December 18, 2023: Laura O’Toole (CEO, SureTest), Drex DeFord (Executive Healthcare Strategist, CrowdStrike), and David Ting (CTO and Founder, Tausight) join Bill for the news. Covering highlights from 2023, the guests share their insights and pose vital questions: Will the continued attacks impact healthcare’s reputation and patient trust? How about the increased legal actions against breached systems – will they finally stimulate change? Moving on, they also delve into unexpected shifts in the EHR landscape and what’s next for the main players. Moreover, they discuss distressing financial challenges for healthcare providers and the impact on cybersecurity investments. Lastly, has 2023 become the ‘year of AI’ within healthcare, and what does it mean for the industry?

Key Points:

• Cyber Security Threats
• EHR Market Movements
• Increasing Role of AI
• Effective Risk Management

News Articles:

• OpenAI: The Real Story Behind the Wild Four Days Between Sam Altman’s Firing and Return
• Why Sam Altman’s removal -and reinstatement- as OpenAI CEO actually matters
• How many hospital CIOs still own innovation, data analytics, cybersecurity
• The vanishing chief digital officer

Read on thisweekhealth.com.

 

Video Transcript:

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Today on This Week Health.

Will we see a major health system get breached in the way that Common Spirit was breached this year or next year?

David?

Biting my tongue as hard as I can.

Welcome to Newsday A this week Health Newsroom Show. My name is Bill Russell. I’m a former C I O for a 16 hospital system and creator of this week health, A set of channels dedicated to keeping health IT staff current and engaged. For five years we’ve been making podcasts that amplify great thinking to propel healthcare forward.

Special thanks to our Newsday show partners and we have a lot of ’em this year, which I am really excited about. Cedar Sinai Accelerator. Clearsense, CrowdStrike,. Digital scientists, Optimum Healthcare IT, Pure Storage, SureTest, Tausight,, Lumeon and VMware. We appreciate them investing in our mission to develop the next generation of health leaders.

Now onto the show.

(Main)  all right, it is Newsday and today we have our annual end of the year episode. I’m joined by three of my favorite people in healthcare. Drex DeFord with CrowdStrike, David Ting with Tausight and Laura O’Toole with SureTest. Hey, welcome to the show.

I’m going to do a different view just for this episode. So the four of us will be on the screen at all times. Okay, fantastic. Good to know. We don’t usually do that because, actually, I’ll tell you exactly where this started. Drex and I were having a conversation. And Wes, in the comments, noted that Bill didn’t look interested about what Drex was talking about.

And I’m like, alright, we’re never going to do this again. Whoever’s talking is on the screen, and whoever’s not on the screen can take a drink, relax, and do whatever. So anyway, We’ll keep the four of us on. It should be fun. We’re going to look at the year that was, and a lot of stuff happened 📍 this year . I’m I’m gonna open this up by just… going around and have you highlight what you think one of the bigger stories was in healthcare and specifically healthcare IT this And Drex, since you are the senior member, not by age, but by number of years you’ve been on the show.

Oh, I don’t think by age, just saying.

But he was, he was on episode, were you on episode like four or episode three or something?

I remember when you started doing this, I, I just thought at the time, I thought like, this is a cool idea, but it’s a cool idea that helps you ultimately build out your consulting business. And Man, you’ve really turned this into a whole thing.

I don’t know, maybe that’s the IT story of the year.

That this is still going. It is our five year anniversary, so it’s and to be honest with you, Drex, when I started this, my consulting business was pretty significant. And now it’s a lot smaller. So it didn’t really work out for me that way.

Well, it’s the thing that you decide to focus on.

And I think you’re doing the most good here. I think that’s what everybody feels now that you’ve made it a good, I mean, feel like we’re blowing smoke up Bill’s skirt. But a lot of this is just like, I think you’re, you’re doing a really good thing for healthcare and for healthcare IT and for those teams and for the partners that are involved in this, we’ve had a great relationship with you. And I think that all the viewers love what they get every day from

your team. Well, I appreciate that. I’m blushing. Now I’m going to bring you back to what was the biggest thing that happened this year in healthcare? And I’m not going to put you on the spot with the biggest thing.

What was one of the big things that happened this year? I

mean, I guess I would sort of take a category of cybersecurity, of course. But it’s just so many breaches over and over again, more and more and more. We were looking at some stats the other day. My counterpart here, Todd Felker, put some stats together.

For the first 75 percent of 2023, we’ve already surpassed the previous record of the number of compromises from last year, which was a record setter, by 14%. And this is a really interesting too, the cost of cybercrimes, this is post breach, right? The cost of cybercrimes continues to rise. The global cost of cybercrime was six trillion in 2022.

