Improving Care By Simplifying Secure information Sharing

​​Here's a podcast from Healthcare IT News on how Zero Trust Data can simplify the secure sharing of patient data. Thanks for XQ partners Ingram Micro Keystone Technologies Jason Singer and Kelby Price, CPIR for making this happen. Here's a link to the article: https://lnkd.in/gnyUpZpN

Junaid Islam (00:00)

When you map these secure document systems, which are really coming from federal agencies onto the healthcare system, it just doesn't work.

Mary Ann Bohr (00:17)

Hi. I'm Mary Ann Bohr with HIMSS. Today, I'm sitting down with Junaid Islam, CTO at XQ Message, and today they'll be talking about improving care by simplifying secure information sharing. Before we start, I want to say thank you to Ingram Micro for sponsoring this podcast. Junaid, thanks for joining us today.

Junaid Islam (00:36)

Well, thanks for having me.

Mary Ann Bohr (00:38)

Let's talk about security. Let's imagine a world where doctors, healthcare providers, and administrators could exchange patient information securely and that would result in better patient care, of course. So what do you think that would look like?

Junaid Islam (00:53)

As all of us know, the most important thing is delivering high-quality patient care. That's why we're all here. And one of the stumbling blocks has really been the quick and timely sharing of information of patient data. This has actually been a problem for decades. This is not a new problem, right. And it really stems from the fact that our systems to manage documents both at big hospitals and small hospitals is very cumbersome, number one. And number two, if you think about how the healthcare industry has evolved with this primary care and then specialist and then regional hospitals, because of economic the sharing has become even more difficult. And this is really a big issue when we're talking about critical care as we have an aging population, right? So one of the things we are focusing on at XQ Message is really understanding this problem and then working out ways to really simplify the sharing of information, but keeping it secure. That's the critical thing. At no point do we want to compromise patient confidentiality or privacy or HIPAA regulations.

Mary Ann Bohr (02:13)

So Junaid, why do you think it's so challenging to ensure this compliance in healthcare?

Junaid Islam (02:19)

So the challenge is the security systems in compliance are really a derivative of the kind of security systems we see in the federal government and the banking world. In those environments, such as the Department of Defense, we have a very closed community where the people in a work group, like, let me just use a random example. Say you have people working on the military base and they're working on a little project for a new Jeep. I mean, the team is set. They're going to work for two years or five years on this Jeep, and there's very little change. So you can have security systems that are difficult to provision, but once you get through it, it's fine. Now let's flip to taking care of a patient every time someone has an unfortunate medical incident. It's really a unique group of health professionals. There might be cardiologists in one case, in a different case, there might be people providing care at home in another case. So what happens is when you map these secure document systems, which are really becoming from federal agencies and defund agencies onto the healthcare system. It just doesn't work. Doesn't work because the fluid nature of healthcare, not only is every patient taken care of by different group of people, as the patient goes through their recovery process, it also changes.

Junaid Islam (03:44)

It might change from the people doing the initial lab work, to the treatment, to whoever's involved in surgery, to the recovery. And what you find is these static security systems just don't work. They just don't scale when we're talking about an individual and the community around that individual that needs to take care of them.

Mary Ann Bohr (04:03)

So what upcoming technologies and solutions do you think could elevate the quality of patient care through better healthcare cybersecurity and better compliance?

Junaid Islam (04:13)

Here's the interesting thing. I mentioned that a lot of how we do medical secure document management is really a derivative of the department of Defense approach to creating an enclave. Well, here's the interesting thing. The department of Defense itself found that architecture difficult for know because as it's evolving to new weapon systems, to drones, to coalition networking, where the United States works with its partner nations, they realize that their own architecture doesn't work. So the DoD itself changed their own architecture to something called zero trust. And there's many zero trust, there's zero trust device, which is how do you secure your mobile phone zero trust network, how to use a coalition network. And they also have something called zero trust data, which they announced last year in November 2022. And zero trust data is this idea that for every block of data which could be a file, it could be a satellite image, it could be an X ray, you individually encrypt it, and then you have a policy server just for that block of data, which allows you to specify who can see it and who can't see. So the nice thing about this is not only is it secure, it's fully automated.

Junaid Islam (05:26)

So here's the great thing. We find this new approach to how the department of defense is going to secure all their data, called zero trust data, actually has huge value in healthcare. So now we have a patient. And for every patient, you create a mini enclave around that patient, which is no different than the United States creating an enclave around a mission with a coalition partner. So the nice thing is, not only is it elegant, this approach works on phones, laptops, and cloud servers. So imagine every patient has a secure network. And that secure network is composed of people who are caring for them. And as that patient evolves through their recovery and at home care, you can actually have individuals joining and departing that secure network transparently, but it's always maintained, which allows you to create this kind of HIPAA compliance bubble. So the good news is, and we're spending a lot of time on this is our goal is really, again, to simplify the secure sharing of patient data. So you're always in HIPAA compliance, but you can bring in participants, experts, and then when they finish their work, they depart.

Mary Ann Bohr (06:45)

Everybody in healthcare these days talking about AI. AI applications. Now, Janae, what challenges and benefits do you see come with using AI in healthcare to enhance patient experiences?

Junaid Islam (06:57)

So I actually think the opportunity for AI in healthcare is massive simply because if you've been involved in healthcare for a while, you understand that there's so much we know, but there's so much we don't know. And there's been so many trials where the analysis was inconclusive. So the benefit of AI is really to look at our massive historical database of past trials and really examine them. Because what AI can do, which is very difficult for VIEWAN to do, is take a set of data and look at it from different perspectives. So if you think about all these trials, they had a drug, or they were looking for something, or they were asking you to exercise, but it might have been something else, or there might be ten trials that if you look at them from a certain perspective, there's some commonality and here's the rob. It's very tedious for humans to do this because you don't want to spend three years working on something to realize it's a dead end. AI, on the other hand, can look at millions of combinations in a split second. That's the good news. The bad news is AI systems are very good, are so good that even if you anonymize the data, they actually figure out who the original person is.

Junaid Islam (08:12)

You can take their name out and everything, right? So one of the benefits of zero trust data, the same approach we talked about, patient care, can also be applied to ensuring the raw data in AI systems is only visible to the AI program and can't be exported. But more importantly, the insights when they come out that that is also secure. Because the AI has two parts. One is doing the analysis to create the model. Once you've done the model, actually we're using it with a real patient and saying, we've got this blood pressure analysis that looks at 40 drugs, and now we're going to run it on a real person to see what insights. So you want to keep that as well. So I think AI is a new, exciting space in healthcare, and it's truly going to revolutionize healthcare. And I'm sure of that because I'm already working with a number of AI vendors, and what they can learn is incredible. Having said that, let's make sure it's secure from day one. If there's one thing we've learned about cybersecurity, adding it as an afterthought, or after there's a breach is very pointless and problematic.

Junaid Islam (09:21)

So one of the things we're doing, and I hope the healthcare industry kind of really internalizes, let's be proactive about the raw data that goes into AI systems upfront as well as the insights that come out of it, so that we can really tweak the full potential of this technology without any downside, especially the leaking of patient data.

Mary Ann Bohr (09:44)

Absolutely. Those things have to be baked right in for the beginning. Well, Jade, thank you so much for joining us today. And thanks for sharing your insights with us.

Junaid Islam (09:52)

Great. Well, thanks for having me.