For more than a decade, Healthcare Informatics/Healthcare Innovation has honored those at the forefront of healthcare IT innovation with its Innovator Awards Program that recognizes leadership teams from provider organizations across the U.S. that have effectively deployed information technology in order to improve clinical, administrative, financial, or organizational performance. As part of the program, over the last few years, we have opened up nominations to vendor solution companies as well.
This year, the vendor track of the Innovator Awards Program entailed four product categories that solution providers could submit toward: Value-Based Care, Patient Engagement, Data Analytics, and Data Security. The team at Healthcare Innovation has announced the winning companies in each of these four product segments:
• Value-Based Care: CitiusTech
• Patient Engagement: Pegasystems
• Data Analytics: LeanTaaS
• Data Security: Protenus
Throughout the remaining three Healthcare Innovation magazine print issues in 2019, each one of these companies will have its story of health IT innovation told. For this July/August issue, we profile the Data Security category winner, Protenus.
When Baltimore-based Protenus was founded in 2014 by two Johns Hopkins University medical students—Nick Culbertson, who prior to medical school served eight years in the military as a Special Operations Green Beret, and Robert Lord, who began his career designing analytical systems at the hedge fund Bridgewater Associates—the two entrepreneurs had a first-hand look into how electronic health records (EHRs) created a new slate of serious security and privacy concerns.
“Fundamentally, day in and day out, as medical students we saw both the incredibly important work that health systems were doing for patients, but also how they were significantly overburdened by a ton of back-office compliance challenges. And that led to worse outcomes,” says Lord in an interview with Healthcare Innovation. “We saw this very clearly in the privacy monitoring space early on, that just a tiny fraction of patient accesses were reviewed, and this left most patients completely vulnerable to HIPAA or privacy violations,” he adds.
Culbertson and Lord then took to developing the initial prototype and predictive algorithms that launched Protenus, a healthcare compliance and workflow analytics platform that is designed to fulfill a major gap across healthcare: being able to better protect patient data and to maintain high compliance standards in U.S. hospitals and health systems. Lord points to a 2017 American Hospital Association (AHA) study that found healthcare organizations spend nearly $39 billion a year solely on the administrative activities related to regulatory compliance. “That is incredible spending, and a lot of it is on labor that compliance teams don’t want to be spending time on, such as the manual review of audit laws, transactions, checking boxes, and going through all the motions. But these things are not always actively reducing risk,” he says.
As such, the Protenus analytics platform combines EHR, HR, automated dispensing cabinet (ADC), and other data sources into a single dashboard that gives healthcare compliance, security, risk management, and pharmacy teams full visibility into the EHR accesses happening across their systems, company officials explained. What’s more, the platform uses artificial intelligence (AI) to analyze patient data, such as demographics, appointment information, and procedure and diagnosis histories to build profiles on the patients whose data healthcare organizations are responsible for protecting.
Similarly, the platform builds profiles on the users accessing patient data and controlled substances. The Protenus platform then uses machine learning to analyze how certain types of users access particular types of patient records or interact with particular types of substances in the course of patient care or administrative workflows.
Put all together, this process allows the Protenus platform to develop a deep understanding of normal workflows, enabling it to alert hospital administrators to anomalous behavior without the need for rules, filters, or manual audits, with an accuracy rate of up to 99.5 percent, company leaders attest. The Protenus platform does this by identifying those accesses and transactions with the highest levels of suspicion and risk to an organization, and elevating them for review by a member of its staff, officials explained.
Company executives say the uniqueness of Protenus’ technology stems from its clinically-aware artificial intelligence. They believe that while generalized AI cybersecurity platforms focus on network traffic and protecting against external “bad guys” or simple internal “data exfiltrators,” threats in hospitals are much more insidious since each employee, third-party vendor, and hospital network affiliate represents potential danger to all patient data in the system. “As a result, highly-specialized, continuously-updating algorithms that are able to understand different patterns of care, roles within a healthcare system, and types of procedures, and characterize what is clinically appropriate versus inappropriate, serve as the core of Protenus’ IP,” officials contend.
For Lord, the key to Protenus’ success is fundamentally being a true end-to-end healthcare compliance analytics platform. That entails being a system that’s uniquely reviewing every single event in all of the electronic systems that it monitors. “By reviewing and documenting each of those events, we are able to allow a health system to understand why a particular event is either risky or not risky, and even go back and check the work of the AI and machine learning algorithms,” Lord says. “And that’s important, because it can’t be a black box. You need to have that explanatory power which allows you to make systematic change.”