It’s going to be eight trillion in 2023 and probably around 10. 5 predicted for 2025. And if those numbers were a country’s annual economy, it would be the third largest economy in the world behind the USA and China. Like, it’s just, the bad guys are on a tear and AI is, we can bridge into another topic, but AI is only going to make that easier, right?

Low effort, low skill, high reward, really low chance of actually 📍 ever getting into trouble.

We know the big ones, right? We know the common spirit events, and that was the big one from this year. But what you’re telling me is essentially No, no, no. It’s pervasive.

It was a lot of health systems. It was a lot of breaches. Yeah,

a lot of health systems, a lot of smaller places too. And then the other really interesting part of this is that we continue to see, I mean, you and I were together for one of the 229 events, a lot of conversations around third party risk management.

A lot of the breaches now are in third parties, right? where there’s been a consolidation of data from multiple health systems into a single place, which really becomes a crown jewel in a whole different way for bad guys to be able to get in, break into those systems and get access to 20 health systems or 150 health systems data.

That’s where a lot of this nefarious activity has been aimed this year.

So if you can get into a rev cycle company, whose handling multiple companies, will you get a subset of the medical record or will you get almost the entire medical record?

I mean, so this depends right this all gets into the whole third party risk management sort of conversation.

Like when you do those deals with whatever companies, make sure that you’re doing a lot of really important stuff. Like how much data do you really need? Like it’s really easy for them to write in the contract. We just need access to everything in the electronic health record, but really they don’t.

So let’s figure out how to define what are the 10 data elements or the 35 data elements they need. Stick to that and then create a really good program where also they only need that data for so long and then they need to delete it and all of that reduce the risk of exposure to the data that you’re providing from patients and families or employees, right?

I mean the same, the same thing happens with work that health systems or other organizations do with employees where they outsource some of that data to somebody else to do benefits management or any number of other things.

You guys should feel free to cut him off, David. I know you want to say something right now.

I’m just, I just, I love this conversation and Bill, to your credit, always 📍 bring in really good folks that have really good opinion position on the topics that matter to healthcare Drex points it out correctly, this is the year of the increasing breach. It hasn’t stopped. It’s not like we’re not spending cybersecurity money. It’s just ongoing. It’s just endless. It could be everything from, places where a server was not turned off in a deep revisioning of an app that sat there for two years. It’s the hundreds and hundreds of thousands of files that are Not used.

They’re inactive. They’re just on spinning always call these rusty spinning platters that contain all your liabilities that you don’t know about. where do you send all this extra data? And what are the third parties doing with the data? When we Turn the healthcare industry into a digital environment.

We opened up Pandora’s box. It really is, data goes everywhere. And I was on the Cybersecurity Task Force in 2016 when we had 120 million records in one year. And everybody said, Oh, we have to make all these efforts to improve. and reduce that number. We’re almost catching up to that number again.

Think it’s predicted to be at 85 plus million records this year. That’s a lot of records, a lot of personal data that you wish perhaps had never gone out.

Will this change healthcare is the question I want to throw out to the three of you because It’s, yeah, so a health system gets breached. we talk about reputational risk, and it doesn’t 📍 seem to really impact them from a reputational risk standpoint. We talk about, are patients going to change behaviors? Are they going to start going somewhere else? they haven’t to date that I’ve known. Maybe you have seen other things, but they haven’t to date.

And so the cynical part of me is sitting back and going, clearly we don’t want to go through this. it’s bad, it’s awful. And that kinda stuff. Is it gonna change things?

I think we’re going to start to change things and I’ll, give up the floor in a second. It is the lawyers that are starting to sue these organizations and it’s the gee, not only have you damaged the patient’s psyche, you’ve also created a opportunity for class action suits, right and left.

what did we hear the other day? I think. A breach occurred it got reported to a law firm on Friday, incident response team. Monday morning, they were facing a lawsuit, class action lawsuit, by a handful of law firms that heard about the breach. So now the true forces of the legal system is starting to jump on this thing as an opportunity because so many… patients are being affected.

All right, actually, I’m going to go to Laura because she hasn’t talked yet and we have great discussions. Laura, you’re going to take us into a different direction. Major movement this year around healthcare, healthcare IT.

Well, before I move there, can I just say one thing to Drex because I really do completely agree with everything he just said and Not just about this week health and the difference that I think you’re making in healthcare, Bill, and I mean that, very sincerely. But I just did a post recently and I went out and I asked many of my CIO partner clients, what is it they’re most scared 📍 of?

