This week on HIPAA Critical we share the latest news headlines that tells us more about the impact of COVID-19, how Paubox customers are helping businesses and organizations keep in touch, and an insightful interview with Paddy Padmanabhan, CEO of Damo Consulting, about how COVID-19 may change healthcare for the better.
Rather read?Here’s the full transcript of this episode.
Olena Heu: It's time for another edition of the HIPAA Critical Podcast. Joining me this week is Chief Marketing Officer, Rick Kuwahara. [THEME MUSIC]
Rick Kuwahara: Hey Olena. Great to be back again.Olena: Thank you so much for joining me. And now we've got a stacked show with lots of relevant and important information, and so the first thing we're gonna talk about is of course what everybody's got on their minds, COVID-19. And so, what can you share with us regarding what's in the news regarding the Coronavirus?
Rick: Yeah, unfortunately lots of stuff going on.
But to start off on a little bit of, I guess, a silver lining, there was an article written by Paddy Padmanabhan, who I actually got a chance to interview and you guys will be able to listen to an excerpt from that interview later in the podcast, but he wrote a great article on CIO.com, which was around the story that's playing out where there's a lot of technology being adopted on the backend of healthcare organizations, because of the Coronavirus.
So, like a lot of people know, the frontline of healthcare workers have been really swamped with the outbreak. And along with social distancing and people staying at home, there's just a lot of confusion of when should I go see a doctor, when should I not.
How can healthcare systems adapt to this and help people while still controlling crowds and who's getting into the hospital and what's called triaging. A lot of it is just identifying, okay, what's wrong with this patient? Do they need to come in, do they not? How severe is it?
So a lot of health systems are adopting technology to help them with this kinda new normal.
So, one of the things is like technology, which is they're calling it self-triaging tools to help consumers check for symptoms on their own before being asked to go see a doctor or get put through to talk to a doctor on the phone or online.
Providence Health in Washington State, which was pretty much like ground zero for the pandemic in the US, they have their chat bot actually now have FAQS with assessments related to COVID-19 systems.
Providence Digital Innovations Group, which helps kinda organize things, say that they saw 70,000 patient logins and over one million messages come through that chat bot in the first month of the outbreak, which is about 10 to 15 times...Olena: That is fantastic.
Rick: Yeah, so it's about 10 to 15 times more than normal, and, which is great.Olena: And you know what's really great about that, is it's giving people resources. And that's what they need because a lot of people they feel a little under the weather and then they think, "Oh, I need to go to the doctor and get tested," but more than ever it's important to stay home and not spread whatever it is that you have.
Rick: Right. And not overrun the hospitals, right?Olena: Mm-hmm.
Rick: 'Cause you don't want people to freak out and at the slightest ongoing when they don't have to. And it's gonna take longer for people to get on the phone with a doctor or a nurse.
So, having these ways for people to self diagnose is really helpful. And the other thing is telehealth, which is really coming up a lot for all healthcare providers.
We're seeing a lot with our customers, especially around mental health therapists, those type of consultations, where it's really being extremely helpful.
And, I think, Geisinger Health, they saw a 500% increase in telehealth visits within the first couple of weeks of the outbreak, and just incredible amount of adoption for telehealth, where previously, because telehealth has been around for a while, but it never really caught on.Olena: And what does (telehealth) mean specifically?
Rick: Telehealth is where people can go online and see a doctor virtually. So you have your webcam set up and there's different programs available that are HIPAA compliant and secure, where you can talk to a doctor or see them face to face over video and not actually have to go walk into the office.
And it's been around for a while, but now we're seeing it happen, of course people have to use it more, and so we actually might be at a tipping point now where it's going to be adopted a lot more regularly. And we kinda talk about that when I interview Paddy that you can listen to later in the podcast.Olena: Excellent. And I've always appreciated that with my healthcare provider as well, that if there's an opportunity not to go into the hospital and do it virtually, then that is fantastic.
Rick: In the end, the bottomline is that you want to get people better health outcomes, and you wanna make it as easy as possible for them to get the help they need.Olena: Wonderful. And so what else can you tell us about how COVID-19 is impacting cyber security?
Rick: Yeah. Last week we talked a little bit about it. How people are now working more remotely, and how that can increase the risk of a cyber attack.
And we are now seeing the results of that actually happening.
So, Europol released a report recently where they show that there is a increasing number of attacks of people going after that remote workforce, specifically with phish being as hijacking attacks.
So a phishing attack, everybody knows, is where you kinda send an email that's fraudulent. The hackers want someone to click on it, and then they can then take data from your computer or access your email and use that as a way in to compromise the organization.
But DNS hijacking is a little bit different, that's where they actually hack the router that you're using at home, and they can then change the DNS settings on the router.
