Podcast
Navigating Health IT: From Data Security to AI-Driven Innovation at VUMC
Dr. Neal Patel
Neal Patel, MD, MPH
In this episode of the Healthcare Market Matrix, John Farkas kicks things off with a conversation with Dr. Neal Patel, a healthcare industry expert from Vanderbilt University Medical Center. Together, they discuss cybersecurity, interoperability, and the implementation of AI in healthcare. Dr. Patel also emphasizes the importance of understanding the capabilities and limitations of AI and the need for careful deployment.
This far-reaching and thought-provoking conversation covers Dr. Patel’s long association with Vanderbilt, where he has been since 1997. During that time he has played a significant role in optimizing patient care through informatics strategies.
Patel speaks fascinatingly about the growing threat of cyber attacks in the healthcare industry and the need for organizations to assess their vulnerabilities. He also discusses the importance of having robust cybersecurity measures in place and the challenges of balancing innovation and security.
This insightful conversation is sure to provide valuable perspectives for anyone interested in information management in healthcare.
Listen Now
Transcript
John (00:01): Well, greetings everyone, and welcome to Healthcare Market Matrix. Today we are diving into the information management universe of a major academic medical center, and to do that, we are visiting with none other than Dr. Neal Patel. Neal started his tenure with Vanderbilt back in 1997 when he joined as a faculty member in the Department of Pediatrics. In 2006, he took on the role of Chief Medical Information Officer, and in 2019, he added the role of CIO over health IT. Since Vanderbilt is also a teaching hospital, Neal serves as a professor of clinical pediatrics with additional faculty appointments in anesthesiology and biomedical informatics. In his role as CIO, Neal works to translate healthcare delivery, quality, and patient safety goals into informatics strategies to optimize patient care. Neal, welcome to Healthcare Market Matrix.
Neal Patel (01:45): Thank you for having me, John. Happy to be here.
John (01:48): You bet. Let’s dive in. Cybersecurity is a big issue for many in your role. What are some of the critical concerns you’re addressing, and what should our listeners know about your approach?
Neal Patel (02:15): Well, everyone is coming up to speed on cybersecurity and assessing vulnerabilities. What we’ve learned in the past six months is that it’s not a matter of if an attack will happen, but when. Attacks are growing more sophisticated, especially phishing programs. We have a fantastic cybersecurity team that adds layers of protection, but we’ve had to become more rigid in our stance. As an academic medical center, there has traditionally been a lot of freedom for faculty and research enterprises, but now we must take the specter of ransomware attacks and breaches extremely seriously. The controls we put in place intersect with how we balance being nimble and innovative while managing budgets and ensuring safety.
John (03:09): Mm-hmm.
Neal Patel (03:12): It’s a balancing act that’s very hard. On one side, we want to foster innovation and research within a reasonable budget. On the other, with 2% margins in healthcare, we must ensure we’re investing in technology to keep the institution safe while also compensating our workforce. All health systems are facing these difficult choices, and sometimes they come down to whether we invest in our labor force or in technology. These are critical factors that need to be considered.
John (04:50): You’re obviously working to promote innovation while managing risk. With so many outside partners and vendors involved, what are you asking of them in terms of cybersecurity? What signals competency to you?
Neal Patel (05:58): One of the most important things for Vanderbilt as an academic medical center is that our data is our asset. We do research on it, and we have a responsibility to keep it safe. So, when we engage with technology companies, one of our first questions is how they manage protected health information (PHI). Where does the data reside? Is it within our firewalls or in the cloud? Companies need to demonstrate competence and show us evidence. This is particularly hard for startups that may have great ideas but lack the robustness or liability guarantees that we require. Our reputation depends on keeping patients physically, mentally, and data-safe.
John (07:19): Mm-hmm.
Neal Patel (07:33): We are more and more trying to create safe spaces that we control for innovation. Companies often come in saying they can take our data and return insights, but it’s like someone saying, “Let me just take your children for a while, and we’ll be good.” We ask, “What kind of car do you drive? Do you have seatbelts?” We apply that same rigor to companies wanting to engage with us. Beyond data, we also need them to integrate securely into our systems while still providing ease of use for clinicians to prevent frustration and burnout.
John (09:41): How has your approach to these security priorities evolved over the past five years?
