Tag Archives: health

Justin Welsh’s Purple Squirrel Story

While I talk about wildebeests, iguanas, wombats, and friction ridge-equipped koalas, Justin Welsh talks about squirrels.

Purple squirrels.

Google Gemini,.

Welsh explains what a purple squirrel is:

“A purple squirrel is a candidate so rare and perfectly matched to what you need that finding one feels impossible. Someone who checks every single box, including boxes you didn’t even know you cared about.”

Then Welsh provided an example of a purple squirrel, a man named Sagar Patel who worked for him at PatientPop.

On paper pyramids

At the time PatientPop had less than $40,000 in annual revenue, so it didn’t have a huge marketing department. It didn’t even have Bredemarket as a product marketing consultant because Bredemarket didn’t exist yet. And anyway, at the time I knew next to nothing about PatientPop’s healthcare-centered hungry people, physicians who needed to attract prospects and clients via then-current search engine optimization (SEO) techniques.

Google Gemini.

Patel could have launched into a complex, feature-laden SEO discussion, but his target physicians would have responded, “So what?” Doctors want to doctor, not obsess over choosing trailing keywords…and understand the benefits of a solution immediately.

So Patel, without the resources of a marketing department, took another approach.

“So Sagar grabbed some notebook paper and drew five sides of a pyramid. He labeled each one, describing his ‘5 sides of local SEO for healthcare providers,’ and then taped them all together.

“He made himself a little paper pyramid to use in his sales pitches.”

Google Gemini. My prompt asked Nano Banana to create a “realistic” picture.

Was Patel’s paper pyramid an effective sales tool for PatientPop? Read Welsh’s article to find out.

What’s your paper pyramid?

Too many companies wait months for the perfect marketing solution instead of doing something NOW and refining it later.

Bredemarket’s different. I ask, then I act.

I ask, then I act.

Once I’ve set my compass, I get my clients a draft within days. Last week alone I turned out drafts for two clients, moving them forward so the content is available to their prospects and clients.

With my suggested schedule for short content—three day drafts, three day reviews, three day redrafts—your new content can become your online “secret salesperson” within two weeks or less.

Don’t believe me? This post alone is chock-full of links to other Bredemarket posts and Bredemarket pages, all of which are functioning as “secret salespeople” for me every single day.

If you want secret salespeople to work for you, talk to me and we’ll devise a plan to improve your product marketing awareness RIGHT NOW.

This is Why You Should Avoid Acronyms

So an article came across my eyes that begins with the words “Minnesota DHS.”

The full title? “Minnesota DHS Reports Access-Related Data Breach.”

Now anyone reading that article over the weekend was probably very confused, since the death of Alex Pretti isn’t exactly a DATA breach.

And, of course, Minnesota doesn’t have a “department of homeland security.”

It does, however, have a Department of Human Services…and THAT was what was breached.

“A single user inappropriately accessed private data within the Minnesota Department of Human Services (DHS) ecosystem, potentially impacting 303,965 individuals, officials report.”

This was not a hack per se, but a case in which a legitimate person accessed something they shouldn’t have accessed. Certainly a breach, and the person’s access was terminated.

But nobody died.

Humans and Fraudulently Inaccurate Medical Coding

You know what the problem is with these AI medical bots? They hallucinate and do inaccurate stuff. When you use humans for your medical needs, they’re gonna get it right.

Um…right. Unless the humans are committing fraud.

Google Gemini.

The company that replaced a steel mill with a hospital is in a bit of trouble with the U.S. Department of Justice, in an action started under the Biden Administration and concluded under the Trump Administration.

“Affiliates of Kaiser Permanente, an integrated healthcare consortium headquartered in Oakland, California, have agreed to pay $556 million to resolve allegations that they violated the False Claims Act by submitting invalid diagnosis codes for their Medicare Advantage Plan enrollees in order to receive higher payments from the government….

“Specifically, the United States alleged that Kaiser systematically pressured its physicians to alter medical records after patient visits to add diagnoses that the physicians had not considered or addressed at those visits, in violation of [Centers for Medicare & Medicaid Services (CMS)] rules.”

Now of course you can code a bot to perform fraud, but it’s easier to induce a human to do it.

Avoiding Bot Medical Malpractice Via…Standards!

Back in the good old days, Dr. Welby’s word was law and was unquestioned.

Then we started to buy medical advice books and researched things ourselves.

Later we started to access peer-reviewed consumer medical websites and researched things ourselves.

Then we obtained our medical advice via late night TV commercials and Internet advertisements.

OK, this one’s a parody, but you know the real ones I’m talking about. Silver Solution?

Finally, we turned to generative AI to answer our medical questions.