So you can kinda think of it like whenever you type the name of a website on your browser, the DNS service is what connects the IP address, so where that website is located with what you're typing in, the domain name.
And what hackers are doing is they're kind of hijacking that, so they're redirecting it from the site you think you're going to, to their fraudulent site where they can then do a few things.
They can actually get malware into your browser, your website, they can have you fill out a form to get your information, it's basically a way of phishing for a web browser versus doing it via email.Olena: That is crazy.
Rick: Yeah. It becomes even more important what we talked about last week, doing, either having... Well one, always making sure that you are not using the default password for the admin on the router.
That when you have a router you're changing it from whatever it was set by the factory, which a lot of people don't do. You need to change that. And then secondly, for a lot of organizations, it's making sure that your employees are using a virtual private network, a VPN, which secures the connection to the internet.Olena: Alright. Wow, that is invaluable information. [chuckle]
Rick: Yeah. And so always be safe, and just be aware these attacks are out there. And just making sure that if something looks a little wrong, that it probably is. Trust your instincts there.Olena: And you're not alone, there are hundreds of thousands of people that are being affected.
Rick: Right. I think by March some research from Atlas VPN saw that there was a 350% increase in phishing websites, which is over half a million registered phishing sites that they found, which means there are probably more others that are out there that they haven't found yet.Olena: Unbelievable. Well thank you so much for sharing the latest news headlines with us, and that is really interesting to share. So, we also wanna focus on those that are winning and those that are losing. And so, what can you tell us about who's winning this week?
Rick: Well, we're excited to talk a little bit about our customers here, because as we talk to more of them, it's really interesting to see how they're taking the lead as far as making sure that throughout this pandemic, patients and their clients and customers are still able to deliver the health outcomes that's needed.
This week we wanna talk about Radix Health, and they are actually a technology company, they help doctors manage their caseloads and avoid any undue risk to themselves or their staff.
What they do is they help healthcare providers optimize every step of a patient's appointment journey. They alert the patient to get them to the right provider, actually scheduling the appointment, sending them reminders, that type of thing.
But now they're helping a lot of these medical partners stay open and serve their patients by doing some triaging themselves.
So they, for example, one of the things that they're doing is, before a scheduled appointment they'll send a reminder, and with it they'll ask the patient, "Are you showing any of these symptoms?" Which might be Coronavirus related.
And then they can with that answer, they'll know, "Hey, maybe this person shouldn't come in. We'll reschedule them." And just a way to make sure that again, unless you have to go in, don't go in.
And they're able to send this sensitive information, to ask for this sensitive information because they're using our Paubox Email API to protect that and make sure that it's all HIPAA compliant when they are sending these email reminders and notifications.Olena: Alright. Well, we just highlighted an excellent winner, and that's always a nice feel good. [chuckle] But we also wanna showcase something that we can always learn from someone that is failing.
Rick: So, Tandem Diabetes is a medical device manufacturer in San Diego, and they found that employee email accounts were compromised during a three-day period after a successful phishing attack.
So it looks like actually several employee email addresses were compromised for three days from January 17th to January 20th... And after they investigated it, they found that, like I said, around 140,000 patients were impacted.
And that includes clinical data about diabetes therapy for some of the devices that they have, Social Security numbers. And after investigating what was compromised, they found that the affected accounts contained a lot of patient data.
Things like how customers use their products and services, clinical data, Social Security numbers, as well for a limited number of patients. So, a lot of sensitive data that was taken as a result of that phishing attack.
And it looks like they are giving a free credit monitoring, especially for the people who had their Social Security numbers impacted.
But it continues to show that everybody's gotta be safe, and again, having that... You can't over-train your employees enough when it comes to these, being aware of phishing attacks because you know that it just takes one wrong click to impact thousands of people.Olena: Good reminder, and yeah, it seems as if you need that training consistently, and so something that we can all learn from as well. Alright. Well moving on, as Rick had mentioned previously, we have a very insightful interview. Rick Kuwahara had a chance to chat with Paddy Padmanabahn, CEO of Damo Consulting, a digital transformation and growth advisory firm focused on the healthcare sector. Now, Paddy is an award-winning business leader and author of The Big Unlock: Harnessing Data and Growing Digital Health Businesses in a Value-Based Care Era. They discussed digital transformation in healthcare, and how COVID-19 may change healthcare for the better. Take a listen.
Rick: We're seeing with the COVID-19 pandemic that is forcing a lot of providers to telehealth, and there is even the recent telehealth expansion notice that went out. Do you see this as kind of a turning point into the adoption of telehealth, and maybe even that opening up providers to being open to adopting other new technologies? Does that make sense?
Paddy Padmanabahn: Absolutely. I think telehealth has been coming along nicely for the past few years, but it really wasn't seeing the levels of adoption that one had hoped for.
