Published April 2021
The rush to distribute the COVID-19 vaccine is highlighting the necessity for the healthcare industry to implement digital identities for patients. Gus Malezis, president and CEO of Imprivata, believes the current distribution system – largely lacking in identity confirmation – can put both providers and patients at risk. Additionally, identity management challenges are also hampering the industry’s ability to provide safe and consistent care, and hobbling organizations’ ability to ensure compliance with regulations and the privacy of patient records. Malezis shared these and other observations with Anthony Guerra, Founder and Editor-in-Chief of healthsystemCIO, as they discuss current and future challenges.
Podcast: Play in new window | Download (Duration: 35:36 — 24.4MB)
Guerra: Today we’re talking with Gus Malezis, president and CEO of Imprivata, about how health systems are navigating their COVID vaccine rollouts, why identity is key to any digital transformation strategy, and how he’s working to ensure Imprivata can meet its customers’ future needs. Gus, thanks for joining me today.
Malezis: Anthony, it’s a pleasure to be here.
Guerra: Tell me a little bit about your organization and your role over there.
Malezis: Imprivata has been in the business of providing digital identity protection for healthcare for nearly 20 years; we’re very proud of the work that we do. We look at our customers as being those providers – the doctors and nurses – and say how do we give them something that’s efficient so that we can help in their IT access. But we also look at CIOs and CISOs and compliance officers as part of our customer base, so how do we provide that technology in a secure manner and a compliant manner. So we try to balance those three things, and I think that, over the years, we’ve learned how to do that pretty well with digital identity. We’ve spoken a little bit about digital identity in the past, but it is what defines who you are and what are you entitled to, and on that basis, technology can give you the keys to the kingdom – the ones that you should have – and give you fast, easy access, and do that securely and with compliance.
Guerra: And as the CEO, how do you think about the CEO role, your job, and what you’re supposed to be doing?
Malezis: Well, I really am the chief cook and bottle washer, and I do the dishes as well, and that actually reminds me of my first job in college, where I really did work as a dishwasher. But, it’s a great job, because I have the opportunity and privilege to work with some terrific people. I also get to dive into every aspect of the business, all the way from talking to customers – which is where I get a lot of wonderful information and clarity about what we need to do for them. We then talk to our sales and marketing people to make sure we’re focusing our efforts properly for the benefit of our customers. Then I work with our products people, and that really gets exciting and innovative because it’s kind of the closed loop.
There is one more element to the business which I find very important, which is how do we guide our customers to success? This is all about post-sales, all about implementation and value delivery. So those are the four areas where I spend my time throughout the day. And it varies, depending on what’s going on in our market and with our customers. But those are the four priorities in my professional life.
Guerra: About three weeks ago, there was a clip going around of Elon Musk – he was talking about CEOs and what he sees in the marketplace. He said CEOs need to spend more time focusing on making amazing products and services, and less time in the boardroom and with spreadsheets. What do you think about that?
Malezis: I think he’s right; it’s hard to argue with that. You know, it is a part of every CEO’s job to spend time with the board, but often, that consumes a ton of time. And sometimes, CEOs get very comfortable in doing just that. They get really good at it and get really comfortable. The problem is that the business is all about the customer, and the business is all about value to the customer. And that value is always a moving target – value today might yield success today, but that value tomorrow is going to be different. Maybe not entirely different – you can always build on your value of yesterday. But you’re pretty much guaranteed that from yesterday to today to tomorrow, that value has to elevate, and it will change. So I think, “cracking the code,” is something that many CEOs claim, but OK, now the code has just changed.
Guerra: That’s so true, and I think that probably is the CEO’s No. 1 job – to understand when things are changing, when we have to do things differently because our customers’ needs are evolving. That’s your job – no one else is going to do that.
Malezis: That’s exactly right. And you can do it a couple of ways – you can listen very carefully to customers, and our customers are always very innovative and have great ideas, and some of them are way ahead of the market. Some are just ahead enough and some are maybe just treading water. You have to listen to all of that and then discern what it is that’s really needed, in the near future, then the medium- and long-term future.
I do have a challenge with CEOs that believe they know everything, or CTOs that believe they know everything and they know the future, and that customers will just adopt it. I don’t connect to that philosophy; I think you always want to connect with customers because they have specific needs and you should help them.
