Hackers will continue to pummel the sector with targeted attacks.
Have you heard the news about the most recent Chicago, Illinois area hospital data breach? I’m referring to the article in the Chicago Tribune, By Lisa Schencker on December 31, 2019. “Personal information of nearly 13,000 people may have been exposed in Sinai Health System data breach” Click here to view the article.
After reading this article many questions came to mind. Who would hack a hospital system? Could a foreign hacker be targeting hospitals to conduct cyber warfare? Could it be a disgruntled employee who maliciously wants to obtain patient electronic medical records (EMR) and target a particular patient?
It’s been reported that more than 70% of hospital data breaches include sensitive demographic or financial information that could lead to identity theft. The Sinai Health System data breach included 13,000 patients’ names, addresses, birth dates, Social Security numbers, health information or health insurance information were potentially exposed.
One could easily assume that if a hacker was armed with this information, they could sell patient electronic medical records and financial data to the highest bidder. The potential for patient harm is exponential.
Data Breach Incident Response
What happens next? Computer Forensic Experts are called to initiate a data breach response. Experts start with immediately stopping the breach, accessing the damage, notifying those affected, conducting a security audit. Forensic experts create a recovery plan to prepare for future attacks. Finally, Forensics experts train employees to protect the data and enforce strong passwords.
Computer Forensic Experts A.K.A. Cyber Security sleuths or electronic detectives are really excellent at detecting where and how the breach occurred and accessing the damage. In cases of litigation due to a data breach or medical malpractice, Computer Forensics Experts are hired by law firms to serve as expert witnesses to help win the litigation. In addition, many hospitals hire Computer Forensic Experts to assist in auditing their records to prove their side of the case.
Prepare a Data Breach Incident Response Plan
Looking forward to 2020. Cyber Forensic experts agree the entire sector needs to adjust its security approach to keep pace with hackers. The Department of Health and Services and many states may impose fines on those who are not following security guidelines. It’s vitally important to create a Data Breach Incident Response Plan.
Enigma Forensics are experts in Data Breach Incident Response. To learn more about Enigma Forensics read below.
Smart TV’s may be recording you or your children without your knowledge.
Enigma Forensics, CEO & President, Lee Neubecker talks about the FBI’s warning about Smart TV’s and other smart home devises that are not secure. Lee adds to that warning that a hacker can actually see through to your living space by using the built in camera on your Smart TV. They can also listen to you and record your conversations, or exploit your TV to show content that is not suitable for your children to watch. In fact, most of our smart devises don’t have any security at all. Fortunately, there are a few things you can do to strengthen your security. Tune in to engimaforensics.com to learn more.
The transcript on FBI Warning on Smart TV’s follows:
Hi, so all of you should be aware that FBI has issued an advisory and warning to consumers purchasing Smart TV’s for your homes.
Specifically, you should be on the lookout for TV’s that have cameras. It could be recording you or your children without your knowledge. One popular measure they recommend is using black electrical tape to cover the top of the camera. If the camera’s physically covered you can’t record.
However, you have to be aware that many of these TV’s are also listening to you and maybe taking up voice commands, recording your conversations and possibly even retransmitting that information to other parties. It’s also possible that a hacker could get into a TV and exploit your TV display inappropriate content that your children might see.
So for more tips on how to secure your home, check out our website, we have a link that gives advice on this and as it relates to your TV, you want to make sure you know what you’re buying and it’s best to buy a TV that doesn’t have a known camera in it if you’re concerned about not being recorded.
Engima Forensics CEO & President Lee Neubecker and Tressler, LLP, Cyber Insurance Coverage Attorney Todd Rowe sit down for a video discussion. These experts stress the importance of understanding the full scope of your data risk in case of a cyber attack. Both agree cyber attacks are getting more and more sophisticated and urge every company no matter the size to take the necessary steps to protect themselves before a date breach occurs. Prepare your company by working with computer forensics experts and legal counsel and create a game plan to lessen the potential threat posed by a cyber attack. Tune in to find out more about cyber insurance and maximizing your potential for coverage when a cyber attack strikes.
The transcript on Cyber Insurance Coverage follows:
Lee Neubecker: Hello, today I have Todd Rowe on the show. Todd is a specialist in cyber insurance related litigation and data breach litigation Todd, thanks for being on the show.