And there were different reasons for it; the comfort level of physicians to use telehealth platforms to consult with their patients is one of them, and whether they feel comfortable with it, whether they're trained for it, how do you really do a tele-visit as opposed to an in-person visit? Etcetera, etcetera. So that's one part of it, the aspect of delivering care through a virtual interface.
The other part, equally important part is that the reimbursement environment did not treat telehealth visits on par with in-person visits.
So the financial motivation was lacking. And I think you alluded to the recent clarification a few days back about telehealth visits being treated on par for reimbursements for Medicare patients anywhere, anytime.
So there's actually three components to that announcement. So it's not just synchronous telehealth visits, but it's also virtual check-ins, which could be via phone for instance, and e-visits which could be asynchronous, and it's still just an email interaction. So all of that is gonna get reimbursed.
And the important thing is that telehealth visits are gonna be reimbursed at the same rate as in-person visits.
That now takes away any financial disincentive, at a time when there is already a strong incentive to adopt telehealth. So I think the two are converging in a way that could constitute a tipping point for the future.
I've been talking to people and I've been following what's going on through the media reports and so on. Clearly, there's an uptick in telehealth visits. There's a safety concern obviously. But even for non-COVID related cases, now doctors are more comfortable doing telehealth visits.
So if it's a routine check-in for some of the chronic condition, you don't need to come into the the hospital because, firstly, they don't want you to come in for whatever reason, and secondly, you now have the ability to take care of people in their homes for other conditions not related to COVID-19, and still get reimbursed.
So I think all of this is going to create a sort of a tipping point, and when we come out of this crisis, I think we're gonna see a shift, a definite shift towards telehealth as a default mode of experience in care, at least for some aspects of care. That's what I believe is gonna happen.Rick: Right, thanks. That's great insights there. So you wrote The Big Unlock in 2017, which isn't that long ago, but have you seen more movement in healthcare organizations utilizing data and embracing digital transformation?
Paddy: Yeah. People ask me this question all the time.
When I wrote this book in 2017, I made a set of predictions in the book about what was gonna happen in terms of the data, the emerging data sources and how data and analytics is going to drive digital transformation.
And most of what I was forecasting or predicted have come true. If anything, they've moved ahead even further than where I thought they would be.
So today we're in a place where data is essentially driving healthcare decisions, and it's an important enabler for healthcare decisions, because now you have the ability to aggregate large amounts of data from multiple sources and do it in a cost-effective way because you have a cloud infrastructure and so and so forth, well it doesn't cost much. If anything, the costs are going down year-on-year.
And so now you have the ability to aggregate all of the data in one place, but more importantly, you now have a lot of advanced analytical tools, artificial intelligence, machine learning and so on, that can now detect patterns, make predictions and give you deeper insights than before, so you can now really make informed decisions about caring for your patients.
So the movement is definitely been in the direction that I thought it was gonna be. If anything, it's getting even stronger. And as far as digital transformation is concerned, all the experiences that are now being re-imagined through digital tools and digital platforms, digital front doors and whatnot, all of that is driven in some way, shape or form by data and analytics at the back end.
And so, to that extent, we are seeing an acceleration. Now with, we just talked about the telehealth, the shift towards telehealth which has been brought on by this crisis.
But I think we're gonna see a lot of other experiences that are going virtual. And these virtual experiences are going to be driven by data analytics and superior interfaces.
An example of that is chatbots. So today, you can go online to any health systems portal and you'll... At least the larger leading health systems, you'll find a tool there that enables you to self-triage your condition before you call in or reach out to a provider.
And those triaging tools are constantly learning through AI and machine learning algorithms. And it's all powered by the data. So we're seeing all of these converging in ways that I did not fully anticipate in 2017, but I could see it coming. If anything, it's happening faster now.Rick: That's great. And that goes to another question that we had about a few of the articles that you've written, bringing up the point of data monetization in healthcare, as well as balancing that with patient access, and then also securing the data, of course. So you mentioned how things are going a little bit faster than even you predicted. But with recent concerns, I know on Capitol Hill there's the Data Privacy Act, the Senators wanting to question the Ascension and Google relationship. Is there a fear of data security possibly slowing down some of these advancements?
Paddy: I don't believe it's a question of slowing down as much as it is about really coming to an agreement on a set of principles around which the data is gonna be shared, accessed, and analyzed, and the analysis being made available.
My next book is actually coming out, it was supposed to come out in June, but it might get delayed a little bit. I've written this along with my co-author, Ed Marx, who's the former CIO of the Cleveland Clinic. And we addressed this topic among others in the context of digital transformation.
