Aspen Tech Policy Hub Demo Day

transcript

Search Transcript

good morning or afternoon everyone i’mbetsy cooper i’m the executive directorof the aspen tech policy hub for thoseof you who are new to us we are a policyincubator training scientists andtechnologists on how to engage in thepolicy process and i am thrilled towelcome you to our first demonstrationday event of the third cohort of ourfull-time fellowship program ourfellowship program welcomes 15 membersin every cohort who spend 10 weeks withus full-timeto learn about policy impact and policymaking both inside and outside ofgovernment this cohort started theirtime with us in september 2021 and endedtheir fellowship in late november manyof them having deferred over a year tojoin us due to cover 19.over the course of 10 weeks our fellowsspent time working on a policy projectthey identified a tech policy problemthey were passionate about solvingconducted research on it mapped andtalked to stakeholders ideated onsolutions and developed products in aidof their solutionthis cohort’s projects span from solvingissues related to contractor workercompensation in tech companies tostrengthening student data privacy inpublic schools wish that could be you weare currently recruiting for a climatecohort to train scientists andtechnologists how to engage in policy sohelp us spread the wordtoday we present the first of thesegroups projects today’s projects focuson improving health tech and health dataprivacy digital healthcare innovationshave the potential to vastly improvecare by reducing costs expeditingtreatment and personalizing medicine atthe same time digital health care toolshave also brought up critical governanceissues related to health data privacyand algorithmic transparency today’sprojects answer the question how can wepromote the use of digital tools toimprove health care while alsopreserving privacy and equalityjust some quick logistical notes ontoday’s event we first will be hearingfrom four fellows who will be presentingtheir three projects then we’re thrilledto address introduce former us cto anischopra who will give a keynote speechcommenting on the three projects we’llthen open it up to q a for a niche andall of the fellows please use the q abox to submit your questions in tandemwe’ll be sharing links to our fellowproducts by the chat box so please takea look there to see the amazing thingsthat our fellows have builtnow i’ll turn it over to our firstfellow daniel bartenstein who willdescribe his project focused onstrengthening medical device securitydaniel currently works on cyber securityand technology policy at the cybersecurity infrastructure security agencyin the u.s department of homelandsecuritypreviously he was a product manager atthe defense digital service where he ledcybersecurity projects thanks for beinghere daniel over to youthanks so much betsy really excited tokick off this exciting session soas i mentioned my name is danielbardenstein currently i am the techstrategy lead at the cyber security andinfrastructure security agency alsoknown as cisabut before my time in aspen i led cybersecurity for operation warp speed the usgovernment’s initiative behind the copa19 vaccines and during that experience isaw firsthand the frightening state ofsecurity across our healthcare systemparticularly in smart or connectedmedical devicesso for my fellowship i with generoussupport from uh fellow aspen fellowladrena cerny focused on what policylabor’s government has to make medicaldevices more secureso my ultimate proposal was at the foodand drug administration or fda who’sresponsible for regulating medicaldevice cyber security should requiremedical device manufacturers to do twospecific things the first implementbasic cyber protections across all oftheir devices and second make theirdevices easier to secure by hospitalsand other device owners such as patientstaking a step back to look at theproblemrecent studies estimate around 15million connected devices in the usalone thatcomes out to be around 20 000 medicaldevices per hospitaland this number is expected uh toproliferate and increase rapidly overthe next decadeuh and medical connected medical devicesare everywhere from patient monitors uhin hospital beds to mri machinessurgical robots even our smart watchesand in many cases our lives literallydepend on these connected devices um andwhile beneficial uh of vast a surprisingamount of these medical devices as muchas 50 of these devices are triviallyeasy to hack by a malicious hackerso what does the cyber attack on amedical device really look like well forthe past decade we actually have anumber of examples of where securityresearchers or aka ethical hackers haveshown us what can potentially be donesome ethical hackers have hacked intosmart insulin pumps and have changed thedosage on those pumps to deliver alethal dose to patients this is all notactual patients just intest environmentsothers have uh hacked into x smart x-raymachines and have actually altered theresults of the x-ray machines eitherconcealing what was a real tumor orcreating the image of a tumor thatdidn’t actually exist in the patient orperhaps most uh shocking of all uh beingable to disrupt an implanted smartpacemaker that was actually in someone’sbody it could potentially cause instantdeath so at the end of the day whenwe’re talking about securing medicaldevices we’re really talking aboutsecuring patients and saving livesso why are medical devices so insecureas analogy let’s consider your averagecar when we go on to buy a carregardless of the make and model weassume that there are consistent safetyfeatures across the car whether that’suhseat belts or air bags or automaticbraking systemum that again regardless of you knowwhat you buy they’re going to be thereand they’re going to be implemented androughly the same wayand secondly if there’s something wrongwith the car whether it’s just a handyperson or a mechanic can easily you knowgo under the hood take a look at what’sgoing on and make repairs as necessarythe unfortunate fact is that both ofthese critical features are largelyabsent in the current medical devicelandscapeso the two policy solutions that imentioned earlier address both of thesehead on the first is that the fda shoulddevelop a cyber baseline of mandatoryprotections for all medical devices thisis like having the car’s common safetyfeatures and the second is that the fdashould require manufacturers to build afeature into their devices that i’mcalling the device query interfacethat makes it easier for hospitals tosecure their devices and this is morelike the ability to quote unquote gounder the hood and get a sense ofwhether the device is functioning wellor secure so let’s dive into both ofthose really quickso on the cyber baseline the lastofficial guidance that the fda haspublished for medical device cybersecurity was done in 2016 and there isanother draft that wasn’t finalized in2018. so that’s what all the medicaldevice manufacturers are orientedtowards now that uh slightly