MBX Medical Billing Experts Discusses Cybersecurity, Compliance and IT Success




Brian Shea - Central Ohio Tech Power Player Honoree

Brian Shea

CIO

MBX Medical Billing Experts

 

Moderator

Steve Gruetter

Director of Market Strategy - Central Ohio

Expedient

 

To listen to the podcast, click here!

 

Hello, and welcome to the comSpark podcast, where you will get to meet today's technology thought leaders. To learn more, visit comspark.tech.

 

SG: Here we are today with Brian Shea, who is the Chief Information Officer and the Chief Compliance Officer for MBX Medical Billing Experts. My name is Steve Gruetter with Expedient. I'm your guest moderator today. So, Brian, let's get started. With, in the healthcare space and with HIPAA and HITECH and all the compliance measures that you've got, and there's a lot of news about companies being hacked and critical data being stolen – how should companies, how does it affect the companies and their need to respond? 

 

BS: That’s a great question. Um, I believe, I think it's just really taking a step back – it's a matter of if, not when, some sort of incident, security incident will occur in your organization. To what level? You know, that could, that could definitely vary. Um, in the healthcare side of things, you know, we protect patient information. We have credit card information as well that, that flows through our systems. So, I treat it more as a process of building kind of a vulnerability management program, or a maturity model. And then you start ticking away at that of where things are at. So, it's continual risk mitigation. So, actually, when I sit in front of the boards and talk about security and our, you know, “What is the risk of us being hacked?” Or, “What do we do about it when it occurs?” is, you know…I think first they light up because I just, again, I say it's a matter of, you know, it's going to happen to some degree, as I said, and I think security equals continued due diligence, continual risk mitigation and really a little dumb luck, right? You know, because no matter what you put in place, an end user can click on something inadvertently. Um, as we all know, we've seen things that look legit. And this happens at, you know, small to very large organizations. 

So, the risk is there. So, it's really about risk mitigation, continuing to put layers in, education, you know, continuing education, you know, to the staff to make sure that they're really, you know, if something looks out of the ordinary, ask questions, really ask questions. So, it's changing that culture of, it's not, we're going to be secure now. It's, what is the culture of how do you make people, it's part of their wiring, you know? 

 

SG: How to be as vigilant as possible. 

 

BS: Yes, exactly. And, when it does occur, I think, again, it's being transparent. You have to understand what's really occurred. Sometimes that's difficult to understand exactly how it happened, what really, what data maybe was accessed or what data, um, you know, that is suspect. So, the other thing is, and then it's, how do you communicate and who do you communicate to? That's a continual effort as well, because there's different regulatory requirements of course, being either in healthcare or finance.

SG: Absolutely. And the, often it's changing. 

 

BS: Yes. 

 

SG: Right. 

 

BS: So, and laws that are not necessarily even in the United States. You know, we have newer laws, you know, that, in the European Union, that impact us in some form or fashion depending on your business as well. So, keeping abreast of those things and how they're continually changing is a challenge as well. 

 

SG: That’s, that is certainly a challenge for your organization. Um, taking care of all the compliance measures, you also have to take care of and build that compliance around your infrastructure, around your applications. How has the cloud technology that you use and the applications that you use changed the way that you manage those when it comes to compliance? 

 

BS: That's another good question and a great segway actually. So, cloud has really enabled us, more than anything, as an organization. And when I say cloud, of course everybody knows there's a thousand different definitions, right? But, especially being a small to medium business, cloud type infrastructures have allowed me to provide scalability and really allowed me to survive as an organization, because I don't have the depth of necessarily, the resources internally. So, leveraging different partners in the cloud space, whether it be security software, compliance software or infrastructure, it allows me to get the depth of experience and expertise in those different industry areas that I would not get myself. Right? So, if anything, cloud has helped me get where I need to be. Now, I understand when people say cloud, that opens up a whole, that's a whole new area of concern and security, because my stuff is out here now. That's not on-prem or physically in my space. And I like to debate with a lot of people, especially in that small to medium business space, that their on-prem is not any more secure than those, those cloud organizations that they might be working with. If anything, they're probably less secure. 

 

SG: Oh, I agree with that thoroughly. We, uh, we like to joke that the number one reason people won't move to the cloud is because of security. But, in reality, the number one reason people move to the cloud is because of the level of security. 

 

BS: And redundancy and all those other things that come along with it. 

 

SG: So, as you are evolving MBX and growing your organization, how do you measure the success level of the IT organization, what you're providing to your company? 

