I am surprised we've not seen more comments regarding the new FL law regarding patient data and offshore data storage…
HIStalk Interviews Sean Kelly MD, CMO, Imprivata
Sean Kelly MD is chief medical officer of Imprivata of Lexington, MA.
Give me some brief background about yourself and the company.
I’m a practicing ER physician in Boston at Beth Israel Deaconess Medical Center. I’ve been there for about 11 or 12 years. Emergency medicine is my specialty. I went to UMass Medical School and did my ER training down at Vanderbilt for three years, stayed as the chief resident and attending there for a year, and then moved back up to the Boston area, where my family’s from.
I have a bunch of interests. I worked for a while as the graduate medical education director of our hospital, which is the head of all the educational programs. I was in hospital administration half-time while I was practicing the other half-time doing academics and research, mostly around medical education and the effects of overcrowding and the effects of modern healthcare on education and training.
As well as clinical practice, I got to see the administrative side of the hospital. It’s pretty big, with a $65 million budget as far as all the different Medicare money coming through. It’s just interesting the macroeconomics of the world as they change how it affects the hospital and how we do our jobs and how much medicine has changed over the past dozen or 20 years since I have been involved in it.
One time I took a transfer call from a friend of mine who works out at Martha’s Vineyard. He was sending in a trauma patient. I started talking to him and he asked me to come moonlight out there at their hospital, so I started moonlighting there. They have a huge influx of patients that hits Martha’s Vineyard since it’s a vacation destination. They get overwhelmed in their healthcare. It’s like Hurricane Katrina every day.
I was working in the ER there and about a 100 times people would ask us, “Hey, could you be our private MD?” A friend of mine and I created something outside of the system, just a concierge practice, which was unique at the time.A couple of ER doctors doing urgent care. We started what’s called Lifeguard Medical Group, which is a concierge practice, an entrepreneurial venture which has been a lot of fun. It’s been up and running five or six years.
I addition to my ER practice, I do a private practice, which is old-fashioned medicine seeing people at their houses doing home visits, but combined with a bunch of very cool IT toys that we have these days. We have a PC-based EKG machine and an i-STAT for point-of-care testing. We can do most basic blood work that we can get in ER right at someone’s bedside in about five minutes.We have a portable ultrasound machine, a little bigger than a little laptop or a little kind of minicomputer. We have a lot of good capability right at the bedside.
This whole idea of bridging technology and medicine became more and more interesting to me. I’ll say off the bat that I’m not an IT expert. I’m not someone who writes code or grew up doing IT, but I’ve always been an early adapter of technology. Part of my job out there is to take care of people, and many of those people were venture capitalists or private equity guys. I started talking with them more and more, doing some informal consulting. That led me to Imprivata, where I’ve now worked over the past seven months or so.
I’m having a great time bridging that gap between medicine, healthcare expertise, technology, and business. I found myself gravitating to that more and more, because every conversation I was in with somebody who was an expert either from a business management side of things or from a technology side of things. It really brought synergy. That was what I was getting more and more interested in. How you allow people that have access and knowledge of great technologies to learn more about healthcare, what doctors want, how doctors think, what nurses want, how nurses think, and patients. That’s the world that I’ve grown up in and continue to work in. How do we make sure that the worlds, when they collide, that everybody leverages each other’s knowledge base maximally?
At Imprivata, it’s been a great fit for me. It’s been a very fun time over the past few months as we’ve integrated more and more into healthcare. Essentially, the problem that Imprivata solves is that there’s a big tension throughout healthcare between security and efficiency. The way doctors think is that they’ll do the right thing if they can. They want to be secure and respect people’s privacy, but if there’s something that requires creating a workaround to systems that are in place in order to provide what we would think of as the best care, then I think that that’s where there’s this tension that comes up between hospital administration trying to make sure the people don’t use these amazing tools that are in their pocket, like their iPhones and their BlackBerrys, inappropriately because they’re out of band and not governed by the administration.
We’ve become more and more interested in making sure that we leverage our huge partnership with our 900 to 1,000 hospitals across the world. We work with IT and with the end users — the doctors and the nurses and the patients — to figure out instead of creating this tension between efficiency or convenience and security, how do you address both, and how do you create systems that are very secure? And therefore, the right thing to do, but also efficient in design the way that doctors and nurses want to use technology to help patients.
As we get more and more into healthcare and become the healthcare experts in healthcare IT security, my role in the company is to act as a liaison and translator for all of our contact points at the hospitals around clinical workflow. We have a lot of good experience working with IT departments throughout the country and talking about specific technologies. But in my limited experience, technology is just a means to an end, and a lot of the endpoints that we’re striving for — if you ask patients and doctors, it’s about quality healthcare, and if you ask administration, it’s about quality healthcare, too, but also with a very keen eye on regulatory input and restrictions.
