William Dougherty – Omada Health

Unhealthy patterns are a difficult cycle to break. Someone at risk for, or with, Type 2 diabetes may be tracking their weight daily, but not seeing much change once they step on a scale. Without positive reinforcement, that person gets discouraged, doesn’t take a daily walk, or go to the gym, or continue avoiding fast food. Soon enough the same old unhealthy habits resume.

The cycle can continue to worsen, pushing someone with prediabetes squarely into a blood sugar range that registers as fully blown Type 2, or adult-onset, diabetes. Long-term consequences can include heart disease, stroke, kidney failure and reduced blood flow to the limbs. Obesity also increases the likelihood of other chronic conditions like hypertension, or mental health issues like depression. These comorbitidies make it even more difficult for individuals to break their unhealthy cycles.

William Dougherty | Chief Information Security Officer | Omada Health

While there’s no cure for Type 2 diabetes, it can be managed or, better yet, prevented with medications and lifestyle adjustments. The U.S. Centers for Disease Control has found the latter more effective, but there are logistical issues: Almost 90 million Americans are at elevated risk – more than 30 million have diabetes. Almost all would benefit from easily accessible outside support.

The sheer scale of numbers preclude in-person consultations for all, but a more effective approach may be accessed through Omada Health, a San Francisco-based digital care firm that leverages technology for both prevention and management of diabetes. The company works with major employers and insurers to reduce or control health care costs related to these conditions by delivering better health outcomes.

All about the outcome

But delivering effective, high-quality digital care is only possible with proper system protocols, emphasizes William Dougherty. He’s the newly promoted chief information security officer who has developed innovative tools to ensure the safety of the more than 350,000 people enrolled in Omada’s programs.

Omada has an outcome-based approach to providing care – and generating revenue. A participant’s employer or insurer are billed based on positive results, ensuring the interests of the participant, the employer and Omada remain aligned to achieving, and maintaining healthy outcomes.

But as Dougherty explains, “If you’re not ready to get healthier, no app can do it for you. But it’s our job to provide the motivation – and the framework – to make this feel possible, and keep participants engaged once they enroll.”

He’s quick to say that customized online coaching, weekly interactive sessions and a virtual community generate engagement, while connected devices enable individuals to meals, workouts, weight and medication schedule. Machine learning recognizes interruptions in routine and notifies a coach to intervene.

“Our coaches aren’t just randomly deciding who to talk to,” he says. “Our tools direct coaches towards the participants with whom they can have the biggest impact in a given moment.”

Often an Omada participant just needs encouragement to get back on schedule. Any sort of shaming is wildly counterproductive, and coaches are there to remind enrollees that weight may fluctuate, but that downward trends emerge over time as healthy patterns replace destructive ones.

Just good business

The incentive is there for employers too, Dougherty explaining that Omada can be included in a corporate medical plan, and companies such as Costco, Marvin Windows, Dow Chemical and Stanford Hospital & Clinics will attest to its value.

Statistics indicate that a large company’s workforce includes nearly half the employees dealing with at least one chronic disease, and an even bigger percentage at risk. Omada’s services include a free personalized risk assessment for a corporate client.

And as the first digital health company to partner with the American Medical Association, Omada has been used by such third-party payers as Cigna, Kaiser Permanente, several regional BlueCross BlueShield plans, and Health Partners.

As one might conclude, effectively delivering its programs means managing a lot of data. Dougherty leads the Omada team that designs these systems and seeks external validation of the companies from organizations including HITRUST, a private company that—in collaboration with healthcare, technology and info-security organizations—certifies the sanctity of an organization’s electronic record keeping.

Furthermore, Omada is mandated by the federal HIPAA law to do annual risk assessments. Dougherty and compliance officer Patrick Curry built their own propriety threat model from security frameworks developed by Microsoft and DistriNet Research Group. Dubbed “INCLUDES NO DIRT,” it was developed with eight governing principles—ease of use, ease of performance, adaptability, repeatability, classification, actionable, integration, memorable.

Dougherty reckons the NO DIRT threat model can be fashioned to the needs of any data-intense company which nowadays means practically all.

“Healthcare is the most often-breached industry, and we wanted to publish our methods to help the industry improve,” Dougherty says. “We want the entire healthcare system to get better. Omada’s threat model allows us to look at any system and see how it might be compromised. Sometimes security and compliance can be at odds, so you need a single model to see when those two conflict.”

Tech-healthcare blend

A 1992 Pepperdine University business grad who earned an MS in info-tech from Capella University in 2005, Dougherty joined Omada in September 2016 when the still-young company was gaining commercial acceptance, but needed to ramp up its security and compliance. Nearly 90 million Americans are at risk for Type 2 diabetes, but getting Omada’s program in their hands (or on their desktops) means working with large, sophisticated employers and health plans.

Omada needed someone to improve its processes, and Dougherty brought experience in IT engineering, security, sales and business.

“A good CISO must speak the language of customers as well as bridge the gap between business and engineering,” he says. “And, of course, handle risk management.”

One of Dougherty’s first priorities was to evaluate Omada’s vendors, and seek improvements. “Good vendors are a force multiplier for any small team,” Dougherty said.

Bay Area-based SalesHood is a great example. Omada used its learning platform to empower the sales team and has begun expanding its use throughout the company. Last year SalesHood enabled the quick onboarding of 100 coaches, and now the company provides a learning platform for the entire Omada staff.

“When we onboard an employee, they have a steep learning curve,” Dougherty says. “HIPAA, the healthcare economy, our suite of programs—they have to learn a lot. SalesHood has proved a very effective partner, one that’s solved a huge problem for us by getting our employees up to date quickly.”

William working remotely during the COVID pandemic

Omada continues to expand its virtual therapies beyond Type 2 diabetes. Last year Omada introduced an app for anxiety and depression that it is currently offering to organizations across the U.S. for free to help their employees deal with the stress of COVID-19.

It’s an interesting time to be blending IT with healthcare, especially as the stakes are rising. COVID-19 is pushing the entire industry to support more digital care and telehealth treatments. And the disease is hitting the at-risk population the hardest. As Dougherty reminds, the millions of Americans at risk for, or with, Type 2 diabetes are at higher risk for COVID-related complications. The need someone they can trust and rely upon for help.

Omada Health has the security foundation to be that partner.