Todd Rowe: No, thank you, this is great. I appreciate it.
Lee Neubecker: And so, Todd, can you tell us a little bit about how cyber has evolved over the last five years?
Todd Rowe: It’s wide open, I mean, we’ve seen everything. First, I think, when we look at the threats, and the evolution of a cyber threat or a privacy threat, we’ve seen things from the classic data breach, which would have been the target data breaches move into more of a social engineering component and tricking users that way, by emails and things like that. Getting around the technology safeguards a little bit and getting in there and tricking people is the biggest development I think we’ve seen in the evolution of threats.
Lee Neubecker: And, how has coverage evolved for cyber insurance over the last five years?
Todd Rowe: Yeah, I mean, we’ve seen huge leaps in insurance coverage and what the policies look like and what we would call cyber policies. We’ve seen the developments first in what would be considered first party insurance coverage, which would be actually responding to the damage that happens. And then, the third party liability piece, responding and giving a defense in the case of an incident. While we’ve seen a lot of developments, I think, with cyber insurance, we still don’t see the uniform policy language. So, there’s still a lot of uncertainty there, but we’ve seen some big developments recently.
Lee Neubecker: So, when a company suspects that they have a data breach incident, what’s your first role on the ground, talking with the client in terms of what you’re advising them?
Todd Rowe: Yeah, all things being equal, we would have loved to have been in there before there was an incident. Preparation is always the best scenario, and what preparation should look like is a corporation or a business working with forensics and legal and getting a game plan together, assessing what those threats might be, and what to do if there are those threats. But, afterward, hopefully you have the game plan. If you don’t, it’s pretty much all boots on ground, getting in there with forensics and legal, and understanding what the threat was, and making sure that the threat is extinguished, and moving on and notifying people that were involved in the threat.
Lee Neubecker: I know from experience that companies that take the time to proactively assemble their team before something happens, and bring in legal, forensics, and outside help, are often in a much better situation when something goes down. They face less downtime, their business can be back up and running. I think the biggest challenge I’ve seen is when companies have no idea what is legitimately their, what their devices are, because when you’re trying to assess are we still compromised, you need to know what good looks like. And if you haven’t mapped out your organization’s IT resources, that really creates a problem.
Todd Rowe: From our point, there’s always been, it’s been a tough sell to go in and try to get in before there’s an incident. A lot of corporations don’t want to think about something until it actually happens. But, the sort of, the wisdom in getting in there beforehand is getting that game plan together, figuring out what data you’re storing and what data you can get rid of. And so, the more data you can get rid of, the better you do on cutting down your liability in the end. Also, working on technology safeguards and having those in place. So, working with forensics, legal, and even PR a little bit really helps in the long run, no doubt about it.
Lee Neubecker: So, if you have cyber insurance, does that mean that you don’t have to worry about a cyber incident?
Todd Rowe: The thought right now, I think, and it has been for a number of years, is an incident’s going to happen, and it just, you need to go in and do things to prep. And while we were discussing earlier, the preparation that you need to do to get sort of an inventory, cyber insurance is another piece of that preparation that needs to be in place. Once again, working with professionals, insurance professionals, brokers, forensics, legal, on what that cyber product that best suits your needs, is the best situation to have that in place once something happens. It will happen, it’s just a matter of having all the right pieces in place when it does happen.
Lee Neubecker: So, if a company has, is storing biometric information, which could even include video cam footage of a certain resolution, what are some of the unique challenges that are raised by some of the laws here in Illinois and elsewhere?
Todd Rowe: Really, being in Illinois is, and I don’t want to use a cliche, but is on the cutting edge of biometric data. And we have BIPA, which is the Biometric Information Protection Act. And what that does is it protects a lot of things like face scans, and finger and thumbprint templates. And, I think one of the biggest issues we see is recently, now BIPA’s been around for 10 years or so, it’s been around for a long time. But we’re seeing a huge uptick in BIPA cases right now, because a number of businesses went in and put in timekeeping systems for their employees that work on thumb and finger scans rather than the old punch card systems. So, the law didn’t change, but the technology did, and so now, there was warnings that should have been put in place before you take that biometric data with those systems. So, they put the systems in, and they didn’t necessarily have the law in place. That’s a perfect scenario where we could’ve had forensics and legal all working together beforehand to avoid a lot of liability, so.