With potentially catastrophic results.

So how do we fix this?

The U.S. National Institute of Standards and Technology (NIST) says that we should…drumroll…adopt standards.

Which is what you’d expect a standards-based government agency to say.

But since I happen to like NIST, I’ll listen to its argument.

“One way AI can prove its trustworthiness is by demonstrating its correctness. If you’ve ever had a generative AI tool confidently give you the wrong answer to a question, you probably appreciate why this is important. If an AI tool says a patient has cancer, the doctor and patient need to know the odds that the AI is right or wrong.

“Another issue is reliability, particularly of the datasets AI tools rely on for information. Just as a hacker can inject a virus into a computer network, someone could intentionally infect an AI dataset to make it work nefariously.”

So we know the risks, but how do we mitigate them?

“Like all technology, AI comes with risks that should be considered and managed. Learn about how NIST is helping to manage those risks with our AI Risk Management Framework. This free tool is recommended for use by AI users, including doctors and hospitals, to help them reap the benefits of AI while also managing the risks.”

Who or What Requires Authorization?

There are many definitions of authorization, but the one in RFC 4949 has the benefit of brevity.

“An approval that is granted to a system entity to access a system resource.”

Non-person Entities Require Authorization

Note that it uses the word “entity.” It does NOT use the word “person.” Because the entity requiring authorization may be a non-person entity.

I made this point in a previous post about attribute-based access control (ABAC), when I quoted from the 2014 version of NIST Special Publication 800-162. Incidentally, if you wonder why I use the acronym NPE (non-person entity) rather than the acronym NHI (non-human identity), this is why.

“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”

If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.

“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers. 

“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”

Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.

People Require Authorization

And of course people require authorization also. They need authorization:

It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.

Your Customers Require Information on Your Authorization Solution

If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.

The Government Wants You To Work for A Company, Not Yourself

I’m sure you’ve heard the empowerment gurus on LinkedIn who say that people working for companies are idiots. Admittedly it seems that too many companies don’t care about their employees and will jettison them at a moment’s notice.

So what do the empowerment gurus recommend? They tell people to take control of their own destiny and work for themselves. Don’t use your talents to fatten some executive’s stock options.

Google Gemini.

However, those of us in the United States face a huge barrier to that.

Healthcare.

Unless a solopreneur’s spouse has employer-subsidized healthcare, the financial healthcare penalty for working for yourself is huge. From an individual perspective, anyway.

The average annual premium for employer-sponsored family coverage totaled about $27,000 in 2025, according to [the Kaiser Family Foundation]. This is coverage for a family of four.

But workers don’t pay the full sum. They contributed just $6,850 — about 25% — toward the total premium, according to KFF. Employers subsidized the rest, paying about $20,000, on average.

By comparison, if the enhanced ACA subsidies expire next year, the average family of four earning $130,000 would pay the full, unsubsidized premium for marketplace coverage.

Their annual insurance premiums would jump to about $23,900, more than double the subsidized cost of $11,050 — an increase of almost $12,900, according to the Center on Budget and Policy Priorities.

Google Gemini.

Do how do those who oppose Communist subsidies propose to solve ACA healthcare costs?

By providing people with an annual health savings account funding of…checks notes…$1,500.

Perhaps I’m deprived because of my 20th century math education, but last I checked $1,500 in funding is less than $12,900 in losses.

People who are on COBRA, or a similar program such as Cal COBRA, experience similar sticker shocks.

So my advice to people is to do one or both of the following:

  • Get employer-subsidized healthcare.
  • Marry someone with employer-subsidized healthcare.

Detecting Deceptively Authoritative Deepfakes

I referenced this on one of my LinkedIn showcase pages earlier this week, but I need to say more on it.

We all agree that deepfakes can (sometimes) result in bad things, but some deepfakes present particular dangers that may not be detected. Let’s look at how deepfakes can harm the healthcare and legal professions.

Arielle Waldman of Dark Reading pointed out these dangers in her post “Sora 2 Makes Videos So Believable, Reality Checks Are Required.”

But I don’t want to talk about the general issues with believable AI (whether it’s Sora 2, Nano Banana Pro, or something else). I want to hone in on this:

“Sora 2 security risks will affect an array of industries, primarily the legal and healthcare sectors. AI generated evidence continues to pose challenges for lawyers and judges because it’s difficult to distinguish between reality and illusion. And deepfakes could affect healthcare, where many benefits are doled out virtually, including appointments and consultations.”

Actually these are two separate issues, and I’ll deal with them both.

Health Deepfakes

It’s bad enough that people can access your health records just by knowing your name and birthdate. But what happens when your medical practitioner sends you a telehealth appointment link…except your medical practitioner didn’t send it?

