually, as things change, you stay on top of it.

But it's largely technology based. We live and die based on the technology that's in place today, and we're still taking risk-based approaches that are 20 years old. what needs to modernize? Leadership. Leadership has to change the way they think about risk management, change the way they think about cybersecurity, and they need to think about it transformatively.

They need to take a step back and say, this isn't about vulnerability management. This is about clinical continuity and business resiliency. How do we get to a place where we can look at any point in time our business processes, our critical functions being if it goes down, we stop delivering care.

Bill Russell: I'm gonna give you a role play here.

You got me fired up, bill. You got me fired up. I know. I'm gonna make you, I'm gonna make you a CISO for a, this is my favorite use case here. You're now a CISO for a 16 hospital system six and a half billion, $7 billion health system. You're gonna be presenting to the board. Make the business case for security as a differentiator, like you can differentiate our business based on our based on our investments and our security posture over somebody else in healthcare.

Is that a case you would want to try to make?

Ed Gaudet: Yeah I think you can make it, I think you can make it in a way that says, let's take a look at what outcomes we want to drive through security. Let's take a look at what outcomes we wanna drive through all the investments we're making in GRC and cybersecurity and biomed.

Business continuity and resiliency is in one department. Cybersecurity is in another department, the SOCs, in another department, you've got biomed is managing medical device security, right? And yeah, sure, maybe there's matrixes, maybe there's some conversations that happen, but there's a lot of opportunity to transform that entire view of the world and make it horizontal and so I don't know if I could take out 20 to 30 to 40% of your costs and deliver more coverage.

It's fine. Right? You can choose your own path, your own journey. The first thing I say to them is, if you want vendor risk management to work for you. The first thing is make the policy change to require all vendors to go through your process and not deviate. And if they don't go through your process, don't do business with them, period.

Bill Russell: And [00:19:00] that's it's really it took me back to a conversation. It was a couple years ago, but the CIO sitting around the table and we had that conversation

and somebody, one of the CIOs said. Look, we won't even entertain a RFP response unless they agree to this. I said, well, it's really interesting. And by the way, there was disagreement at that, like it, not disagreement, but there was CIOs at the table who were saying, man, I wish we could do that.

Like, I wish I could get leadership to agree to that. But if, you know, if supply chain comes in and says, Hey, no, we've gotta use this vendor. Them saying, we've gotta use this vendor sometimes will trump the following, the procedure and the process, depending on the political clout of the person who's bringing that vendor in.

And Yep. And then hope becomes a strategy.

We let 20% of our vendors through the process without any risk assessment. Whoa, you did? Yep. Because the business said they needed the product. I guarantee you things would start to change if governance really started to do their jobs. You are saying if there's transparency. Transparency is the enemy of risk.

Bill. It is. It's thank you for setting me up. 'cause I love that statement. It's, oh. Yes. Yeah. And that's the point of the leverage at a network level because you're driving that transparency. Right. And the more transparency you have in any type of system, the less risk you have.

Bill Russell: All right. So you brought up the word transparency and we only got a couple minutes left here. Yeah. AI, to me is one of the least transparent things we've ever done you talk at this chat bot, something happens behind the screen and it like, opens the screen and hands you something back and you're like, Hey, what happened to the stuff I just gave you?

I'm trying to think what the question is. The question is, are we starting to factor this in? I mean, I just came back from UGM, UGM they announced. I saw that. Yeah. A thousand different things.

Ed Gaudet: Yeah. No, I saw your piece on that too. That, that roundup I was really good. Yeah.

No it's interesting. In, I hearken back to a 30 year, don't hold me accountable to the dates here, but a Microsoft strategy. Secure by design, secure by default. Like if we just start there, every vendor follows that as a strategy, we'd solve 80% of the issues, right now, today, the problem is it's turned on by default and we have AI in our solution.

And that's the problem. There's so many vendors right now that are enabling AI I remember when Adobe Acrobat came out, you may have seen this. They first came out with their AI capabilities. They forced you to take it. You couldn't turn it off. I couldn't turn it off, and so I couldn't use it, so I had to de-install it.

We need model cards. Right. That's gonna take time. Right, right. But we should start adopting it in a way that's controlled, in a way that manages risk. We still may be taking on more risk than we'd like, but we definitely should be adopting AI And I'm not sure, I mean, I saw your point about. Stay with the existing vendors with ambient listening.

Wait for Epic to

Ed Gaudet: I don't disagree with you. However, I will say this two years into it doesn't mean it's version four for these existing vendors either.

Reduces the number of clicks clinicians will ta have to take. By using that capability, it's gonna be integrated in. My first foray into healthcare was imprivado. I'd never done healthcare previously. So, 10 company or nine companies previously, no healthcare, go to Imprivado, do healthcare.

And I remember sitting around the table talking to our customers and they were talking about why they were using the product. And they were talking about in terms of saving help, desk calls, password resets and I said, wait, but you don't use the product. The clinicians use the product. What do they say the problem is?

You know, and they laughed and they rolled their eyes and I'm like no what? But what do they say? Oh, they talk about saving clicks. And I was like, saving clicks. What is that? Never heard it before. What is that Healthcare is so workflow driven, so workflow centric, and so outcome centric.

Bill Russell: It's a great question and that's why I'm glad you have your podcast Chris never sleeps. Yeah. So what's the schedule for the podcast coming up?

Do you have, yeah, let me, I, you asked a question

Ed Gaudet: earlier about it and I don't think I answered it, but the reason I did the podcast was because I felt like there was a void in podcast that focused on the people behind the roles. And to me authenticity is really important. It's one of our core values and so.

I wanna get to know the person I don't, I mean, I'm interested in their journey from a technology perspective, their strategic initiatives, all those things that matter to my business that we can map to. But I'm really interested in the person's journey. Why did they get into healthcare? What have they learned?

Bill Russell: What would you bring? What would I bring? Five albums? Yeah. The, you know, that's a great question 'cause it tells you a lot about a person. You know, I am extremely eclectic in my music.

'cause I would, I'd have some Broadway stuff with me. I'd have some eighties rock stuff with me. I had eighties rock Jeff Leppard. I was more a journey and sticks kind of guy. Oh, sticks. Nice grand illusion. It would be all over the place. But, you know, I like Enya.

You know, now people are laughing, but you know, it's no, it is great. What I have to determine is what mood I'm in today, and that's what music I listen to today. It's so funny that

Ed Gaudet: people would comment on it. You can tell what mood Ed's in based on the music he's playing. If he's playing jazz.

Don't go in, don't go

Bill Russell: in, do you do bump? I mean, I wanted to do really cool bumper music for the podcast. It's hard to do. Oh yeah. It is hard to do.

Ed Gaudet: Yeah. What do you, what do you have something? Would you No, I,

Yeah. But you know, the, there's such, every now and then you listen to one of these, like, real big time podcasts. They must pay the fee to get the ability to use, you know, the clips from, I don't know, like a rush clip or something coming into their stuff. And we can't do any of that stuff that's that's dangerous.

Ed Gaudet: A good friend of mine actually creates his own music. So actually I use a piece of his music in mine. Oh, nice.

Bill Russell: Yeah. And you have your own personal artist for your show? I do, yeah. People have to listen to this Del Piamo. He's great.

Fantastic. That's awesome, ed. It's great to catch up. We will have to do this again. Likewise. Yeah. Looking forward to forward to keeping these conversations going, and appreciate you being a partner this year with this week Health. Yep. See you on the road. Absolutely. Take care.

Thanks for listening. That's all for now.