Barry Chaiken, MD, MPH, FHIMSS is chief medical officer of Imprivata.
According to your LinkedIn profile, you’re CMO for Imprivata, CMIO for Symphony Corporation, and CMO of DocsNetwork. You’re on a couple of advisory boards, you own a vineyard, and you just finished your term as chair of the HIMSS board. I’m not sure exactly what you do all day.
I’d like to say that what I do is try to tend to my grapes, but they’re too far away, so I don’t do that.
DocsNetwork is my personal consulting company. It’s just me. I will contract with companies like Imprivata, who basically are at a size where they really don’t have enough work for a full-time CMO. I make sure that none of the people I contract with cross industries and such.
I essentially work for Imprivata. I’m really their healthcare lead and advise them and help them with their healthcare advisory board and basically function as a CMO as much as they need a CMO at this stage. I imagine if they grow, they’ll need more of my time.
Symphony Corporation is a company out of Madison, Wisconsin. I essentially function as an advisor to them. They currently do have their own CMO who works considerably more time than I do. I just help them with some informatics issues.
My vineyard is Chaiken Vineyards down in Uco Valley in Argentina.
I’m most intrigued by the vineyard thing. How does that work?
It’s really a great deal. Woody Allen once said 90% of life is just showing up. I love to travel down to Argentina. I visited Mendoza and I’ve had a long-standing interest in wine. I collect some, drink some, give away as gifts some.
I just stumbled on this wine project that two Americans and the Argentines started several years ago. I got to know friends and family with them and it’s been a great project. I was one of the original 13 of 14 private vineyard estate owners and investors. Now they have almost 80 and they’re going to go to 100.
They just announced they’re going to build a resort on the property. It’s about 60 miles south of Mendoza. They have a great team, great winemakers, and it’s something that you can do in Argentina which you really can’t do in the US or France unless you have a lot of money, which is not one of the things that I have a lot of.
Let’s get back to business now, although that’s a business for you, too. As a physician who works for an organization whose forte is user access and security, you must be the guy who has to make the argument for convenience versus application security. How do you think most hospitals fall in that continuum of convenience versus IT’s lockdown?
First off, you have to address the issues of security and privacy. I think that’s incredibly important. If we digitize everything, you’re going to need to do more of that.
I’m not sure security and privacy and convenience and ease of use are mutual exclusives. I think you can do both of them together. I think the technology exists that you can do them together. Maybe 10 years ago it didn’t, or maybe five years ago, or even maybe two years ago that didn’t exist, but I think it really does exist now.
We have smart cards. We have other ways of authentication, whether it’s fingerprints and things like that, that can make it easy for people to login and log off, just like we’re spending the time learning about workflow. For clinician workflow, how to present the clinical information for the physicians in a way that is useful for both them and efficient and useful for the patient. I think that we’re also learning about the importance of the workflow, securing a desktop, and we can do that today with a variety of technologies we have.
Imprivata has a lot of those technologies. What made me very interested in Imprivata and wanting to work with them is that I understood there’s clinical workflow that’s within, say, an electronic medical record or a clinical decision support tool. But the reality is you’re bringing together multiple applications either from a single vendor, more than likely from multiple vendors, so that has to be created into a clinical workflow which is what hospitals and consultants work on.
There’s this other piece, which is how do you glue all these pieces together? Single sign-on can clearly happen. There’s an intelligence about how you secure a desktop. How long is a timeout? What devices to use to log on and log off? What makes sense with those devices that you use to log on and log off or back on?
For example, one of the products Imprivata has is Secure Walk-Away. It’s very simple. Basically, when you logon to a desktop and a workstation, it uses a camera — which we know today are very inexpensive — and it doesn’t go to a database to look up your photo or your image. What it does is it takes multiple images of you when you log on. It takes images with you turning your head, it takes images with and without your glasses on — whatever you may focus on that camera, it takes that image. The minute you’re out of the view of the camera, the screen goes blank. It goes black. You walk back in within a specific time period and the screen will come up again as if you were there and automatically you’re logged on.
What’s nice about that is it allows the workflow, right? The doctor might be talking to a patient and then walk back into the view of the camera and wants to be able to enter some information. Walk away, walk back, walk away, walk back — it instantly brings up the screen, but when they’re out of view, it blanks the screen and that secures that desktop, yet still facilitates the workflow.
What’s really nice is that you don’t have to have this database of images of you in different styles of glasses or haircuts or whatever. It’s just for that moment when you log on at that desktop, so it works to facilitate that workflow while securing the desktop.
