This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Newsday: Doing More with Less and Budgeting Wake-Up Calls with Bill Willis
[00:00:00] Today's episode is brought to you by IDMWORKS. Healthcare organizations face growing cybersecurity threats and complex identity management challenges that put patient data and operations at risk.
Since 2004, IDMWORKS has been delivering world class identity and access management solutions that build resilience, ensure compliance, and protect what matters most with vendor neutral expertise and a proven methodology. IDMWORKS has helped thousands of organizations streamline IAM while maintaining the highest security standards.
Learn more at this week. health.com/IDMWORKS.
I'm Bill Russell, creator of this week Health, where our mission is to transform healthcare one connection at a time. Welcome to Newsday, breaking Down the Health it headlines that matter most. Let's jump into the news.
Bill Russell: it's Newsday. And today I'm joined [00:01:00] by the whole cast of characters stretch to Ford the comparable Sarah Richardson and Bill Willis. Bill, we were on the road together. Welcome back. You did the freedom Trail in reverse.
Bill Willis: I did. Yeah. And just missed the 50 mile an hour winds to push me from the top to the bottom.
But yeah, it was good. It was good to see you and the team there at dinner on last week
Bill Russell: that, that was not an exaggeration. It was 40 to 50 mile an hour winds that day, and I guess you and your wife decided to start at the top of the trail and walk down instead of trying to walk up.
Bill Willis: Yeah, we learned actually if you've ever gone to Maui and done the road to Hana.
You know, the great news is when you get there, you have to go back. It's like, you know, the three hours that you got there, you're gonna have three and a half going back. So from that experience, it's like, well, we have to do the same thing on the Freedom Show. Why don't we just kick an Uber and we'll start at the top and we only have to do two and a half miles instead of five?
So, yeah, no, it worked out great and my wife had never been to Boston. It was fantastic.
Bill Russell: So we had a city tour dinner. We were in a bank vault which [00:02:00] the most interesting thing about the bank vault for me, I, we'll get to the news. I know you guys are wondering, but most interesting thing about the bank vault.
It's about, I don't know, about two and a half, three foot thick door to the thing. But on the inside was all this ornate. Metal work that was done. And it was like that would not happen today. We don't have that kind of f first of all, attention to detail on things that we think people are not gonna see.
But it's also a from a time gone by where, you know, the artisan, the craftsmen was was something that was really celebrated. We don't see that, that much. Bill I'd love to start with you. We've been talking about our city tours and our summits this year, and what sort of surprised you about the city tour in Boston?
That conversation we had there,
Bill Willis: you know, the, a couple things, I guess, and in no particular, or number one, the chief information officers that were there were fully engaged, which was great, right? It wasn't like they were holding back. There was all levels of leadership and size of the hospital systems and the health [00:03:00] systems there.
I think probably the, one of the most fascinating things was one of the CIOs who runs a rural environment was like, I'm coding using artificial intelligence because I just need it for the syntax. I know the business logic, I'll supply the business logic. I just need it to do the syntax because I know what I want.
Right? And so that was impactful and powerful from my chair. Probably the most interesting too is that, the lady that was in charge of Vermont is a customer, and so I was just listening to her and how we had imp impacted her even though I didn't ask her directly. But the one thing that struck me is that they all need to do more with less.
Bill Russell: Yeah.
Bill Willis: Right. And you correctly hit it right on the nails. Like they have four streams of revenue and everything else is subservient to that. To be able to give a full fledged experience to everyone. But those four pillars drive the revenue so we can actually do it correctly. So.
Bill Russell: During the middle of that, you were hearing that and you're like, look, there, there's like real use cases here [00:04:00] of, we talked about AI for a fair amount of that, of that meeting. because Drex wasn't there, so we didn't have to talk about cybersecurity, but they didn't bring it up.
So I didn't, I didn't bring it up either. Which isn't true. We talked about cyber for a little bit during that conversation, but
Bill Willis: the, probably the one thing that I saw that, that you saw too, is that they were like, you know, I'm getting killed on my cloud costs.
Bill Russell: Yes.
Bill Willis: Right, because you're licensing it.
