How can automation in the highly regulated, fiercely competitive field of healthcare give an organization a leg up on its rivals? What are the biggest quantifiable benefits a healthcare organization can expect to enjoy by deploying automation? And what are some of the most effective tactics to employ in getting your organization to embrace automation, despite trepidations some may have about the possible repercussions to their jobs?
Andrew Brill is one of the most experienced and knowledgeable practitioners of leveraging technologies like automation, artificial intelligence, and machine learning in the healthcare field. Having overseen the implementation of automation workflows in a very complex environment that have yielded hundreds of hours of savings, he’s learned a lot about what works, and what doesn’t. Andrew shares his valuable insights with us, as well as why the proliferation of API’s combined with automation, could lead to some of the biggest opportunities yet for optimizing processes in any type of enterprise.
Guy Nadivi: Welcome, everyone. My name is Guy Nadivi, and I’m the host of Intelligent Automation Radio. Our guest on today’s episode is Andrew Brill, Vice President of Engineering, Cloud Services, and RPA/Intelligent Automation for Change Healthcare. Now for those of you not familiar, Change Healthcare, often abbreviated as CHC, occupies a unique niche in the healthcare market, offering lots of very different products and services for hospitals and health systems, physicians, pharmacies, and others that are really too numerous to list out here. But on their company overview page, they state that they “partner with our customers to reduce costs, create efficiencies, and effectively manage complex workflows.” Workflows, of course, are core to automation and given Andrew’s extensive experience overseeing the automation of workflows in CHC’s complex environment, we felt we could really learn a lot from him about how best to leverage automation in a competitive field like healthcare. Andrew, welcome to Intelligent Automation Radio.
Andrew Brill: Thanks for having me. It’s great to be able to discuss this with you and your audience.
Guy Nadivi: Andrew, let’s start off by learning a little bit about what you’ve done with automation. What kinds of processes has CHC automated so far?
Andrew Brill: Sure. Like most companies where the focus started in information technology teams, the first areas of automation were highly focused on the internal elements of how we run the IT shop. Whether those things are related to alerts and alarms from core systems or processing requests that come through from individuals, we’ve worked on a variety of those elements that were the highest volume and created the most value.
Andrew Brill: Many of those things in particular are things like disk space too full in a virtual system and resolving that, providing access to folders by requests from users from our ITSM tools, and placing those users directly into the folders that are requested, assuming that they have the right level of permissions and have been approved. And several other remediation actions by moving a ticket from a certain stage into another stage, based on rules, without too much human intervention.
Andrew Brill: Then there’s a whole number of regular run books that humans used to run, where we put that into code and, assuming that they meet all the criteria, more or less a gatekeeper will queue it into automation for resolution by assessing that all the information is in there. So we’ve gone after more than 100 of those different run books and put those into production, over the past few years.
Guy Nadivi: When you’re evaluating what to automate, what kinds of criteria does CHC apply to that process?
Andrew Brill: Everyone has different principles that they’re looking at, in terms of delivering their automation solutions to their company. Ours certainly was largely financial based. How do we take the cost out of running that particular area out of the business by reducing headcount and/or creating the alternate side, improving some revenue opportunity by, for example, getting someone onboarded quicker who’s working on development activities.
Andrew Brill: Then of course frequency is really critical. We want a high enough frequency so that we can essentially tick that box that we get the advantage each time. Capacity creation is a really fundamental part, also, of doing this work. It doesn’t always free up an entire resource, but if a resource is freed up some certain percentage of the time, then of course they get to do higher value work and that higher value work can directly relate to either revenue or, again, other opportunities, where they get to use the human brain more for their focus.
Andrew Brill: The other one is highly regulated areas. If we have an area where traditionally we’d have to have a human interact with a system but we prefer them not to have to see patient health information or the payment credit card information or other personal identifiable information, we can allow automation to interact with the details of the data and just really provide outputs, in terms of success or failure, alleviating the number of individuals who can see that information.
Andrew Brill: Those are all part of what goes into the criteria. Of course, things like variability and exceptions are a big part of it too, making sure that the variability in the particular automation isn’t too high and that the number of exceptions we have to account for aren’t too varied. So there’s some rules of thumb that we use. Some of those involved number of total steps, amount of time to actually deliver value, meaning how long it takes to code the automation, and then of course, lastly, the ability to support any ongoing changes that could occur as part of our established process.
