Originally published to Authority Magazine – Medium on November 4, 2020
The U.S. healthcare landscape is one of extremes. We have state of the art facilities using robotics, machine learning and AI. At the same time, we have rural physicians treating people out of the back of their trucks. The social determinants of health in the U.S. are astounding. The zip code in which a person is born can set the course for that person’s health for the rest of his life. In the U.S., geography influences health as much as genes.
As a part of my interview series with leaders in healthcare, I had the pleasure to interview Chris Bowen, Founder and Chief Privacy & Security Officer at ClearDATA.
Chris Bowen is Founder and Chief Privacy & Security Officer at ClearDATA. He leads ClearDATA’s privacy, security and compliance strategies as well as advises on the security and privacy risks faced by customers, including healthcare payers, providers, life science companies, and innovators from the Asia Pacific, North America, and Europe. Chris also leads ClearDATA’s global security risk consulting practice. A Certified Information Privacy Professional (CIPP/US) and Certified Information Privacy Technologist (CIPT) from the IAPP, and Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) from (ISC)2, Chris is an expert on patient privacy and health data security.
Thank you so much for doing this with us! Can you tell us a story about what brought you to this specific career path?
There’s an interesting journey that connected my early career in politics with where I am now. I had been working for the U.S. House of Representatives. I was lured away by the mission of The Donor Network of Arizona, which asked me to help them make it easier for people to become organ donors. This required new legislation. I didn’t realize it at the time, but this was a turning point in my career. I was able to write legislation that facilitated the donation of organs to save lives. My exposure to that was poignant. I was able to see the tragic end to life juxtaposed with new hope given to a person who could not survive without a life-giving organ. Remarkably, this circle of life and death happened suddenly, usually within the same 24-hour period. These experiences had a lasting impact on me. I was eventually asked to join the Arizona Speaker of the House senior staff. There, I continued to be involved with healthcare reform and internet privacy. I played a role in creating and passing legislation for healthcare and privacy during the same timeframe I was pursuing my graduate studies combining two passion points of mine — technology and privacy. Once I finished my MBA, I decided to leave politics to start my own company that delivered complex web-based applications: DirectClarity.
At DirectClarity, one of my customers was the fifth largest hospital provider in the country. Legal and privacy leaders there really pushed me to make sure I quickly learned how to protect patient privacy. Deploying applications in a healthcare environment called for significant scrutiny. HIPAA attorneys and privacy officials rightfully needed to know how our apps and my company would protect their sensitive health information. I had to become an expert at understanding the relevant privacy laws to make my business work. After several years of this, I recognized there was no company solely devoted to creating environments specifically to protect patient data. They were all generalists that didn’t fully understand the nuances of healthcare delivery or the complicated ecosystem within which patient data flowed. Learning this problem first-hand became the catalyst of what became ClearDATA. I approached a trusted lawyer in the hospital system with my idea, and ran my thoughts by him about starting the company. His positive encouragement inspired me to start ClearDATA — ultimately, a mission-driven company designed to protect patient data from the ground up.
Can you share the most interesting story that happened to you since you began leading your company?
Over the years, I’ve seen a lot of interesting things in healthcare. Just before the global outbreak of COVID-19, I had an opportunity to travel to Europe with a colleague to meet with customers and partners. We spent five days in five countries (UK, France, Denmark, Germany, and Spain) meeting healthcare leaders who all had similar challenges. These challenges centered on how to use the cloud securely so they could innovate and solve healthcare problems. The trip further validated that the vision we had in the beginning still rings true today.
I’ve also been privileged to work with the most imaginative and innovative people worldwide to make healthcare better. I get to see emerging technologies transform healthcare and save lives while also focusing on privacy, security, and compliance with complex global regulations.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
Well, this is a more serious note for me. Because the nature of the work we do to protect patient data can affect healthcare outcomes, mistakes just aren’t funny, and we work diligently to exercise extreme caution. Admittedly we, like any other startup, have bumps in the road as we grow. But our company is founded on the principle of working to protect organizations from risk and mistakes by using security automation in the cloud. We stay awake at night working to be sure we get this just right.
What do you think makes your company stand out? Can you share a story?
ClearDATA believes that every patient record is more than data — that record represents a human life. That is the mindset we work with to protect our customers records. We have a front-row seat to healthcare’s digital innovation and transformation. We have the honor to help the world’s most innovative healthcare companies be better, faster, and more private and secure. And we share our know-how with those just beginning their cloud journey. We help any healthcare organization that wants to take advantage of the benefits of the cloud. There’s a focused purpose that drives us to make a positive difference in healthcare every day. Our customers find value in our cloud automation, remediation, and visualization that many customers consider unique. It’s one of the reasons we were named to Fast Company’s Most Innovative Companies earlier this year.
