June 19, 2023: Today on the Conference channel, it’s an Interview in Action live from HIMSS 2023 with Don Szewczyk, Chief Privacy Officer at Novelle IntelliSolve and Justyna Evlogiadis, Vice President of Growth at Tausight. What role does Tausight’s PHI Locator play in identifying and locating PHI within server environments? How does Novelle’s endpoint sensor complement this by providing real-time visibility of movement and access? How does the combined approach enhance the ability to remediate and address PHI-related security issues?
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Welcome to this week, health my name is Bill Russell. I’m a former CIO for a 16 hospital system and creator of this week Health. A set of channels dedicated to keeping health IT staff current and engaged. Today we have an interview in action from the 2023 Spring conferences, vibe in Nashville and hymns in Chicago.
Special thanks to our cDW, Rubrik, Sectra and Trellix for choosing to invest in our mission to develop the next generation of health leaders.
You can check them out on our website this week, health.com, now onto this interview.
All right. Here we are from Hibbs. 2023, and we’re here in Chicago and I’m joined by two partners, Justina a Gladys with tow site and Don Sedgwick with Noll in tesol.
Yes. So you guys have some news this morning. Justyna, we’ll start with, we’ll start, I’ll go back. we’ll start with you.
Yeah, sure. I’ll kick it off. So, this morning we announced our partnership which we are very excited about. And essentially what we’re enabling healthcare organizations to do is, one, identify and understand their PHI landscapes that they can adequately prioritize their risk.
And then we’re partnering with Noel, which you’ll talk a little bit about what you do. Mm-hmm. But they’re doing the detection and response. Piece. So we’ve coined this a Phi, d R p H i D R, similar to how you have xdr, E D R, et cetera. And it’s a, custom built solution just for healthcare.
I’m very excited about it, and that’s one of the things that Taite does is you find the p h i wherever it happens to be, and as a cio that sort of creates a problem for me. And the problem it creates for me is if I know about it, then I’ve gotta do something about it. And that’s where you guys come in to Noelle.
So Absolutely. Tell us about what you do.
Well, we’re kind of, multifaceted. We do digital transformation what that means. Anything that really does with AI and healthcare. That could be Azure migration, EMR support, all the way down to supporting AI technology when it comes to finding optimization within workflows, whether that’s the back end, the front end, or even on the technology side.
We also deal with compliance. Could be HIPAA compliance, cMMC, level one, level two, soc, SOC two, et cetera, as well as cybersecurity. And what we’ve done is we found that there was a need within the healthcare market to have an all in one totally integrated cybersecurity stack.
And that’s where we came in. We created the healthcare xdr. And essentially that’s endpoint protection. It’s gonna give you the sim, the the uh, sockets of service 24 7, 7 days a week. Eyes on glass. Watching that environment with remote remediation. So those agents allow us to remote into that device.
If we see something that hits a certain criteria based on that SLA that says, Hey, I need to take this offline. I need to quarantine the device. I need to disable the login, and then I need to notify the user.
Fantastic. So help me to understand. So I found the phi we could do that through Phil.
We’ve talked about Phil on the show before. We have p hi as well as the endpoint. So Phil is Phi. Locator Locator. Thank you.
Yeah. And it’s designed for server environments, right? But Novell’s also using the endpoint sensor which gets you the real time data of how is PHI moving throughout the organization, outside the organization, and who has access to it and what is being protected, what is not.
And then Novell can come in and really do the remediation in an automated way.
So talk about the remediation. What was that look like if we found this phi all over the. Institution.
First of all, you’d have to establish why the PHI is there. So the one thing that tall side allows, it gives you the who, what, when and where, and establish the security company or that management team to figure out the why.
So once you’ve established the why, then you can go ahead and address it. So our system allows us to recognize, A P h I, let’s say, is in a recycle bin. Sitting on a device that has been there for a couple of days, well, we are able to go in and we’re able to take that device offline if we feel it’s been compromised.
We can isolate that device, we can disable the logins. One of the future that I’m hoping is that the ability to go in and remove that phi again always based on that service level agreement that we have with our clients.
That’s fantastic. I assume when you talk about health xdr, I assume there’s SOC that utilize this, or is this predominantly a solution for healthcare providers who are running their own soc?
This is really a solution where the healthcare provider doesn’t need to run their own soc. We replace them, we are the sock. Oh, okay. We give them the 24 7 eyes on glass continuously, 365 days a year.
That’s fantastic. And so what you’re able to do now is layer on that phi visibility Exactly.
Transparency into the phi. Right. And it’s, interesting, more and more of the of the breaches are silly. It’s like, oh, we didn’t know that information was over there or whatever.
Yeah. We didn’t know that physician had 17,000 patient records in an email inbox for the past 14 years.