I think having in-depth knowledge of all of those particular factors and making sure that each one is addressed to the right stakeholder is the only way that a lot of these solutions are going to come to bear and be successful. I think the more we are successful in healthcare, the more Imprivata continues to gain ground and knowledge in that area.
What’s Imprivata’s take on the risks and benefits of the bring-your-own-device movement?
Essentially it’s the same take as we have on our core product with single sign-on and authentication. The whole idea to allow people to use their own device, or to use devices which are taken in by the hospital when run, but leverage the power of those devices while still maintaining the security. We have designed a whole new product line called Cortext — which is a secure healthcare messaging platform — to leverage the power of everybody having these smart phones in their pocket.
There are plenty of cases where I’ve used my own smart phone with the patient’s permission and to snap a picture of something that I’ve sent out over the AT&T lines because there wasn’t a way to get our PACS systems to talk to each other, for example. We had one case where I was on Martha’s Vineyard. This woman who had polio as a child had had her leg intentionally re-broken by the orthopedic specialist in New York City, and they put a big extension brace on her leg and lengthened her leg little by little. But inside of there was a bunch of broken bones. She fell, had a trauma on Martha’s Vineyard. We met her in ER and got X-rays.
While we were reviewing the X-rays, we saw a bunch of broken bones in her leg. We knew she had had a bunch of broken bones in her leg, but we couldn’t get our teleradiology PACS system to communicate with the one down in New York. I was talking to the specialist on the phone in New York who had the old films, I had the new films, and in talking with the patient, I said, “Do you mind if I take a picture and send it to him?” He does likewise. I had them print out a hard copy of the film, put it on the old light box, took a picture with my iPhone, sent it to the New York orthopedics. He sent me back the old film. We compared the two. No changes, so she was safe to go. She didn’t have to fly off the island to go back to New York.
That’s just one of the many examples where technology is very powerful. People are used to their own devices. They like their own devices, but they bring a security risk. Rather than having theses texts go out of band where they’re not secured and they’re not technically auditable therefore not HIPAA compliant and someone could be out of compliance with regulatory oversight, we’ve created a system is double encrypted. There’s an audit trail, and it’s HIPAA compliant. Not only that, but it’s actually more functional than the regular texting systems that most people use because it has a lot of healthcare-specific features and it integrates directly with the hospital’s active directory as well.
We’ve created a whole product line designed on leveraging the power of bring-your-own-device while still making sure that the security aspects are addressed. Partnering with many hospitals, including Johns Hopkins, and approximately 60 hospitals volunteered to be design partners with us. They’re just begging for these solutions. That’s part of what Imprivata is trying to do — recognize that we have a whole host of great partners out there and a good solid knowledge base in healthcare, so we’re trying to address those.
Your concierge practice sounds like that Royal Pains TV show, where the ED doc goes out to the Hamptons to be a doctor for hire.
[Laughs] Tim, you know, I’ve never seen it, but I think they looked at our Web site and ripped it off. I’m definitely not getting royalties.
I wanted to ask you about that. Who was first?
[Laughs] It was us. We were first. Believe me, it kills me. And I’m sure it’s much nicer to be play a doctor on TV than to actually be a doctor. [laughs]
You’re working in the ED at Beth Israel Deaconess, which spun their ED software out as Forerun. Why did the hospital develop their own software and decide to commercialize it?
John Halamka is an ER doctor. He hasn’t practiced for a while, but he comes from our practice. There’s another guy named Larry Nathanson, who is fantastic and practices by us side by side, who I think is a brilliant IT person. It’s a homebuilt system that is a specialty best-in-breed system.
As much as there’s this movement out nationally to move to the Epics of the world where there’s cross-connectivity in a platform across the entire spectrum of healthcare whether it’s within the hospital even inpatient or outpatient — and that’s definitely a plus in many ways — it neglects to mention one very important thing. How useful is it for each part of a hospital?
People outside of the hospital tend to think of a hospital as a uniform environment. It’s just super important to remember that the culture and the needs and the actual constraints for your everyday working situation is incredibly different in the ER than it is from labor and delivery, than it is from the floor, than it is from a psychiatry clinic, than it is from oncology procedure rooms. I mean, it couldn’t be more different in some cases.
Trying to come up with a one-size-fits-all tool is like saying that in a restaurant, the cooks are doing exactly the same job and need the same kind of tools as the wait staff and the hostess. IT at many of these high-powered hospitals has great capability and Halamka and Larry Nathanson and these guys have created great solutions.
