Recent Headlines with A&J – AI Report, Uber Health, and Ransomware Attacks

Speaker 1: 0:51

Well, hello, jason. Thanks for joining me in our digital studio today. How are you doing? Hey, aaron? How are you? I’m doing pretty good. So I know, a couple episodes ago we had, uh, the other a and j, amy and julia on. Unfortunately, uh, for today’s recording they weren’t able to join us uh, but we do look forward to their future participation as as uh, we evolve the show. So, uh, just to get their fans settled, you know, I’m sure they’re clamoring for more. Sorry, you know, listen to today’s episode and Ami and Julia will join us when they’re next available. So, jason, I think we have more than a handful of headlines today, so let’s jump right into it, shall we?

Speaker 2: 1:36

Yeah, yeah, sure, I’ll toss one out there that you know, you and I have always talked about sort of the off the track health care, sort of vendors and initiatives out there, and so one that’s come across my desk here today is Uber Health. So this summer they’re rolling out a new product called Uber caregiver. So it’s going to allow individuals which I know you’ve used Uber eats right Quite a bit so allow individuals to add a caregiver to their Uber profile so that then they can share and spend that person’s sort of health benefits on those types of eligible services, whether it’s rides to doctors for appointments, order groceries and so the the caregiver themselves will receive real-time updates as well and then, you know, be able to access the chat features and all that good stuff like you normally can with your uber driver. Uh, what I find interesting as well is, uh, here around the same time as Uber, health will be working alongside some other commercial plans, so Medicare Advantage, medicaid commercial plans Uber Health will be working with.

Speaker 2: 2:46

That’s always sort of a hard nut to crack with a lot of these disruptors you and I talk about quite a bit is how do you work on the reimbursement side with carriers? So I find that kind of interesting is how’s Uber Health going to work with those carriers? In particular, when you start talking about profile, you know adding users to your profiles right, we’ve seen that in the Netflix world and subscription basis. Sometimes that has conflicts, but how’s it going to work when you’re talking healthcare and then you bring in healthcare payers into the fold? I just think that’s going to be interesting to see. But again, you and I talked about disruption. I think this is another good instance of that.

Speaker 1: 3:24

It’s been several years since I went to HIMSS, which is the big health informatics conference that is held in various larger venues, but when I was there gosh going on about six, seven years ago Uber was there and they were talking about their Uber Health, and it was just more of a concept at that time. So it’s interesting to see how I’m not sure this is kind of a reboot or maybe an expansion of what they were doing previously, because previously they would pair up with, like a practice say, your practice wanted to make sure that the practice would be paying out of pocket to get the patients to come, and there was, you know, some sort of insurance mechanism that they had that they were working on. So it sounds like they’ve hammered out a lot of the details in the last, uh, half decade or so. That’s good to hear, but, yeah, it’ll be interesting to see, particularly in areas where there isn’t a lot of public transit available, how this will work and certainly also kind of makes you wonder too about transporting people around who might be sick. So that’s another consideration Interesting.

Speaker 1: 4:39

Well, and that kind of dovetails a little bit into the new American Privacy Rights Act. I think we talked about it briefly in another episode. It’s something that Congress is working, still in draft form, apra as it’s being called. Apra is effectively consumer privacy rights, and why I bring that up is because what you were just talking about with Uber is right now under HIPAA. The Health Information Portability Act of 1996 does not require that Uber or any of these other non-provider companies actually protect data. There is no legal requirement for them to encrypt the data. There is no legal requirement for them to retain certain records. The APRA seems to potentially mean to change that. So that kind of to your last example here of the Uber, it’s not that they’ve become a HIPAA-covered entity, but a lot of the information that they will be collecting for this will be health-related, right yeah and that is a great point because, as part of this announcement, CEO of Uber Health talked about what they’re trying to set up in the future, which includes things like, potentially, a Medicare flex card, travel benefits.

Speaker 2: 6:03

How are they going to work with clinics so that way, your primary care clinic of your senior citizen that you need access to because transport services can’t get them there, how do you loop them into the workflow? And you’re right, what kind of information is going to be shared with yet another third party, in this case Uber, in order to make sure they’re getting the person you care for from point A to point B? So that’s an interesting point you bring up. Yeah, you got to think in the next 12 months of Uber Health is rolling all this out here in the next 12 months, which it sounds like it is on the UBER health side. You got to think the Privacy Act is going to have to expand some to include such services.

Speaker 1: 6:45

Yeah, with it being on an election year, I’m not sure there’s going to be a lot of movement on the APRA to be honest with you.