outdatedadvice contains non-bindingrecommendations uh with a lot ofambiguity uh it’s kind of unclear tomanufacturers what is actually requiredfor their devices to get fda approvaland so there’s a lot of um uncertaintyand and they’re uh the imp theinterpretation is up to themanufacturers in terms of which thingsdo i actually need to implement into mymedical devices and how do i implementthose security features into thosemedical devices so there’s a lot ofuncertainty in the manufacturers andthere’s a lot of inconsistency in thefinal resultsso what i’ve done uh for this proposalis i’ve actually developed a baseline ofcyber security protections that the fdacould actually include in their upcomingguidance that hopefully should come outthis year uh that has clear requirementsit has specifics were appropriate so itmakes it easier for everyone to rely onthe same standards and also involves newmodern protections that were absent fromprevious uh guidance from the fdamoving on to the device query interfaceso again we think about the ability toget under the hood of a car figure outthe health or status of a medical deviceor whether it’s vulnerable to cyberattackso traditionally when this is done uh inmodern environments in a hospitalsetting for examplethe way this is done is using tools thateffectively blast a medical device withlots and lots of requestsasking about health status are youvulnerable what software’s running etcand the way that these medical devicesare built by manufacturers they’re veryfragile and so this amount of trafficcan easily overwhelm medical devices ican essentially cause them to fail andif there’s a patient connected to thatmedical device on the other side thatcan risk impacting that patient andtheir safety and so for many hospitalsto this day they are unable to form thisbasic cyber security practice of beingable to go under the hood quote unquoteof their own medical devices to figureout which of them are insecure or whichof them aren’t workingso what the device query interface doesis it’s basically a feature that’s verylightweight that manufacturers couldbuild into their medical devices and itbasically reduces this risk i like tothink of it like a digital concierge ina hotel instead of for example if youneeded to find out uh where your friendsor family were staying in a hotelinstead of having to knock on everysingle door there’s the concierge rightup front very easy where you can ask aquestion and get back very quickly andanswerandby doing this the the device queryinterface minimizes the risk that thedevice actually malfunctions and causesa risk to the patient so this wouldallow hospitals to have much bettervisibility into their medical devicesinto the security and the vulnerabilityof those medical devices and preventpotential cyber attacksand now is a fantastic and urgent timefor the fda to act on this first like imentioned the fda is actually working onupdating new guidance that should comeout later this yearand my hope is that they consider thesespecific proposals and incorporate theminto that guidance that will hopefullybe published second the more securemedical devices are the morecyber attacks we can successfullyprevent or mitigate and again hospitalsgetting under attack can cause delays incare which can ultimately result inpatient death or other impacts topatient safetythird as medical devices continue toproliferate the fda has an opportunityto really build and maintain patienttrustso that when patients or hospitalspurchase medical devices they know thatthey’re not putting their lives atfurther risk in a different way based onthe state of vulnerabilities and thestate of security for in those medicaldevices that they buyand lastly and most critically like imentionedsay we save lives right securing medicaldevices helps keeps keep patients saferat the end of the dayso thank you very much for listening tomy presentation and i’ll pass it back toyou betsythank you so much daniel for showcasingyour proposal to have the fda requirebaseline cyber security standards forall devices i especially appreciate thisproject not just because i’m superpassionate about cyber security too butbecause as a result of coven 19 we nowknow more than ever the importance ofsecure medical devices and his projectshows practical ways to build thoseas a reminder please use the q afunction to ask any questions aboutdaniel’s project and please take a lookat the links in the chat box to learnmorenext up i’m thrilled to introduce lucyhe and christine kyung who will beshowcasing their project on usingtechnology tools to expedite healthinsurance approval processes lucy is asoftware engineer most recently atflatiron health where she builttechnology to improve outcomes forcancer patients christine served as thecity of san jose’s chief data officerduring the coven 19 pandemic where sheused data to enable equitable servicedelivery we’re delighted to have themboth here uh over to you lucy andchristinethank you for the introduction betsy andwe also want to thank fellow panelistsmatthew zaowho also advised and contributed to ourprojectas betsy mentioned lucy and i have atrack record of building andimplementing technology to improvebureaucratic yet essential processes inhealthcare and government we are soexcited to apply our expertise towardsthe goal of improving medication accesswith better prior authorization in newyork stateour proposal for achieving this goal isto bring modern technology to the priorauthorization process in order to getpatients the care they needour proposal has two parts first requireinsurance companies to adopt technologyto automate the prior authorizationprocess and second ensure that thetechnology is easy to use and built withmodern software standards i’ll start bytelling you how prior authorizationimpacts patients today and lucy willtake us through the details of these twoparts of our proposalprior authorization is the process ofgetting insurance approval beforephysicians can start patients on atreatment anyone who has struggled withor have loved ones with chronic diseaseknow how challenging this undertakingcan beprior authorization helps insurancecompanies control costs but can alsoharm patients by delaying access to carethese negative impacts aredisproportionately felt by low-incomeand minority communities who are morelikely to suffer from conditions thatrequire prior authorization i know thisfrom personal experience diabetes runsin my familythese are my dad and uncles restaurantworkers who work 12-hour days and whohave each struggled with accessingessential carewhile waiting for their priorauthorization they had to pay out ofpocket for insulin 150 dollars a vialwhen they made less than 15 dollars anhourpatients like my dad with limitedenglish language and digital literacylack the voice and tools to advocate forthe care they needi’m that advocate for my family but thepatients without that support systemrely on their physiciansphysicians bear the burden of the priorauthorization processthey are expected to navigate