And Across the board, they all said cyber. It remains a clear and present threat. So, I completely agree with you. Do just want to make that point. And, hats off for the work you guys are doing to try to, keep our data and everybody safe. And it’s amazing to me that from a regulatory perspective, to your point, why our clients aren’t limiting the data that they’re, I think it’s, an obligation to regulate it and, and only give the minimum.

But with that bill, I will say, for me in the space that I’m in you know, in terms of automation and what we’re doing around the EHR and enterprise systems, I was actually very surprised you mentioned earlier about the number of EPIC wins that are still going on in the market and what we’re seeing there and really Cerner and Oracle shift more outside of the U.

S. because they’re losing in this market. And I thought, the majority of health systems had really gone through that big implementation and we were all about optimization, but there was more out there than I realized. That was a little surprising to me.

Big, big one, Intermountain, UPMC.

I’m going to miss one here. Oh, Northwell. These are not, I mean, these are, these are mega wins.

Emory. Emory.

Exactly. Emory. Yeah, Emory is another one.

Yeah, that was I agree with you. I, thought we were there. we talked when the Cerner Oracle decision came down and they were coming together, what this was going to mean and who was the big winner.

And I remember one of my guests and I, I forget who this was. they said, the big winner here is Epic. And I thought, yeah, that’s probably, right. Because anytime you have a merger, you have that layer of uncertainty that happens. And then they have to execute really well.

And if they don’t execute really well, immediately following that. Then the uncertainty becomes, all right, let’s look at our options.

Yeah, at those health systems, you are looking at those relationships with the executives at those companies. And as they move and change and disintegrate, there’s new upgrades that come as part of the merger or new things that you have to do in the health system to upgrade your current platform.

At some point, you have to say, maybe this is going to be as hard as implementing a new electronic health record, so maybe we should consider our options, right? And I think some of that grime might be the thing that got into the gears at a lot of those health systems. so who’s the EHR players in the U S at this point, which by the way, overseas is completely different because you’re going to have inner systems.

Oracle’s still big player over there. Epic doesn’t nearly have as much momentum overseas as some of these other players. And, I would say in the States, Meditech. Is a solid player 📍 for those who quite frankly are on a budget right. you just can’t afford it. and it runs a health system very well.

But it, Meditech, if you’re on a budget and epic, if you’re not. I don’t want to say it that crassly, but it almost feels that way. I was like, it’s a lot of money to run this thing.

a huge team to manage it as well. I mean, that’s, well, that’s just it. It’s the ongoing, operational costs that are just so exorbitant.

I think Meditech also in Canada, Bill really has a big, presence, but I think it’s going to boil down to. Pretty much, those two over time is what I think is going to happen. In terms of the players, I mean, you still have some Allscripts out there. You still have, I have a couple clients that are still running, if you guys remember the old STAR McKesson, tried and true patient accounting and ADT portions of those systems.

So, think Oracle’s going to continue to make their push, but I think we’re going to see them more outside of the U. S. as we already do. And Meditech, I think they’re going to continue to be the frontrunners. see Cerner, Oracle, and the government space, right? Exactly right.

Both the military and the VA side.

so that, we reported on that a couple times this year. That had a lot of starts and stops. Drex you’re a former CIO. Would you want to be in charge of an EHR implementation that has that much scrutiny? Man, I’ll tell you. So, I spent 20 years in the U. S. Air Force as CIO for most of that. Help deploy the first generation electronic health record in the Department of Defense called the Composite Healthcare System, and then CHCS2 later on, and then ALTA, and all of that came after, for me, post retirement. I can tell you that with any of the systems that you deploy in the Department of Defense, There’s a lot of heat and light on every dollar that you spend and how you spend it.

Every time there’s a downtime, there’s some kind of a message that winds up going to somebody’s congressman or senator who opens an investigation. It’s a super public way to do business, super transparent way to do business, and a lot of hard questions and scrutiny. It is no fun, I’m sure, to be called to, Congress and have to testify, so.

can’t even imagine, they couldn’t offer me enough money to do that project. Because you’re sitting there trying to answer the question. we used to have to answer these questions with the physicians. And the nuance of some of these things was just like, Okay, I know you’re smart enough to understand this, but it’s an hour conversation before I give you enough background to help you to understand where we’re going.

Now you’re doing that in front of cameras that is…

And they just want to yes, no questions, I mean, yes or no, blah, blah, blah. Right.

Yes or no, you spent this much money on… No fun being in those rooms.

Yeah. Yeah. They don’t want to hear you defend why you did what you did and go on and on. They’ll cut you off at the knees.

Did you spend this much money on this implementation? Yes. Does that seem exorbitant to you? No. Okay. Here we go.