Guy Nadivi: Of the manual processes you’ve automated according to this criteria, is there any one that sticks out as the most successful you’ve deployed so far? If so, why?
Andrew Brill: Sure. There’s a few that have really delivered incredible value. One of the things that we’ve seen at aggregate, instead of just a single one, is just time to deliver. Most organizations who don’t have automation measure their deliverables in a matter of days from the request or from the incident, not in terms of minutes and hours. That’s mostly due to things like staffing, or seasonality, or time of day. In our case, we had certain requests, I think one good example is a voicemail password that might have gotten away from a user, and they don’t realize what it is or it expired or too many failed attempts. They go in, and they request their voicemail password be reset, say on a Friday.
Andrew Brill: Well, that’s not something we necessarily staff for over the weekend. In fact, when you use offshore resources, you can have a time off shift a little bit impactful, if it’s sort of the start of the day, say on a Friday. On the West Coast, the time that it’s picked up by an offshore resource could be essentially Sunday night. So you’ve got this 48 hours or longer to wait to have that person attended to. Through automation, we’re actually able to handle a request like that within five minutes of the requester’s submitting a ticket, because we’re constantly pulling for those queues and looking for that interaction. So what really took days in now measured in minutes.
Andrew Brill: In general, we’ve actually been able to improve across about 100 different workflows. We’ve taken something to the neighborhood of 850 hours out of the time to wait in the average amount of monthly work that we’ve done through automation. That translates into all kinds of opportunities, depending on the situation, and certainly as it relates to things where we actually have to pay an SLA penalty if a particular situation occurs. We really allow for containing costs that really hurt the bottom line by keeping us in compliance and responding to a system incident or item much quicker.
Guy Nadivi: What do you think have been some of the biggest challenges you had to overcome in implementing automation at CHC?
Andrew Brill: Probably it was people and culture, more than technology. Really what had happened prior to my arrival is I think there were a lot of early starts in various automation, but people were nervous about what it meant to their job and their function. The idea of turning labor into code is not something that everyone’s comfortable with. Anyone who’s involved in automation needs to think carefully and understand the change management side of things. We’re not talking ITSM. We’re talking about people change management. Especially if you’re actually directly affective jobs.
Andrew Brill: One of the things that people have gotten used to over time is the labor arbitrage story, where individuals who do high cost labor in a first world market end up having to do offshoring to a lower cost provider. That’s understood, and it’s been going on for many years. The concept of resourcing changes that go to robots is a whole other level of human change that you have to account for. It brings up the whole concept of Skynet and other people, robot overlords that people get nervous about. When you think about if your role essentially is outsourced to a robot, what does that mean for you?
Andrew Brill: So you have to be prepared to understand what that means for you. Does that mean retraining? Does that mean capacity creation, for the individual to do other work? Does that mean you train them to handle exceptions for the robots themselves and the processes? If you’re not prepared for having those conversations, the change in the organization can be significant.
Andrew Brill: Information security concerns. Once you put the rules and passwords and other components directly into say a single system that was maybe spread out amongst multiple people, that is a good target for hackers. So info sec definitely wants you to take a strong and defensive approach against what could occur if that particular system performing by automation is compromised. So getting the right handles around your controls, password protection, and system hardening is really important.
Andrew Brill: That took us a while, because I wouldn’t say that that’s a well-established practice amongst all the automation options. Maybe the individual software has protections, but when you think of it as a total system, you really have to approach it with that security in-depth method. So it took us a while to hone in on that. Then of course affecting all the different things they needed through logging and audit and verification.
Andrew Brill: Then of course the last part was the individuals who would be experiencing the change as the requester, making sure they’re notified that their process is no longer Jimmy over there, who they would maybe tap on the shoulder to ask them to do a thing. Really Jimmy is not doing that work anymore. John is not doing that work anymore. There’s the human organization communications you have to undertake, to make sure that everyone is familiar with what’s happening.
Andrew Brill: All those were things that went into the work, long after we had finished the code. We developed the code in a matter of six weeks, but that change management took us maybe six months to go through and communications and all the verification.