thecomplexities of each patient’s benefitscoverage which requires them to spendhours on the phone with insurancecompanies a 2020 american medicalassociation survey quantified the extentof these costs 94 of physicians saidthat the prior authorization processdelayed care to their patients and 21 ofphysicians noted that it led toavoidable hospitalizationsphysicians complete on average 40 priorauthorizations a week for their patientsand the paperwork can take up to 20hours one reason why it takes so long isbecause different insurance companieshave different processes that doctorsmust learn and followthe current prior authorization processis deaf by a thousand paper cuts butsoftware tools can help modern softwarethat provides patient priorauthorization and health insuranceinformation speeds up the physicianprescribing process and helps patientsget care faster i will now pass it overto lucy for a deep dive into ourproposal on how to make this into arealitythanks christine as you introduced ourproposal to improve access to medicationrelies on two parts first bringing techto the pa process and improving thattech with software standards i’ll startby sharing more about the impact ofusing technology in the pa processso first when prescribing a medicationdoctors traditionally may spend hours onthe phone chasing down whether or notcertain drugs require priorauthorization with software solutionsthis information is available instantlysoftware tools also can provideinstant patient specific insuranceinformation in contrast when doctorscheck insurance requirements withoutsoftware they might only get informationgeneric to certain insurance planstechnology can also help doctors quicklyidentify alternative treatments to anydrugs they’re consideringand lastly the right software userprescription time has been shown to helpdoctors avoid pas all togetherhowever through our research we foundthat these benefits will not be realizeduntil we improve software availabletodaythis brings me to the second part of ourproposal mandating physicians to usetechnology is ineffective if the toolsare hard to use and this is whatphysicians face today when trying to getinstant patient specific priorauthorization information which caninvolve different processes fordifferent insurers therefore regulatorsshould improve technology by setting asingle set of software standards forinsurance companies to followso in the healthcare industryinteroperable software systems meaningsystems that all speak the sametechnical language is key you can thinkabout how important it is to have auniversal adapter for something likeusbssetting a standard is the process ofchoosing one specific technical languagefor all software to adopt similar to howapple chose one type of usb for all oftheir laptops and setting a standardpresents two major winsfirst software will be easier to use asphysicians will be able to learn and usea single rather than many priorauthorization workflows when workingwith insurance companiesand second the information provided byinsurers will be accurate and actionablethis does however rely on regulatorschoosing a standard that has completeand rigorous information requirementsfor example one that requires prior authinformation that’s easy to interpretchristine and i have identified such astandard authored by the standardsdevelopment organization known as thenational council for prescription drugprogramswe’ve already drafted a regulation fornew york state to adoptpassing this regulation will unlock thebenefits i previously shared doctorscould get instant patient specific priorauthorization and insurance informationenabling timely care for their patientsthey’d no longer have to spend hours onthe phone and they could dramaticallyaccelerate patients access to medicationthe time to make this change is nowthough we think all states should setthe same software regulation ours isspecifically focused on new york statethere is new york state and federalmomentum currently building to increasedevelopment of software tools targetedat reducing the harms of pa it’simportant to pass our regulation incoordination with these federal andstate efforts that are active nowand i want to close by saying to buildconfidence that the regulation willcatalyze action we’ve been working witha variety of industry non-profit publicand private stakeholders to get theirsign off on a letter of supportwe have heard over and over howimportant this is to do and to do nowwe’d appreciate if you consider signingour letter which you can find attinyurl.com better pa thank you for yourtime todayback to you betsythank you so much to lucy and christinefor showcasing their proposal for whystates should mandate priorauthorization processes using these newstandards what impressed me most aboutthis project was how they were able totackle a hugely complicated issue ofhealth insurance processes and find asolution for it in just under six weeksif you’re interested in learning moreplease use the chat box to learn moreabout this projectalso please feel free to use the q a toask them questions which we will get toat the end of the presentationnext up i’m thrilled to introducematthew zou who will be showcasing hisproject on tools to help healthcare techprocurement officers better obtainproducts to minimize algorithmic biasand cyber security riskmatt is a senior data engineer atpeloton where he specializes in datagovernance and infrastructure previouslyhe was an engineering manager at villagemd and a data engineer at the new yorktimesas a reminder use your q a box to submitquestions for matt and any of our otherspeakers over to you mattthanks for handing over the floor betsyhi everyone my name is matthew zell andtoday i will be presenting our group’swork in building a toolkit to helpmitigate the risk of algorithmic bias inhealthcare ai technology purchased bygovernment organizationsmany thanks to dylan cruz another aspenfellow who helped support this projecti am excited to share the toolkit thatwe’ve built called diagnosing bias whichcontains resources to help governmentprocurement officers incorporate bestpractices on algorithmic accountabilitythrough these toolsthese resources will help guide aprocurement officer from the start ofthe process with educational resourcesto help them get up to speed onhealthcare ai throughout the contractwriting process for acquiring ai toolsall the way to the end of the processwhen they have to evaluate the selectedtechnology vendors ai productsartificial intelligence and healthcareis having a momentthe coronavirus pandemic has highlightedthe wide gaps and inefficiencies andhealthcare access within americaas well as the vibrant opportunitiesthat technology offers in solving thoseproblemshealthcare ai in particular has seen anexplosion of venture capital interest inthe past few yearsa recent deloitte reportshows that venture capital funding inhealthcare ai companies almost doubledfrom 2019 to 2020.clear that ample funding and smarttalent are pouring into healthcareartificial intelligence