Raymond Ribble (L) and Rob Pruter (R) started SPHER, Inc. based on their mutual understanding of the shortcomings in the area of data cybersecurity and HIPAA's user activity monitoring requirements during the migration from paper to electronic medical record systems. The task before providers and healthcare groups was daunting, with 100's or tens of thousands of lines of activity being generated daily. The SPHER solution was developed to protect patient data and mitigate the risk of a major data breach, as well as to ease the burden of adhering to State and Federal privacy regulations.
Why Did You Decide to Design and Build SPHER?
“For many reasons. To start, we were an original participant in the HITECH Program (Meaningful Use) here, in Southern California. Partnering with LA Care (LA County), and Cal Optima (Orange County), our MU Consulting teams assisted over 2,000 Covered Entities to achieve successful attestation and achieve Meaningful Use funding. It quickly became apparent that the attention to detail in monitoring user activity was not a priority and that a very small percentage of healthcare groups were prepared to address ‘authorized and unauthorized’ access to protected health information.”
How did you get started?
What would you say was needed to successfully launch SPHER?
Without a doubt, our initial pilot program healthcare partners were absolutely critical to our success. We recruited a diverse cross-section of primary care and clinical groups to test and contribute critical feedback to our product development team. Their collective insights elevated our understanding of the ‘real’ issues and concerns they shared to another level. That early collaboration enabled SPHER to refine the detection processes and eliminate unnecessary steps, allowing Compliance/Privacy/Security officers to quickly navigate the remediation process and get back to providing patient care.
What was the biggest challenge that came your way?
Looking back at when we started, it was identifying the scenarios that allowed physicians, administrators and C-level executives to better understand the emergence of a solution like SPHER. Honestly, they could care less about AI, machine learning, cloud-based, or any other marketing buzz words we presented. Early adopters and CEs had an appreciation for the milestones under Meaningful Use. They acknowledged the requirement under HIPAA to monitor user activity. However, they had not come to terms with setting aside finances to pay for a solution to tell them what they believed they already knew. Articulating the risk association with not knowing or ‘willful neglect’ was a much steeper hill to climb than we initially believed to be the case.
What sets SPHER apart from other solutions?
When we arrived in the market our early advantage was 'ease-of-use', a quick installation process, and a very compelling risk mitigation story. Affordability was neither a strength nor a weakness, because, frankly, there had been nothing like SPHER prior to our entry into the healthcare security domain. The fact that SPHER created a behavioral pattern of the credentialed users on the targeted applications (i.e. EMR, PACS. PM, etc.) was a somewhat radical approach when compared to the known SQL rules-based tools that had been in use with limited success before our market entry.
What’s your vision for SPHER's future?
When we look back in 10 years, we would hope that the investigative culture at SPHER will have evolved to address more than just user monitoring and the deployment of AI technologies. We are aware that as the company grows, creativity becomes more challenging, but, everyone involved needs to be very focused on building and instilling a corporate culture. We want to make sure that our SPHER, Inc. values that are here today with only a handful of employees will still be there even when we exceed our growth objectives. Over the years, everyone involved with SPHER should be able to look back and see that we’ve made a significant impact supporting patient and healthcare security and protecting individuals from potentially life-changing identity theft and data breaches.