It doesn’t sound like fun at all. No, it doesn’t. really do have a lot of advert. I don’t care. What side of the aisle you’re on. I have admiration for people who have to sit in front of those, hearings and answer the questions.

Because, they have to go home to their families that night and they just feel beaten up, I’m sure, every time. Anyway. Kind of like our CIOs every day. How they feel. A little bit. David, what do you think this year?

what’s remarkable about this year, I’m looking back, as a startup, obviously, The SVB crisis was an eye opener.

You didn’t think somebody that you counted on financially. I mean, our VC firms all used it. We were recommended. they were our backbone for our finances. And all of a sudden, it was only time in my entire career where I woke up one morning, I go, we have no money to spend. all locked up. How do we pay our employees? Because you have no money. And surprisingly, over the weekend, it got unlocked. I mean, that was a frightful moment. Anybody who has to run a business would go through and say how can this possibly have happened in an industry that’s so highly regulated and watched over.

That’s where you want these folks to be sitting in front of that congressional committee and getting grilled to say, how could you let this happen? Where were you when the, when you were out golfing? Did you know that all these people are out of business?

David, last night I was in Houston yesterday.

I was flying back. And I decided to watch a movie, and I watched The Big Short. Did any of you watch The Big Short? Oh, yeah. About the 2008 meltdown? Yeah. And the whole thing is that same thing. It’s just like, how could this happen? How did we get here? it’s like, it repeats itself. Yes. And

David, I feel you.

I mean, trying to wake up and feel that similar situation, not quite a startup, but we’re on our journey. We had just switched from SVB, Bill, I think I told you this, like, three or four months before, had just changed our banking, and I was like, I called my CFO that day and said, what do you want?

want to go to a great dinner with your wife? What do you need? Because I can’t imagine how you must have felt when you woke up that day.

So they freed up that money though, pretty quick.

Yeah, by Monday. By Monday. That’s one of these, where were you when you heard the news?

What did you do for that whole freaking weekend? And then you heard Monday morning, oh, everything’s back to normal. You go, you beep beep, people, do you not know what you just did to us for the whole weekend? I knew everybody was out there trying to figure out alternate sources of revenue banking.

How can we pull enough to pay our It’s almost as comical as like, the leadership team gets around and goes, all right, how much do you have?

You have a legal obligation that if you don’t have enough to pay them, they can’t do anything. It’s not legal for them to be even working. That’s right. Yeah.

the lesson there early stage companies, or maybe for any company is…

The mattress. Diversity. Oh, yeah. And the mattress may be part of your diversity, your diversification where you store your cash program, right?

Oh, my goodness. It was just, the other thing that surprised me was WeWork that just collapsed. A huge environment where tons of startups have counted on it.

I mean, fortunately we weren’t, but it’s just like we had used it and through COVID, you watch it and you go, this is a great environment for these startup companies and boom, going, it goes belly up and you say, well, can anything be trusted these days? it’s a whole ecosystem that we count on that just has The fragility of it all is really apparent.

let’s elevate this conversation to healthcare provider finances for the year. So, if we look at the Kauffman Hall reports this year, January through… Let’s say June, we’re all in the negative in terms of operating margin. And they’re, they’re looking at the broad category of healthcare providers and they’re mapping it out.

How are we doing as an industry? Clearly there were some that were above that, but as an industry, the general trend was negative. Operating margins started to pop out over the last couple of months for the first time in quite frankly, a couple of years. Oh, my gosh. Yes. I’m trying to think the last time is probably for a sustained period.

It is definitely a couple of years. that a story? I mean, we don’t report on that as much, but I did read an article and I reported on on the Today Show about health systems. taking austerity measures. And I ran into some of those CIOs who said Laura, I mean, you were privy to one of these conversations where the person just said yeah, we’re not going to do testing on our EHR anymore.

Right. I’m sitting there going, when you get to that point, you have to call timeout. Like, that’s beyond austerity measure, that’s whatever, but we did hear cuts happening. that people were like, I don’t know how I’m going to operate once we get to the other side of this. do you feel like we’re beyond that? we getting beyond that?

I’ll give my opinion. I think the build back from it is still going to be hard because I think the human capital damage that it did is still on a trajectory that’s not going to go away because I think it’s very hard to recover and to be able to get those resources and attract those resources back when some of the cuts were done that were done and some of the different types of staffing in place.

That were brought in that actually hurt OPEX even more, right? And put a lot of projects on hold. I think we’re going to be in recovery mode. And I think, human capital and the ability for our clients to deal with that and all the pieces and parts that have been affected by this are going to be ongoing into next year.

I just think it’s going to be hard to recover from.