Unencrypted unencrypted. Right. On a, on a data store. I mean, for no reason. Exactly. And so, but the attack surface is such that once they get in, that’s exactly what they’re looking for. Yes. And it has value to them. Yeah.
We’ll get back to our show in just a minute as we celebrate our fifth anniversary At this week, health, we’ve partnered with Alex’s Lemonade Stand of Foundation, combating Childhood Cancer. And I’ve just been floored by the generosity of our community. We set a goal to raise $50,000 this year, I wasn’t sure how we were gonna hit it.
And we are already up over $34,000 for the year, and we want to thank you for being a part of that. This June, as you know, we’ve been doing drives all year, and we’re gonna do something a little different in June. We have 2 29 groups where we bring together healthcare leaders, about 10 to 15 of ’em in a round table format.
And we discuss the biggest challenges facing healthcare and how technology can be applied to those challenges. We have an event in June and together with our chairs of that event, our participants and our sponsor partners, we’re gonna be donating $5,000, to the cause. We really want to thank our chairs.
For that event, Jeff Sterman and Chad Brisendine. Jeff Sterman with Memorial Healthcare. Chad Brisendine with St. Luke’s University Health Network, for being a part of that. We want to thank our sponsor partners order, Gordian Dynamics Clear Sense rubric. Sure test VMware and Nuance for also being a part of raising that $5,000.
And we wanna thank you again for your generosity. If you wanna join us this week, health.com, you can click on the Alex’s lemonade stand banner on the homepage and you’ll get taken to our lemonade stand. You can go ahead and give directly onto that page and see some of the other people who have given Now back to our show.
So where who do you want to talk to in the health system? Like, who’s the conversation with and what’s the conversation look like?
That’s a fantastic question. I think we, you know, it’s a multifaceted conversation. Certainly the Chief privacy officers chief information Security officers and Chief Information officers, I would say are the three groups that we often try to bring together.
Depending on, where the need’s highest, if someone has just recovered from a breach, it’s often, I would say, much more security driven from what we see from the compliance side if it’s earlier stage pre-B breach. But there’s an awareness of the problem for the most part, everybody today is aware and I think.
Wants to do something about it given how sinister these breaches have gotten, especially recently with the extort extort ability that’s happening. It is, is really starting to pick this up as well. So.
Interesting. And your conversations same. Same group. Same group, but I think you could add life science to that also.
So anywhere where. There’s the possibility of PHI or even p ii, right? And just ensuring that that information is secure, is protected. But we also have found that it really sh gives us use cases that we’re able to see workflows within the environment. Like, now we can question why does the doctor have this phi on their desktop or on his shared drive?
Why does a biller have it? Why does an insurance verify or have it, front desk, clinical, et cetera, and identify use cases and then actually put in place what I would consider to be better protocols, more secure public calls.
So I wanna talk about your titles. Chief Privacy Officer. Yes. So what’s your role with Nove and tele office?
A couple overseeing the compliance of our clients as well as internal also. And that could be hipaa, that could be SOC two high trust cmmc, but also overseeing the cybersecurity and ensuring that, all best practices have been implemented, that we understand our security posture. And that we address any vulnerabilities and we do this in a timely manner.
I work very closely with the director of IT as well as with other compliance teams and the C-Suite to ensure that our clients are protected.
Fantastic. And you have a new role talk. Tell us about your role at Caite.
Yeah, thanks for, thanks for asking. So VP of Growth, I think is a, a newer title that a lot of, I’m sure that’s, part of the question that we’re seeing a lot and really what it’s designed to do is in traditional organizations you would have silos between someone running marketing and someone running sales and someone running customer deployments and someone communicating with product.
And often those silos can create just major inefficiencies and also a lack of focus and clarity. So my role here, VP of growth, is really to lead all of those departments, but be the central person across that. So on a typical day, I could be talking to a customer, a partner enabling our marketing team with their core strategy and also running the sales organization.
So it’s been very exciting, but it is essentially what it is vp like focusing on growth. On growth, right? On growth and what are all the growth vectors? What are the markets? Who are the buyers? What are the, what’s the partner ecosystem? And I think we’ll see a lot more of these titles in the future.
Yeah, because we traditionally, we have seen the, the breakdown in between them and, it’s been fantastic. Well, I wanna thank you for your time, Don. Thank you. And Justyna, always a, a pleasure. Thank you so much, bill. Appreciate it. A pleasure.
Another great interview. I wanna thank everybody who spent time with us at the conference. I love hearing from people on the front lines and it’s phenomenal that they’ve taken the time to share their wisdom and experience with the community. It is greatly appreciated.
We wanna thank our partners, CDW, Rubrik, Sectra and Trellix, who invest in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.