Unfortunately, we’re like drinking from a fire hose. For every problem we seem to undertake and solve, there’s another hundred waiting in the wings and things change so rapidly. It’s a wonderful system, but when you try to commercialize it, it’s pretty difficult to then patch it into other systems, because so much of it depends on how you communicate with a legacy system. Are the labs is coming from Meditech, or are they’re coming from somewhere else? How do you communicate with that or the HL7 feeds? There’s a lot stuff that I don’t understand, necessarily, in the black box that’s sometimes hard to coordinate. The old adage is, “If you’ve seen one hospital, you’ve seen one hospital.” The set of circumstances in many other hospitals is very different.
For our particular case, we found something that really works and they’ve spun out to try to put it elsewhere. But it’s funny — I’ve seen the reverse happen with Imprivata, where there’s a solution that we have found has worked very well. It works to get people in the front door to all those systems. The more you have these different, disparate systems throughout the hospital, and the more you’ve got these trends towards ACOs or other integrated healthcare networks, the more you need the ability to jump on, move between applications quickly, and make sure you have authentication in place so you can see what people are logging onto and when and why.
The ED is really different. Lots of times you’re seeing patients that have no history available, or they have no history with your organization. You have to make quick treatment decisions, you’re expected to be right all the time, and you may never see that patient again. How do you think that’s going to change with the accountable care model? Is it going to be just like it is today, only with a different patient mix?
In Massachusetts, we are a bit of predictor for some of the movement nationally, because we had guaranteed health insurance before healthcare reform dictated that nationally. We saw the effects of giving everybody access to healthcare insurance. We expected it, but it didn’t get much press ahead of time. One of the issues is that giving people healthcare insurance doesn’t necessarily mean they have access to healthcare. There’s such a shortage of primary care physicians and even specialists that people can’t get in to see them, particularly the ones with the poor payer mix.
You had one barrier keeping people from using the ER — that they would get this exorbitant charge. If you take that away and replace it with a co-pay, now these same people who have insurance, they try to do the right thing. They try to get an appointment with the doctor for their sore throat or for their abdominal pain or whatever it is, but they can’t get in to see him, or they have a month wait. So they end up guess where – back in the ER.
I don’t know if that problem is ever going to go away entirely. The better we try to capture people into the system and keep them in correct systems so they can have their care well managed and prevent disease is a great long-term goal. I’m not sure how long that’s going to take. Certainly it’s not going to be any time in the next five years that we have the supply-and-demand curve figured out for giving people access to good healthcare. I think there’s always going to be a spillover.
The second part of that is if people are going to show up on your doorstep in the ER, isn’t there an easier way to jump online and see what they are with HIEs or something else? We’re suspicious as to whether that will actually happen, because on the one hand, everybody’s clamoring for collaborating and sharing of data. On the other hand, you’ve got many different EMRs that don’t particularly want to share data. You’ve got all the concerns about risks, about data breaches, and letting data get out there. What is the authentication and security process around that data and those HIEs, and who agrees to let it get shared, and how do you control access to it?
So I think that there are some steps in that direction. It’s very unclear how it’s going to shake out, but I don’t see it as a problem that’s going to go away realistically any time soon.
What percentage of patients that you see would you say truly need to be seen in the emergency room?
It totally depends. We work at several different ERs, including community ERs, and the mix is somewhat different. The appropriateness of their visit depends on the time of night, the time of day, the access to the other doctors, economic incentives to those other doctors. But in general, at least 30% and sometimes up to 60% or more of those people really don’t need to be there.
I remember I had a great day when I was training down at Vanderbilt. A tornado hit Nashville. When I say great day, it didn’t really do this much damage as people thought, so I can actually say that. This tornado came basically right through the center of Nashville and it took out part of this rehab hospital. We were the main trauma center in Nashville, so we had permission that day to go on disaster duty, and we went through the ER. As the senior resident, it was my job to go through, and like duck-duck-goose, tap everybody on the shoulder who didn’t need to be there and kick them out. It was immensely gratifying to walk down the line and say, “Room 7, sore throat, discharged. Room 8, belly pain, discharged. Room 9, here for Percocet, out.” Probably eight out of 10 people just got jettisoned to prepare for this onrush of disasters that we’re expecting to get sent in. That was a gratifying day and not a typical thing.
When you teach medical residents, how are they different in how they view and use technology than their counterparts from five or 10 years ago?
It’s fascinating. They’ve grown up on Facebook and Google. It’s funny, they actually create things when we haven’t thought of it. One of the main issues is, where can you put information that you as a group or several groups subdivided can look at and parcel out in a way that makes sense from a specialty perspective and also a security perspective? They created a wiki. The residents created wikis in medicine, in emergency medicine, OB-GYN. Sometimes there’s crosstalk between them, sometimes they’re their own thing because of that whole phenomenon of the microenvironments within the ER.
