Fred Trotter on Data Journalism and Cybersecurity — Harlow on Healthcare
I caught up with Fred Trotter to talk about his work as a healthcare data journalist and about his service on the federal cybersecurity task force, which issued a report last year. Fred is a health care IT veteran, founder of CareSet Systems and the DocGraph Journal and an alum of multiple successful technical startups. He’s the co-author of O’Reilly’s first health IT book, Hacking Healthcare, and the 2015 recipient of the Healthcare Data Liberator of the Year award. You can find Fred online at fredtrotter.com and on Twitter: @fredtrotter. His technical commentary and data journalism work is featured in several online and print journals including Wired, Forbes, U.S. News, NPR, Government Health IT, and Modern Healthcare.
You may ask: What is a data journalist? Fred’s shorthand definition: “Using FOIA requests and other sorts of collaborations to get covered-over data out of the realm of the useless and into the realm of the useful.” His company, CareSet, sells access to the data it secures and organizes to companies. He also partners with journalists (like the folks at ProPublica, for example) — to get data out to the public in a useful manner. He would like to think that his government relations strategy is less contentious than the usual sort of journalist interaction with government officials. Fred’s efforts sometimes help the government better understand its own inner workings, and sometimes allow one agency to better understand another; for example, it was easier for the FTC to get a dataset from Fred than to get it from CMS.
When a healthcare provider or payor or other party engages Fred and his team, it’s often someone with an innovation to bring to the marketplace who doesn’t necessarily know the best place to start, which hospital CEO to talk to, which physician groups, in which state.
To Fred, one key goal of his work, a goal his work enables, is the elimination of large healthcare costs in the future, and replacing them with smaller costs in the present. He says everybody is (or should be) in favor of paying $500 today instead of having a significant healthcare event or expense in the future.
Fred notes that the DocGraph dataset of Medicare physician relationships with patients is the largest graph dataset — i.e. a dataset organized with nodes and edges — using real-name data out there, and is one of the few “people” graphs that are open.
We also spoke about the cybersecurity task force and its work last year. Fred said his colleagues on the task force were real “heavyweights” from government and industry, and that he ended up being a voice for health IT — People on the task force know a lot about cybersecurity, but not as much about how EHRs and PHRs work.
EHRs used to be so far behind the firewall at healthcare organizations that they weren’t really vulnerable. Now EHRs — and PHRs — are more accessible. Fred found part of his role on the tasjk force to be defending — or at least explaining decisions that have been made in healthcare: “This is the way we do things, this is the reason, and I know that sucks … but I haven’t been able to convince the industry to do things differently.”
Fred described an early stage of the task force meetings as being like a group confessional –confessing not sins, but fears, the things the group members feared the most in the health IT security space, some “really disturbing” conversations in private sessions, “almost a map of how you destroy the country by using cybersecurity attacks on healthcare systems.”
And every fear voiced in those meetings was realized over the course of the next year. For example: ransomware attacks, and the manipulation of stock prices by releasing cybersecurity vulnerabilities in an irresponsible way.
Fred’s take is that in any other political environment the task force report would have had a far greater impact, but “politics has so far outshone policy that it is hard to get any attention . . . . It’s hard to talk about this stuff seriously when people are discussing impeachment.”
The value in the report — which now essentially sits on a shelf — is in a series of response plans to cybersecurity scenarios. “We put a lot of energy into trying to make it useful — I hope we don’t need it . . . . I hope that [in the future] there is the policy will to work on this.”
When I asked Fred what is one thing he would hope to be different in five years, he immediately expressed his hope that the fax machine will be eliminated form the process of communicating with physicians — but also offered his opinion that it might take seven years to get there, not five.
Fred was involved in former V.P. Joe Biden’s Biden’s cancer moonshot, and he said that he was asked a similar question in the context of that work. His answer then, and now, is that the key roadblocks are political and business barriers, not technical issues, which will continue to prevail so long as a “patient is regarded as an asset … like an orange grove or a silver mine.”
While Fred observes that large health care provider organizations are in a standoff — none wishes to blink first and share — but that (contrary to popular perception) EHR giant Epic helped move the Direct project and the Argonaut project forward in a way that just would not have been possible without such support.
This article was originally published on HealthBlawg and is republished here with permission.