Guerra: Let’s talk about what your customers are dealing with right now. And we know that one of the biggest things they’re dealing with is the vaccine rollout – getting shots in arms and helping their organizations facilitate that with technology. What are you hearing from your customers about how they’re grappling with that, as it impacts some of the things that they use Imprivata for?
Malezis: This proves the prior point of this discussion – no one predicted COVID, no one expected it to show up, but here it is, and now you’ve got to adjust and pivot and shift to make sure that, even though no one saw it coming, what is it that your customers need? So customers of course do need to get vaccines in people’s arms. They need to do it not just in small scale, which we’ve seen start a number of months back, but now they’ve got to do it in large scale, and they have to do it efficiently and safely. And they have to record all of this, and it has to be done with compliance. And a lot of these systems were never really designed to do that. There’s talk about a digital vaccine passport – some form of it that countries around the world are talking about. Well, what is that? It doesn’t really exist; no one thought of this. But there are systems in place that can help.
But back to our customers – I do want to make a point that there’s still a hangover, there’s still an aftermath of 2020. A lot of our customers had massive disruptions to their operations, to their workflows and to their financial systems as well. And I think it’s important that we recognize all of that.
Now, even though we have vaccines rolling out, that doesn’t mean that we are out of the woods yet or that our customers are out of the woods. They still have to solve the problems of the past and dig themselves out of some challenges, including financial challenges. So right now, their teams are going out and they’re still trying to figure out how to balance their books, but above all, it’s getting these vaccines out efficiently to the right people. And how do you get the right people? How do you know who’s had the first dose and which version of dose No. 1 did they get? And now, when they get the second dose, is the timing right? Are they going to get the right second dose of what they had before? It can be pretty complex for some of our customers, and they’re trying to sort through that right now.
Guerra: And there’s a lot of identity issues there, right, around vaccine distribution? You can be vaccinating people who have not been previously involved with your health system, and that may be a point of introduction to your health system. You want to capture that potential customer digitally. You’re creating a new identity for them; that’s thousands and tens of thousands of new accounts. Proof of vaccination, this digital wallet that we’re talking about. And then overall digital transformation – every health system is working on that, trying to minimize paper, minimize in-person interactions. We know there have been issues around patient matching – making sure you have the right patient. Where are the things that you’re doing coming in to help them?
Malezis: You’re right, digital identity comes to the forefront all of a sudden. In fact, just a few days ago, the National Institute of Standards and Technology and the Cybersecurity & Infrastructure Security Agency sent a note mostly around the Solar Winds event and Microsoft hacks that we’ve seen recently, but they said something very material to this topic. Digital identity is crucial – if we had trusted digital identities, these events would have been better controlled, better identified and might have even not happened at the same level. They essentially called out what many of the leading digital identity vendors, including Imprivata, have been calling out. In the digital world, we don’t know who’s who; we don’t have that driver’s license, that trusted document that entitles you – that you’ve been tested, you’ve been certified, now it’s a privilege that you’re entitled to drive that vehicle on the road. We can drive on the digital highways with no identity, and that’s the problem.
So how does this impact the patient side when they’re about to go get a vaccine? Well, they are an unknown, right? If you have some pre-existing conditions and you show up at a different institution that’s a little closer, maybe it’s a pharmacy – they don’t know if you’re going to have a reaction, they don’t know if you’re the right person. They’re going to give you a shot and you hope for the best. They’re doing it blind, and frankly, it’s kind of hard to blame them; it’s the best they can do right now. But I think we can do better as a country, as a technology coalition of vendors.
What we’ve done at Imprivata is we’ve enabled our partners with highly trusted digital identities for patients using your palm. So you show up, you put your palm down, your record comes up (not that of your twin) but your record comes up, so they know who you are. They completely trust that and they can look up if this is the right thing for you, is this the right dose, is this the right vaccine, the right brand and they can give you that shot. And that’s the way it should be happening, if you talk to the scientific community. So that’s how we support this vaccine distribution process. That’s not to say that everybody’s using that process. In reality, we’re not quite there yet.
Guerra: So the NIST article, they’re pretty much saying it’s identity, and ensuring identity is the way to go. Do you think that’s the general consensus out there, that identity is an element of good security or THE element? Is it one element of a larger picture of security?