Lee Neubecker: So, what do you see happening in the future with the insurance coverage laws? Especially, you know, one of the concerns I have is, you know, there’s this act of war exclusion, and if you have cyber insurance and you’re hacked by someone outside of the country, what happens there, is that covered?
Todd Rowe: It depends, really, on the policy form. So, we’ve seen, once again, Illinois is on the cutting edge of that law as well. A lot of insurance policies, CGL, commercial liability policies, and even some cyber policies to some extent, have terrorism or war exclusions, excluding acts of war. And that was fine when we were looking at Pearl Harbor, perhaps, or something like a real act of war where a government might declare war on a country, and some damage that results of that would be an act of war. But, with privacy and hackers, and hackers sitting in nation states, but maybe not being an agent of that nation state. So, the case that we have right now that gives a good example of this is a Zurich case, insurance case with Mondelez, they’re a snack food maker. And, Zurich denied coverage, and it looks like the hacker may have come from perhaps China or North Korea. So, what do you do with that, as far as, if you’re going to exclude coverage for that, nobody’s declared war on any of those countries, so that’s going to be a struggle. And I think that demonstrates some of the strengths and weaknesses of cyber coverage right now, as it stands.
Lee Neubecker: And, what do you see happening, what’s the likelihood that the federal government stops in, steps up to the plate should a major data breach happen that could be considered an act of war?
Todd Rowe: Yeah, I mean, well first off, the government brings up another point, as far as right now as it stands, privacy and data laws, we just have a patchwork of things here in the U.S. Of course, there’s frameworks that have been adopted in, for example, the E.U. with GDPR, and we don’t really have that in the U.S. So, we first don’t really have a clear idea of who would do the response in the government. Would it be the Federal Trade Commission, or who would handle that type of situation? So, we have a lot of state laws, so we have a lot of problems like that. And, we have California, which is adopting some stronger guidelines as well. So, what would happen there as far, it’s going to be really left to ironing things out with the insurers and the insurance. Once again, what a great opportunity to sort of look at this issue before an incident happens. You really wouldn’t want to get into this complex of an issue when you’re trying to respond to an incident. So, another reason is, to go and prep a little bit, would be exactly what we’re discussing right now.
Lee Neubecker: Yeah, I know from experience that clients of ours that have had data breach incidents, if they’re working with someone that’s experienced litigation professional in the area of cyber and insurance, the likelihood that, you know, my firm’s fees get covered goes way up, and there are, there’s a potential for coverage of that forensic response. But ideally, you want to have your own team. You want to be picking your team. You don’t want the insurance companies assigning your people, if you can avoid it.
Todd Rowe: Yeah, a lot of insurers do have panels, and there are a lot of insurers that prefer that, because they don’t know where to go. So, that actually, if there’s an incident, that helps out. But, the best scenarios, and we’ve been involved in a lot of responses, and the best scenario is when we’ve had an opportunity to sit down, and maybe you and I talk, the forensic side of things and the legal side of things, and figuring out exactly how we can cooperate and what that response would look like. So, absolutely, if you can sit down and chat beforehand, you’re going to really save yourself a lot of stress and pressure.
Lee Neubecker: Well, thanks a bunch Todd, for being on the show. This has been great.
Todd Rowe: Absolutely, thank you so much, I appreciate it.
More articles that relate to data breach response and cyber insurance coverage follow:
Personal Cell Phone Forensics inlcudes social media, business and personal messages, photos, emails and GPS.
Leading computer forensics Expert Lee Neubecker, discusses the complexities of cell phone forensics with Debbie Reynolds from Debbie Reynolds Consulting. We both agree the litigation involving cell phones becomes personal and proves difficult to gain possession. Personal and business text messages, social media posts, photos, GPS records, emails, are all weaved together and become part of the discovery equation. eDiscovery in today’s era is incomplete without including data from smart phone including text messages, Skype, WhatsApp, Slack, Signal and other messaging platforms. Learn more about eDiscovery as it relates to personal cell phone messaging systems by watching Reynolds and Neubecker discuss the topic in today’s blog video interview.