Speaker 1: 6:53

But I think that after the election almost because it’s a bipartisan bill, almost regardless of who wins the majorities in either house I think we will see some form of the APRA pass and, granted, it’s not just healthcare-related information that is needing to be protected. America has long needed I’m going to get on my soapbox here for a second a good digital privacy act. Europe, the EU, has their GRPA, which has been great for the citizens of the EU. America needs something similar. This is a step in that direction. It’s not as strong as the GRPA is, but what I’m seeing is a step in the right direction. America’s 350 million people, so they kind of got to take their time and do it right, indeed, in theory, at least. You know. Um, okay, well, what else do you got for me here?

Speaker 2: 7:52

yeah, so, uh, a few things. One I was very intrigued by a report recently released by one of the ihi Institute for Healthcare Improvement, one of their think tanks, the LEAP Institute, I believe it is came out with a generative HI report, a 50-page report. It was composed of lots of leaders in the industry Amazon, google, microsoft, harvard Medical School, leapfrog, kaiser Permanente, I believe, was involved and basically it was just sort of a pause and look at generative AI where it stands today and where they caution. So it was more of a cautionary report is how I interpreted it, not so much a negative tone but just where we need to maybe look at some guardrails, and they they sort of filtered these, their perspective, into six best practices, and so the tone of the report fell within those which is serving and safeguarding the patient, learning with engaging and listening to clinicians, which we’ve talked about.

Speaker 2: 8:55

How oftentimes you know recent articles of nurses being left out of the fold when it comes to AI workflow implementation. Well, ironically, this group found that as their number two, evaluate and ensure AI efficacy and freedom from bias, establish strict AI governance, intentional design, implementation and then engaging in collaborative learning across the health systems. And they very much, like I said before was conservative around how to implement and prevent things like burnout. Because while we think of, obviously AI is heavily implemented on the administrative side of things right, it’s already been, you know, in use in particular with documentation they caution at how what new expectations will unfold because of supposed free time. Right, because it’s not going to be 100% accurate.

Speaker 2: 9:47

So obviously the same people we counted on the input, the data, is going to have to do what Go back and make sure and verify because it’s not going to be 100% correct. What’s that going to do? Is that actually, in the long run, going to double the workflow, double the effort, actually, in the long run, going to double the workflow, double the effort? Is there going to be burnout? Because now I’ve got to go back and check some of the documentation that supposedly was keyed in, so there’s just a lot of unknown. But again, the basis of the report was let’s just not implement and forget, don’t buy and hold right. Let’s implement and review and assess. Let’s implement and review and assess. But along those reports it also talked about a lot in terms of being cautious in terms of how EHRs were also perceived right in terms of accessibility, strength and communication. There was also some challenges and risks involved when that you know EHRs were initially implemented.

Speaker 1: 10:42

So take those same concerns. And even to this day, new work was created, while old work was replaced.

Speaker 2: 10:47

That’s right, that’s right and so.

Speaker 2: 10:49

But, todd, I don’t know what you feel, but it seems like, as we talk AI now, it’s more of a we believe it more than probably EHRs. At the time, when that’s not a true sentiment that we should have, we need to implement it, just with the same concerns. Right, and even what I found this interesting the report. It talked about de-skilling, which I haven’t heard that phrase used, which was you know, are you going to see an over-reliance on tools that may lead to unnoticed errors, inadequate oversight, and they gave an example about TSA agents who are periodically shown images of weapons and luggages just to test out their level of attention and to promote vigilance. Well, I thought that was a very keen observance, right, as are we going to see a de-skilling, which is a phrase I haven’t used before, because we’re relying on those tools so much and not staying vigilant. So, very good report. Like I said, it’s a 50-page report, so it’s not a long read. Some heavy hitters involved in the expert panel, but yeah, I found that kind of an interesting viewpoint.

Speaker 1: 11:56

It’s interesting that you say that because I have another article here about Kaiser Permanente using AI to redirect as they have here in this headline simple patient messages from physician inboxes. So I would actually say this is coming hot and fresh from the desk of unintended consequences. I like that Because I see this being a problem. So it might even be coming from the same site. This is from the JAMA, j-a-m-a Network Open. So they, kaiser Permanente, have said that they are finding 32% of the more than 4.7 million patient messages end up being reviewed by staff to be resolved and that the remainder is being summarized or filtered or redirected or answered by AI and they have found that to be satisfactory. Boy, yeah, that’s a tough one. Boy, yeah, that’s a ton, which is interesting that you’re saying that Kaiser is involved in this other report, but yet here they are. These are patient messages.

Speaker 1: 13:11

And again, I think you’re right AI is brand new to us. It’s not even in its infancy, it’s still in the gestational period of development. Um, we haven’t yet reached even the terrible twos. And yeah, I, I think you’re right with that de-skilling. There is an over-reliance. Shoot I.