We’re going to have some tech debt as well?

Absolutely. one of the stories I constantly hear is, Oh, we’re told to make do with what reduced budget, which means in cyber, that means I don’t have extra staffing.

I, Don’t need to expand my repertoire of what I can do which leaves you vulnerable to more stuff. I think your prediction, Drex, of the numbers of breaches, it’s going to continue because there’s this, what you may do for the past two years with what you had and look, we’re still operational, so let’s just ride that curve out and not increase anything, which is really dangerous. is the different reception from the folks? We know that had breaches in this interval where they go, Hey, hell no, we’re never going to go through that again. do we prevent that? But that whole mindset of, do I improve my cyber posture or do I just That’s really important.

Keep limping along until there’s a huge influx of new capital or revenues go up and the margins improve. I think we’re on that cusp, but I don’t know, Drex, have you seen the same? I mean, I, it’s interesting, right? they’re making, health systems are making a lot of really, really incredibly difficult, almost impossible decisions.

And some of it is between cybersecurity and fixing the leak in the emergency room. I mean, they’re making really tough decisions. And when this happens for a couple of years and the margins are low, if you’re a health system and then you get breached, I mean, we had a hospital this year that closed its doors and part of the reason that it attributed to its closure was that it had a ransomware event and literally just could not work its way out of it and had to close. The other thing that I see happening a lot is that with sustained downturns and these really sort of scarcity measures that a lot of health systems take as tech debt builds up, as you put a lot of employees out of work and reputation trying to get them back, Laura, as you sort of talk about they become really great targets for acquisition.

And so we see a ton of M& A happening right now. And for those who are doing the acquiring What they are inheriting turns out to be a lot more work than what they would have ever suspected. And a lot of it is because of sustained under investments that’s happened, not only for the last couple of years, but for some of those systems for years and years and years.

So the M&A challenge is definitely another real extra project that a lot of CIOs and a lot of health systems are taking on right now.

right. So you guys leave me with the cliche and I’ll go ahead and do it. think this year may be known as the year of AI. Yes, correct.

Somebody had to throw it out there.

I wanted you to have that premier position of saying, It’s the year of AI.

Just throwing it out there. What do you guys think? Do you think AI big part of the conversation? Heck, it was a big part of the conversation this weekend. recording this. Just after Satya Nadella has scooped up Brockman and Altman to be Microsoft staff which we don’t really know how this is going to play out just yet, and nor does it matter in terms of the broader conversation.

Although it feels to me like Microsoft just bought OpenAI for pennies on the dollar. And Satya Nadella.

Less than pennies. Less than pennies, I think.

Seriously, I mean, here’s the thing you have to appreciate. I were going to give out an award this year, and I’m going to ask you guys who you’d give an award to.

If I were going to give out an award this year for the person who impacted healthcare the most, it would be Satya Nadella. And for whatever reason, he is able to take a publicly traded company, large… Bureaucratic company. And by the way, when he inherited it, it was really bureaucratic. And somehow he makes it operate like a startup.

I mean, he’s able to turn on a dime and make these things happen and invest in these companies and roll out these new capabilities. I saw him on the stage at UGM and I leaned over to somebody. I’m like, hey, who, spoke last year? And they’re like, no, you don’t understand.

This is like the first time somebody other than an Epic employee has been on that stage. Right.

Exactly right. That’s exactly right. Okay, so Microsoft is leading the way on this partnership with Epic, and it’s just one of many stories where they are really changing the game. I mean, clearly Amazon and Google, and Apple, they all have advancements.

we skipped big tech. And that’s fine for this year, but it’s hard to get around large language models. We’re seeing use cases. in the administrative side. There’s almost no one I know that’s not using it. David, you and I have talked extensively about how it’s being used for programming.

And I think about 90 percent of the code I write right now, I don’t write. I just describe it and it comes back I’ll tweak it by saying, Hey, use a different language or use this or use these variables in this way or that kind of stuff. It’s not working.

Here’s the error that I’m getting. Yeah. Yes.

Exactly. It’s programming by exception. It doesn’t do what I think it needs to do. Can you augment this and having that instant feedback? Because you don’t have programming hands, on keyboards doing that. Makes perfect sense. I think the whole art of programming is going to be radically changed over the next five to eight years.

Radically.

Well, what about the whole art of running an IT operation? Where you just, you essentially say… Hey, provision five more servers of this class of this type and move this application set or give us the ability to scale up. I know we do a lot of this automated now, but essentially it used to be I’d have a conversation with a team and sign a project and now it could be just as simple as.

Speak it into existence. Just make it happen.