offeringbenefits like helping doctors makemedical diagnoses accelerating thedevelopment of new drugs and being ableto match patients to the righttherapeutics and treatment plans fortheir illnessesat the end of the day what could bewrong with making health care moreefficient and saving patient livesit turns out that there can be somethorny problems that come withlife-saving workin 2019 a key study on healthcare aialgorithms published in science magazinefound that algorithms impacting almost200 million patients in americaexhibited racial bias when recommendingpatients for additional follow-upmedical careabout 28 of black patients wereoverlooked for their medical needscompared to white patients with the samedisease burdenthis happens because the algorithm thatrecommended patients in this caseassumed that the financial spend of apatient equated to the severity of theirillnessesbasically the more you spent on healthcare in the past the sicker thealgorithm thought you werethis assumption missed the ways thatmarginalized communities havehistorically had less resources to payfor a doctor’s visitless access to health insurance and ingeneral more reasons to distrust themedical systemthe data held implicit biases from thepast that were automated and baked intothe algorithm amplifying these biases toa population of millionsthe unique risk in algorithmic biascomes from this way that it allows thesystematic and repeatable automation ofbiases to impact people on a scale thatwas previously impossibleassumptions are baked into thetechnology by the designers and theseassumptions should be tested to ensurethat they aren’t automating harmwithout good governance around thealgorithms that make up recommendationson our behalfwe end up elevating computer code topublic policywe should all take an especially strongstance on how our government funds gotowards the purchasing and deployment ofhealthcare ai tools for the common goodafter interviewing procurement officerstechnology experts and ai think tanksour group discovered some commonunderlying requests and pain points thatbegan to emergefirst we saw that procurement officerswanted standardization of ai contractrequirementsthey felt like they often had toreinvent the wheel when procuring aitools where they usually have littletime to fully research the technologybefore having to draft proposaldocuments there’s a lot of ambiguityaround vocabulary and really nocentralized standards on ai bestpracticesthe second request that came up was fora governance model around howprocurement officers can monitorpurchased ai tools over timeacknowledging the reality that thesesoftware products evolve over time asthey get upgraded for performanceimprovements as they apply securityupdates or add on new featuressome pain points that emerged were thatprocurement officers often had tocontend with slow procurement processesthat could take up to two to three yearsto actually purchase and deploy the aitechnologiesmost procurement processes don’t leavemuch room for quick iterative designthat can acquire and evaluate emergingtechthe second pain point that emerged wasthat the process of defining the rightperformance metrics to evaluate thesuccess or failure of ai products wasoften difficult and unclearwhat did it mean for an ai model to havehigh accuracy does that mean that it’smore often right than wrongor is it when an ai model is able toconfidently identify when it’s wrongthe idea of fairness metrics was alsoequally problematic with many slightlydifferent flavors of what fairnessreally meant when it came down toquestions of equality versus equityconsidering these requests and painpoints our solution is to offer aicontract writers through our procurementtemplate generator toolgiving procurement officers ready-madetemplates for writing healthcare aipurchasing contractsgovernment procurement processescommonly use request for proposal or rfptemplates to be able to provide afoundation for organizations to definethe goods that they need when solicitingcontract bids from vendor companiesthere are rfp templates for almosteverything for purchasing property forcities to contract cleaning services forschools to purchase i.t systemsthese templates help embed bestpractices help standardize language andset quality control requirements intothe proposals by defaultthis template generator tooldelivers procurement templates for aitechnology tailored specifically to thehealthcare industrywith contract clauses that addresstransparency bias mitigation securityand privacy and healthcare contexts inthe same way that we as individualconsumersmight make purchasing decisions based onour values and beliefs we should expectour government’s policies and values toalso be reflected in the ways that theypurchase things as wellthe goal is to make these templates opensourced and freely available toprocurement officers in the same way thetechnology open source community sharescommon software code to make technologyaccessible and higher quality foreveryoneour second solution is the ai modelchecklistthis resource offers a set of guidingquestions and transparency artifactsthat procurement officers can solicitfrom healthcare ai companies at eachstage of the ai design processthe focus of this tool is to highlightthe specific outputs that ai engineerscan share to provide more transparencyinto their products for auditingtech companies have already started toexpress direct interest in theresponsible design of technology toolswith workers at large companies likegoogle and meta calling up for betterframeworks and building internalauditing processes for evaluating aitools for harm and inequitythe public and private sectors shouldwork together and align theiraccountability and transparencyprocesses so that the internal work thattech companies are doing to promoteresponsible ai can really stand out togovernment pure government procurementofficers when picking the besttechnology vendorswe are eager to continue refining thesetemplates for ai procurement for morediverse health care use cases and toultimately equip governments with thetools necessary to responsibly purchaseai technologythank you for your time and please reachout if you’re a procurement officerinterested in incorporating thesetemplates into your purchasing processback to you betsythanks so much to matt for showcasinghis request for proposal generator toolwhich i guess is a bit of a mouthful uhwhat i love most about matt’s project ishow he was able to bring his technicalexpertise in software engineering tohelp government officials think abouthow to more ethically procure productsif you’d like to learn more about hisproject or see the rfp generator toolyourself please check out the links inthe chat i’d also note that we reallyare going to be answering live questionsresponding to one we’ve already receivedso do submit them in the q a box um i’dalso like to let you know that arecording of this demo day will be madeavailable after this eventso last i’m thrilled to introduce ourkeynote speaker for