Your LMM Pharmacy

On Threads, Dr. Jen Gunter called our attention to the newly-introduced H.R. 238, “To amend the Federal Food, Drug, and Cosmetic Act to clarify that artificial intelligence and machine learning technologies can qualify as a practitioner eligible to prescribe drugs if authorized by the State involved and approved, cleared, or authorized by the Food and Drug Administration, and for other purposes.”

Ultra-modern healthcare?

Presumably these non-person entities would not be your run-of-the-mill consumer generative AI packages, by rather specially trained Large Medical Models (LMMs).

Kinda like my “Dr. Jones, NPE.

Even so, don’t count on this becoming law in the next two years. For one, Rep. David Schweikert introduced a similar bill in 2023 which never made it out of committee.

Why is Rep. Schweikert so interested in this and related topics? Because medical bills are too damn high:

““How do I make sure we’re embracing technology and using it to bring disruptive cures to market, or other opportunities to market?” Schweikert asked. “And does that also now help lower drug pricing?””

Before you reject this idea entirely, Rep. Schweikert cited one example of technology decision-making:

“Schweikert noted that the FDA last month approved Apple Watch’s atrial fibrillation feature for use in clinical trials — the first such digital health tool approved for inclusion in the agency’s Medical Device Development Tools program.”

But before anything like this will ever happen with prescriptions, the FDA will insist on extremely rigorous testing, including double-blind tests in which some prescriptions are written by currently-authorized medical professionals, while other prescriptions are written by LMMs.

And even when the ethical questions surrounding this are overcome, this won’t happen overnight.

On Animal Health Privacy

(All images Imagen 3)

I’ve discussed identity and privacy regarding people.

I’ve discussed identity and privacy regarding non-person entities.

But I missed something in between.

Earlier this week I was discussing a particular veterinary software use case with an undisclosed person when I found myself asking how the data processing aspects of the use case complied with HIPAA, the U.S. Health Insurance Portability and Accountability Act.

Then I caught myself, realizing that HIPAA (previously discussed here) does not apply to dogs, cats, cows, or other animals. They are considered property, and we all know how U.S. laws have treated property in the past.

So you can violate an animal’s privacy all you want and not run afoul of HIPAA. 

But you could run afoul of some other law. As Barb Rand noted back in 2013, 35 states (at the time) had “statutes that address the confidentiality of veterinary patient records.”

And when animal records are commingled with human records—for example, for emotional support animals—protected health information rules do kick in.

Unless the animal is intelligent enough to manage their own prescriptions without human assistance.

Bredemarket’s Three (So Far) Industry Pillar Pages

Since I started creating (sort of) pillar pages in April 2022, I’ve built more, including three devoted to particular industries.

Why is Healthcare Identity Critical?

Oosto has highlighted two reasons why it’s critical to identify people in healthcare environments.

Healthcare facilities account for 42% of infant abductions…

Think about it. If all you need to identify yourself (or impersonate someone else) is your name and birthdate, a fraudster could easily gain access to a facility and abduct someone else’s child.

(H)ealthcare workers experience violence—both physical and verbal—at a shockingly 5 times higher rate than other industries. This violence accounts for up to 73% of all nonfatal workplace injuries caused by violence.

Again, if you don’t know who you’re dealing with, bad things can happen. I’ll admit that identity verification doesn’t solve this-people can attack healthcare workers even if their identities are known-but the danger of unidentified assaults is great.

Oosto discusses these and other healthcare topics in a recent podcast: “Healthcare Under Pressure: Bringing a Championship Mindset to Healthcare Security.

NEC’s Other “Biometric” Information: Digital Pathology

(Image: AI-predicted cell detection results of Biomy’s DeepPathFinder™. From the January 10, 2025 NEC press release.)

When I interact with the worldwide company NEC, I am usually dealing with automated biometric identification systems (ABIS).

Of course, ABIS is only a small part of what NEC does. It’s also involved in healthcare.

Consider…artificial intelligence and deep learning-powered digital pathology (“a field involving the digitization and computational analysis of pathology slides”).

Per today’s press release:

“NEC Corporation (NEC; TSE: 6701) and Biomy, Inc. (Biomy) have signed a Memorandum of Understanding (MoU) for a joint marketing partnership to develop and expand artificial intelligence/deep learning (AI/DL)-based analytical platforms in the field of digital pathology. Through this partnership, the two companies aim to promote precision medicine for cancer patients and contribute to the advancement of the healthcare industry.”

