Travis Good, MD is co-founder, CEO, and privacy officer of Catalyze of Madison, WI.
Tell me about yourself and the company.
My background is technology — focused specifically on cyber-security — clinical medicine, and the business of medicine. All converging in the arena of healthcare technology, which is where I’ve been for the past eight or nine years.
Catalyze is a three-year-old company that we built. The name is intentional. We help catalyze the shift within the industry from volume to value. We did it, not by building a specific type of application, but by building infrastructure that enables a thousand flowers to bloom within digital health.
How much of a startup’s efforts to get to scale are impeded by compliance or integration issues?
Obviously our thesis is that it’s a significant amount. From a previous venture, we estimated somewhere around 40 percent of product effort is spent on those two areas.
What kinds of companies seek you out and what help do they need?
It’s probably helpful to split it into two buckets. On the smaller side, there are vendors that are just getting started, signing and onboarding their first one to three hospital customers. In those cases, they’re fresh. They’re looking for a solution. They haven’t really tried that much themselves. They’ve done enough research to know that it’s something that they don’t want to try to do themselves.
The larger vendor side has companies that are pretty well established and are getting pushed by their hospital customers to integrate with the EHR. A lot of those customers have looked around. Some have tried to do it themselves using different tools and ended up coming to us because they just don’t want to manage those tools and that process themselves.
For those customers that had something in place and decided to replace it, what was the value to them of turning that over to Catalyze to manage?
With larger vendors and anybody who’s scaled beyond probably five or 10 hospitals – and we have vendors that have hundreds of hospital customers — there’s significant value at that scale in having a consistent partner, where they don’t have to tweak their application for each one of their hospital customers. Essentially, we manage the different endpoint connections for them across, 10 to 50 or maybe a couple of hundred hospitals.
They have just one consistent endpoint from Catalyze. They don’t need to do a lot of custom development on their application for each subsequent hospital that they onboard. In a lot of respects with those larger vendors and in terms of integration at scale, there’s a lot more value than at just a handful of hospitals.
What would be the challenges for a company new to healthcare to build that infrastructure themselves?
Compliance and integration raise the bar in healthcare. They’re unique to healthcare. They definitely raise the bar compared to building and selling technology into other industries.
I think that there’s two core value propositions that they get from using Catalyze. One, it is a significant amount of work from a technical perspective to set up and manage infrastructure that is secure and compliant and does things like monitoring and intrusion detection and vulnerability scanning and all of those different pieces.
Then the secondary value in healthcare is that increasingly — especially with all the recent high-profile security breaches — there’s the requirement not just of saying that you’re in compliance, but being able to prove it. Those components that we offer — intrusion detection, logging, and backup and disaster recovery — have all been fully audited and are HITRUST certified. Our customers inherit not just that technical work from us, but also the proof and the audits from us to help expedite their sales process.
Some of those breaches involved business associates. How can covered entities protect themselves better with regard to their business associates?
Those things definitely changed a few years ago with the HIPAA Omnibus rule that expanded who was covered under HIPAA and who had to participate in the form of business associate agreement. It remains challenging for covered entities because they work with a myriad of business partners, business associates, and vendor customers or partners. The major challenge is that business associate agreements aren’t really standardized. Comparing business associate agreements is an additional level of work. Covered entities have to deal with that across all of their partners and business associates. That is a challenge for them.
A lot of large payers have standardized on HITRUST as a framework and as a more true certification, which goes beyond the business associate agreement. It certifies a lot of the different technical pieces and organizational requirements of HIPAA. It standardizes it across NIST, PCI, and a bunch of other frameworks. To expedite that process — not just through these business associate agreements, but also to assess the security of a partner or business associate — HITRUST is becoming the accepted standard in the industry.
Will we see more componentization or segregation of technical capabilities as cloud-based systems extend the functionality of EHRs?
Two or three years ago, every answer was, “Our EHR vendor is going to get around to it." Increasingly, that has changed. It has opened the door to telemedicine solutions, bundled payment platforms, and clinical communication solutions. All these other tools.
The same is true of interoperability. CommonWell was announced. FHIR has been in the works for some time now. Increasingly, EHRs have not made it any easier to integrate. If you don’t have this middle layer, this componentry, every company ends up reinventing the wheel. That is incredibly inefficient, both from the company’s perspective as well as from the hospital or health system’s perspective.
Increasingly, there is a need for that middle layer. There is a need to secure that connectivity and standardize it from the EHRs to the digital health tools, solutions, and services that are increasingly serving healthcare customers.
Healthcare is not unique. A company called Clever in education frees data from educational systems and standardizes it so that health applications can be created and distributed for schools. Healthcare is in need of much of the same thing. EHRs have been too slow to cover those things themselves. They’re not meeting the timelines that now the government has mandated things like MACRA and MIPS. There is a need for that middle layer componentry.
Are EHR vendors still trying to protect their own interests or are they now open to the idea that customers need third-party solutions?
Healthcare customers are demanding it. EHR vendors like Athenahealth have been out ahead with their More Disruption Please program in terms of creating an ecosystem. Increasingly, healthcare or EHR customers are demanding it. You saw the trend where consolidation on a standard platform was the epic stage of growth in the industry.
Now as we shift, we see new technologies coming into healthcare to deliver value that is needed by the health system customers. I mentioned some examples like bundled payments or virtual care solutions that then direct people to the appropriate levels of care and reduce costs. All of those different pieces.
Those are things that health systems desperately need to start implementing across increasingly large portions of their population. They are now saying that the EHRs aren’t necessarily going to get there. It’s not that EHRs aren’t going to remain the hub of clinical data and the hub of clinical workflow within the health system, but we will increasingly see these EHR add-ons, digital health solutions, and ecosystems.
Kaiser has already tested, piloted, and is starting to scale a lot of different solutions. Kaiser is a little bit different, but it does reflect the direction the industry is going. I think we’re going to see a lot more with a lot more health systems.
What challenges will vendors experience in trying to open their systems up with APIs?
They should look at standards like FHIR. It’s gaining a lot of interest and "adoption," quote-unquote. “Adoption” because it’s hard to find FHIR in the industry that’s actually implemented in production. Looking at something like that is probably a good guidepost for how to think about enabling access to your EHR. Cerner and Epic are the two big beasts, but increasingly, practice-based, specialty-based, all these other EHRs need to also be thinking about it. Looking at something like FHIR is probably the right approach. At least from the organizations that are promoting FHIR, it seems to meet the requirements in terms of accessing EHR data.
What have you learned from creating a company?
One of the biggest things is saying no and not pursuing certain things. When you look at healthcare, there’s a lot of opportunities and a lot of things that seem broken, inefficient, not optimized for care, and all the things you assume healthcare should be built around. But you can very quickly go down a rabbit hole if you don’t have focus.
A second thing is being very open about what you’re doing, even if it’s early stage. Getting feedback, finding mentors, finding people at organizations that may be customers down the road, getting their feedback. Not being too what people call "stealthy" or a "stealth" type of startup, but being open about what you’re doing.
Success is ultimately going to come down to execution. Scaling a company is going to come down to execution. You have to be much more open about the idea and what you’re doing if you want to be successful.
Do you have any final thoughts?
Having spent time at HIStalk writing about digital health and companies that were building solutions for the next wave of healthcare and then jumping to the other side of building a company that then helps those vendors and those different technologies of scale has been incredibly exciting. I get to work with a lot of companies that I used to write about and I was excited to see their history.
The industry has moved much faster than I expected in embracing these digital health solutions and EHR add-ons. It’s exciting to see some of these digital health solutions start to scale and then get research and data about how they actually work. It’s very, very cool.