Full Biography

Opportunity and Growth

Healthcare IT News sent me a notification on a Saturday afternoon in September 2010. The Office of National Coordinator (ONC) announced Drummond Group as a new authorized test lab (ATL) and authorized certification body (ACB) for the Meaningful Use certification program. I found the company’s Chief Scientific Officer, Rik Drummond, email address a few minutes later using Google. Surprisingly, Rik responded to my email within an hour referring me to the hiring managers of the program. I thought, “senior leadership responding to an email on a Saturday afternoon; this could be a sign of a good company”. I was right.

Drummond Group engaged me as an consultant in November 2010 and hired me full-time in February 2011. The HITECH legislation injected funding into the healthcare industry. Stage 1 of the ONC Meaningful Use program was exciting. The HIMSS conference boomed that year. Drummond Group’s 4 person EHR Test Lab led by Kyle Meadors worked hard testing clients 3-4 days a week. We quickly won over small to medium size clients. Drummond Group largely put its competitors out of business as we took on larger clients in Stages 2 and 3 of the program. I will always be grateful for this period of success at Drummond. I worked with over 100 Health IT clients and ran over 400 test events while building client relationships with honesty and integrity.

Setback and Reflection

Rik and the other two company founders sold Drummond Group to an investor in late 2015. The new owners infused capital with the goal of growing the company. I pitched the idea of starting a HITRUST business unit to our Director of Business Strategy in 2016. Coincidentally, he had already looked into the cybersecurity assessment healthcare industry market. He agreed HITRUST would be a good fit to cross sell to our client base from the EHR base. Drummond Group acquired three companies to launch cybersecurity services.

Disappointly, the HITRUST business failed. While the acquisition strategy worked, adding a good share of the market, but our automation processes misaligned with HITRUST’s quality expectations. The HITRUST assessment methodology is extremely resource intensive for assessors and clients. Unfortunately, the business model drained resources so Drummond shut the HITRUST business down within a few years. I gained valuable experience supporting clients and running their assessments. In addition, it also gave me invaluable lessons on resilience and dealing with failure.

Research, Innovation, and Development

Drummond moved me back to the Healthcare Compliance Services (HCS) in 2021. We started a team to find, analyze, and launch new business services which became the Research, Innovation, and Development arm of HCS. I created the test scripts, ran our pilot project, and tested the first clients for our new Pediatric Health IT certification. In addition, I supported clients for our new FHIR certification program.

It is not often when leaders of emerging technology request regulation of their own industry. Artificial Intelligence (AI) is this new technology. Regulation initiatives usually come in the form of the carrot or the stick. The carrot is a lot more fun. Believe me, I have done ONC surveillance. The carrot is not coming in the form of government incentives like the HITECH Act for AI. Rather the huge potential benefit for industry is pushing to find practical ways to eal with the potential negative effects of AI. I am so excited at the opportunity to create value for the AI health industry like the early years of Meaningful Use.

Victor Fang introduced me to ISACA’s Audit Practitioner’s Guide to Machine Learning in an excellent February 2023 webinar. He motivated me to search for new opportunities in AI. I did not have to look for long. The ONC released the proposed rule HT-1 in April of 2023. Then in the same month the Coalition for Health AI (CHAI) released its Blueprint for Trustwothy AI. This was all I needed. The HT-1 proposes risk assessments to be done on systems with predictive clinical decision interventions. The Blueprint aims to setup an assurance and advisory ecosystem for the AI health industry. I have been deeply involved with CHAI’s Privacy work group profile of the NIST Cybersecurity Framework and the NIST Privacy Framework by the end of 2023. The quest continues.

Gary Isaac
Certified Information Systems Auditor (CISA)
M.S. Cybersecurity and Information Assurance