today’s event anishchopra anish is the president of carejourney an open data membership servicebuilding a trusted transparent ratingsystem for physicians networksfacilities and markets on the move tovalue he’s also the co-founder of hunchanalytics an investment hatchery focusedon the use of open data to improve thehealth and well-being of our fellowcitizens aneesh served as the first u.schief technology officer under presidentobama and in 2014 authored innovativestate how new technologies can transformgovernment i do have to say it’s theonly book both my husband and i haveever bought together so uh so i’m veryexcited to have you here nish um anishwill be commenting on the projects andalso sharing a little bit more about whyit’s important to bring technicalexpertise to thorny health tech issuesthank you so much for being here over toyou anish well i want to thank you firstof all very kind to sharethat anecdote about you and your husbandi hope it was a worthy read or a funread but uhi amthrilled to join you today andabsolutely love all three projects andwould love to see all three come to lifeand would love to share a bit morecontext about uh the why and the howuh what i thought i might do is maybetake a minute to sort of set the stageabout where we are as a nation on onhealthcare writ largeand then a little bit about howthe public privatestandardizationprocesscould use a little bit more love on thepolicy side and on activatingthe private sector so if you’ll indulgei’ll spend a couple minutes on on eachof these areasand then we’ll uh speak directly to thethree projects that we’ve heard aboutso uh let me begin by the theorysharing the theory of changethere has been a dream that our healthcare system can deliver better qualityand lower costuh all without slashing and burningratesor uh you know changing fundamentallythe structure of the u.s healthcaredelivery system which for the most partis a marriage ofpublic financing and private servicedeliverythat if we could work within theboundaries of the current system butmaximize three very criticaluhelements that are available today butnot widely used we could get the systemon a trajectory towards essentially agdp plus zero inflation ratewhile boosting outcomesthis uh these three elements are aboutopening up data held by the governmentor collecting new data in some cases iloved some of the cyber security riskissues which could be an area of newdata collectionuhtweaking the payment modelsso that we reward uh the incorporationand use of said data to make care betterand then i love the prior off uhproject from the perspective of uhreally reducing burden on individualsgetting access to themedications that they need that we havea more personalized navigation processthat lowersthe all the burden that we have put infront of peopleas they navigate through the systemif we can do that and we do so more of abottom-up change model versus sort of atop-down prescriptionwe could actually create a marketplacewhere people compete over helpingthe system achieve its full potentialso given that uh let me just remind usthat structurallywhat makesuh the three projects uh come come tolifeis that they really emphasize uh therole of a public private collaborationand an area that i refer to ashandshakes and handoffswhen i say handshakes what i mean is allthree of the issues that you heard aboutare bipartisanboth political parties want to see theseproblems addressed and they’re excitedwhen there are entrepreneurial orinnovative pathways to accomplish themission objectivethe handoff is the bigdivide todaythe lack of standardization and the lackoftemplates or best practices in each ofthe domains we’ve identifiedthey uh the lack of those investments instandardization has meant that therereally is no unifying approachobviously there are people who wake upin the morning and go to bed at nightsayingi wish i made my medical device moresecurei don’t want customers of my product topotentially risk their livesi certainly don’t want my patients or mybeneficiaries for a health plan to gothrough mindless paperwork to get accessto the life-saving medications they neednor do i want uh biasesin the way i allocate limited resourcestoput one group over another because i bymy failure to understandour process by which we allocate limitedresources everybody wants to see theseproblems solvedthe challenge of course is howand my message to all three groupsis to think abouttheelements of successwhile we have regulationuh i view the regulation as sort of thesecond of a three-step processthe first step is achieving industryconsensuswhat would be akind of an acceptable mechanism by whichwe standardize said processesand that could be done with governmentencouragement frankly even someinvestmentbut it really does rely onindustry consensus efforts which thencan be referenced in regulation which isstep two which then results in afeedback loop on whether or not theregulations are working and thatfeedback loop in many ways canfollow the first cycle which isiterative and agilechangessowe referred to this as sort ofpublic-private collaboration or openinnovation where the government wouldopen updata encourage industry consensus onstandards uh hardwire the best practicesthrough payment models and it all fullit all comes from the philosophy thatencapsulated in bill joy the co-founderof sun microsystems joyce law that saidno matterwho you are most of the smartest peopleuh that work on the issues you careabout uh work for someone else and so byhaving a more open philosophyto help bring about some of thestandardization activity it’s an areathat i think could be uh quitecompelling a little bit of a example ofwhat the open world looks like it’s adecade in the making but many of youmight remember it was illegal for cms todisclose how much money individualdoctors were paid in the medicareprogramthat uh changed in 2013and by 2015 uh wall street journal newyork times you could look up any doctorin america and you can see exactly howmuch they were paidwho knew that the highest paid doctor inamerica was from medicare was paid 11million dollars because of a drugthat he injects into the patient’s eyenow uh to the team that talked aboutprior authorization interesting note themedication that uh dr kunimoto wouldwould uh you know to stall blindnessuh he mostly injected branded drugs thatwere between twenty five hundred dollarsand thirty five hundred dollars ininjectionand uh the net nih found that there wasactually a 50 alternative a compoundedversion of avastin that would have beenuh that would have been clinicallyequivalentnow imagine a poor medicare patientthat’s responsible for 20 coinsurance onthat part b drug uh told that they haveto inject this medication to stop goingblindbut not being told that there’s a 50alternative when otherwise it was 2500an injection so this is an example whereif that prior authorization standard wasin place in that real time pricing andalternative options then you would haveseen uh maybe some some moreconsumer