And my advocation, if you remember it was like, well, then you should just bring it inside and host the cloud yourself. make it a private cloud, and then you're in charge of compute and storage. You don't have to just run the clock like you do when you put money in a parking meter, right? You can own the parking meter.
You still have all of the same bells and whistles, and you have it as a SaaS, but you now own it as a discreet thing, and you don't have to keep throwing the money out the door. So
Bill Russell: it was interesting to hear you bring that into the [00:05:00] equation. because we've heard over the year that so much of the budget has become fixed.
You know, you have these contracts, you have these cloud contracts and whatnot. It's just all become fixed and they, every time somebody comes and says, Hey, do a 10% cut, there isn't that much to go after anymore. Instead of uh, people
Drex DeFord: There's no place to go into it. Right. You're paying all these things now have become utility bills.
That are X amount of dollars every month or every year, and you gotta pay those bills. So when it comes to cutting 10%, like there's only this tiny slice of the budget that mostly involves people usually where you can go and make those cuts, it's painful.
Bill Russell: Sarah, how do you, how do you feel about owning the cloud?
This is in your wheelhouse, I think.
Sarah Richardson: To a degree. I mean, one of the things you'd to hear me say is you can't cut your weight to prosperity. So you gotta really consider where some of these financial investments are gonna go. But when you go into an investment, also understand the reciprocal aspect of what that means.
Like if we had to reduce this, what would that mean for our organization? because these big [00:06:00] spends tend to have a long horizon on them as well. These investments are five and 10 years down the road in some cases, especially to get all of the true ROI out of it, which we've discussed in previous conversations as well.
Anytime you're gonna go into multi-cloud, private, cloud, public, whatever, you're looking at different carriers, different aspects, what are the use cases, and run finops have people on your team who have that financial acuity to know exactly how much it costs to put it in there, how much it costs to get out, and are we running the right use cases against some of these environments.
So I'm a big fan of finops. I'm a big fan of having people who've done it before. Or leveraging those people who can help you get there. So upskilling your team is as much about using AI for coding and other aspects of efficiencies as it is understanding the financial implications that come along with those decisions that you are making.
Drex DeFord: i'm a big fan of moderation in all things, including moderation. , This is one of those situations that I think with the cloud where once [00:07:00] organizations started moving toward the cloud, they were like, oh, put everything in the cloud. Let's get outta the data center business. Let's completely do everything in the cloud.
And the pendulum swung all the way. And now as Bill sort of talks about, people are starting to see that, oh wait, there might not, this might not be the best idea ever. And so, I hear of a lot of organizations who are starting to have that conversation about what should we be bringing back because this is stuff we don't really need to have somebody else running and paying a utility bill.
Bill Willis: Yeah, I mean the easy button is the lack of governance on the spend of compute and storage and that's what it boils down to. Versus the easy button of just push it out there and I can spin up something really quickly. I think the utility of spinning things up quickly and doing just in time services correct, but the governance is of where that needs to sit from an investment perspective is lost and it really needs to, as Sarah correctly stated, right, you need to kick a step back and say.
Yes, we need that. Yes, we need that capability. [00:08:00] But, you know, do we have a Thanksgiving dinner when I just wanted a salad?
Bill Russell: what do we think we're gonna be listening to next year? And actually before we go there, you know, one of the things I always throw out is one of the, well again, a prominent CIO was talking about the cost of cloud.
And he was specifically talking about the cost of storage in the cloud. And I think they've done digital pathology and a couple other things. And it's, so, it's growing at a significant clip. And he's imagining a cliff at some point. It's almost like the federal budget deficit, you know, it's like it's going up at this pace and the costs are going up at this space.
And he is, and he's sort of sitting there going, I look, I can extrapolate this. There's a point at which. Our cost of storage is taking more than my, what's actually allocated to my IT budget. And I bill, I think this gets back to what you're talking about, which is we may need to bring some of this stuff back on site.
You know, the discipline of storage is not changed since the [00:09:00] beginning of computing. Is that? How many times do you need to have that image right at your fingertips straight away, and you've got all of it in a SaaS environment. That's, we've learned that lesson a gazillion years ago, is that you have offline storage and you have online storage.
The last time that I had to go in and give it to the specialist that from, they took an MRI, for me, I had to actually set up that appointment, took a period of time. That's more than enough time to take it from offline storage, grab it, forward it and be done with it. And offline storage is what, 10% of online storage.