Guy Nadivi: You talk about that change management in a transition to a self-help or a self-service kind of a paradigm. One of automation’s touted benefits is the ability to relieve the burden of incoming requests on the service desk and shift them to a self-service function that end users can execute themselves. Sometimes though, the adoption of self-service functions by end users can go slower than expected, as you suggested there, when there’s nobody left to tap on the shoulder to ask a question anymore. What strategies have you seen that can help accelerate adoption of self-service automation by an end user community?
Andrew Brill: One of the things we noticed is, actually remember I mentioned this voicemail password reset. We introduced a self-service voicemail password reset tool two years prior. The actual uptake of that was less than 15%. It’s been available, and those people know how to use it. They get their service at their convenience. There was training. There were lunch and learns. There is information on our main portal, as to what you get when you click the little button. The tool itself is fairly easy to use. Yet the adoption is quite low.
Andrew Brill: That creates a situation to decide how do you want to reduce that burden on the service desk. One of the things that we’ve actually done is to essentially remove the option. You cannot actually use the service desk to perform your password reset. The only option is for them to call in to report that the self-service tool is down. Essentially the link saying your IT service management platform to do a password reset sends you to the self-service portal. A menu option in your IVR, your voice response system that goes to the help desk when you choose to do password reset, it informs you that you need to go to this website. Lastly, you even take the responsibility away from help desk and service desk members. They can’t actually access the tool to do this, because you have to be an authenticated user, as that user, to do the reset. Sometimes you have to do that forcing function, where you just change the options for how they access the systems.
Andrew Brill: Secondarily, we have used the option where they can log a ticket, but essentially that action of doing the work is just queued up to an automation queue to take it, so that we are doing some triage with just making sure that that really is the problem for the user and it isn’t something else, maybe user error, and you need user education. We don’t want to eliminate the experience entirely, to talk to help desk about situations, since essentially sometimes they’re just not entering things correctly into a system.
Andrew Brill: Lastly, it is still just constant communication. You look at the metrics every month, and you think, “Where’s the best opportunity to get people to use the tools you have available?” And you work on a campaign. That campaign can happen one at a time, by informing the help desk to say, “Hey, have you used our self-help tools lately?” You can add it to your IVR system at the beginning of prompts, to remind them. Although it’s a bit nagging, these reinforcement activities work. Also we introduce new features, things we were talking about, like chat bots, if the interaction is smoother, we offer the sort of “as-you-work” options, have it your way option, to interact with it. It isn’t just a singular method, go to this website. There may be an introduction of an IVR system, or there may be an introduction of a chat system.
Andrew Brill: So those are things we’re exploring. We’ve tested a few options and really, at this point, it’s just about how well do these tools handle the various exceptions. We know they’re good when the user enters precise information, but as you get trickier with the natural language stuff, you’ve got to make sure the system is robust enough. Luckily in our company, we’re dealing with really just one language, which is English. When you deal with a multinational company with a lot of languages, there are other things that come about that I haven’t had to face too much here.
Guy Nadivi: You mentioned chat bots, which are part of a larger buzz we hear these days, about artificial intelligence and machine learning. I’m curious, what are your thoughts about how technologies like artificial intelligence and machine learning are going to impact automation?
Andrew Brill: Well I think behind the scenes they’re doing incredible work already, in making sure that entries are correct and that systems responses aren’t duplicated, and all the things that used to come up in a traditional event management view, where you’d have 150 of the same alerts, and then correlated alerts for the network switch, and then correlated alerts for the database server. Just reducing that noise, to recognizing the relationships of the systems and really trying to say, “Well, there’s an outage over here.” It’s power, and I see that over there. It’s because I know that power essentially controls all, or it’s network and I know that controls all. Those are some things that are happening behind the scenes, in some of the modern tools that are leveraging some of the machine learning and AI basic algorithms.
Andrew Brill: I think the opportunities in AI are really exciting for information security, because of patterns that are too low level for us to normally pay attention to and detect. So that’s a really exciting area that I think we’re going to see more and more from. At the same time, we have to be aware that the hackers are using some of the same technology, and they’re familiar with the technologies to try to thwart our attempts. It is a little bit of an arms race in most setups.