Neal Patel (10:15): Five years ago, our worry level was at a three or four. Now it’s at a nine or ten. If you’re a vendor coming in now, you must deeply understand the value of our data and demonstrate what you’re doing to protect it. It’s no longer just checking boxes.
John (10:54): Exactly. It’s a deep, demonstrated understanding of your responsibility. Can you give an example?
Neal Patel (11:16): Yes. We had a company that impressed us because their solution ensured our data never left our environment. Their technology operated within our system, keeping our PHI safe and under our control. They honored our need for security and demonstrated their approach had worked elsewhere. It allowed us to build trust more quickly and move forward with a proof of concept.
John (12:56): That’s a great example. It’s not common, but it accelerates the process. What else would you underscore as important in security?
Neal Patel (13:16): Beyond technical measures, we also assess a company’s ability to take responsibility if something goes wrong. What’s their recovery capability? What insurance levels do they have? We are raising the bar on the companies we work with. It disenfranchises smaller companies, but we can no longer just try things. If small companies want to work with us, they need to be ready to prove their concept in a safe way.
John (15:04): That makes sense. Shifting gears to AI, it’s everywhere now. How are you looking at AI solutions, especially in the context of healthcare data and governance?
Neal Patel (42:00): The hype around generative AI, especially large language models (LLMs), is massive. But the question is: what problem are you solving, and is AI the solution? Often, companies come to us wanting to co-develop a solution because they don’t have a finished product. My question is: is the solution the one I need? We’ve always had AI in various forms, like clinical decision support and predictive algorithms. But the new wave of AI is about understanding exactly what it’s capable of, what it costs, and what it isn’t good at.
John (44:38): Right.
Neal Patel (45:07): We’ve moved from deterministic AI, where the same input always gives the same output, to probabilistic AI, which introduces variability. In healthcare, deterministic AI is crucial. If I’m prescribing medication, I don’t want different answers with the same inputs. But for other tasks, like web searches, “close enough” is acceptable. We need to figure out which tasks require absolute precision and which can tolerate some margin of error.
John (47:10): Exactly. As you’re exploring AI tools, are you framing policies or creating frameworks around this?
Neal Patel (47:46): We started about three or four years ago, focusing on predictive algorithms and creating a governance structure to validate models before using them in real time. Now we’re expanding that framework to handle AI more globally. Some AI models need greater oversight, like ensuring they’re monitored for bias and drift, while others are more locked in and don’t need the same level of scrutiny.
John (50:20): That’s great leadership. I know not all institutions have the resources Vanderbilt has.
Neal Patel (50:33): Exactly. We’re fortunate to have a large Department of Biomedical Informatics, with ethicists and experts who help us put these frameworks in place. We’re working to share this with other institutions that don’t have the same resources.
John (51:22): What are some of the horizon opportunities you’re excited about?
Neal Patel (51:29): We’re excited about our virtual care platform, which already supports around 200 beds. It’s not just virtual nursing, but also includes pharmacists providing patient education and access center staff making discharge appointments. We envision audio-visual cameras in every patient room, allowing for virtual interactions to become as standard as Wi-Fi. This ensures expertise can reach the bedside efficiently.
John (53:30): That’s a huge opportunity for improving patient care and clinician efficiency. Anything else on the horizon?
Neal Patel (53:39): Yes, we’re piloting wireless vital sign monitoring for vulnerable patients in non-traditional care spaces. This technology will allow us to monitor patients even in hallways or waiting rooms, reducing the burden on clinicians and ensuring that patients are not neglected.
John (55:38): That’s incredible work. It seems like a great way to address burnout as well, by giving clinicians the tools they need to provide the best care.
Neal Patel (55:58): Exactly. My hope is that these technologies will create a sense of support and safety for our clinicians, helping them feel confident they’re delivering the best care possible.
John (57:12): That’s wonderful. Neal, I appreciate you taking the time today. The work you’re doing at Vanderbilt is impactful, and I know our audience will appreciate your insights.
Neal Patel (58:03): Thank you for having me, John. I’m proud to be part of the incredible team at Vanderbilt.
John (58:13): Thank you, Neal Patel, Vanderbilt University Medical Center, for joining us on Healthcare Market Matrix.