Speaker 1: 13:38

I’m getting emails from people now that are quite obviously just ran through a gpt algorithm and an answer is given back and they’re just copying and pasting, which is honestly kind of insulting. But are we doing that then to patients and you know what, if, what? If something gets missed, and then whose fault is that? What if something gets missed, and then whose fault is that? So I can see AI helping with a lot of the data entry and that sort of busy work, but I am not yet comfortable with them doing Mike Scribner on how some AIs are doing a better job at spotting potential cancers and things like that, and that the prediction is in the next 10 years, radiologists really won’t be needed to read.

Speaker 1: 14:36

And, okay, I mean that might be a great thing. We might get to the Star Trek level of of oh well, here’s the problem right here and here’s how you fix it. But we’re not there yet, and I think there is that very real danger of relying on tools that are still under development to do important critical human work. Well, we’ll figure it out, I think, as time goes by, but I hope nobody gets hurt in the process.

Speaker 2: 15:04

Yeah, yeah, I agree with the focus to be more on the workflow side of things. Right now to your point about caution on the clinical side. You know the report even mentioned okay with the patient where’s this lie when it comes to patient engagement? And they even mentioned how to put guardrails around chatbots. Like we’ve got to be real careful with chatbots, which we’ve been using chatbots for several years, right, so the function is not new?

Speaker 1: 15:30

Well, they’re getting smarter. So I don’t have the headline, but I know there was a recent case of a chatbot for a car dealership started recommending competitors’ cars over theirs.

Speaker 2: 15:45

So you can’t trust those chatbots you can’t trust. Well, that was the point too. For example, they said one mitigation guardrail which is their theme, like I said in the report, with a chatbot is when you ask certain questions that are clinically oriented, you know the patient within the chatbot to not answer it, to not allow it to answer such questions, but rather maybe work in a help desk fashion like tier one, tier two support, where you elevate the question to the physician’s nurse perhaps, but not to allow to answer certain things. I thought was very keen observation there as well.

Speaker 1: 16:20

Yeah, I would say, use it to answer hey, when is my next appointment? And you know, because, that information can go look up.

Speaker 1: 16:27

You know what are your hours or you know I need a refill on my medication, though anytime there’s a question that needs to have another set of eyes, obviously take that question and then pass it along to a human and let a human make that determination. We’re not quite there with AI. We call it AI. It still can’t pass a Turing test. It’s not truly AI yet. That’s right. I agree with you. Put an asterisk there. It’s AI-ish.

Speaker 2: 17:01

That’s right, that’s right, it’s conceptual. There you go, right. Well, that’s what I’ve got. You got anything Bruin in your area that’s caught your eyes headline-wise?

Speaker 1: 17:10

Yeah. So in the vein of protecting patients and everything technology that we are becoming more reliant on in health care, obviously there is the big hack that we are still reeling from with Change Healthcare, but everything that Change did wrong, ascension seems to be doing right At least as far as you can be doing right after getting hacked. So earlier this month this is recording this in late May, mid-late May, on May 8th, the Ascension Healthcare got hacked. Now there are 140 hospitals, so they are a very large healthcare provider in the US. They discovered that hackers had broken into their network on May 8th and three days later they confirmed publicly that they had indeed been hacked and that they had reached out to the FBI and they started pulling in all the appropriate organizations. They disconnected their network from all the other networks as quickly as they could. I kind of imagine some poor network administrator in the network closet hurriedly unplugging cables. Honestly, it may have very well been something like that, but they aggressively shut down their network to prevent the spread to any connected entities. They’ve been extremely transparent in coordinating with the government to address this. They are still digging themselves out of the digital hole. It’s going to take them months to recover. It takes any organization months to recover from any sort of cyber attack.

Speaker 1: 19:04

Um and and they’re being praised for this. And you’re like, well, they got hacked, right. They’re being praised for it because they’re being upfront and honest about it. They’re not trying to cover it up. They’re not trying to say, oh, there’s a network outage, nope, they, because they’re being upfront and honest about it. They’re not trying to cover it up. They’re not trying to say, oh, there’s a network outage, nope, they’re saying they’ve been hacked. And whereas change, for example, took eight days to even acknowledge that they had an it issue and then reportedly waited several days before they even went to the FBI about it, and then they’ve continued to try to cover it up and they’ve dragged their feet on any investigation.

Speaker 1: 19:44

Don’t do that, people. Please don’t do that. Don’t be like Change Healthcare. Be more like Ascension. Hacks are going to happen, period. It’s not anybody’s fault, fault. That’s not the point of notifying the fbi, the. The point of this isn’t to assign blame. The point to reaching out to these entities is to recover, to get your patients care back online, to get your doctors back working in same patients. That’s the point. You know, being open, honest and upfront helps people understand and prevent miscommunication and fear from running the day.