Andrew Brill: In IT operations and systems, I think there is going to be new opportunities that relate to understanding better about causality, the triggers that come from service views of things. As an example, what if you use a tool like Datadog and you’re looking at application performance management and you have some indicators around slow transaction performance, say for your shopping cart. You have other indicators of record locks on say your SQL database. Well that, there may be causality there. If you build enough of a database of let’s say information about what causes what, you can present better options to the operator or to the let’s call it automated operator to go after testing a few of those things out, by trying to perform an outcome.
Andrew Brill: The second part is, with the ML part, you can go ahead and do run books, and if the outcome doesn’t deliver the result as expected, let’s say it restores service, that data helps inform the system what other actions might have been taken to resolve that, by looking at the actions. Then hopefully the next many times later around, you end up with a better set of outcomes or option trees that it could go through. It could be a try this, that doesn’t work, then try this, that doesn’t work, then try this. As opposed to trying to run a specific thing and then have it fail and then just kick it back to the human operator to go ahead and do lots of troubleshooting. You might even end up with just a bunch of ticket enrichment data. I think sometimes just getting enough good data to the human can be incredibly helpful, in isolating and restoring service, if you’re dealing with an incident or if they’re trying to fulfill a request, essentially gathering enough information about the individual.
Andrew Brill: AI and ML do a little bit to help you understand things, without getting explicit always on all programmatic elements. You don’t have to build every element of the code because there is a model that represents the kinds of things you might need. I’m definitely excited about it. As a company, we have a dedicated organization that’s really focusing on it in our healthcare market and trying to deliver significant value, really high dollar improvements, in the way we do things, and adding those outcomes and making it better for our payers and our providers. So we want to do the same thing.
Andrew Brill: Obviously I’m not going to directly impact the top line by improving health outcomes with the IT automation, but if the service restoration is better or the service delivery is better, that reduces our operating costs and just improves the way we can deliver value to our customers, through operating efficiently.
Guy Nadivi: Given that CHC is in healthcare, a highly regulated field, I think the people listening who are also in that field would be very interested to hear how you feel automation has enabled CHC to better comply with regulatory standards like the Health Information Trust Alliance, or HITRUST.
Andrew Brill: Yeah, so one thing that’s really come about is, instead of these explicit organizational objectives like ISO 27001 or SOC 2, that dictate a whole bunch of very explicit things with a set of criteria that are success or failure, some of the HITRUST opportunity is a large gradient of improvements, where you get to score it against how compliant you are towards it and then the weighted average of all those things, that push you to get better in lots of areas. You end up with this really broad set of areas to improve on. If there’s an area you’re particularly excellent at, that helps bring you over the line for how we’re seen as compliant with HITRUST. There’s a minimum in all the areas, and most of them involve things like the opportunity to insure you can prove you’ve done whatever it is you say you’re doing.
Andrew Brill: One of the challenges with not automating something is you end up in a situation where essentially an operator has to pull screen shots of what it is they do. The documentation that goes along with their audit that’s done manually has to be done in sort of log books. With automation, you just end up with all those things just out of the box, time stamps, service accounts that can be accounted for centrally, the scheduling and proof of scheduling of the activity. You can show programmatically what you’re actually doing to check, and so you can submit code. It also makes it easier if you choose to prove some of this stuff through some level of de-identification, there’s an opportunity to submit some data to an auditor that has less sensitive information into it because you can do that programmatically.
Andrew Brill: A lot of areas, like quarterly access reviews, how we handle certificates, how we de-provision systems, how we provision systems, when we have the automation in place, it’s significantly easier to document that. On some level, it’s self-documenting, if you use a proper code pipeline and you use traditional quality analysis methods and you store things in repos. You end up having this nice archive of what it is you do, how you got it onto the system, and people can observe those through logging behavior of your system. It’s been a huge thing.
Andrew Brill: The other thing is, when you talk about the sensitivity to accessing systems directly through human eyes, when you remove those humans from seeing it, these job role matrix things, you have to worry about who has what level of access, it kind of goes away. You evaluate that at the service account level or the system account level. System accounts, obviously you want to protect those, but you don’t have to worry as much about that person is in payroll and they can do this, versus that person is in accounting and they can do that, or lastly, that person is in HR and they can do this because you have really that sort of “lights out experience”. You’re really only, again, dealing with sort of exceptions and logging of the outputs.