What advice would you give to other healthcare leaders to help their team to thrive?
At ClearDATA, we believe that culture is king. We try to foster a company culture that values our employees as our most important priority. We try to equip our workforce with the tools necessary to succeed and value their contributions. We then translate that belief into action by treating our people with respect, conduct our work with integrity and transparency, and focus on the mission. It’s the mission that keeps us focused and motivated. Our job as leaders is to help our team know their value and empower them to contribute in a meaningful way.
Tactically, we’ve seen success by embracing Peter Lencioni’s principles and implementing shared Objectives and Key Results (OKRs) as outlined by John Doerr.
Ok, thank you for that. Let’s jump to the main focus of our interview. According to this study cited by Newsweek, the US healthcare system is ranked as the worst among high income nations. This seems shocking. Can you share with us 3–5 reasons why you think the US is ranked so poorly?
1. The U.S. healthcare landscape is one of extremes. We have state of the art facilities using robotics, machine learning and AI. At the same time, we have rural physicians treating people out of the back of their trucks. The social determinants of health in the U.S. are astounding. The zip code in which a person is born can set the course for that person’s health for the rest of his life. In the U.S., geography influences health as much as genes.
2. Add to that the fact that healthcare’s infrastructure is antiquated, largely not integrated, and expensive to maintain. This condition creates silos of data that can’t be accessed — and that creates risks to patients and doctors alike.
3. Additionally, for many years, we had a passive national culture around health. We didn’t address the indicators for chronic disease proactively, early and often. Doctors treated symptoms instead of focusing on outcome-based care.
4. That has led to spiraling illness and out of control costs. And as the report states, there’s a massive problem with the coordination of care, which stems from interoperability issues.
5. Margins for care delivery continue to decline. Medical care reimbursements are decreasing, while costs seem to be increasing. As margins thin, it’s getting harder to deliver care like we used to. None of us like the COVID pandemic. One silver lining from this terrible event is that it turned the care delivery model on its head. The pandemic forced virtual care and created the will for regulators to reimburse telemedicine and virtual visits.
You are a “healthcare insider”. If you had the power to make a change, can you share 5 changes that need to be made to improve the overall US healthcare system? Please share a story or example for each.
1. Create an effective COVID-19 vaccine. We needed it yesterday.
2. Shore up defenses. Healthcare has been under attack for the last several years but the onslaught of ransomware and other attacks since COVID-19 arrived in the U.S. is staggering and there’s no end in sight. In fact, reported ransomware attacks doubled during Q3 and healthcare is the hardest hit sector. In one pronounced case, we saw hundreds of facilities that had to be taken offline, resulting in delayed surgeries and services. We have to keep in mind that behind every data point and compromised record is a person — affected in painful ways, from financial impact to medical or even mortal impact. In at least one tragic instance, we know that a patient whose care was delayed due to ransomware disruptions passed away. This has to stop.
3. Make interoperability real. We have a massive amount of data at our fingertips that providers, payers, and life science organizations could use to address chronic disease and save lives. Unfortunately, all this data still lives in siloed systems that don’t effectively communicate with each other. So, care providers have difficulty getting a view of the whole patient. My heart goes out to those doctors who want to produce healthy patients but cannot assemble a holistic data set that lets them see the patient’s entire medical picture. Instead, the doctor may get a glimpse of a person’s overall health and wellness, making an accurate diagnosis a challenge. As an example, physicians see this sometimes with heart disease where complex issues can initially manifest as similar symptoms when in fact different treatment or surgeries are needed.
4. Take a Wellness Approach, not a Sickness Approach. I reference this change in mindset earlier in another question. We need to own our health by taking an interest in what we consume, how active we are (or aren’t), and how we can prevent disease. The human body is one of the most incredible machines in the universe — like a performance car; it too needs preventative maintenance. We’re starting to see some health insurance companies act on this by offering incentives to their members for taking healthy actions, logging exercise, offering gym discounts etc.
5. Fix information flows between providers, specialists, social services, and insurance companies. Let’s get people the right care and the right coverage and fix administrative inefficiencies. The Cures Act Final Rule which goes into effect Jan 1, 2021 addresses this by working to create a streamlined system of data flowing from providers, to payers, to members and patients directly on their mobile apps.
Ok, it’s very nice to suggest changes, but what concrete steps would have to be done to actually manifest these changes? What can a) individuals, b) corporations, c) communities and d) leaders do to help?
1. Individuals: Take responsibility for your health and the health of those you love. Be accountable for your choices.
2. Corporations: Invest in training for your employees. Most ransomware attacks begin with social engineering or phishing. Teach your team how to be cautious and meticulous. Also for corporations, invest in the wellness of your employees. Encourage wellness, physically, mentally, and socially. There are simple things you can do, like pay for their gym membership. Encourage a healthy lifestyle.