Malezis: It is one element, but I would characterize it as a hyper-crucial, hyper-critical element of not just security, but of compliance and productivity. I prefer to look at it as a fabric; it is the fabric that connects, that identifies us to the environment, giving us fast, secure, good access, ensuring that we have great cybersecurity controls that don’t let the bad guys come in and do things on our behalf, masquerading as us. And it absolutely addresses compliance. So digital identity has been viewed in the past in a very narrow manner; it’s also been viewed as a concern of privacy in our country, where privacy is very much respected, and thus is a topic of discussion and concern. Because of that, digital identity has kind of taken a back seat. And what NIST is saying, which we completely subscribe to, is that you need to put that capability in motion because it’s going to help your productivity, it will help your cybersecurity and it will help your compliance and privacy.
Guerra: Do you see organizations out there struggling to deal with a fragmented identity market? Are there components to security with many organizations trying to piece this together?
Malezis: The digital identity technology in the vendor space is highly fragmented. There are very few solution vendors in digital identity. In fact, most of them are individual component vendors. In fact, when I look at that world, there are hundreds of these vendors. So if you’re a customer, you’re a major IDN or even a small hospital around the corner in small town America, you’re confronted with a puzzle that is very challenging. It’s as if you’re going to run to your local hardware store, pick up a bunch of pieces and build out a rocket ship. That’s the kind of level of complexity you’re dealing with.
So frankly, I think the industry has done a disservice to the customer base, but Imprivata sees that as an opportunity, and our strategy has been to build best-of-class components but then integrate them into a solution so that the customer can plug and play and get up and running very quickly, and we’ve had a great deal of success with that.
Guerra: You did an acquisition late last year of a company called FairWarning. Was that an effort to provide that end-to-end solution?
Malezis: Precisely. In fact, I’ll paint a little bit of a picture here – just as much as you’ve got a lot of fragmentation in the vendor community, there is no really good guidance for what a digital identity strategy should look like for customers. If you are an IDN or a small hospital, how do you know what that strategy is? So Imprivata took the step of building a digital identity framework – an architecture – that you can look at with a bunch of columns and boxes, and we released that to the market about a year ago to a great reaction. It’s not about products, but it’s about all the pieces you need and how they’re going to work together. So now, customers have a view of what they need. So in that digital identity framework – which you can see on our website; it’s easy to pull it down – it’s an architecture for a digital identity infrastructure, that fabric that connects to productivity, cybersecurity and compliance. And frankly, we haven’t seen that from any other vendor.
So we think the industry is behind, but there’s some good there in what’s available. We have a set of solutions, but were lacking privacy reporting and analytics, especially around privacy events for patients, and we wanted to close that gap. So that was part of the rationale behind the FairWarning acquisition.
And for those who are more technical, let me describe it a little differently. Our customers use our OneSign, which is a single sign-on that connects to a system, and that’s the keys to the kingdom. It’s a front door, lock and key system to the kingdom. Well before you can give people keys, we believe you should know who you’re giving them to, why you’re giving it to them and what exactly they should be able to do with that, and that’s called identity governance. So you’re now seeing two pillars appear – you’ve got the digital identity access system; you’ve got identity governance, which tells you what you should be able to do. But once you’ve got these two things, then you’ve got to circle back and say, “OK, is this user doing the right stuff?” That’s what FairWarning allows us to document, to dive deep into all those user actions to make sure that we truly understand what they’re doing with those keys and identify any issues.
Guerra: Were you hearing from your customers something to the effect that, “Hey, it would be great if you were able to provide this piece,” the reporting, and on any other issues? You hear something like that enough and you figure out that maybe we should think about it.
Malezis: We did, as a matter of fact. We always have ideas, and quite often, they come from customers; they also come from some of our technical innovators, but we always validate them with customers one way or another. And we’ve known FairWarning for many years, and we love their technology and what they did with customers – love the business, frankly, and the people. And every year, we’d get together at CHIME or HIMSS and say, “We should do something together,” and customers are always supportive of that.
So when we made the acquisition, we reached out to joint customers and explained why we did it, they were all ecstatic. We are collapsing the stack; there’s fewer vendors for customers to deal with, ensuring integration and interoperability out of the box, and customers were pleased that not only can they get purchasing power here, but they get systems that are interoperable, work better together and when something breaks, they have one vendor to go to, to ensure rapid return to functionality.