So what is Biomy contributing?

“Biomy, which aims to realize personalized medicine through pathological AI technology, has developed DeepPathFinder™, a proprietary, cloud-based, AI/DL automated digital pathology analytical platform.”

And NEC?

“NEC has positioned healthcare and life sciences as a core pillar of its growth strategy. With a strong foundation in image analysis and other AI technologies, NEC has a long history of providing medical information systems such as electronic medical records to healthcare institutions.”

As I’ve said before, healthcare must deal with privacy concerns (protected health information, or PHI) similar to those NEC addresses in its other biometric product line (personally identifiable information, or PII). I personally can’t do nefarious things if I fraudulently acquire your digital pathology slide, but some bad actors could. Presumably the Biomy product is well protected.

Know Your…Everyone

It all started with “Know Your Customer,” a shorthand phrase used by financial institutions and related entities who need to know who their customers are.

But then various governments, industries, and entities got into the act with their own variants, such as “Know Your Business.”

I was curious about how many of these “know your” variants I’ve discussed in the Bredemarket blog. Here’s what I found:

I’m sure I’ll come up with some others.

You Need FAT and SAT

On LinkedIn, I was just discussing the difference between a controlled study and a real-world test. Think of a NIST test vs. a benchmark.

Then I started talking about some of the post-contract signature tests in the automated biometric identification system world, including factory acceptance tests and site acceptance tests.

These tests are not unique to ABIS. Healthcare (the other biometric) conducts FAT and SAT also, as Powder Systems notes.

“When manufacturing complex machinery in industries such as pharmaceuticals or fine chemicals, extensive equipment testing must be carried out before commissioning.

“It requires thorough functional, performance, and safety tests of intricate systems. These may comprise many components and interdependencies. Challenging though it may be, these must be systematically assessed before they’re put into operation. This approach is broadly known as acceptance testing.

“There are many forms of acceptance testing. Two closely related approaches that often come in for confusion are Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT). Both are critical stages in the verification and validation of equipment and systems within industrial and manufacturing contexts. However, they differ significantly in terms of location, timing, purpose, scope, participants, outcomes, and testing environment.”

You should read the entire article to learn about the significant differences between the two test types. But let me highlight one point:

“Factory acceptance testing typically involves a more rigorous and comprehensive testing process. This testing procedure includes the detailed verification of system components to ensure they function correctly and meet design specifications.”

This is based on the fact that it’s less costly to fix problems early at the factory than to fix them later out in the field.

Whether you’re testing pharmaceutical machinery or ABIS, both factory and site acceptance tests are absolutely critical. Skipping one of the two tests does not save costs.

What Coauthor “Wrapped” About My LinkedIn Activity

So I checked out Coauthor’s me-too LinkedIn-themed copycat of Spotify Wrapped, like many of you did. Here’s the (unedited) post it wrote for me—not too bad:

= = =

Here’s my 2024 LinkedIn Rewind, by Coauthor.studio:

After 30 years in identity and biometrics, 2024 showed me that verification only goes so far. The real challenge isn’t just confirming who someone is – it’s understanding what they might do.

From employment fraudsters with verified credentials to healthcare imposters with stolen birthdates, this year proved that identity verification alone can’t prevent deception. But it also showed how combining technical expertise with human insight can help protect organizations and individuals.

Key observations from 2024:

  • Identity verification without intent analysis is incomplete
  • Employment fraud evolves faster than verification methods
  • Healthcare identity remains dangerously vulnerable
  • The best fraud prevention combines technology and psychology
  • Product marketing must address both verification and trust

Three posts that captured these themes:

“Employment Fraud and Identity Verification”

On why verifying someone’s identity only goes so far

https://www.linkedin.com/feed/update/urn:li:activity:7268454996734545921/

“Rich Powaza’s Disappearance” 

Real consequences of fraudulent behavior

https://www.linkedin.com/feed/update/urn:li:activity:7253092940393193472/

“Get Off My Lawn”

Changing workplace norms and responsibilities

https://www.linkedin.com/feed/update/urn:li:activity:7262320817898758145/

Through Bredemarket, I delivered over 100 content and analysis projects helping organizations navigate these challenges. I also conducted research on employment fraud tactics and moderated communities helping others avoid scams.

Looking ahead: 2025 will require even more sophisticated approaches to identity verification and fraud prevention. The fraudsters aren’t going away – but neither am I. I’ll continue helping organizations implement effective identity strategies while advocating for ethical AI use and employment practices.