 

BS: So, there's a couple basic things I think, as an IT leader, that you look at. One is, people aren't calling you. So, availability is an accessibility to your core business apps. That's the number one thing, you know, because that's how your business functions. How I measure IT success is uptime, again, and availability, ticket counts. You know, from a help desk perspective or a service desk perspective, you can, if you're getting a lot of tickets that are coming in, a lot of incidents, um, you know, there’s a lot of incidents of the same, equal problem, right? 

So, if you're not seeing those trends or you're seeing a trend down, you know, of course, those are always positive things in a, in a service desk. Or, your IT – how you really judge it is, your IT is really getting to focus on core business initiatives instead of the day-to-day operational type activities. 

 

SG: Well, I think that bleeds back into your previous answer there, is if you can leverage some of the vendors in order to provide the support and build your depth, then you can take your core team and have them address the business issues. 

 

BS: Yep, exactly. 

 

SG: Alright. So, as your role in the community, obviously you've been a big part of the Central Ohio IT community for years – you've been in leadership and a variety of locations: Nationwide Children's [Hospital], Revolution Group, MBX. What advice would you give to an aspiring CIO? 

 

SH: So, it's the same – I laugh because it's same conversation you'd have with your children. Right? You know, as we were just talking, you know, kids in college age and how do you, how do you mentor them or lead them in the, in the right direction? Um, definitely have seen a lot of change over the 24-ish years, I think, I've been in the IT community here in Columbus. And I think the biggest thing is, you know, be prepared for change, you know, and adaptability as a, as a leader. You know, you cannot be rigid by any means. And in today's business world, on how things are evolving and changing within organizations, um, and also just the outside influence and other companies that come into play and just, you know, as disruptive technologies come in, your, your world as you know, it today might be different tomorrow, right? 

So, you definitely have to be adaptive from that aspect. I think one of the core values of a leader coming up is, is definitely, you know, finding people that, they're going to do the right thing. Right? You know, I think there's – you know, I laugh. There's a business side of things, but then there's also the moral ethical side of things, for sure. Right? And, and I think, I don't want to say people lose sight of those things by any means, but you're still dealing with people, right? You know, and as these changes are occurring within these businesses and these things are happening, you still have to remember you have people that are actually what are driving you forward as an organization. So, leaders need to make sure that they are always considering that aspect of it, and what that truly means to the bottom line of the, of the business moving forward. So, not just technology, you know, from a CIO perspective, but understanding that their influence, you know, as a leader has a big impact on, not only the business, but individuals. 

 

SG: You're leading people. You're not necessarily leading technology at that point, as you grow the organization. Brian, it's interesting that you mention that disruptive technologies can jump in and all of a sudden, you know, throw the apple cart over, and now you've got to figure out a new direction quickly. In your opinion, are there any disruptive technologies that you are looking to take advantage of? 

 

BS: Definitely. So, in the medical billing area, there's a lot of things that are either process driven or, um, there is levels of automation already that exist today within systems, but we are definitely looking with our partners, with our billing platform partners, with, with AI, because it could actually use, um, you know, it's analytics engine and determine propensity to pay, you know, different things like that from a billing side of things. So, you know, your target audience then, and what you do and how you handle that, which can make you more efficient as a billing company on how you respond. And some things might even be a more personal touch based on a person's situation. And if you could use that data to determine, “I need to communicate with a certain type of letter,” or something like that. Um, you know, to those individuals, that, we're heavily looking at that. And we are primarily a medical billing company for radiology. And of course, AI is a lot of conversation around even radiology. So, today, you know, we take in information and that's how we build. So, we look at the reports, you know, and that information. Can AI read reports and code more efficiently and effectively and like, do auto coding of some sort, um, based on that information? Sure. 

So, and those technologies are already out there, which could have a big play in staffing models within our organizations, because we could be more efficient in certain areas or – but it could also change our focus of, “We have staff today, spending time on this. Maybe they could spend time on some other things as well, but it's also going to be a competitive edge. You know, if, if we don't get involved with some of this, like AI and some of those disruptive technologies, or be aware of them, um, others will. 

 

SG: Absolutely, they will. And it sounds like, as MBX is going down this path and taking advantage of this, it will build a competitive advantage for your organization moving forward. Brian, it’s always good to catch up with you. This is Steve Gruetter with Brian Shea. To learn more about these podcasts, please visit comspark.tech. Thank you.

 

To learn more about sponsorship opportunities for 2019, contact Michelle Ziegler at michelle.ziegler@venuemag.net.