empowermentsimilarly while we don’t have a nationalcoveted vaccination standard there wasno top-down answerwe do have a sort offire api which is a health care specificrestful api standard or a frameworkthe community in the private sectorrallied to develop what is essentially aqr code that could expose yourvaccination status with yourcontroland to release this data held by thestate of california and among amongothersmy home state of virginiawhere the data is normally locked up ina kind of a health department databaseand is now accessible to any americanthrough a third party appso here’s my i’ll end with these twovery specific things thati think is missing and areas where iwould love to see each of these projectsmove forward and that is a more explicitpillarof industry collaboration in each ofthese areasso when we speak about a regulation fornew york state that dictates that healthplans have tostandardize a plug for how uh a doctorcanaccess and use uh the the kind of themedication choices for a patientthatin and of itselfdoesn’t result insuccess for individual families becauseit requires that thatstandardinterconnects with all the other datastandards that are out theremy advice and the thing that i spend mytime on on this issue of kind of pricetransparency prior authorizationis that webuild uponthe cures act which created a bunch oftechnicalrequirements for doctors hospitals andhealth plans that are all now inproductionthanks to a variety of rules andregulationssuch that a consumer-facing app or aphysician-facing app could connect to ahealth plan’skind of fire endpoint and to conduct anumber of transactions and so the keything to me is can we standardizean industry approach to use the existingcures act regulated fire apis to answerthe questionof a doctor or a patient do i need aprior authorization what information doyou need to know and here’s theresulting answer that you can consumeand render a decision preferably in anautomated fashionmacgyver could work together onprototyping such a standard while uhstate and local governments and federalgovernments actually in this matter cancan formalize and scale up theseresulting outputs through regulationditto on the device query interfacewhich i love that namesame basic principle so there’s aseparate regulation at the fda on datatransparencyand if you look at the data transparencyrequirements combined with your securityuh best practices that common deviceuh query interface could be both amixture of controls how do i actuallytrack what is happening in the networkso i can adjust monitor manage securityfeatures as well as extract the datafor reuseand i think if you think of these as akind of coming into together inconjunction we can make a lot ofprogresslast but not least and i’ll leave ithere for the q ai loved the ideathat we need to have moreuh of a procurement template or an aiyou know kind of checklisti do believe that transformation for thehealth care systemwill progress at the pace of trustnow in the obama administration we triedto create this baseline privacyframework and consumer internet privacybill of rightsbut the framework while it didn’t moveforward in congressdoes offer a similar analogy for what wecan do for an aialgorithmic bias mitigation sort offramework and it relies on againindustry consensusthat can be then regulated uh eitherthrough the federal trade commission forsaying you promise you’re going to dosomething in auh you know you’re going to you’re goingto monitor your your aiuhoutputs to to look for evidence of biasfailing is declaring that you will dothis and then lying to your customersbecause you didn’t actually do it wouldbe an ftc violation so putting a lot ofthat procurement rfp templatein the framework ofa consumer commitment that these thingswill be donemight give us a regulatory hookabove and beyond the best practicesharing on the rfpsogodspeed to the three teams i’m excitedabout all three and would love tovolunteer to help uh close some of theseloops in terms of engaging in morepublic-private uh collaboration aroundthe design but otherwise i’m gratefulfor the chance to share a few words andexcited to take any questions andparticipate in the dialoguefantastic thank you so much anish foryour kind words on all these projectsand i was particularly delighted to hearyou make the point that these arebipartisan issues and everyone shouldget behind getting them donefor the fellows also you have awonderful advocate here willing to helpyou so i hope you’ll take him up on thatnow i want to bring back all of ourspeakers from today’s event for an openq a session as a reminder please use theq a box to ask any questions while we’rebringing up the other speakers let meturn my first question to a niche soanish what do you see are the biggestopportunities for tech to improve healthcare challenges and what are the biggestrisks in your mindwell i’ve felt that thebiggest opportunity for a while in techis what i refer to as a healthinformation fiduciaryso if you take all of these issuesright nowuh we areif i went on google and i’m like who’sthe best doctor in new york for xi get some general understanding aboutyou knowyelp reviews that were involved or someothers relatively lightweight mechanismbut there’s so much more informationthat’s available that in the hands of athe supercomputer in my pocketi could conceivably make a much moredata-driven decision to find the rightdoctor for meto choose the right health planto determine whether or not i need toget care in an urgent setting go to theerthink about alternatives maybe even atelemedicine consult so every step ofthe healthcare journey for a family ifwe tapped all of the already availableopen and regulated data socketsput them into akind of a computing environment andthere were a marketplace of applicationsfighting over each other to interpretthat information to help my loved onesmake better decisions i think that’s gotthe most potential and i say thatbecause we see high variability inhealth care there are communities inamerica where people navigateeffectively through the system they findthe right doctor they join the rightnetwork they’re in the right plan andthey get incredible care and the sameperson in a different marketmay end up with a completely differentexperience more unnecessary visits tothe er and hospitalizations and so forthso really it’s about finding bestpracticeand gps routing people through thesystem with all the publicly availableinformation that’s what i’m hoping andif there’s anyone launching a companylike this i’d love to be a seed investorfriend ally you name itawesome thank you so much next i’m goingto turn to daniela question from the audience whatconsiderations are being made forregulating safety standards in thecontext of global supply chains that iscomponents manufactured outside of u.sjurisdictiona great question sothis is actually something thatfrom my researchthe fda has been thinking about for anumber of years i think it’s only goingto become stronger which is the theconceptof the what they