The video interview transcript follows:
Lee Neubecker: Hi, I’m here today again with Debbie Reynolds, and we’re going to talk about something interesting, which every piece of litigation now is getting into. We’re talking about cell phone forensics. What’s been your experience with litigation involving cell phones and discovery?
Debbie Reynolds: Well, whenever they’re cell phones involved eye-rolling begins because people take their cell phones very personally. As opposed to someone’s laptop, which maybe they don’t want to give up, they will fight tooth and nail not to give up their cell phones. And obviously people, they mix work with pleasure and they’re doing different things. They may not want you to see, even if it’s nothing criminal going on, people just feel very tied to their cell phone. The hardest thing is actually getting possession of it and letting them know that you’re not going to look through their juicy texts or their photographs, especially if it’s not an issue in the case.
Lee Neubecker: I know that whenever you need to get into text messages, it becomes a sensitive topic for people. But there are effective ways to get effective discovery without totally trampling over someone’s privacy in many issues involving contract disputes or other civil litigation, what’s important is to identify the relevant custodians. Let’s say we have your cell phone in the conversation with mine, we can then take that, we can create a single PDF document showing each conversation thread and then you could quickly go through it, if it’s your phone in which your attorney identify relevant, not relevant, and then only take the ones that are between the relevant parties and load that up into the review platform.
Debbie Reynolds: Right. And to one thing, one very effective thing that people are doing now, and that’s something that you do, Lee, is where someone, they don’t want the other side to see their whole cell phone so they’ll have a forensic company collect the phone and say, only give them X. That’s actually a very secure way. It gives people peace of mind knowing that they’re not giving everything over, that the forensic folks can actually do some of this pre-work before people actually start looking at things.
Lee Neubecker: Yeah. And like what I’ve done is, they’re not going to pay me to spend time looking at their photos, nor do I want to look at that stuff.
Debbie Reynolds: No. No one cares. I think that’s what people don’t understand. We’ve been working on cases for over 20 years and I really don’t care what’s on the phone or what you said or what videos on there. It really makes a little difference to us.
Lee Neubecker: What I try to do is I try to quickly create almost a summary index of okay, these are the conversation threads. Tell me which phone numbers are relevant, aren’t relevant, who are the relevant parties, and then we can just pull those specific threads out, put them up into the review platform.
Debbie Reynolds: Exactly.
Lee Neubecker: Now, sometimes there’s issues where photos are relevant specifically, if it’s important that you know the whereabouts or someone on a given date and time. Photos often can establish whether or not someone was really at home sick or out on vacation somewhere. There’s embedded GPS data that is recorded into most photos that are taken with smartphones.
Debbie Reynolds: Unless someone decides to strip it out. I think if you don’t do anything to it, it will collect that data. But there are ways to strip that information out. And also, people can turn off GPS tracking on their phone.
Lee Neubecker: Yeah. Well, thanks for being on the show again today.
Data Diva Debbie Reynolds and Enigma Forensics’ CEO Lee Neubecker discuss what to look for in selecting a computer forensics expert to assist with preservation, litigation and eDiscovery.
The transcript of the video follows
Lee Neubecker: Debbie, thanks for being on the show again today. I’m here with Debbie Reynolds, she is Eimer Stahl’s data protection officer and she also is the director of their eDiscovery subsidiary. Thank you for coming in and being on the show.
Debbie Reynolds: Thank you, it’s always a pleasure, Lee.
Lee Neubecker: So, today we’re going to talk a little bit about the differences between eDiscovery and computer forensics and when it’s necessary to bring in an expert to actually be the testifying expert or to handle more sensitive issues, and what you look for when you’re pulling in a computer forensic expert to assist one of your projects?
Debbie Reynolds: Well, it’s never not a good idea to bring in a forensic person, so I try to get someone who’s a professional in forensics on every case that we have, so, just depends. Some big corporations, they actually have people, ’cause they do so much litigation, they have people who are captive to their organization that do it. More times than not, they either farm out that work, to a company like Lee’s company, or they come to me, they ask me for recommendations. Just depends on where they are, what their ability, who’s available. For me, it’s really important that I work with people that I trust, smart people like Lee, who knows what they’re doing. Me, I tell people, I don’t chase company names, I chase the talent, so, I’ve had situations where I’ve had an investigator or forensic person go from one company to the next, and as a stipulation of us working with them, that case went with them ’cause they had the knowledge, so for me, the thing that I look for is a company, again, people that I know and trust, people that I know are smart that know what they’re doing, people who can really present themselves, ’cause a lot of times you’re going into a situation, you’ve not met these people, you’re going in there, touching their data, people are very sensitive about it, IT people can be very territorial, so having someone who can really put people at ease and be very professional in a situation where it’s semi-hostile, where you know that the IT guy takes pride in what he’s doing, thinks he’s the expert, so you have to kind of disarm that person.