Transcript (custom)
John (00:01): Well, greetings everyone, and welcome to Healthcare Market Matrix. Today we are diving into the information management universe of a major academic medical center, and to do that, we are visiting with none other than Dr. Neal Patel. Neal started his tenure with Vanderbilt back in 1997 when he joined as a faculty member in the Department of Pediatrics. In 2006, he took on the role of Chief Medical Information Officer, and in 2019, he added the role of CIO over health IT. Since Vanderbilt is also a teaching hospital, Neal serves as a professor of clinical pediatrics with additional faculty appointments in anesthesiology and biomedical informatics. In his role as CIO, Neal works to translate healthcare delivery, quality, and patient safety goals into informatics strategies to optimize patient care. Neal, welcome to Healthcare Market Matrix.
Neal Patel (01:45): Thank you for having me, John. Happy to be here.
John (01:48): You bet. Let’s dive in. Cybersecurity is a big issue for many in your role. What are some of the critical concerns you’re addressing, and what should our listeners know about your approach?
Neal Patel (02:15): Well, everyone is coming up to speed on cybersecurity and assessing vulnerabilities. What we’ve learned in the past six months is that it’s not a matter of if an attack will happen, but when. Attacks are growing more sophisticated, especially phishing programs. We have a fantastic cybersecurity team that adds layers of protection, but we’ve had to become more rigid in our stance. As an academic medical center, there has traditionally been a lot of freedom for faculty and research enterprises, but now we must take the specter of ransomware attacks and breaches extremely seriously. The controls we put in place intersect with how we balance being nimble and innovative while managing budgets and ensuring safety.
John (03:09): Mm-hmm.
Neal Patel (03:12): It’s a balancing act that’s very hard. On one side, we want to foster innovation and research within a reasonable budget. On the other, with 2% margins in healthcare, we must ensure we’re investing in technology to keep the institution safe while also compensating our workforce. All health systems are facing these difficult choices, and sometimes they come down to whether we invest in our labor force or in technology. These are critical factors that need to be considered.
John (04:50): You’re obviously working to promote innovation while managing risk. With so many outside partners and vendors involved, what are you asking of them in terms of cybersecurity? What signals competency to you?
Neal Patel (05:58): One of the most important things for Vanderbilt as an academic medical center is that our data is our asset. We do research on it, and we have a responsibility to keep it safe. So, when we engage with technology companies, one of our first questions is how they manage protected health information (PHI). Where does the data reside? Is it within our firewalls or in the cloud? Companies need to demonstrate competence and show us evidence. This is particularly hard for startups that may have great ideas but lack the robustness or liability guarantees that we require. Our reputation depends on keeping patients physically, mentally, and data-safe.
John (07:19): Mm-hmm.
Neal Patel (07:33): We are more and more trying to create safe spaces that we control for innovation. Companies often come in saying they can take our data and return insights, but it’s like someone saying, “Let me just take your children for a while, and we’ll be good.” We ask, “What kind of car do you drive? Do you have seatbelts?” We apply that same rigor to companies wanting to engage with us. Beyond data, we also need them to integrate securely into our systems while still providing ease of use for clinicians to prevent frustration and burnout.
John (09:41): How has your approach to these security priorities evolved over the past five years?
Neal Patel (10:15): Five years ago, our worry level was at a three or four. Now it’s at a nine or ten. If you’re a vendor coming in now, you must deeply understand the value of our data and demonstrate what you’re doing to protect it. It’s no longer just checking boxes.
John (10:54): Exactly. It’s a deep, demonstrated understanding of your responsibility. Can you give an example?
Neal Patel (11:16): Yes. We had a company that impressed us because their solution ensured our data never left our environment. Their technology operated within our system, keeping our PHI safe and under our control. They honored our need for security and demonstrated their approach had worked elsewhere. It allowed us to build trust more quickly and move forward with a proof of concept.
John (12:56): That’s a great example. It’s not common, but it accelerates the process. What else would you underscore as important in security?
Neal Patel (13:16): Beyond technical measures, we also assess a company’s ability to take responsibility if something goes wrong. What’s their recovery capability? What insurance levels do they have? We are raising the bar on the companies we work with. It disenfranchises smaller companies, but we can no longer just try things. If small companies want to work with us, they need to be ready to prove their concept in a safe way.
John (15:04): That makes sense. Shifting gears to AI, it’s everywhere now. How are you looking at AI solutions, especially in the context of healthcare data and governance?