But they’re very clever. They’ll go pull YouTube videos about how to do a procedure that are out there, that are part of some textbook, or a Netter diagram of anatomy that is particularly helpful, or a list of supplies that you need to get together when you’re doing a central line. How do you teach people to synthesize data and to learn how to reach for information rather than just memorizing things? Because you can’t memorize everything any more.
Back 20 or 30 years ago, there were something called blood disorder. Now blood disorder turned into leukemia, and now there’s like 69 different kinds of leukemia, and each one of them has a different cause and a different kind of treatment. Even the ones that have the same treatment have subsets depending on what they respond to, as far as the oncology and the chemotherapy. It just keeps getting enormously more and more complex. You can’t memorize everything, so there’s all these systems out there.
A lot of people go to UpToDate, go to Epocrates, go to all these specialty apps. At Imprivata, one thing we’ve noticed is that even places where EMR — Epic in particular, when they bulldoze the landscape and take over and a whole place goes to a single EMR — even in that case, there’s a ton of other apps that people go to that they need to go and find information on. It’s just continuously evolving.
It should evolve. People should be able to use technology to its fullest. We do it socially. We do it for every other place in our lives. When we get our car taken care of, the mechanic seems to be able to know a lot more about that car than I can tell about a patient who hits the ER. To continue to provide easy, smart, and quick access to these different systems is really important.
I want to bring up one aspect of what Imprivata does that I think is key to understanding why I think we’re so sticky and have gotten so much leverage into the healthcare market. People talk all the time about saving clicks or saving time when you’re allowing a clinician to optimize their workflow. It is about time, but the big factor that I don’t hear mentioned enough is that it’s not just time, it’s the interruption and the cognitive dissonance in interrupting your thought process. I’ll give you an example.
We had a very high-stakes stroke patient. A clinician who passed out during rounds. He had a massive stroke and had a bunch of medical problems unbeknownst to everybody around him. He essentially dropped in front of the team while he was upstairs in the surgical ICU. They rushed him down to the ER.
We all gathered around him. This is what you trained for. You’ve got this person who comes in, who’s young and healthy, who’s got complete paralysis on one side, who can’t speak, and literally was down taking care of a patient next to you.
You’ve got this case and you just want to mobilize everything as quickly as possible. Your brain’s going a thousand miles an hour and you need to do several things. Stroke care is very time dependent, so you need get a CT scan very quickly, get a consult with neurology. You want to get the best neurologist around to look at the studies very quickly. You need to find out if the person has a medical history, including allergies to certain dyes you might use in the radiologic studies. You need to find out if they’re on blood thinners, and if there’s any contraindications to using thrombolytics, which are the clot-busting drugs. You have to do all these things very quickly.
As you can imagine, he hadn’t received his regular care at our hospital because it’s a privacy issue. He wanted to be somewhere else. So we couldn’t look up his old records. It’s just what you intimated before about ER – some things just get dropped into your lap. You don’t know the patients and it’s a difficult problem right when it matters most.
To get stopped because you don’t have the right password, you can’t remember a password, your password changes, or you’re just logging on and off a multiple systems … there is a time factor, but it’s not about the return on investment of gaining 45 minutes a day at that point. It’s really about keeping your thought process and being allowed to think on the things that are truly important and complex, and as you’re moving through the paradigm of care and trying to figure out like, “OK, I’ve figured out these seven of the eight factors. The one more thing I’m going to do is…” and you hit the button and you get locked out because you need to reset your password or you put it in incorrectly and it locked you out of the system. You’re calling the ITS help desk.
That kind of breakage in your thought process is very dangerous for patient care, and very frustrating. When you have well-designed systems that allow you to jump on and navigate quickly between all these evolutionary systems that we’re coming up with, which have great capability … you know as well as I do that sometimes with all the information out there, you’re starving in the sea of plenty, where you just can’t find the one thing you need. Being able to get on there and navigate quickly around those different things – it really helps.
We end up taking very good care of this guy. He had all the things he needed very quickly. He actually got a 100% recovery, which was a great outcome. But it’s not always that way, and the IT systems and the ability to navigate on and off of them can be a significant contributor in how well people do. It’s a cool thing to be part of an innovative company that helps people optimize their workflow and use their EMRs better and is having a lot of success because of it.
The presentation and enthusiasm is contagious.
Your devices are 2 decades late (no fault of yours) and should have been part of the HIT devices that are being mandated by the US Government, before being sold. As it stands now, intellectual productivity has been stunted by the last decade of “innovative” HIT devices, outcomes are no better and are probably worse, and costs have not decreased.
Where is your peer reviewed data published that would confirm that outcomes, adverse events, and productivity are on the better side with your devices?