Lee Neubecker: How often are IT people hostile?
Debbie Reynolds: Oh, 1000% of the time. They’re always hostile in some way, some are more passive aggressive than others, but you know, this is their baby, you have to work with them to get access to the data, and a lot of times they feel like, well why can I do this?
Lee Neubecker: And part of the problem, when I’ve worked with the IT people, usually they’re defensive because they’re having extra work to do.
Debbie Reynolds: Oh, absolutely.
Lee Neubecker: And they’re involved in litigation, so what I try to do is I try to sit down with them and say, “hey look, “this is my role, I need to understand enough of your stuff “so that you don’t have to talk to the attorneys, “and then I can buffer you from that so that you can “do your daily work,” and when they hear that, it helps them to understand, okay, you’re here to save me from a deposition.
Debbie Reynolds: Oh, absolutely.
Lee Neubecker: Then they’re more relieved, more willing to work with you.
Debbie Reynolds: Absolutely. I think the challenge is to get, when you start a litigation, companies, in order to try to save money, that’s where they want to save money. They don’t want to spend money on a forensic person, but if I compare cases against one another, two cases are very similar, one they had a forensic person, one who doesn’t, the one that has a forensic person, down the line, their case is more smooth, ’cause we don’t have a lot of questions about who did what, what is where, we don’t have a question about who needs to sign affidavits, who needs to go to court, all that stuff, so all that headache down the line is eliminated when we bring in someone. And I’ve had people on our cases tell me, who’ve decided that they didn’t want to bring in someone, they said no, but bad decision, we should have really brought in someone.
Lee Neubecker: In my opinion, I think it’s important to know who the person to be responsible for that data, if they’d never testified in court before, that’s a potential problem, and a lot of times people don’t ask those questions. Other things like, do they have some type of certification that shows that they mastered the field of computer forensics? And did they have to take a exam that was proctored by some independent party to assess that so that you know that your person truly has the knowledge, they didn’t just attend a class and got a certificate, because that’s a little bit of a difference, and there are many people, though, that I’ve encountered, that haven’t had the formal certifications, and they’re very bright, but when you’re putting the people up, they’ve got to survive a challenge against their admissibilities expert, if they don’t have cases of record, if none of the judges know who the person is, those things are definitely problems.
Oftentimes, I’ve seen new experts get up and make basic beginner mistakes where they let the attorney override what their report is, they let the attorney write the affidavit for them, and then it gets stretched too far, and then there might have been many good things that they had to say, but all of it goes out the window because they didn’t know how to manage the hard, nose-driven litigator that wants that report to be aggressive, so you have to listen and understand those driven litigators, but you also have to protect them from killing the case, and they assume that whatever expert you put there has those skills and a lot of them don’t know when they’re getting into trouble, and they need to be able to stand up for themselves, and do it professionally, and objectively.
Debbie Reynolds: Absolutely, absolutely. A lot of times, they don’t know what they don’t know. We had a person that actually went out and got a cell phone for a case, and we were like, we don’t want anyone to touch it, we want the forensic people to look at it, or whatever, he thought, oh well you know, I’m smart, I know how to do this stuff. Not that he wasn’t smart, but this was not his area of expertise, and he turned this phone on, and basically, the person who had the data on the phone, had sent a command to the phone to be erased, so when they turned it on, it wiped out all the stuff.
Lee Neubecker: So they didn’t put it in a Faraday bag?
Debbie Reynolds: No, they didn’t put it in a Faraday bag, they didn’t put it in airplane mode, they went to Walgreens, got cords, stuck the cord in the thing and turned it on, and that was it.