Neal Patel (42:00): The hype around generative AI, especially large language models (LLMs), is massive. But the question is: what problem are you solving, and is AI the solution? Often, companies come to us wanting to co-develop a solution because they don’t have a finished product. My question is: is the solution the one I need? We’ve always had AI in various forms, like clinical decision support and predictive algorithms. But the new wave of AI is about understanding exactly what it’s capable of, what it costs, and what it isn’t good at.
John (44:38): Right.
Neal Patel (45:07): We’ve moved from deterministic AI, where the same input always gives the same output, to probabilistic AI, which introduces variability. In healthcare, deterministic AI is crucial. If I’m prescribing medication, I don’t want different answers with the same inputs. But for other tasks, like web searches, “close enough” is acceptable. We need to figure out which tasks require absolute precision and which can tolerate some margin of error.
John (47:10): Exactly. As you’re exploring AI tools, are you framing policies or creating frameworks around this?
Neal Patel (47:46): We started about three or four years ago, focusing on predictive algorithms and creating a governance structure to validate models before using them in real time. Now we’re expanding that framework to handle AI more globally. Some AI models need greater oversight, like ensuring they’re monitored for bias and drift, while others are more locked in and don’t need the same level of scrutiny.
John (50:20): That’s great leadership. I know not all institutions have the resources Vanderbilt has.
Neal Patel (50:33): Exactly. We’re fortunate to have a large Department of Biomedical Informatics, with ethicists and experts who help us put these frameworks in place. We’re working to share this with other institutions that don’t have the same resources.
John (51:22): What are some of the horizon opportunities you’re excited about?
Neal Patel (51:29): We’re excited about our virtual care platform, which already supports around 200 beds. It’s not just virtual nursing, but also includes pharmacists providing patient education and access center staff making discharge appointments. We envision audio-visual cameras in every patient room, allowing for virtual interactions to become as standard as Wi-Fi. This ensures expertise can reach the bedside efficiently.
John (53:30): That’s a huge opportunity for improving patient care and clinician efficiency. Anything else on the horizon?
Neal Patel (53:39): Yes, we’re piloting wireless vital sign monitoring for vulnerable patients in non-traditional care spaces. This technology will allow us to monitor patients even in hallways or waiting rooms, reducing the burden on clinicians and ensuring that patients are not neglected.
John (55:38): That’s incredible work. It seems like a great way to address burnout as well, by giving clinicians the tools they need to provide the best care.
Neal Patel (55:58): Exactly. My hope is that these technologies will create a sense of support and safety for our clinicians, helping them feel confident they’re delivering the best care possible.
John (57:12): That’s wonderful. Neal, I appreciate you taking the time today. The work you’re doing at Vanderbilt is impactful, and I know our audience will appreciate your insights.
Neal Patel (58:03): Thank you for having me, John. I’m proud to be part of the incredible team at Vanderbilt.
John (58:13): Thank you, Neal Patel, Vanderbilt University Medical Center, for joining us on Healthcare Market Matrix.
About Dr. Neal Patel
As the CIO for HealthIT, Dr. Patel provides leadership for translating VUMC healthcare delivery, quality, and patient safety goals into informatics strategies to optimize the delivery of patient care. He collaborates with operational and clinical leadership to foster systemic adoption and effective use of clinical applications to promote patient safety and high-quality care across the continuum and reduce the costs of care, in support of the VUMC mission.
Dr. Patel has extensive experience in the use of healthcare information technology to improve clinical and quality processes, with more than 20 years of experience in implementing and advancing the use of computer order entry systems and electronic health records. He has worked with industry as well as other healthcare organizations to think strategically and proactively about the use of clinical informatics tools to transform the delivery of clinical care. Using the combination of his clinical expertise, knowledge of healthcare information technology and focus on workflow and logistics, Dr. Patel has developed key insights into the intersection of clinical space, workflow and team function.
Dr. Patel has been with VUMC since 1997, when he joined VUMC as a faculty member in the Department of Pediatrics (Division of Pediatric Critical Care and Anesthesia) after completing his residency and fellowship at Children’s Hospital of Los Angeles. He spearheaded the introduction of computerized physician order entry (CPOE) to the Pediatric Intensive Care Unit (PICU).
In addition to his CIO role, Dr. Patel is also Professor of Clinical Pediatrics, and has adjacent faculty appointments in Anesthesiology and Biomedical Informatics. Dr. Patel received his M.D. from the University of Southern California. He also has a master’s degree in Public Health from Vanderbilt University, which he completed as a full-time physician.