3. Communities: Get back to the basics. Try to make your community walkable and bikeable. Plant trees. Grow healthy foods, if possible — advocate for parks, green space, and merchants who support your community’s healthy lifestyle values.
4. Leaders: Create policies that encourage health and well-being. The Accountable Care Act changed incentives for doctors to practice outcome-based medicine. And some well-meaning politicians have tried to tax sugary soft drinks. Still, our leaders need to think beyond the obvious carrot and stick approach. Public policy should address food deserts, obesity, and bolster critical infrastructure to be resilient to supply chain disruptions caused by things like pandemics.
I’m interested in the interplay between the general healthcare system and the mental health system. Right now, we have two parallel tracks, mental/behavioral health and general health. What are your thoughts about this status quo? What would you suggest to improve this?
I’m not an expert in this area, and I’d love to read an interview from you with someone who is. However, it seems logical that a person plagued with untreated general health problems is likely to develop mental or behavioral health challenges depending on the situation. And conversely, someone with mental or behavioral health issues may well develop general health concerns. I agree, there needs to be a better way to break down walls between the two. One of our customers, BehaVR is doing some impressive work helping people experience better health with virtual reality. Another example I can think of Biomedical Music Solutions who offers software that produces biomedical music™ to reduce falls and increase mobility in Parkinsons patients by improving balance. The point is, these companies are thinking beyond traditional treatment plans to address real healthcare problems. We’ll continue to see blurred lines between mental and behavioral health and general health problems.
How would you define an “excellent healthcare provider”?
How often have you sat in the waiting room of a doctor’s office waiting for your appointment that was supposed to start 40–50 minutes ago? And while sitting there, you’re required to complete the same paperwork you completed last time you visited using paper, a clip board, and a dirty pen. I think an excellent provider is one who honors her commitments to me as a patient and takes a few more minutes to get up to speed on my health trends. Companies like One Medical have excelled in this area. You show up, you are seen on time, your records are already digitized and available to you AND the doctor, and your history, test results and appointment history are all available in your app on your iPhone. An excellent provider is one who goes above and beyond to help prevent disease and help you heal if you’re sick, and one who understands nutrition at the same level as prescription. I want a healthcare provider that is a partner in my health and wellness and works alongside me to inform and protect me from disease as much as possible.
Honestly, the best provider is one that won’t harm me or kill me by making mistakes. The number of deaths in this country attributed to medical mistakes or misdiagnosis is staggering.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
One of my favorite life lesson quotes is from Winston Churchill: “Success is not final, failure is not fatal: it is the courage to continue that counts. If you’re going through hell, keep going. Never, never, never give up.” It’s been relevant in so many instances be they personal challenges, professional roadblocks etc. The best way to get the life you want is to never give up wanting it and working for it.
Are you working on any exciting new projects now? How do you think that will help people?
I am working with some amazing healthcare organizations today in the COVID-19 response.
The rapid expansion of telehealth is exciting. I’m glad to be part of protecting it and therefore the people it’s serving. There are some incredible innovations happening in virtual and telehealth on the cloud, and they are happening at a mind-boggling pace. I see potential for a lot of good from these advancements that meet people where they are when they need help.
What are your favorite books, podcasts, or resources that inspire you to be a better healthcare leader? Can you explain why you like them?
I carve out time every day to learn something new. I’ve grown fond of The Journal, Ted Talks Daily, and the Armchair Expert with Dax Shephard and Kristen Bell.
The Journal gives me an overview of current events at a deeper level. I learn all kinds of things from this podcast, from the massive fraud with China’s Luckin Coffee, to the TikTok headwinds in the US, to the pivot by the music industry from touring to streaming. There’s always an interesting current topic on the Journal.
Ted Talks Daily offers another platform to efficiently enrich my daily knowledge goals. Topics like “How to overcome biases,” “Urgency of climate change,” to “Secrets of staying focused under pressure,” inspire me.
And Armchair Expert is just plain fun entertainment. You’ve gotta keep laughing to stay healthy and happy. Dax and Kristen keep it real and fun.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. ?
While one of my life’s missions is to help make healthcare better, if I were to start a movement, it would be “Take back your data.” Last month my identity was used to apply for an SBA loan. In talking with the SBA fraud department, they revealed that my social security number, address, date of birth, full name, address, and all other data needed to steal my identity was provided in the fraudulent loan application. How this data was exposed can be traced to two large data breaches; one by the federal government (OPM Breach), and one was a breach of a college I attended way back when. Companies use and abuse our personal information all the time. They shouldn’t. Privacy laws need to catch up. Individuals need to start caring about their data and taking ownership of it!
How can our readers follow you online?
I also share insights on healthcare security and compliance on the ClearDATA blog at https://www.cleardata.com/blog/.