Guerra: We’ve seen in healthcare IT acquisitions and mergers that the hopes for underlying integration didn’t happen, never happened. How do you make sure that doesn’t happen? The day you acquire a company, that work’s not done; that work’s got to be done, right?
Malezis: There are a lot of companies in the technology space that are well-known and they have an infamous reputation that that’s where good companies go to die (after acquisitions). But we’re not that company – we really do have a strategy of integration and we make sure that we bring things in, not to run them as a portfolio company, but to truly add (value for customers). With FairWarning, just to give you more visibility on our interest with it, it collects information to what’s happening with patient access, patient information. So they collect a lot of data. So FairWarning and all that class of technology, collects hoards and hoards of data, and that data is doubling every few years. And the first thing they have to do to make sense of this data, once they collect it, is ask the question, “Who is doing these actions? Who is the actor?” And trying to answer that question is a very complex task the way the industry has been doing it.
Well, Imprivata solves this immediately because we have OneSign, with digital identity for the provider; we also have PatientSecure, which is digital identity for the patient. So we can immediately and definitively answer the question of who is the provider and who is the patient. So things like artificial intelligence and other heavy forms of computing that were thrown at this bulk of data to answer the question of who, get answered immediately with good, clean data that’s beyond question.
The last question I get asked is that, once you answer the who and you look and see what this individual is doing, then you may say, “This is strange, but is it part of their profile? Should they actually be doing these things?” And how do you answer that? This is fuzzy logic stuff. The way we’d like to answer it is with definitive data that says, “Doctor Gus is entitled to do these things and entitled to look at these patients.” And we have that technology with identity governance. So this is the reason that the FairWarning acquisition made sense, both from an integration perspective, but also the fact that we can map data that answers two critical questions that couldn’t be answered particularly well. That’s why customers see this as a one plus one equals four…very high value output.
Guerra: Any move like this as a business…does it make sense to say you’re always looking to make yourself more unique as a value proposition, right? So you look out and say, “How can we further differentiate ourselves from our competitors?” We want that to be unique as a business; how do we become our own entity and a good value to the people who need us? I would imagine that’s also part of this; it’s part of continuing this differentiation.
Malezis: It absolutely does. How do we become better than our competitors? I actually prefer to say, let’s keep an eye on our competitors but our ears and our eyes should all be on the customer. If we can be a better partner to the customer, then by definition, we’ve done something better than our competitors have. So we prefer to focus on the customer vs. the competitor vs. the differentiation, not to say that we don’t have those discussions, but what always comes on top is how do we become a better partner to our customers? How do we build that loyalty and that value delivery? And if we do that, then we’re probably in a stronger relationship than anybody else.
Guerra: What about the “Steve Jobs issue,” and by that I mean if you listen to your customers, you’re going to be limited by their vision. Steve Jobs built the iPhone, which is not something that people even knew they wanted or needed, and that’s one in a million – you can’t run a business like Steve Jobs, that’s a one-off. Otherwise, you have to do what you’re saying, which is keep an eye on your competitors, listen to your customers, but there’s that Steve Jobs thing that sees something beyond even that.
Malezis: You mentioned Elon Musk earlier, where he wants to go to Mars and take people to Mars – there’s nothing green there, there’s no water, there’s no atmosphere to speak of. But he wants to go to Mars, and nothing’s going to stop him. The question is, do we all want to go to Mars? In regards to Steve Jobs, I do think you can never go wrong listening to your customers, and you should have a vision for the future. Sometimes, customers think they need things today to solve practical problems that they’re facing today, and you’ve got to take that in. And there are customers that are always looking more forward. I think it’s important to listen to all these groups of customers, and then chart that path forward. I think the thought that we know better than customers is a little brash, and that’s not our philosophy. Healthcare has brilliant people, and we’re just delighted to work with them and we gain a great deal through that relationship.
Guerra: So it’s listening to multiple customers and then what I would say is, what are the patterns? Where am I hearing things from multiple people? Now we have something.