Lee Neubecker: So then that becomes some spoliation claim against–
Debbie Reynolds: It was spoliation, yeah. Everyone thinks, oh I have a cell phone, so I can do this, and it’s like no. I think people need to understand that what you guys do is very different than what we do in eDiscovery and what a normal person who’s doing IT can do, ’cause you have a different aim in my mind, and you understand spoliation of evidence, and how to get data in the right formats, where another person would not know that ’cause that’s not their background, that’s not their training and that’s not the purpose of what they’re handling data for.
Lee Neubecker: Well I really thank you for being on the show, again, to talk about this, it’s great. I look forward to seeing you again soon.
Are Computer “Bots” Making Your Healthcare Decisions?
Are Computer “Bots” Making Your Healthcare Decisions?
Enigma Forensics CEO Lee Neubecker and David Bryant from Bryant Legal Group discuss computer “bots” used by insurance companies as a way to underwrite policies and making insurance claims decisions. Bots are now determining how a given claim should be scored. See how ediscovery plays a role in getting success for your client.
The transcript of the video follows
Lee Neubecker: I’m here today with David Bryant from the Bryant Legal Group and we’re going to talk a little bit about health insurance claims in his work, helping people get the coverage they deserve.
David Bryant: Nice to be here, Lee, thanks for taking the time to stop by. We’re seeing a very significant shift in the insurance industry with respect to claims adjudication and claims determinations. One way of looking at how this change is happening is to look at the dollar volume that’s being invested into underwriting insurance policies and making claims decisions. The first metric I’d like to share with you is there is a company out of Europe that did some research on money flowing into what’s now called Insurance Tech, and approximately two billion dollars went into the Insurance Tech arena in 2016. This money is being deployed into not only underwriting, but how claims are made and I think everyone out there is familiar with Watson and the new term artificial intelligence. And how that’s playing out in the insurance industry is that a lot of claims decision-making is being taken out of the hands of individuals and being given to what we’ll call “bots”, robots, or termed a “bot” in tech speak. So these algorithms which will be designed by very bright people, such as yourself, to determine what a given claim should be scored. And if there’s a certain score, then a claims individual will be required to deny that claim. This is problematic for some of the insurance companies because if it’s discovered, through the discovery process, it can wind up hurting them in litigation for bad faith denial of a claim.
Lee Neubecker: So, David, can you tell me a little bit about what you do at the onset of one of your case matters to help make sure that you could argue your case in court?
David Bryant: So there’s really two phases to insurance claims. There’s the appeal process and then there is court. If your claim is denied I can always sue an insurance company in court. Typically that’s in Federal Court. I primarily practice in Federal Court but I do State Court as well. So once I wind up in a court setting I will send a litigation hold letter to the general counsel of the insurance company and that letter secures that all of the data in its electronic format is preserved. So if I want the emails on a particular claim individuals hard drive, that information should be present when I request that information by way of that litigation hold letter. When I do discovery in Federal Court we’re looking for electronically stored information. I’m not looking for paper any longer because we’re looking to get the metadata that’s embedded in that electronic information so we can find out who looked at it, when it was looked at, when it was altered. So, Enigma Forensics having the skill set to be able to determine who touches electronic files, who views electronic files, we will bring in your firm in those circumstances when we want that type of information in litigation. Lee Neubecker: So can you give me an example of when you’ve had to rely upon our computer forensic services for us to help you out with a matter and how that played a role in getting success for your client?
David Bryant: So we handle primarily health insurance and disability insurance claims on behalf of individuals and physician groups. So one of the matters that you handled for us dealt with a disability insurance claim and we were looking for certain key words and key word phrases that were on the server or hard drives of the particular individuals at the insurance company. Being able to cull through all this data is a Herculean task and would be extremely expensive for the defendants. So the defendants will typically go to the Court and say, “Judge, this is going to cost us way too much “money and interrupt our normal course of business. “We don’t want, Mr. Bryant, to have access “to this information or put us through the trouble “and cost of doing it.” I brought in your firm and your services and you were able to explain to the judge that you could do a search of all of the information held by the insurance company and find these key words and submit them to the Court in-camera, so there was no privacy concerns, and report to the judge what your findings were. The case soon settled thereafter.
Lee Neubecker: They usually do. Well thank you for being on the show today. If you need to reach David, his info is on the screen. Thank you.
