Patients, Regulations, and Cybersecurity at the DirectTrust Conference

To start this week, I was lucky to be able to attend the DirectTrust conference in St. Louis.  This was a really great event because it had basically everyone on the full continuum of interoperability and identity all in one place.  Plus, the event was designed in a way that you could easily connect and talk with a wide variety of experts in these areas.  Plus, the DirectTrust team did an amazing job coordinating the logistics of the conference that made for a great experience with the inspiring St. Louis arch right outside the window.

There was a lot to capture at the conference, but I wanted to highlight three of the themes I captured at the conference: Patients, Regulations, and Cybersecurity.

Patients

Susannah Fox was really the best start to a conference to remind us of the patient perspective.  Not to mention the caregiver perspective which she’s experienced first hand.  Be sure to check out her book Rebel Health.

It’s amazing how many examples there are in healthcare where we don’t listen to patients.  Dana Lewis’ story is amazing (search her up on Google).  She also represents a movement of patients that say “We aren’t waiting.”  This group is growing as technology empowers them.

Fox offered some really practical insights into what a healthcare organization can do to better listen to patients.  What do you think of these 4 suggestions?

At the start of the internet it was about access to information.  However, connecting people has been one of its greatest strengths.  We saw that early on with things like AOL Message Boards and Groups.  Social media took those connections to a new level.  Cell phones with always on access to a network of people is transformative.  This is particularly true for patients who before the internet likely would have just felt alone.

Talking about focusing on patients, the collaboration between DirectTrust and the Digital Therapeutics Alliance should be great for patients.  It was fascinating to hear how that relationship evolved and the new certification can help clinicians and patients better understand which digital therapeutics work and which don’t.

Regulations

Scott Stuewe couldn’t have said it better about regulations.  Regulations could take on a lot of forms.  However, the best regulations align with appropriate business benefits and care benefits for patients.  I actually think that’s one thing that Micky Tripathi at ASTP has brought to the regulation process.  Plus, Tripathi did a great job summarizing the focus of ASTP.

If you want to know what Micky Tripathi and ASTP are focused on, the above image does a great job summarizing some of the major focuses.  My favorite on the list is to “Make Interoperability Easy.”  I think we can all agree that would be an amazing result.

I wish I would have captured the slide that showed the more complex look at HTI-2, but I really loved how Tripathi took a lot of complicated regulatory language and simplified the beast of a regulation that is HTI-2 in this slide.  Tripathi appropriately noted for those that thought 1000 pages was long for a regulation…that you should consider what it took to write it.

Cybersecurity

Scott Stuewe painted how challenging the picture is when he shared the above cybersecurity statistics from an IBM Cost of Data Breach Report.  Not that any of us needed more data to understand how challenging the cybersecurity threat landscape is for healthcare organizations.

This quote from Greg Garcia’s keynote got a good laugh.  It’s true that CISOs have no real safe places.  Threats abound from internal and external actors.  You have to take into consideration everyone.

Garcia did highlight how important it was for private organizations and the government to work together to address cybersecurity.  No one can address these challenges alone.

I loved that DirectTrust had a tabletop exercise at their conference with a whole panel of CISOs talking about it after the exercise.  I was particularly interested that none of the groups suggested paying the ransom.  I do wonder if your data was really gone if that would create different pressure than a tabletop exercise can create.  However, I think that’s generally the right choice to not pay the ransom.

This may have been the best suggestion of the entire conference.  Building true resiliency is going to be essential for every healthcare organization.  Plus, the term resliency can be applied to a wide variety of areas including access to your health IT systems, resilient data exchange, etc.  The good news is that at the conference I was starting to hear some really deep and meaningful discussions about how to rethink how a healthcare organization and health IT organizations approach resiliency.  There’s a real fear out there after the Change Healthcare ransomware and CrowdStrike application update downtimes.  Everyone knows it could happen to them and having a reslient approach that allows for quick recovery has become a very important conversation.

DirectTrust 2025 Conference

For those wishing they were at the DirectTrust conference, Kathryn Ayers Wickenhauser announced that the 2025 conference will be Aug 4-7, 2025 in St. Louis.  More details to come soon.  This was a great event to really connect with the full spectrum of interoperability, identity, and security experts.  Plus, it was pretty great to enjoy the conference while looking out the window at the inspiring St. Louis arch.