We fielded Charlotte AI this year and it’s built exactly to do that kind of thing where you can essentially just have a conversation with Charlotte who will tell you things that are happening in your environment and you can ask for other things to happen to block those attacks or to re look at that, part of the network or whatever the case may be.

And Charlie will, in the background, generate the stuff that you need to be able to do that. So, it’s, AI for the good guys, but, I mean, there’s also AI for the bad guys. Adversary AI, adversarial AI part of the world that we’re dealing with now, too. So, I mean… Bill, I’ll tell you, on Friday I would have given the award to OpenAI, but it’s interesting to see how a board can somehow, and I mean this is only how it looks like, it’s still very fresh, but how a board can maybe somehow cut their own throat over the course of a weekend.

Because like you said, the company Now at Microsoft and the, 650, almost 700 of the 770 employees signed a letter over the weekend to saying they were all going to resign if the CEO wasn’t put back in the seat. Well, that’s an impossibility now. So where do you think all those employees go?

Like there’s a part of me that says, okay, Microsoft HR needs to like ramp up a new office. there’s going to be a lot of folks that they’re going to be able to scoop out of that. 📍 So my award today could be as much as I hate it, probably the bad guys, right? They’re so innovative and so creative and they’re doing so many interesting things that even though I hate them, I have to begrudgingly also admire their skill at business planning

it’s too easy to get stuck on this story. And by the time this airs, this story will have a lot more detail than we have right now. But I will say this. This was a difference in vision. And if you look at the founding of OpenAI, it was a science experiment. We are going to bring AI to the masses.

in a way that is well thought out, it is secure, it has the guardrails that it needs, and it is not a commercial endeavor, it’s more of a, research project. Well, can we argue that over the last 12 months, this has become commercial venture in high capitalism at its best.

I mean, just the selling of 49 percent to Microsoft, the launch of an app store and that, and so you see where Altman sees this potential and is sort of taking it this way, but the board was like, hey, wait a minute. We have gotten pretty far away from where we started just based on you have a picture, but that wasn’t the picture we started with.

And so, yes, they shot themselves in the foot, but they really see like they’re standing on morally solid ground. But yes, as far as the commercial entity, who knows where it goes from here. you talked about the grind in between the board and Altman and I mean, essentially, that was the firing, right?

That was the reason for the firing. he was pivoting with the company, but apparently not talking to the board about these, the pivots that he was making. that seemed to be 📍 the grind . obviously, somebody wants 📍 the commercial version of this, because they hired those guys, within 24 hours

Laura, you have a board. Is this how you do things? You just let them know like a year later? Hey, I’m heading over here. It’s amazing to me as a CEO, I think one of a CEO’s main responsibility is to manage their board. Period. And you manage the board the way. for the alignment of your company and your customers and what’s best for your people.

And if you’re not managing your board and in constant alignment, this side or the other, there’s going to be a problem. Yeah. I can’t imagine. So, this year was pretty interesting. And we’re going to call this year the year of AI. should I go first with predictions or should I go last with predictions?

Go first. Go first. Yeah. All right. if I look at healthcare and healthcare IT, I think we are going to recognize and realize that large language models. And other, AI models are going to be applied in a lot of different areas. And there is going to be a strong push.

we have to, as leaders go in and sort of make the case and push things up a hill. We’re not going to have to push this thing up a hill. I have a feeling a lot of boards and a lot of other people are saying, look, here’s what I’m seeing. Here’s what I’m feeling.

I logged into two applications last week and all of a sudden there’s a. The box at the top that says, tell me what you want to do. And I think what’s going to happen in healthcare is those boxes are going to start showing up in these apps and there’s governance groups that are going to sit there and go, Hey, we need to talk about how AI is being brought in.

And it’s going to be pervasive by the time they even recognize. And so I have a feeling it’s going to be more as the IT organization, it’s going to be the stone rolling down the hill and we’re going to be chasing it, trying to go, Oh my gosh. So I think that’s what the next year is going to look like.

We’re just going to keep hearing use cases. We’re going to be awed by it. We’re going to be like, Oh, did you hear that use case? Did you hear what that health system did? Oh my gosh. They were able to do this for the patient, do this for the clinicians, do this for the, and I think next year is going to be.

We are going to be playing catch up as an IT group in trying to stay ahead of this. So, David, I’ll have you go next. any thoughts on that? Anybody disagree with me that it feels like it’s already reaching that apex? I think the genie is out of the bottle. I think that open AI has legitimized the term AI for a lot of.

Broad use cases, especially generative AI, which up to now has been a research project. The ability to take a large language model and now use it in creative ways, barring hallucinations and biases that may be built into the models that we don’t know about. As much as… We’re going to find new and interesting ways to leverage it.