Even though IT shops spend a lot of time worrying about applications, it seems like a lot of the physician frustration is one of two simple things that are infrastructure-based; either they have to wait in line to get to a device or log in multiple times once they get one. If you were a hospital, how would you choose a single technology? Or, what would you do to assess that situation and resolve it?
Let me give you an analogy. I’m sure you’ve flown. I’m sure almost all of us have gotten to the airport and you had to go fly. We’re waiting on line to go through TSA and security and we don’t get really happy when we don’t have enough people who screen people in screening lines, do we?
The first thing you have to do is do an assessment of how many workstations you need. Not by counting numbers, by looking at the workflow that’s within your existing environment in your hospital. Make sure that they are available, because in reality, those devices are relatively cheap compared to the time of the clinicians — the physician, nurses, and others — who may need to access that. You want to make sure you have enough devices available.
Then, you have to design the clinical workflow within the application to make sure that fits two needs. One, it is streamlined — it makes sense. Also, it produces good outcomes.
The last thing is you should look at the existing technologies to facilitate the workflow between applications — single sign-on, secure authorization, things like that — to make sure you’re able to keep the medical information private and secure, but facilitate the workflow. That technology exists. Every day it’s less expensive to do, but I think the IT department has to focus on workflow. Workflow backs up to enough devices, backs up to a secure way to access those devices. That facilitates, encourages, and makes seamless that workflow. That way, the hospital can focus on the clinical care of the patient and the physicians can focus on the best clinical workflow to deliver the best care to those patients.
How do you think mobile devices are changing the whole security picture?
Big problem. They’re really a big problem. I have to tell you, for years I’ve been speaking to people who’ve talked about that problem of securing those devices. Now we have an iPad and I imagine revision two or revision three of the iPad’s going to have a camera in it too, besides a smart phone.
Now you have these unsecured networks sending personal health information over them. That’s a big problem. I think that problem needs to be addressed. As best as I know, there’s no technology to specifically address it right now. I mean, I guess you can shut off everybody’s smart phone, but still, they can take pictures and when they leave the hospital they can obviously send them.
I think the first thing you have to do is to educate the clinical people about the security issues and privacy issues about using their smart phones or their iPads or whatever else device they may have — or their cameras, even — and understand what the rules are and why those rules need to be followed. Then, over time, I think we’ll develop technology to lock down. I should really use the word ‘secure’ — to secure, whether it’s a smart phone, the iPad, the tablet, the whatever — to make sure that the PHI is protected.
Do you think part of the reason doctors and other clinicians like portable devices is that they bypass a lot of the IT restrictions on devices that aren’t theirs full-time; can’t be personalized, and aren’t really under their control?
You know what? That’s possible, but you know what I think it really is? Let’s think about what a physician does. The physician is the only professional that I know of, the only one I know of, who every single day of their career is never like the day before. I’m not talking about what they see or the work they have to do. I’m talking about where they are, where they physically are. No physician walks into their office and sees patients, room 1, 2, 3, 1, 2, 3 — they don’t do that. They move whatever is happening for the day. They may spend more time in one room or the other, and the same thing in a hospital, they roam all over the place and it’s never the same.
But if you think about an attorney, an accountant, those types of professionals — they walk into their office, they sit at the desk. Their pencil is in the same place, their computer screen is in the same place. Everything is the same for them and they get to do their work.
What happens is doctors have to have their desktop roam with them. The only way today that we do that all over the place is through these smart phones. They have their own personal device they put in their pocket, they have it in their arm, and they can use it for multiple things. You could use it for Hospital A, Hospital B, Hospital C. They can use it for their practice, depending on how they set it up. It’s a very convenient device for them. Applications that allow that desktop to move around with the physician are the ones that will usurp those smart phones and the other things that they carry around with them.
Imprivata has a product that allows them to do that with the roaming. It moves the desktop around the hospital. But for now, it works within the hospital, in the application. At some point we’ll have a device that allows that desktop, in whatever form factor we have it in, it will allow that physician to move around everywhere with that secure desktop and do their clinical work. Then they won’t care about having IT locking it down and wanting to go outside IT. Except the way the applications are implemented and the workflows don’t fit in to how the physician wants to work.
I understand the concerns of the IT departments around security and I commend them for the work they’re trying to preserve — the security and privacy of the PHI. What we need to do is let’s think a little bit outside the box here. Let’s put a couple of things together. Let’s think about the clinical workflow and let’s think of the IT issues in securing the desktop. Let’s get a bunch of people together, those multidisciplinary people together, to figure out what’s the best clinical workflows that we can satisfy both for those stakeholders.