call the s-bomb thisthe software bill of materials of the inthe uh fda space for the last coupleyears they’ve referred to the c-bomb thecyber security bill of materials umwhich is not a silver bullet by anymeans but is one mechanism itessentially lists when you when you buya widget the software harder widget itlists kind of all of the the partsso to speak digital parts that are inthat widget and where they came from andyou know so it’s easier to kind of keeptrack and under understand all thedifferent uh companies and hands thatthis that played a role in creating thisthingsoagain c bomber s bomb isn’t going tonecessarilysave all supply chain from securitythreats but i think it’s definitely astep in the right direction because aswe saw with the vaccine there’s just somany moving parts literally and there’sso many companies from around the worldand it’s not an easy problem so i thinkthere’s a lot of technology moving thatdirection fda has been there and iscontinuing to move there um and i willencourage and support anything theycontinue to do for thatfantastic thanks so much daniel um nexti’d like to turn to lucy and christineum so two questions for you first um areyou considering other strategies toimplement this prior authorizationproject in states other than new yorkso maybe lucy i’ll ask you that oneyeah thanks for the great question um sodefinitely we think in other states theapproach will be similar so throughregulation um and what we’ve beenexcited to do is kind of follow thetrends in different states and see whereit makes sense to do this first in newyork there’s been great precedent set bydifferent initiatives that alreadyexisted there’s one project known as theshiny that’s promoting interoperableinformation systems in our stateand alsoas mentioned in our presentation there’slegislation that pairs really well withthis regulation that we’re trying tomove forward um and it’s really in otherstates waiting for the same climate soseeing what’s happening in that stateand then timing the regulation um alongwith similar effortsfantastic glad to hear that answer umchristine um does your tool um yourprior authorization tool work formedicare patients as well as privateinsurer patients does it work equallywell for both types if not is there away to make uh transparent any outcomeperformance differences that might occuryes the sure answer is yes and i thinkone of the reasons why um you know ithink lucy and i chose to center thepresentation on you know real family myfamily is i think oftentimes when itcomes you know what when it comes tobuilding tools around healthcare costsit’s really important to you know solveforyou know the most vulnerable communitiesright or you know what you could callthe lowest common denominator like weare not you know so much of kind of theburden of pa and kind of the costs ofthis process it disproportionatelyimpacts minority and low-incomecommunities and so you know as we weredesigningthis right and we actually choseregulation as a way of ensuring theequitable implementationyou know of this of the softwarestandards and the tools like we focus onfamilies the most vulnerable familieswho are on medicare and medicaidfantastic and next i’d like to turn tomattwhat was it like thinking throughalgorithmic account blah blah blah sorryi’ll try that again algorithmicaccountability for healthcare aicompared to how you might think of thesame issue for ai in other sectors whatconsiderations came up that are specificto the healthcare industry and patientdatai love this question umyeah i think in general algorithmic biashas a lot of common patterns thatgeneralize across industries a lot oftimes it’s a resource allocation issueorit’s umreflecting on how vulnerable communitieshave traditionally not had accessbut i think healthcare in particular hashad policy and regulations that havereally shaped the operationthe operationalizationof howuh some people who are developinghealthcare ai are able to go about thatprocess so when it comes to howfragmented healthcare data is betweendifferent silos and the need for aninteroperability standard that anishmentionsuh that feels pretty unique to healthcare and it affects how people purchasethese things because you’re having tolive with that realityuh i think the stakes are so high inhealthcare data that between you knowdifferent countries like the europeanunion between america there have beenspecial provisions for protecting theprivacy of health data in particularand they’re often classified healthcaredata is often classified as the highestrisk when it comes to algorithmicaccountability so i thinkthere’s a lot of high stakesinvolved within that development and sopeople have to be really careful andkind of as niche saidhealthcare adoption proceeds at the paceof trust for these kinds of thingsfantastic we’ll do another round robinso aneeshyou mentioned public-privatepartnerships so what do you think is thebest approach to those public privatesector collaborations in the healthcaretech space what do you think governmentsin the private sector can do to makethose collaborations happen moreeffectively yeah so i love it when thereis a call to action by the government tosay we’re looking to standardize aroundthis issue we want the private sector toself-organize and then come back to uswith an approach so if i can give you acase example weit’s always been akind of a legal truth in hipaa that theconsumer has the right to their healthrecords andthe reality of sorts is that it’s not aseasy as it seemsso the obama administration saidwe would love to put out a requirementthat patients with mobile phones shouldbe able to access their medical recordson these devices now it gave you alittle bit more technicaluh kind of detail and said can you guysfigure out a specific wayto to organizethis requirement into productionso it doesn’t matter whether that’s ehrcompany one two three four five thereshould be a simple protocol for an appdeveloper to say get medications listand it should respond with the resultswhen the government did this it resultedin the community coming together aroundthe argonaut project which is sort of asmall loose consortium of volunteers andafter industry testing and collaborationapple health as we now famously know wasable to launchwithnothing but this open industry standardas the fuel to bring data into thedevicethatthen resulted in the government sayingoh there’s enough evidence of industryadoption to regulate on the back end sothere’s been like three turns of thatwheel a call to action industryself-organizing and then scaling throughregulation and i think all three ofthese projects will have that sameuh it may not be at the same four orfive year time cycle it could compress alittle bit but it’ll have the samecadencefantastic that’s really helpfuluh daniel how long do you think it’ll bebefore we see the first ransom tart orthe first wormable bluetooth-basedransomware and what will this be what ittakes in order to create actionablechange in how medical devicemanufacturers