Grok.

So here you are, sharing your protected health information with…who exactly?

And once you realize you’ve been duped, you turn to a lawyer.

This one is not a deepfake. From YouTube.

Or you think you turn to a lawyer.

Legal Deepfakes

First off, is that lawyer truly a lawyer? And are you speaking to the lawyer to whom you think you’re speaking?

Not Johnnie Cochran.

And even if you are, when the lawyer gathers information for the case, who knows if it’s real. And I’m not talking about the lawyers who cited hallucinated legal decisions. I’m talking about the lawyers whose eDiscovery platforms gather faked evidence.

Liquor store owner.

The detection of deepfakes is currently concentrated in particular industries, such as financial services. But many more industries require this detection.

The Healthy Otter: When AI Transcriptions are HIPAA Compliant

When I remember to transcribe my meetings, and when I CAN transcribe my meetings, my meeting transcriber of choice happens to be otter.ai. And if I’m talking to a healthcare prospect or client, and when they grant permission to transcribe, the result is HIPAA compliant.

Otter.ai explains the features that provide this:

Getting HIPAA compliant wasn’t just about checking a box – we’ve implemented some serious security upgrades:

  • Better encryption to keep protected health information (PHI) locked down
  • Tighter access controls so only the right people see sensitive data
  • Team training to make sure everyone knows HIPAA inside and out
  • Regular security audits to stay on top of our game

This builds on our existing SOC 2 Type II certification, so you’re getting enterprise-grade security across the board.

HIPAA privacy protections affect you everywhere.

In Health, Benefits of Identity Assurance Level 2 (IAL2) are CLEAR

Is the medical facility working with the right patient?

Hackensack Meridian Health in New Jersey claims that it knows who its patients are. It has partnered with CLEAR for patient identification, according to AInvest. Among the listed benefits of the partnership are enhanced security:

“CLEAR1 meets NIST’s Identity Assurance Level 2 (IAL2) standards, a rare feat in the healthcare sector, ensuring robust protection against fraud.”

But is IAL2 that rare in healthcare?

Other vendors, such as Proof, ID.me, and Nametag certainly talk about it.

And frankly (if you ignore telehealth) the healthcare field is ripe for IAL3 implementation.

If you are a healthcare solution marketer, you’re NOT with CLEAR, and you’re angry that AInvest claims that IAL2 is “a rare feat” in healthcare…

Is your IAL2 healthcare solution hidden in the shadows? Imagen 4.

…then you need to get the word out about your solution.

And Bredemarket can help. Schedule a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Stuck at Second: Syneos Health Setback in India

I last discussed Syneos Health on August 15, in a popular post on early stage commercialization. When I checked for recent news I discovered that Syneos Health received a commercialization setback in India for the QL2107 Injection.

[T]he Subject Expert Committee (SEC) functional under the Central Drugs Standard Control Organization (CDSCO) has rejected its Phase III clinical trial proposal for QL2107 Injection….

After detailed deliberation, the committee opined that, “the proposed clinical trial is focused completely on Pharmacokinetic (pK) parameters. Moreover, primary objective and secondary objective of phase-III study protocol has not been demonstrated for confirmation of therapeutic benefit and efficacy end point. Hence, the committee didn’t recommend to conduct the clinical trial in India.”

So what is the QL2107 Injection? First off, it comes from a Chinese company.

Qilu Pharmaceutical is one of the leading vertically integrated pharmaceutical companies in China focusing on the development, manufacturing and marketing of active pharmaceutical ingredients (APIs) & finished formulations….Dedicated to offering more affordable medicines to the world and improving people’s well-being, Qilu has exported its products to over 100 countries.

The literature on QL2107 repeatedly refers to Qilu Pharmaceutical rather than Syneos Health. But presumably there’s a partnership somewhere.

According to this website, QL2107 is a “pembrolizumab biosimilar,” a fancy way to say that it is similar to pembrolizumab (brand name Keytruda®), a monoclonal antibody with possible anti-cancer applications. It’s already undergone clinical trials.

But a Phase III clinical trial is special. The Gilead Clinical Trials website defines the four phases of clinical trials, including the third:

Phase 3 trials continue to evaluate a treatment’s safety, effectiveness, and side effects by studying it among different populations with the condition and at different dosages. The potential treatment is also compared to existing treatments, or in combination with other treatments to demonstrate whether it offers a benefit to the trial participants. Once completed, the treatment may be approved by regulatory agencies.

Although there is a fourth phase, continuous monitoring, that is obviously important.

Imagen 4.

In summary, QL2107 is not a home run or even a triple. At least in India, it’s stuck at second.