As you look back at your term as chair of the HIMSS board, what would you say the organization is doing right and what would you like to see it do differently?
First off, I really enjoyed being part of HIMSS. I think that HIMSS has been a great experience for me, and probably for a lot of my colleagues. The thing that’s really wonderful about HIMSS is that, really, all the volunteers really decide what happens at HIMSS and things bubble up from committees. A lot of times people on the outside really don’t see that.
When I was on the board, anything that would be presented to the board that we would vote on and endorse, so to speak, or any position that came through, always came from all of these committees of volunteers that were just spread all over the place. As HIMSS chair, I got to review some of those resumes of those people on the committees and then appoint them at recommendations by staff and others. The diversity was enormous. I think the thing that’s wonderful about HIMSS is the fact that it has this diverse group of folks.
In this past year, one of the things I specifically emphasized in my HIMSS keynote was the idea of clinical transformation, which was, let’s see if we can make access to care better. Let’s see if we can make it safer. Let’s see if we can make it higher quality. Let’s see if we can reduce the cost of providing the care. My belief is that IT is able to do that.
I think that I’d love to see HIMSS continue with that and emphasize that clinical transformation and emphasize helping other stakeholders in other disciplines be able to improve healthcare and make it affordable for us. We’re on this cost curve that’s really unsustainable and we need to fix. Our quality isn’t there, our safety isn’t there, and our accessibility isn’t there. I just believe IT can help and I think HIMSS can be a leader for that.
I noticed in your keynote that you were talking about population health and arguing that automation is needed. But what HIMSS does is primarily just work within the four walls of the provider’s office, helping make episodic healthcare delivery more efficient and caring nothing about health in general. Other than the fact that healthcare services delivery is profitable and population health isn’t, why do those areas have to be so different?
Well, let’s look about healthcare policy. It’s, you know, reimbursement.
I just recently had a conversation with a colleague of mine. We were talking about accountable healthcare organizations, talking about medical home, things like that. Currently, providers across the spectrum are incented to provide volume care. They’re not incented to deliver value. I don’t blame any of those providers. We know from studies of human behavior that even if the conscience says, “I want to do X;” if there’s an incentive that’s subconscious, they end up not doing exactly X.
We need to change our reimbursement system that reimburses all of us for quality, accessible, safe care. That’s what we need to do. HIMSS has to and will, with other stakeholders, medical organizations, other hospital associations, medical societies, nursing societies and others, get together and decide what they need to do as stakeholders and push towards changing that reimbursement so it compensates providers for their quality and value that they deliver, as opposed to the number of times they’re able to do a particular test or procedure or have an admission or whatever.
We see, in organizations that have different types of reimbursement models, that we see different utilization patterns. I know the society is very concerned, our public is very concerned, about limiting care, but the one thing you have to understand is more care is not better care. More care is just more care. What we need to do is forget about more or less care. Let’s just get better care.
You also said that the industry needs to create solutions that are so compelling that people want to use them and that it shouldn’t be because an executive order, that demand should be created by the quality of the products. Is anybody doing that? I’m not seeing anything where people are getting excited about somebody’s product to use it voluntarily.
Well, I think we’re still at a tipping point. I think I wrote about that in a piece called “The Glue” recently. People are working and making the applications work better, you know? Let’s be fair to these folks.
You’ve probably used Mac, an Apple product like an iPad or an iTouch, or an iPhone I imagine, right? If you compare that to your experience using some other, whether it’s a Microsoft product or somebody else’s product, clearly there’s something about that user interface that makes it incredibly compelling to people. Look, they sold over two million iPads in the last six weeks. Man, that’s a lot of iPads in six weeks.
We’re still learning, in healthcare, about that user interface. We’re still learning about how to put the applications together in a clinical workflow that’s going to be valuable to the patients and to the people who are providing care. Let’s be patient. Let’s give them a chance to figure out the right way to do this. Let’s give the application providers an opportunity to make this better. Let’s hold them accountable if they don’t. Absolutely, hold them accountable if they don’t; and the marketplace, I hope, will be able to make those choices and hold them accountable when they don’t. But, we’re still learning.
But HITECH has pushed the marketplace into buying today. Everybody’s picking their dance partner now for a lot of years, so everybody’s buying the same stuff that was already being sold. Where’s the market incentive to put out a better product when everybody’s bought what they’re going to be stuck with for years?