At most. So I think we've lost the fiscal discipline about, having everything at your fingertips. I do believe there's utility to be able to have data warehouse and those kind of skills and doing data science in a place, but you can also extrapolate that. So I think just taking a step back and being [00:10:00] fiscally responsible and putting in the tools that make sense.
And right now that's kind of where we're at. It's the wild West.
I, well, I do wanna talk about security since you're on the show and since it's close to the end of the year. You know, Drex, we, it was kind of funny, I think last year we talked about, will we have more breaches next year than we had this year.
And you, I think you essentially said, this is what's in my head. You can correct me if I'm wrong, but it's like, it's gone up every year. Like, bill, there's no prediction here. It's like, it just goes up every year. Are we gonna see that change in 2027? 2026. Oh. Hopefully in
Bill Willis: 26. You know, if you could actually take cyber criminals and make that a stock exchange, you would have a one heck of a return on your investment because it's billions of dollars on a regular basis.
We all see that So I have a different view than most about what the problem is. It is not the techno, it's not a technology problem, it's a data problem and a process problem. So if you're still managing the service desk for help desk and it's 1-800 change my password. [00:11:00] And you ask three questions and three answers from a script, you are vulnerable.
That's not what a modern approach is, and you shouldn't take that approach. We, and we know that's 25 bucks to do that every time you do it. We've got one customer of ours, they have 50,000 password resets every single year, times 25 times four, 5 million bucks. If they just changed the process to be able to self-serve and eliminate passwords, they already have the technology stack, they've invested in it immediately.
I give you 5 million bucks back here, Merry Christmas. Go for it. And you've taken away the single most important thing that a hacking community watches the portal to be able to hack away like crazy. That's a hackathon. We also see the change bill that's gonna happen is that. Identity specifically has a relationship with an application in three areas, right?
It has a relationship with identity governance. Like I need to onboard somebody to use an application. I need to take it more. The [00:12:00] second one is access management. I need to give that same application, the ability so somebody can log in and use that application. The third one is privilege. Who are the people that have elevated access to be able to do something within that application?
We think that's wrong. I think you'll see that relationship is going to go 180 degrees, where you're gonna have say, this is application A. I need to now have a relationship downstream for those three instead of those three sitting at the top and doing it the other way. Basically turning it around.
You will see that the amount of time, money, and velocity. Significantly change because now the application is what you're trying to do. And that's the end of the day. That's why these tools exist, is to do that. But nobody ever thinks about it. because the identity industry thinks in three silos. It needs to be turned around and do that.
So we see that happening and we believe there's going to be a reckoning as far as how much time and how much money needs to be spent to actually onboard and manage these things.
So.
Sarah Richardson: Is that what [00:13:00] you're starting to see though, that marriage more and more hr, security, it, et cetera? It seems like HR has always been like a support mechanism for the organization, and now we're hearing of organizations where they're combining the HR and IT teams.
Because the way the technology is now influencing how onboarding, offboarding, et cetera is performed in an organization.
Bill Willis: So Sarah, what we see is that at a minimum, the leaders of human capital management recognize that their information and their process drives the efficacy and the delivery of identity services to the business.
If their data is timely, if it's accurate and it has good context, that means I can deliver just in time delivery of services as soon as something happens. because that's the world we live in today. I can make sure that a person has least privilege, just the things that they're supposed to have. And as long as I have good quality of the data, I can actually implement a role-based access control.
Without those three things, the holy Grail will [00:14:00] never be applied. So yes, I see. At a minimum, they partner. In the smaller organizations, we do see them combining.
Sarah Richardson: And there's a huge reduction in how long it takes to onboard somebody because how many places when you onboard, you're waiting like a week and a half for a laptop for somebody, and so all that wasted time when someone joins at work, everything is day one.
Bill Willis: We actually just went through an exercise with a healthcare system in the Northwest where they have six use cases that we put in for their total cost of ownership. We believe that on an annual basis, their TCO is. Two and a half to $3 million to onboard offboard, you know, the six use cases that they've got.