Enigma Forensics, Lee Neubecker reviews with Eric Fish, the Federation of State Medical Boards, Senior VP of Legal Services, about the positive impact of artificial technology and machine learning on medical standards and regulations. Find answers how this technology will improve the patient experience in the future.
The transcript of the video follows
Lee Neubecker: Hello, I’m here today with Eric Fish, Senior Vice President of legal services. He’s with the Federation of State Medical Boards and he’s going to be talking to us a little bit today about his organization and how they’re using technology to change how things work.
Eric Fish: Thank you, well the Federation State Medical Boards is the organization that represents the 70 state medical and osteopathic boards who are charged by state law to regulate the practice of medicine within the various states, in that we help build standards for regulation, best practices. We also work with states on our data and other things that are exchanged that really help improve the regulation of medicine for the patient, the end user of medicine.
Lee Neubecker: Eric can you tell us a little bit about how artificial intelligence and machine learning are impacting your organization and membership?
Eric Fish: Well, Lee, we’re actually at a, what I believe to be, a crossroads of cultural, social, and technological change that are really going to change the way that we have to look at regulation for the public benefit. There’s going to be a lot more data on patient/provider interactions. There is also going to be much more data consumed by state regulators to see which of these interactions comply with the standards. One of the things that I see developing out of this A.I. and machine learning is that we’re going to be creating much more data that can be mined as a regulator to see what interactions are good and which interactions are bad.
Lee Neubecker: Eric can you tell us a little bit about how A.I. and machine learning are being implemented to improve transparency?
Eric Fish: Well, one of the things that’s going to occur, I believe, is that as patients and providers start turning to algorithms to help with that continuation of care. Really the people who implement these systems have to prove up to the regulators how these comply, how these algorithms, how other things are going to comply with the standards that are there. Artificial intelligence has been in medicine for a long time. Machine learning is a little bit new, where we’re taking some of the discussions and building a knowledge base that’s then going to be applied to the patient experience and regulation isn’t standing in the way of these things. The regulations are there so that they are done the right way and in comply with the standards and being transparent on that beginning end is a really great step toward complying with regulations and making the regulatory process better.
Lee Neubecker: Great, and so, you told me that your organization runs some services that consumers might want to be aware of. What are those and what are they used for?
Eric Fish: Well, one of the things that we do on behalf of our members is collate all the disciplinary and regulatory actions that are taken against a provider, and we have a service called Doc Info, where a member of the public can go look to see if an action has ever been taken against their physician. We have access to all 900,000 plus licensees and their information, and it’s really a great service and use of data that we’ve collated and given out to the public.
Lee Neubecker: Great. Well thanks for coming on today. I know you’ve brought your colleague, Mike Dugan. Who’s going to talk for a little bit. Thanks again for coming to the show.
Eric Fish: Thanks, thank you.
Lee Neubecker: I have Eric’s colleague, Mike Dugan, he’s the CIO of the organization, and Mike can you tell me a little bit more about some of the things that you’re doing to improve the quality of the data and integrity of the information?
Mike Dugan: Sure, surely, thank you. We, in many ways, we are a data aggregator and this involves a credentialing process for physicians so we pull data from national data sources, we pull data from institutions to verify physicians’ identity as well as their credentials, so the training and process that they have done. Historically, these have been very manual processes, but we’ve implemented technology to add additional data sources and also give us flexibility in how we consume data. Historically, it’s been a very structured we need a file in this format and our technology is still evolving, but we’re working it to give us the flexibility to work with any data source available.
Lee Neubecker: What are the concerns that your members have regarding data breaches and the potential complications resulting from them?
Mike Dugan: Well, I think they worry about that quite a bit and if anyone in technology who deals with identity and has information, if you’re not worried about data breaches then you’re missing the point and perhaps should be in another line of work. So, we are given the trust of the physicians and our member boards that when they give us their data that it will be protected and that it will be safeguarded, and we work very hard to do that, proactively. So I think that in this environment and this day and age, that is an activity and a task that we will do, it will never go away. It will be ongoing and we will have to adapt if there is new ways that are found to hack information, we always will have to improve our data security.
Lee Neubecker: Well thanks a bunch for being on the show. I appreciate you taking time.
Mike Dugan: Okay, thank you, thanks for having us.
Read More About Government Privacy Controls on Artificial Technolgy