Well, there’s still the clinical workflow. You still have to worry about putting together the clinical workflow. It’s not just the app.
OK, but if you’re the vendor, what’s your incentive? If you’ve sold all of the systems you’re going to sell because everybody’s blown their HITECH money and now there’s no market out there, what’s the incentive? How do you get existing customers to convince vendors to improve their product when they’ve already signed on the line which is dotted?
I think you’re going to have to ask the vendor that. I’m not a vendor of an EMR system, so you’re going to have to ask the Epics and McKessons and Cerners and Eclipsys, and Meditechs and GEs of the world what they are doing, I think. I still emphasize the fact that it’s about the clinical workflow, and they need to go — and the hospital has to be a partner in that — to improve that clinical workflow and make it better. You know, the reimbursement systems are a little bit crazy.
I did work for a vendor. It’s really weird. On the one hand, when you have an EMR, for example, it’s really dealing with two masters. One master is I want to be able to record the clinical data on a patient so I can treat them as best as I possibly can. I’m a clinician, I know that. I want to record the data so I can do a better job. I’ve seen plenty of paper records that you don’t know what the heck is going on if you want to do that.
On the other hand, I have to record the data in a way that I optimize my coding so I get paid what I deserve. If you’re an EMR vendor and you have to write code to be able to address those two issues, that’s a real challenge. Then, for the end user, it’s a real challenge. But, I think we can get around that. I mean, there are things that new technologies are coming out all the time.
I think, relevant to the workflow, again, we have to redo that workflow. I think what Imprivata has to offer allows, at least — that single sign-on and the authentication and privacy protection — that allows us to bring these apps in a way that hospitals and the clinicians in those hospitals can work to develop their own effective workflow.
Last question. If you look out five to ten years, what would you predict will happen with healthcare IT versus what you would like to happen?
OK, let me say what I’d like to happen. I think the whole way that we deliver healthcare in the US has to be completely redone. Of course, our incentives — we talked a lot about that, but what I think is we have to really leverage information technology in such a way that doctors no longer do what they do today, nurses no longer do what they do today, other clinicians no longer do what they do today.
In other words, if I have a runny nose, I don’t necessarily need to see a physician to be able to be diagnosed on that runny nose. I can go ahead and see somebody who’s trained at a lesser level who will see hundreds and hundreds and hundreds of thousands of runny noses. Then, if my runny nose is different than the normal runny nose, they know to escalate, to triage me up to the clinician who’d be better suited to treat me.
What we need to do, is if we know best practices, if we know clinical knowledge, we know the things that really make people better that deliver better outcomes at lower cost. Forget about the cost for a moment. Just deliver a better outcome, less morbidity, less mortality, OK? We need to have that, to have everybody access that best care. Right now, we don’t access that best care.
If you want to predict what a physician’s going to do in their practice, all you need to do is look at where they got their medical degree and look at where they did their residency. That will predict the practice patterns that they will follow. We need to change that. We need to choose best practices.
I think IT is the way to deliver, at the desktop, at the point-of-care with the patient, best practices. There isn’t a single best practice most of the time. There may be a couple of different best practices, and for a variety of reasons, you may choose one over the other. The thing that a human being does better than a computer, and will do for some time, is their ability to use disparate pieces of information.
Let’s assume a patient has coronary artery disease, so they have high lipid levels and they have diabetes. Maybe today they also have a cut on their arm and it looks like it’s getting an infection. You can look at best practices for treating that patient. Computers can’t pull those three diseases together today, but a human being can do that. They can look at those best practices and put together a treatment plan for that patient that really will work well for that patient. Oh, and on top of that, the physician or the nurse or the other clinician can motivate that patient to take their medications, to follow their treatment plan to get them better — again, something that a computer can’t do.
What I want to see, what my vision is 10 years from now, is you’re going to see more and more clinicians who are going to be rewarded, who are going to be respected for their ability to synthesize multiple sources of information and then deliver it in a good care plan for a patient and treating their patient, instead of being looked up to because of their ability to remember a long list of facts. Computers are great at remembering facts. We don’t need to do that as human beings anymore. Human beings are great at pattern recognition. We should be able to move in the clinical space where physicians and nurses and others are doing their skill set around pattern recognition and treating the patients. IT is the source of that.
You asked me what I didn’t think was going to happen? Well, what I don’t think will happen, I don’t think it’s going to move as fast as I want it to, you know? I think we should do this now. I think we should be teaching this kind of stuff in medical schools and in residency programs and switching to that type of environment. That’s the way we’re really going to leverage healthcare IT.