approach securing theinternet of the bodyi love that that name i love thatquestion so just a quick background forfor everyone else so umthe question was around ransomware forbluetooth right if i understand itcorrectly yeah so random target ransomedorgans essentially random organs yes sowhen we think about uh like implanteddevices like an implantable pacemakerthat uses bluetooth so for most folksyou’re familiar with bluetooth devicesthe limiting feature but also a goodsecurity feature is that it only you canonly get access to them from about 20 to30 feet of range so in order for a ransome sort of worm that could jump frombluetooth to bluetooth or kind of hackmeta implanted devices at scale you’dhave to be very close to a lot ofdevices or they’d all have to be veryclose together um or there’s some otherthings ilong story short i think we’re far awayfrom that i think if somebody reallytried they could create some i won’t gointo the specifics um but i i think likeany good uh security approach that weshouldthink about what the worst case scenariocould beuh and and make sure that we are uhaccounting for that and our strategy andour defenses um because it’s where youleast expect it where somebody finds acreative way to do something you neverthought they would do before so my itseems like the ransomware operators aremaking plenty of money just ransomingmost general i.t devices and banks andcomputers so until we stop that problemi don’t think they’re going to move overto peoplequite yet let’s hopefantastic and a very quick question forlucy and christine can you tell us moreabout who you will talk to or how you’reaiming to get your tool into regulationor policythanks um so we were only able toquickly cover in our last slide we dohave a full advocacy plan for gettingour regulation in the right hands and sowe’ve already been chatting with privatepublic industry stakeholders some whoare very connected with the departmentof health we’ve already chatted withsomeone there and are just hoping to getit to the final person to to get theokayyeah and actually just a quick plugagain for our call to actionif you’re interested in signing onto theletter or learningmore about you know how we want to makethis into reality please visittinyurl.combetter pafantastic great plugum so i’m going to turn to my finalquestion for the um group here so i’llstart with matt matt what is your bumpersticker takeaway uh from this uh sessionwhat is one really brief really pithytake away from your worki would probably saythat responsible healthcare ai requiresboth public and private partners to bealigned and talking the same languagegreat christinethe current prior authorization processdelays patient access to care thesoftware tools can help and setting theright software standards will allowtechnology to improve patient access tomedication it’s a pretty long bumpersticker but i’ll give it to you lucyplus one to christine’s the samedanielsecure medical devices save livesthere’s a bumper sticker i need shirtabout youharnessing the entrepreneurial spirit ofthe country to solve healthcare’schallengesthat’s a beautiful note on which to endwith that i’d like to close up thismorning’s event thank you so much to thefellows and to aneesh for joining us andshowcasing these projectscongratulations fellows you’reofficially done i also want to take amoment to thank the funders that makeour fellowship program possible theseinclude the craig newmark philanthropiesthe hewlett foundation omidyar networksford foundation and schmidt featuresi also want to thank our phenomenal teamthat made this happen let me tell youthese projects do not look as prettywhen they uh come to us and our amazingteam makes this uh happen so thatincludes our project manager mehahluwalia our program assistant maevesneddon and deputy director mai sisla ifyou’d like to have the opportunity to doprojects such as these please check outour climate cohort application open forscientists and technologists interestedin using policy to help prevent climatechange open for applications now andwe’re also hiring a policy fellow anexperienced policy professional to helpus support our trainee check out thelinks in the chat and last i want toinvite you all to join us in two weeksfor the second of our four demo daysfrom this cohort this demo day will befocused on empowering marginalizedworkers and voters the projects willfocus on solutions to decrease the paygap between contractors and full-timeemployees at tech companies ways toensure that workers have a say in keystart-up decisions and new techframeworks that can be used to improvethe turnout of overseas voters if you’reinterested in attending please check outthe chat bot to register for the eventwe hope to see you there thank you somuch for joining us and have a wonderfulafternoon

Digital healthcare innovations have the potential to vastly improve care by reducing costs, expediting treatment, and personalizing medicine. At the same time, digital healthcare tools have also brought up critical governance questions related to health data privacy and algorithmic transparency. How can we promote the use of digital tools to improve healthcare while also preserving privacy and equity?

Four Aspen Tech Policy Hub Fellows showcased their projects focused on “Improving Healthcare and Health Data Privacy.” Following the presentations of the projects, Aneesh Chopra, President of CareJourney and the first US Chief Technology Officer, gave further remarks.

Presented projects

Improving Medication Access with Better Prior Authorization: How can technology be used to improve prior authorization, the process of getting insurance approval before a physician provides a treatment? Lucy He and Christine Keung presented their proposal for a state-wide standard for real-time benefit tools, software products physicians consult before finalizing prescriptions. 

“Smart” but Insecure: Improving Medical Device Cybersecurity: As “smart” medical devices continue to proliferate across the healthcare sector, healthcare organizations have been increasingly targeted by ransomware and other debilitating cyber attacks. These devices are often vulnerable to attacks, potentially allowing malicious hackers to steal patient data, modify medical exam results, or disrupt life-supporting machines. Fellow Daniel Bardenstein  presented his proposal that the Food and Drug Administration establish a clear list of cybersecurity requirements for medical devices to receive FDA approval, including the use of Device Query interfaces.

Mitigating Algorithmic Bias in Government Healthcare AI Procurement: As digital tools become more common in medical decision-making, healthcare providers may risk exposing patient data or inadvertently using a tool that leads to racially biased outcomes. Fellow Matt Zhou presented a procurement request for proposal (RFP) generator tool that government procurement officials can use to incorporate and customize best practices for health tech governance into their RFPs and contractors.