Malezis: Cloud is an example of that. If I were to turn the clock back, say, three years ago, industries outside of healthcare were adopting more cloud services. And healthcare was a little more concerned about safety, about privacy, about disconnect from the Internet – there could be some sort of event, like a hurricane or weather condition or a backhoe cutting off a line for the Internet – and if I lose the Internet, how do I access patient records if that’s where they are in the cloud? And it’s not as if they can tell the patient to come back in two weeks.
So healthcare has some very unique considerations, and we always design solutions knowing that, if our stuff doesn’t work, patient (care will be affected). And if we design with that in mind, then we’ll design it the right way so bad things won’t happen. If we forget and ignore that reality, then we’ll have a problem. But cloud is being adopted more and more; in fact, we ourselves are moving faster into the cloud because we can deliver more solutions to the customer faster. Instead of waiting for customers to do upgrades on their own, we can do it for them, as the experts. And we’re working very closely with all the EHR/EMR vendors so that that is a well-coordinated transition.
Guerra: What’s your favorite method for hearing from customers?
Malezis: I reach out to them using a variety of ways. They all have my cell phone number, and they all know that if there’s an issue, if there’s a problem or if they think we could do something better, I love nothing better than on a Saturday night to get a phone call. If something is troubling the customer, I want them to call me because the chances are that I can actually do something about it, and I don’t care what time of the day it is. I know they work 24-7, so that’s my job and I enjoy it. But we have more structured ways to interact. In addition to reaching customers on a one-on-one basis, we reached out to them when we did that FairWarning acquisition. We also do executive customer councils, where we get together and we talk about the here and the now, as well as the future. Pretty much any which way a customer wants to reach me; my email is easy to remember as [email protected]; I’m the only Gus at Imprivata, so you’re pretty much certain it will come to me.
Guerra: About the future, what are you thinking? I know you’re not going to tell me about the next acquisition, but as part of the CEO’s job, you’re listening to the customers, and to be ready to deliver something in two years, you have to start now and so you have to figure out where things are going to start looking into something, investigating this, developing this, start checking out the market. Or, “I want this piece in our offering, we’re missing this.” So, whatever you can give me that might be of interest to your customers about what you’re thinking.
Malezis: I’ll answer that in two ways. One, how does the strategy and the vision progress into the future, and I know our senior leaders and our customer base always care about what’s your vision, what’s your strategy, where are you going with this? And what are some of the more near-term, interesting, unique tactical things coming out?
First of all, our vision and strategy is about digital identity and leveraging digital identity as that binding fabric for productivity, reducing burnout with providers, ensuring that we have good cybersecurity and God knows we need it, with everything that’s going on right now, and that shows no indications of abating in any way. And then of course compliance, because we know we have compliance responsibilities. So our vision is always going to be very centered around digital identity and patient privacy.
Our major investments are always centered around the digital identity framework. So if you just look at that, we need to strengthen some things. So maybe privilege access management is one area where you’ll see us act on, advanced biometrics, facial recognition – this is still an area where there’s a lot of debate about privacy, but there are some customers that want to use it in very set, specific ways where they’ve thought it through and say that, on this basis, I want to be able to give a better experience – when I see someone walking in, I want to guide them, and I want to use facial recognition or maybe a palm, or a combination . So biometrics is a big area for us, as is analytics and data. We generate a lot of data, and our customers generate a lot of data, and there’s a wealth of conclusions that can be derived out of that data. And Imprivata has not really had a thorough reporting and analytics product, but with FairWarning, now we do, so we want to continue to build that out, and we have a ways to go.
So defragmenting the digital identity space is important – there’s still a lot of fragmented things that providers have to do. Investing more in cloud…so these are really the themes that we’re investing in, none of which compromise that easy, visible nature of our technology – that iconic invisible technology that will always continue to work. By the way, a couple other areas of interest are mobility and medical devices.
Guerra: Medical devices are big; we hear a lot about that.
Malezis: Yes, and the FDA is starting to spend more energy and time and attention on securing those devices because these devices are still legacy; they’re now connecting more and more. But mobility, everyone wants to be more efficient and use the smartphone or a tablet, and it can be more productive and functional.
Guerra: Well it sounds like you’re having fun and I’m glad that’s continuing.
Malezis: We have the privilege of working with an incredible group of professionals in our customers, and we are so blessed to see them doing what they’re doing for their communities, especially during this pandemic, and that really empowers us to go above and beyond in helping them, so it never feels like hard work.