Speaker 1: 20:24

Now I’m not saying that will free you of consequences. Ascension very well may face consequences for this hack. You know the government has been very clear that hacks are a HIPAA violation. But they also understand that if you’ve taken every precaution, if you have the right policies in place, if you have the right tools in place, and a hack still happens because it can you can do everything right and still lose. The government understands that and they’re not going to necessarily penalize you for it. You’re going to have to go through the pain and suffering of an audit. You’re going to have to talk to investigators. You’re going to have to do all those things. But trust me when I say, having had conversations with health and human services officials in the Office for Civil Rights in-person conversations I’ve had with them they are far more lenient on any penalties and fines, whether waiving them entirely or reducing them when you are cooperative and helpful, versus when you’re stonewalling and trying to hide the truth.

Speaker 1: 21:28

And it doesn’t matter what size you are. I’m an organization. This applies to anybody of any size applies to anybody of any size.

Speaker 2: 21:35

Essentially. It’s funny you mention that I saw a thing that was in Becker’s just a few days after that attack yeah, I’m seeing it here, so the 14th where they did a breakdown on their site, by state by facility, of what was operational and not, and I found that incredibly transparent and helpful and not, and I found that incredibly transparent and helpful. But also it opened my eyes to a part of the cyber attacks that we don’t talk about much or that isn’t in the news as much, and that is you hear about. You know, ehr, downtime and therefore some manual systems are put in place for documentation. But what about the clinical side?

Speaker 2: 22:13

In Ascension’s case, I want to say nationwide, in their facilities, they cannot fill prescriptions at their retail pharmacies. I mean, think about that. This is a very large health system across what eight, nine states or whatever it is, and they could not fill their prescriptions. That’s a big deal. And this, yeah, this is six days after the attacks took place. So not only were the think of the staffers, the RNs, who are already beyond stressed doing manual system documentation, their backup you know they’re trained on such but still the stress of that, and now the patients themselves are added stress because they can’t fill prescriptions, and so kudos to Ascension for being transparent and also highlighting something that’s not talked about.

Speaker 1: 23:00

Yeah, again, they’re doing everything right in a really bad situation. So, folks, take note If you ever find yourself in a situation like this, ask yourself what would Ascension do?

Speaker 1: 23:13

Because, what they’ve done is right and honestly, I feel like they’re setting a gold standard of how to respond to a healthcare cyber attack. And so, yeah, absolutely it is worth calling them out in a good way of this is how you handle that situation. You don’t hide it, change, you don’t obfuscate it, you don’t run away from the truth. You are in the situation. There’s no sense hiding it anymore. You need the help, you need the communication, you need to put your patients’ fears to rest, and that’s what they’ve done here with us. And again, there will be time in the future for investigations and maybe there may be time to assign blame. That’s not the time now. The time in a crisis is to solve the crisis, not to play the blame game. Okay, jason, anything else I know we’re coming right up on our time here.

Speaker 2: 24:11

Yeah, so by the time folks are listening to this, we’ve got just a few weeks left in Season 4. And so, just to highlight those you’re going to hear right after this, again, we’ll have Matt Usher next week. I’ll tell you what Matt’s for those that don’t know. So again, disclaimer again Matt’s the SHP broker, but he’s also a broker of several of our clients. Um, I think aaron would, you would agree. Not only is he very knowledgeable, but just the way he explained things. It’s like wow, I wish I had him as a school teacher, way back when. You know, he just breaks it down. But whether you’re a consumer which we all are whether you’re an employee, an employer, you’re going to benefit from listening to Matt. So tune in. His episode will air on the 5th of June and then we’re lining up a couple other interviews, also in June, before we wrap up the season. And so we’ve got a few more interviews left and then we’ll wrap up season four, end of June, early July.

Speaker 1: 25:15

Okay, I’m looking forward to that. Uh man usher interview. We we had a long talk and went way past what we had scheduled to do, but it it’ll hopefully be a great lesson for our folks.

Speaker 1: 25:28

We’re we’re going to be posting the full interview. We’re not splitting it up. It’s worth just, you know, setting aside some time or maybe listening to half of it on your commute in and the other half on the way home and then listen to it again. Honestly, it’s that good. I, I, I’m, I’m here live recording these. Right now I’m going back and I’m I’m reading the transcript and I’m listening to this episode multiple times. I’ve gotten something new out of it every time. So, uh, matt was a real treat to have on and we’ll certainly have him on again in the future. Alrighty, well, that brings us right up to time. So, jason, you have a great day and to our listeners, tune in next week.

Speaker 2: 26:09

Thanks, Aaron.

Speaker 1: 26:13

This has been an episode of Beyond the Stethoscope Vital Conversations with SHP. If you enjoyed this podcast, please be sure to rate and share it with your friends. It sure helps the show.

Speaker 2: 26:24

Production and editing by Nala Weave. Social media by Jeremy Miller.

Speaker 1: 26:29

And our co-hosts are me, aaron C Higgins and Jason Crosby. Our show producers are Mike Scribner and John Crew.

Speaker 2: 26:37

Thank you for listening and we’ll see you next time.