To the wildebeests following along: remember that verification is just the start. The real value comes from understanding intent and building trust.

#fraud #identity #security #productmarketing

Get your 2024 LinkedIn Rewind! Go to coauthor.studio 

Adherence Does NOT Require 100% Compliance

(Green and red medicine bottle image from Google Gemini)

As many of you know, I spend the majority of my time in identity/biometrics, where in some cases a 99% accuracy rate is considered woefully inadequate. Imagine if your bank had a million customers and 10,000 of them couldn’t login…or 10,000 fraudsters COULD log in. The bank would throw a fit with its biometric vendor.

So perhaps my experience resulted in…um, bias when I wrote the following in my recent post on adherence and identity:

“Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

“Does this demonstrate patient adherence to health instructions?”

Perhaps you spotted the implicit assumption that taking 28 of 28 pills (100%} constitutes adherence, while taking 27 of 28 pills (96.4%} constitutes NON-adherence.

Tain’t so, Sherlock, as Philip Morisky pointed out in a comment on my LinkedIn post on adherence and identity. He said, in part:

“…the threshold at 80% means that even if you do not have access to the medication for 6 out of 30 days, you are still considered adherent.”

Morisky presumably knows what he’s talking about, since he works for a company called…adherence. And Philip’s father, Dr. Donald Morisky, developed the Morisky Medication Adherence Scale (MMAS) for medication self-reporting.

But what of this 80% threshold? 

It’s commonly cited…like the statement that 30% of crime scene latent prints come from palms

But the 80% adherence threshold is not universally accepted, as this National Library of Medicine study notes.

“Based on Haynes’s early empirical definition of sufficient adherence to antihypertensive medications as taking ≥80% of medication, many researchers used this threshold to distinguish adherent from non-adherent patients. However, we propose that different diseases, medications and patient’s characteristics influence the cut-off point of the adherence rate above which the clinical outcome is satisfactory (thereafter medication adherence threshold).”

This particular study concluded that…more research is needed.

“…we cannot reject or confirm the validity of the historical 80% threshold. Nevertheless, the 80% threshold was clearly questioned as a general standard.”

Despite the questions about the 80% threshold, Philip Morisky’s basic point remains: you don’t have to take 100% of your medications to be considered adherent from a health perspective.

But I still maintain that for critically important medications, the IDENTITY of the person taking them needs to be known at a level very close to 100%.

Hospital Patient Facial Recognition

(Hospitalized wildebeest facial recognition image from Google Gemini)

It’s no secret that I detest the practice of identifying a patient by their name and birthdate. A fraudster can easily acquire this knowledge and impersonate a patient.

The people that I hang around with promote biometrics as a better solution to authentication of a hospital patient whose identity was previously verified. Of course, this crowd promotes biometrics as the solution to EVERYTHING. My former Motorola coworker Edward Chen has established a company called Biometrics4ALL.

But the need to identify patients is real. Are you about to remove Jane’s appendix? You’d better make sure that’s Jane on the operating table. And yes, that mistake has happened. (The hospital was very sorry.)

Of the various biometric modalities, face seems the most promising for the health use case, particularly for hospital patients.

  • Fingerprints require you or a medical professional to move your finger(s) to a contact or contactless reader. 
  • Hand geometry is even more difficult.
  • For iris or retinal scans, your eyes have to be open.
  • For voice, you have to be awake. And coherent—I’m not sure if a person can be identified by a moan of pain.
  • DNA takes at least 90 minutes.
  • Gait? Um…no.

Unlike the other modalities, the patient doesn’t have to do anything for facial recognition. Even if asleep or sedated, a medical professional can capture an image of a patient’s face. There are some accuracy considerations; I don’t know how well the algorithms work with closed eyes or a wide open mouth. But it looks promising.

Imprivata agrees that facial recognition is a valuable patient identification method.

“By capturing and analyzing unique facial characteristics such as the distance between the eyes and the shape of the nose, this technology can generate a unique identifier for each patient. This identifier is then linked to the patient’s electronic health record (EHR), ensuring that medical staff access the correct records. This method significantly reduces the risk of misidentification and the occurrence of duplicate records, thereby enhancing patient safety.”

However, I can think of one instance in which patient facial recognition would be challenging.

Burn victims.

If the patient were enrolled before the injury, the combination of disfigurement and bandaging would limit the ability to compare the current face to the previously enrolled one.

But this can be overcome. After all, we figured out how to recognize the faces of people wearing masks.