We believe that the power of data to transform healthcare is something that we're in the very early stages of harnessing. And yes, when private sector gets involved and big technology firms get involved, especially firms that are dealing with some kind of a reputational deficit, if you will, for things that they have done in other parts of their business, by using consumer data to target consumers in ways that people didn't like or people didn't approve or appreciate or whatever it is, those concerns somehow translate over into the healthcare arena.
And it becomes a little more sensitive simply because healthcare data is very, very personal, very, very sensitive and people don't want other people looking at it because of the potential for abuse of the insights that come out of the data.
But I think, if we take a step back from all of the rhetoric that's going on about the Google, Ascension deals and so on, and so forth.
Really I don't think anyone denies the fact that there is a lot of benefit to be gained by analyzing the data, gathering insights and using those insights to improve healthcare outcomes, I don't think anyone denies it. I think it's the manner in which these contracts are constructed, the access provisions that they have.
Who gets to see it? What happens to the data, where does it sit? Who gets the insights and what do they do with it? Those are questions that need to be dealt with, and I think the public needs to be given more confidence.
And I also believe that at a very practical level we need to get a common set of principles on the table and have everybody agree to it. It can't be that every single data contract is different, and you as a patient, now that the final rules for interoperability are going into effect, you could be sharing your data with someone and if they don't tell you how exactly they're gonna use it, that's not fair to you.
So I think there's a lot of that that needs to be sorted through. And that's why you're, I think, seeing a lot of his rhetoric, in my view Rick.Rick: Those are good points. And look forward to the book coming out, that'll be great.
Paddy: Thank you.Rick: Speaking of interoperability you wrote a few months ago, an article on why interoperability is cool again, and you kinda highlight the tension between at the time the proposed interoperability rules, the tension between healthcare organizations, tech firms, and the EHR vendors.
Paddy: Right.Ricl: Now that it's going forward, what is your prediction on how this will all play out? And when do you think we'll see the impacts of the implementation of the rules?
Paddy: So let me start by saying that, even before the rules went into effect, a lot of what people wanted to do through interoperability was already in flight. So it wasn't as if people who were not able to access data from electronic health record systems, the API economy is well under way.
And you can access data from electronic health record systems subject to certain constraints and governance and so on, and so forth. And the API-led strategy for unleashing innovation, unlocking insights is what I was mostly trying to refer to in the article about why interoperability is cool again.
Because APIs are really gonna be powering a lot of the innovation going forward, they help you to accelerate innovation and experiment at scale and fail fast, and all of the good stuff and really unlock the data, and more importantly allow application development to be practiced by a broader community, who don't really have to go into the bowels of the technology to try and pull the data every single time they build an application.
So that's what I was trying to refer to.
This is all in the backdrop of this ongoing tension that's been going on for a while between big tech firms and digital health innovators who want access to the data sitting inside electronic health record systems.
And the CMS and the HHS, who have been promoting it, and who have been trying to get the EHR vendors on board and the EHR vendors for their part, at least one of them, one of the big ones that are saying that, "Hey, look, let's just hit the pause button here because do we really know what we're doing? We're going to provide unrestricted access to patient data to the patients. Can they be trusted with the data?" Etcetera, etcetera.
In fact, I wrote a further piece after this, as well, where I talked about, you know what, "Hey, what are the questions here?"
Well, the questions are, can patients be trusted with the data? Can technology firms be trusted with the data? And so on and so forth. Well, all those questions I think have to be taken up one at a time.
And you're not gonna have 100% smooth transition from where we are today to where we are going to be when patients actually get unrestricted access and can with the touch of a button to share it with anybody they like. Well, patients will find out too, what happens to their data.
I hope there isn't a lot of serious unintended consequences, but there is some merit to being able to educate patients and make them aware that, "Hey, you have to be careful now that you have this access into the data."
Well, the other things that the final rule talks about, information blocking practices and penalties for blocking.
Those I think are separate from what I was talking about in the article, which was about why interoperability is cool again. I think, if anything now with the access is getting loosened up, if you're in the integration API, kind of a space, I think... There's a lot of good things ahead for you. That's what I think.Rick: It will be very interesting to see how it plays out. Paddy, thanks so much for your time. I really appreciate all the insights you've shared. And thanks for taking the time out to be on the podcast.
Paddy: You're most welcome, Rick. It was a pleasure talking to you. Take care.
Olena: Alright. Thank you so much, Rick, for that insightful interview. And it's always so great to hear what the experts have to say.
Rick: Yeah, Paddy was great to talk to. A lot of great insights. And of course, people can check out the transcript of the full interview on our website.Olena: Alright. Well, that brings this episode of the HIPAA Critical Podcast to a close. If you like what you heard, feel free to subscribe and also share. Rick, thank you so much for joining me this week.
Rick: Yeah, my pleasure. Always fun.Olena: Thank you and until next time, visit paubox.com. [THEME MUSIC]