I think IT needs to be really aware of what ethical AI means. Everything that NIST has come out with their risk framework for AI, I think that’s a document well worth reading because it covers a lot of the topics around, gee, just because you have access to AI, have you thought about all these things too?

Certainly mitigate the risks as you use this brand new technology, be careful what you wish for is, really correct because if you don’t understand and just blindly trust what comes out of the other end. I mean, I’ve worked on enough AI systems in the past to know that, gee, you just covered an edge case that we didn’t account for and boom, you get this, random kind of output that you can’t account for.

The unscrewed ability of AI system is going to be something that we need to really think about. And IT needs to be aware of all these Gaps, so.

I think we have to be careful to not get into the application rationalization problem all over again. I mean, you guys Drex and Bill have both been, sitting CIOs and I agree with the earlier statement that once budgets start to get cut and you get used to a trend, it’s really difficult to get back up to those budget levels.

So I think that our CIO colleagues are going to use it. This opportunity as a way to get on that continuum to have technological enabled solutions that will help make margins better and be trying to bring in, different ones into their organization as a way to start to get back upstream to normal spending levels.

And I worry about the whole application rationalization issue all over again as a part of this.

But by the way, I launched a GPT over the weekend. It’s called Healthcare CIO, and I’m training it on the interviews and stuff that we’ve done. And it can’t take in enough information yet. That’s one of the problems with it.

and you can, if you go out onto the GPT. Store and search for healthcare CIO. You can ask me questions like, I’m getting ready to do an EHR deployment. What are some of the things, I mean, it’s, it’s pretty great. That’s pretty great. All right, Drex, prediction. would say Continue on the AI path, right?

I think the genie’s out of the bottle, as David said, but I think it’s just barely out of the bottle. I don’t think we actually understand everything that’s inside the bottle and is coming out. And as they say in the South, It’s hard to put the cat back in the bag or something like that. So it’s, I think it’s going to be interesting.

I do think we’re going to be wowed. I think we think about AI and generative AI as something today. But I think in 365 days, we’re going to get back together. And it’s going to be like, holy cow, what happened last year? We’re also on this path. And we’ve been on this path for a while of like, not running stuff on our data center, doing a lot more SAS, doing a lot more back to the third party risk management issue.

And now with the boxes bill that you’re talking about that are being built in. The idea that health systems are concerned about this and have privacy issues and want to protect IP and not just health systems, but any kind of company, and so they’re going to protect it by cutting off chat GPT. You can’t go to the site.

Like, I think those days are they’re numbered. They’re basically over because I mean, look at Microsoft. You’re going to use Word, Excel, and PowerPoint, and you’re going to tell it things about business plans and help me build this or help me do that. And that information now is going to be out.

It’s gone. You’re going to think of it as just another tool that I need to use to do work. But that information is going to go into the big, wide world to be leveraged and used in other ways. So I think it brings a whole new way of thinking about… How do we create contracts for SAS? What are the things we should be looking for?

I see a whole army of lawyers storming the gates on this front to create a whole new sort of line of legal business around, what do these contracts look like and how should they work? And in the meantime, I think we’re going to spill a lot of, coffee. So,

I bet you’re going to see some startups or new lines of business in terms of consulting organizations that solely focus on the governance of justice.

Yeah, yeah. So Laura, you’re going to go last, but before we get there, I want to ask these two gentlemen. Will we see a major health system get breached in the way that Common Spirit was breached this year or next year?

David?

Biting my tongue as hard as I can.

So, Indicators of the sophistication of the attacks. The fact that… Just like Drex pointed out, the bad guys are leveraging the same technologies that we have access to and they’re only getting more creative and better and they only have to be right once.

But in order for that to happen, it’s not only get in the door, because they’re going to get in the door at major health systems.

They always do. But it’s the lateral movement. Have we gotten better at stopping that lateral movement? I guess is my question. Are we going to see a, oh, they got to the EHR and they shut it down situation again next year? Or have we gotten to the point where we’re stopping that lateral movement? And I know you both have products that head us in that direction, but So I, I look at it like this. So there’s the. Oh no, things have gotten really bad. We have to call somebody like CrowdStrike to come and help us because the whole network is shut down, right? Incident response. I think that mature health systems from a cybersecurity perspective have taken a much different view of this, focused on speed, and their view, they’re focusing on the other IR, the intentional resilience, right?

You can have all the little incidents you want, but if you can catch them when they’re in the first machine and kill them off. Then to the, everybody that works in the health system, it’s like nothing ever happened, right? model that you have to aspire to, 📍 but not everybody’s there.

This was a very unsatisfying answer for me.