Andrew Brill: It doesn’t take all humans out of the equation, but it definitely reduces their exposure to some of that sensitive data. Your vector of and the blast radius of people who can see all this kind of sensitive information is now reduced to a very clearly identifiable set of trusted system administrators, whose activities are often very well logged.
Andrew Brill: At the same time, an organization has to think about other insider threat behavior. Those are things we all need to take very seriously. But with programs that are becoming well established in lots of companies, there are new methods to kind of track the behaviors of those who are handling that sensitive information through automation, too. We can handle it through lots of new means, versus the say 500 people who logged onto the website and did it. Now we’re talking about one system account performing those functions.
Guy Nadivi: Andrew, knowing what you know now, what advice would you give to IT executives considering taking the plunge into automation?
Andrew Brill: Well, I think I mentioned earlier this change management thing. It is not to be underestimated. I certainly over the years, if somebody had come to me and said, “The best way for us to run say capacity management is for us to essentially build a set of principles and a set of guidelines for how we’re going to do capacity analysis and then put that all into code and automate it, so the only thing you have to do is make some of those important human decisions.” I know as an analyst I liked to look at the data. I liked to touch the data. It made sense to me. It was what I enjoyed doing. So it fit really well for me that probably, as the guy involved in the organization, it was most likely that I was part of this classic Shirky Principle, that an institution is going to try to preserve the problem to which they are the solution. You have to be aware of that when you approach a group of people.
Andrew Brill: Sometimes the concept of automation by participation is going to be problematic. Maybe automation by proclamation might be a better approach towards some critical elements. Or rallying your organization around some key areas around either cost savings or regulatory or service improvement or capacity creation. Those are all things that we can focus on and get our heads around, at least at the leadership level, and then try to get everyone on the bus. So it’s really don’t underestimate the human change side of things.
Andrew Brill: Additionally, I would say the technologies that you already have in place change at a rapid enough pace that whatever automation you deployed some years ago does usually deserve to be revisited. Sometimes, also, you have probably crossed things off the list. You said, “Well, that would be very challenging to automate.” I can give you an example. I think about three years ago, Checkpoint, one of the largest firewall providers in the market, they had a firewall version that was really only available to be automated through an SDK. Through many, many years of work they’ve introduced software now that can be addressed through an API. So what that means is now pretty much all the major firewall vendors on the market now have APIs. You might have used to buy custom software to do that work, and there are companies out there who make their money just doing homogenous or heterogeneous firewall change management. That’s because not everything had APIs. Now we can revisit all that work and workflows and possibly readdress that. So that’s a very exciting time.
Andrew Brill: Then in general, table stakes, it’s important to start talking to all your suppliers and ensure that table stakes are that they have an API that is as robust as their graphical user interface. You can expect that from them. I haven’t had too many people come to me lately and say, “This is the best tool ever, and you should use our web interface. By the way, that’s the only way you can interact with our tool.” More and more they are saying, “If you don’t like our web interface, we have a whole web services framework that’s identical, and you can perform those same functions.” When that happens, we have a whole new set of options that can come through, and we can start thinking end to end.
Andrew Brill: Last, don’t just think about automation as tasks. They’re not just about tasks. Revisit the end to end process. See where the opportunities live, well into the entire lens of the customer making the request, or in the eye of the total outcome. Tasks are good. You can get some great chances, but the really big “moving the needle” opportunities are when you look at the entire process and look to see what can be done. Sometimes it’s not just about automating the technology. Sometimes it’s a combination of leading a process change AND introducing technology, so introducing concepts around lean or Kaizen that get you to the right set of behaviors that then you can touch and improve through an automation framework.
Guy Nadivi: Well, sounds like outstanding advice. All right, looks like that’s all the time we have for on this episode of Intelligent Automation Radio. Andrew, thank you so much for joining us today and providing some really great insights about automation in the healthcare field. We’ve truly enjoyed having you as our guest.
Andrew Brill: Well, thanks. I think I’m really excited to see what comes next from Ayehu. As a partner, it’s been really good to talk to you. Thanks for having me on.
Guy Nadivi: Andrew Brill, Vice President of Engineering, Cloud Services, and RPA/IA for Change Healthcare. Thank you for listening, everyone. Remember, don’t hesitate, automate.