To Your Health

Somewhere today there’s a company or research organization that’s discovered a way to use data to save thousands of lives a year, but they can’t find a hospital willing to work with them. Why? Health privacy violations are so ubiquitous, so unbelievably expensive, and so seemingly unstoppable that any new technical integration is treated as another hole in an environment that’s already bleeding data left and right.

These leaks have real, painful consequences for patients — something my own family has experienced multiple times. Identity theft and fraud are an increasingly common nightmare that erodes trust in our healthcare system. It’s time for somebody to solve this privacy problem, and I’m excited to be working on new technology that helps make a difference.

About six months ago I quietly joined a project called Doctrly. The mission at the time seemed interesting and straightforward to me— a million different electronic health record systems lack a common API and create real developer pain. It’s a problem with huge reach, and we thought we could build a great SaaS solution.

We signed a landmark contract with a major research hospital a few months ago — a huge milestone for a company like ours. As we began the implementation phase, though, we quickly discovered that any attention to the product itself was overshadowed by discussions of who was liable in the event of a security breach. Talking to peers in other health tech companies revealed this to be a common experience that’s bringing otherwise amazing organizations to a halt.

The question of who gets sued dominates health-tech deals and stifles advancement. A brilliant new company might be able to cure some forms of cancer using big data, but the impact of seemingly unavoidable HIPAA breaches — currently estimated at $6.2 billion per year, affecting 90% of hospitals in the last two years — means it’s almost impossible to implement it. Hospital security executives have a singular mission to protect the patient and the organization from undue risks. They do that by saying no.

Until this privacy problem is fixed, everything — a post-operative home care application for orthopedic patients, a new reporting tool for quality metrics, a product that predicts and directs interventions for life-threatening illnesses — everything that requires patient data is a threat.

At Doctrly, we’ve gone back to the drawing board to focus on this single, mission-critical problem, and we’re excited to start trials with our new product, code-named Redacted.

Redacted does what it sounds like it does. It sits between existing electronic health systems and integrations and gives health security administrators a new superpower — the ability to control field-by-field access for everything that touches their data. Every data exchange will carry a certain amount of risk, but with Doctrly, security professionals can reduce that to its lowest possible level without affecting functionality.

Why does a blood machine, for example, get your birthdate, social security number, and home address when all it needs is a name and a unique patient identifier? This private data constantly seeps through the walls of hospitals looking for a crack to escape. Doctrly can stop that flow without requiring more than simple configuration changes in the machine.

This isn’t a magic solution, and there are real challenges to substantively changing the security landscape in healthcare. It seems like a meaningful problem to attack, though, and I’m really excited to be working on it.

Check out our new website, follow us on Twitter & Medium. We’ll have a lot more to share soon.