And that's hard dollars and soft dollars. because again, Sarah, to your point, they've got a traveling nurse or they've got a surgeon that doesn't have all the access they need to be able to get in and do their thing. And you're paying them every minute to sit there and tap their foot waiting to get in there.
So if you can do those three things that I just described with the relationship. We believe except for changing out to the modern, [00:15:00] a modern tool at the other end. The data and process automation reclaims that two and a half million dollars in eight months. It's crazy, and it's not even the tool. If you've got a decent tool and you've already invested in it, you just gotta fix the front.
Drex DeFord: It is the process, right? That ultimately it is the process on Bill. This is I'm loving this. We, rob, we hear people talk all the, we people hear people now say all the time, identity's the new perimeter. But you know, I've kind of, I'm in this mode of like, I think identity's always been the perimeter.
We've just been trying to protect it with this hard, crunchy outside shell that has failed us now. And so we've gotta rethink this whole. Identity issue. How are we gonna protect identities? How are we gonna make sure that we can recognize when something weird has happened? All that stuff is gonna have to be part of the 2026 agenda.
Bill Willis: We actually see the number one thing that blocks things is actually the institutional knowledge of a business than a healthcare system. That the same people have been doing the same thing for 20 [00:16:00] plus years, moving paper or emails from A to B. They're in a position where, you know, I'm gonna retire soon.
Don't bother me. I don't wanna change instead of, and so instead of thinking more, you know, do more with less, they just like, you know, status quo. They're also part of the problem too, to get to role-based access control because you have access sprawl. They've been in seven jobs over 20 years.
They've carried that access with them. The relationship. All those between, between lifecycle management and governance and access management has never come together. To be able to say you haven't touched it in 45 days in this 2.0 that standard for control says if you haven't used it in 45 days as a baseline, I'm taking it away.
Drex DeFord: It's
Bill Willis: so
Drex DeFord: funny. They have access to all those shared drives that they've had for all those departments over all those years. You hack that one identity. And you know it throw
Bill Willis: it throws it all away.
Drex DeFord: It's a gold mine.
Bill Willis: Yeah. And so by just by simply pruning that [00:17:00] away that says You haven't used it, I'm taking it away.
If you need it, go ahead. You know, fill out a service. We'll give it back. Yeah, give it back. That's great. Self service kinda stuff. But then that enables lease privilege. It actually gives you the controls for role-based access control. And you can do just in time delivery services. You know, the holy grail.
Drex DeFord: Having said all that, bill, I still think we're gonna have more records breached next year than we ever have before. And I think it's just gonna, A lot of this is the size of the breaches that we've had over the last couple of years. It's not like one breach with a hundred thousand records. It's like one breach with 10 million, you know, records.
And so I think we're still gonna see those kinds of big breaches. In 2026, I don't know who's gonna be the victim. I don't know if it's gonna be change or at and t or the state or school systems. But there's gonna be a lot of HIPAA records that are gonna be on the breach portal next year.
Bill Willis: If you look at the global 5,000 [00:18:00] and just actually if you can get the data, but the global 5,000 say, where are the data warehouses for these people, whether they're in infrastructure, whether they're in healthcare you pick. The industry of that you wanna target. That's where people are going to try and defend that and protect that.
That's also where these historical challenges are not met in time. And you know, the billion dollar industry we call cyber attacking is alive and well. I'm, what you've said is a spot on.
Drex DeFord: one of the largest economies in the world right now. If you ranked it as a, as an economy. I think I saw something recently that said by 2030 it will be like the fifth or sixth largest economy in the world.
Cyber crime.
Bill Willis: I mean, it shouldn't be a surprise that nation states that need to drive revenue, actually have these teams doing this work.
Bill Russell: you know, what's the question, bill? I mean, you got to sit through a city tour dinner, you know, the three of us are sort of prepping for 2026.
What's the question you would be [00:19:00] throwing out to leaders at this point?
Bill Willis: How can I get my leadership to understand that it actually won't cost them money to implement this? Change to do more with less. There is this fear assumption, whatever is that they can't quantify it. We literally have, for healthcare specifically the six formulas on what current total cost of ownership and what the new TCO with the return on investment would be.
I think that my industry has failed by trying to just sell them more stuff.