I thought you were going to say yes or no. Like, in the hearing, and then I thought you were going to start naming

names. Yes, somebody’s going to have a big breach next year. I’m going to say absolutely yes. It’s just, I don’t know who. I’m seeing Drexler mopping his brows.

Oh, man. I need to turn behind me to answer the question, but there’s nobody there.

There’s nobody there.

Laura, you get the last prediction for 2024. What does it look like?

I think it’s a pretty easy prediction. I think that for our CIO colleagues, the innovative ones are going to rise to the top. And I think that for our CIOs and their counterparts, if they cannot find less expensive ways to deliver services that are going to increase revenue, and preserve or enhance margin, they’re going to be out of a job.

And I think that for some health systems that have not embraced the whole virtual nature of where knowledge workers are in their life that really want to force pulling people back together and can’t get over themselves, they’re going to lose.

Laura, thank you for being that bold person who says the.

I agree with you. I think there is a. The CIO that believes their job is to just sustain the environment, think that job’s gone. I think that person is like the VP of Infrastructure or even the Director of Infrastructure and Operations. And that’s that role. title is the CIO… There’s an expectation that you’re going to help the organization stay in front, get in front on cyber security, on the use of large language models, on

Clinical operations improvement, business operations improvement. This is the CIO who has their fingers in everybody’s pie. They have to help everybody move forward as fast as possible, which decentralization too, right,

Laura? Right, absolutely.

And Drex, I think it’s going to be about leadership. At the end of the day, it’s going to be about leadership, more so than a particular skill that you bring to the table, you can surround yourself with, domain capability, but I think we’re going to see our CIO colleagues have to step up from a leadership perspective in big ways.

And I think you’re going to see certain ones really rise to the top and I’m excited to watch that.

All right. Rapid fire. We have a couple seconds left. Will the. CDO continue to grow or disappear over 2024? David, we’ll start with you. Chief Digital Officer, will that continue to rise or?

I think it fits into the paradigm that Laura talked about, which is IT and every other vertical is the backbone of the industry. It’s about time they took the same role in healthcare. It has to be the one that accelerates the business.

Do you think there will be more Chief Digital Officers next year or less?

I think there will be more. I’m hoping there will be more because it is a new generation that takes that role. Drex, more CDOs or less?

More. and they won’t have operations responsibility. that’ll be delegated to the new CIO, right?

Interesting. Laura? I think there will be more, but I also predict that those CIOs that I talked about, the ones that can possess the real cornerstones of leadership that are going to be necessary to make a huge difference for their organization, they’ll just become one role.

And to Drex’s point, you’ll see, more directors, doing the operational things, or even VPs doing the operational things. But I think there’s going to be more of a convergence of those innovative CIOs to the CDO.

All right. Shorter answers for the next one, which is More workers required to come into the office.

Same amount or less workers required to come into the office. Laura, we’ll start with you. Less. Less. Drex?

I want it to be less, but I think it’ll be more. Yeah, David?

I think it will be about the same. I think you still need the on prem folks backed up with whatever talent wherever you can find them.

All right, the only time we’re going to touch on big tech, Amazon, Google, or Microsoft. Who’s going to be the big winner in 2024 in healthcare? Drex, we’ll start with you. Amazon. Amazon. All right, David? I think it’s going to be Microsoft. Microsoft. And Laura? I agree with

Drex. I think it’s going to be Amazon.

Wow, man, and we’re out of time, but I really would love to unpack that one. That would be a lot of fun. I want to thank you guys. This is always fun. And we’ll have to figure out a way to do this more often next year. Cause this is, this is a lot of fun. Really appreciate all of you guys.

Appreciate you coming on the show this year and appreciate the work that you’re doing in the industry. Thank you very much.

Thank you.

And that is the news. If I were a CIO today, I think what I would do is I’d have every team member listening to a show just like this one, and trying to have conversations with them after the show about what they’ve learned.

and what we can apply to our health system. If you wanna support this week Health, one of the ways you can do that is you can recommend our channels to a peer or to one of your staff members. We have two channels this week, health Newsroom, and this week Health Conference. You can check them out anywhere you listen to podcasts, which is a lot of places apple, Google, , overcast, Spotify, you name it, you could find it there. You could also find us on. And of course you could go to our website this week, health.com, and we want to thank our new state partners again, a lot of ’em, and we appreciate their participation in this show.

Cedar Sinai Accelerator Clearsense, CrowdStrike, digital Scientists, optimum, Pure Storage, Suretest, tausight, Lumeon, and VMware who have invested in our mission to develop the next generation of health leaders. Thanks for listening. That’s all for now.