Instead of taking it back and say, what does it cost you today? If I just change things 10 degrees here and five degrees there, and six degrees over here, as Sarah said, I can do just in time delivery of services with accurate data and be able to give money back to the business and redeploy people to do more important things than shuffle emails across.
Drex DeFord: This is one of those things we talk about in the healthcare. Sales certification program too, bill. This idea [00:20:00] that the partners who I think are some of the best partners are the ones who come to the table with business cases that help those CIOs and CISOs and others make the case to their teams.
For the ROI for the bit, the non-emotional argument, the business argument to do the work that, that they're trying to do. And sometimes when you ask those questions, bill, how much does this cost you today? Or how many of these you're doing today? The answer that the health system will have is the, I don't have any idea.
We don't count those. We're too busy doing the work. But there are really good benchmarks that allow you to compare. How many of those things they do because you've collected that data at other places. So the data's there, and if you don't have the data, you know, proxy data is there. You just have to use it and you have to know how to use it.
Bill Willis: I will say that at the next level, for the practitioners actually doing this work of shuffling things from A to B, there is an [00:21:00] appetite for change. They just don't know how to. Tell their leadership what it looks like. And that's where we try and advocate the TCO part. They know the numbers, you know, it's like we do this many transactions every day.
We have onboarding and offboarding. We know it takes about this long to do. And if I've got a traveling nurse that's going to be working two shifts, one in oncology and one neonatal. I need to be able to give that person all the access for their personas and that person sitting there tapping their foot for N number of days, and we pay that person X dollars fully burdened.
There's the formula right there that says if I can just change that and be able to do just in time delivery from human capital managers, I get to recover a hundred percent of that dollars. A hundred percent. It's not even 99, it's a hundred percent.
Sarah Richardson: So that investment into process methodologies, whether you're doing [00:22:00] lean production slash six Sigma, whether you're doing agile and safe from maybe some coding and some programming perspectives, and then that whole organizational change management, those three things are alive and well in your organization.
And the rest of this stuff just falls in line behind it. But it's really hard to get people to want to make some of those investments and some of those changes. But when they work well, I've seen things. Almost change overnight when you get people all aligned in those spaces. That's a whole operational and cultural philosophy that's where I makes some of my biggest investments than I have in the past as well.
And it's always paid off. You just hope that there's like this, you know, continuity as people change throughout the organization, but you're investing more in process than tech. Sounds like pretty strong case for next year because. Are your tech, most of your technology is already there. It's the humans.
You've gotta continue to retool. At this point.
Bill Willis: There isn't anybody that says, would you [00:23:00] like to save 2 million bucks this year and every year going forward? No, I don't wanna do that. Yeah, forget that.
Sarah Richardson: Well, how can you talk the other part out there? The other 5 million? So just in this conversation you've like, I've helped the health system recover seven and a half million dollars.
I,
Bill Willis: I mean, we have this thing we call a fireside chat where we'll sit down with a whiteboard. I got a bunch of markers. I'm gonna be doing one here for a company here in Orange County this afternoon. You know, we just did one with one of the biggest utilities in the country delivering electrical service across the board.
Just in a an hour and a half, we found $29 million of real account recovery stuff. It's like, yeah. Yeah. Do you not wanna do that? It's like, well, yeah maybe,
Bill Russell: It's interesting when a organization gets as big as healthcare organizations have gotten, there's always opportunity.
And I think this gets back to the basic blocking and tackling of the role. Which is to constantly be optimizing [00:24:00] constantly be looking for those opportunities. There's still dollar bills sitting on the floor to pick up We don't have to implement the huge AI tool to do all these things.
Some of these things we do with discip.
Bill Willis: It is ironic we were sitting in the bank vault having that conversation, by the way.
Bill Russell: It was a little bit. Well, hey, I wanna thank you, bill, for coming on the show and hopefully giving everybody a Christmas gift you know, a couple million dollars in savings would be really nice.
Drex, Sarah thank you as well. And hey. Thanks everybody for listening. That's all for now.
Bill Willis: Yeah. Sarah Drex, bill. Thank you. Appreciate it. Anytime.
That's Newsday. Stay informed between episodes with our Daily Insights email. And remember, every healthcare leader needs a community they can lean on and learn from. Subscribe at this week, health.com/subscribe. Thanks for listening. That's all for now.