Good morning. Good afternoon. We will get started in just a minute to give, folks a chance to join. And thank you for joining us, wherever you are. How are you today, Mike? I am doing great. I'm excited to be here. You know? Of course, I get to talk about HIPAA and health care, so that's always a good thing. Yes. Your favorite topics, I'm sure. Alright. Why don't we go ahead and get started? Thank you everyone for joining. My name is Juanita Oguin. I lead, product marketing for our platform solutions at Coveo, which means I get to help different companies think about their digital experiences on their dot coms as well as workplace and also end to end. And today, I am glad to be joined by Mike Porter from Proficient. Mike, do you wanna quickly introduce yourself? Yeah. Hey, everyone. My name is Mike Porter. I'm a principal in our health care practice. So what that means is it's it's the highest level of consultant you can think of just thought that your people that focus on, in my particular case, aligning digital technologies to specific needs. And that might be a need in delivering, a web experience or a mobile experience, helping our our customers, patients, members, etcetera, get to the services that they need. Thank you. And I think it's exciting because, well, today on the call, we have, several customers, but we also have, new, companies joining as well. And so for those of you that don't know, Coveo is a technology company, AI search platform, and, Coveo and Perficient work very closely together, and Perficient's more of a consultancy looking at bigger transformations as well. So a great partnership here today. We're gonna get started with, some recent HIPAA headlines, Mike. I thought it was important to take a look at what was happening in the market. And we have some interesting headlines here, points about HIPAA hypocrisy, points about hospitals. Ninety nine percent of hospitals using, website tracking that transmits data. So, you know, given that you're the expert here, any thoughts on these headlines? You know, headlines are are exactly what they are. Right? They're meant to bring bring people in. And in almost all the cases, what what what they're saying is is kind of right, but not really. Right? For example, we have never seen or worked with a hospital, that that says, you know what? I'm gonna send all my data to a third party. As a matter of fact, you know, there's a reason why hospital organizations, health care organizations, spend a lot of time getting other organizations to sign BAA contracts so that if they ever have any third party or cut, you know, patient information that they that they will handle them with care and be under the same types of liability as as the hospitals themselves. So is it hypocrisy? No. Is is there a certain element of ignorance is not quite the bad, quite the right word, but there's a certain element of misunderstanding of what that is. And and the reason that that, other organizations like, you know, HHS, the government has come out and clarified isn't the fact that HIPAA does isn't keeping pace. HIPAA basically says you must protect it, and you must protect it in all phases of its life. So it's it's not not the problem keeping pace. It's a matter of everyone needs to fully understand the implications as we continue to go into a more and more digital world, so to say. Awesome. Thank you for that. So for those of you joining us today, we're gonna, talk to you about HIPAA a little bit more in-depth. We're gonna do it in two parts. I'm gonna hand over the presentation to Mike so he can take us through, some great, things to think about, and then I'll cover more of the, Coveo HIPAA cloud aspect, right after Mike. So, Mike, I'm gonna hand it over to you. Great. So let's let's talk about HIPAA, especially the, the recent implications of of guidance that we've received. If you wanna move on to the next slide, we'll we'll dive in. So the HHS has given guidance, right, and they're specifically talking about online tracking technologies. And no, they didn't say web analytics. They just they they know generically online tracking technologies, and it impacts everyone. Right? Hospitals, clinics, medical groups. Those are the core, but it also impacts if they have if they have any if they have any, any PHI, you know, payers of all kinds. And let's break it down. You know, what does this advice around tracking apply to? Well, it applies to any online tracking. It could be web analytics, embedded scripts. You know, people have Facebook that's trying to create lookalike audiences, and so they're grabbing information about audiences on a website, etcetera. That's where it applies. As a matter of fact, the reason why HHS started to go to this is they found one hospital that had gone and was using Facebook's lookalike technology to grab information. And all of a sudden, you know and they grab that information at find a doctor or an online schedule. In other words, probably the worst place to actually grab information, that's where they did it. And what happened is you had literal PHI that was completely tied to all sorts of of information, sitting unauthenticated in a database that Facebook owned. And so it was a big deal. And that means that they came back and said, listen, any online tracking technology, you must do it. If it's got a tag embedded or a script script or something that that send information anywhere, HIPAA applies. Now when do they apply? Well, they imply whenever information is is is collected. Right? So if you're gonna track those tools and you're gonna use a tag management tool or anything else like that, then you need to be aware of that. And and there's some implications both for an unauthenticated and authenticated. We're gonna get into it. And, of course, from a tech tracking technology perspective, providers aren't permitted to use those if they will result in PHI disclosures. Now note, just like technology in general, it doesn't mean that you can't use tracking technologies. It just means that it must be secure, in all parts of its life cycle, you know, which which means it's encrypted and and so on and so forth. The next question is, as well, does this really solely apply to authenticated? You know, is it just a patient portal, for example, or a member portal that I have to worry about? And that's the rub. And that's the new insight I think that people have, and there's two elements to this. Number one, and this is what the what HHS is saying, is there's this new insight that an IP address can be tied to HIPAA. And so if you have an IP address and the fact that someone created, or scheduled an appointment to go visit an oncologist, then that's that's PHI. Right? And and it's not just someone's name or someone's unique identifier or someone's address, but the the IP address as well. And so what that means is that all of a sudden, you have unauthenticated implications. One looks for some of those. And the next, of course, is that you just need to have a BAA. And there are a number of vendors out in the marketplace who are trying to actually go and do it without BAAs by just putting all the technology on premise with a hospital, for example. But most of the hospitals we're talking about, they just want to have people sign BAAs. So that's that's a key element of that. You apply all these things together, you do this, and a little bit more of what I'll talk about, and you'll be okay. So if you wanna move on to the next. So there's a number of challenges with the current tools. And and what we see, especially from an analytics perspective, is that Google Analytics is king in the marketplace that's called the especially providers. Everyone and their dog uses them. Some of them have migrated to pro. Many of them are still sitting on on on the, the previous versions or the the free versions, shall we say. And when HHS released this guidance, Google came out with their own guidance, and we put the URL in there too so that you can see it. But, basically, if if you read through everything, what they say is, yes. If you collect any kind of HIPAA or PHI, please don't use us. And I'm I'm paraphrasing, of course, and I'm being very blunt. But that's that's basically what Google's saying. They don't have the ability, and they will not sign a BAA to, to to ensure that they can that they can protect PHI in all aspects of a slice cycle. Encrypted at rest, you know, encrypted and at rest, encrypted and and in motion, etcetera. Now security and whatnot. So that's really what that means is that a lot of the current tools just can't use them. You you have to move on to other tools. And and there's a lot of options, and, of course, you'll see some of the things that Coveo does when it comes to personalization. But you just have to be very careful with what we do. Do you wanna move on to the next? So in many cases, and we've actually seen some of our clients, that the first thing they did when when they received this this, HHS guidance was they stopped using web analytics altogether. And in their particular cases, because they they had the they they were using they were capturing PHI, they kinda had to. Now now they have to go back and and replace it. But the question is is, well, what can you cannot do? Do? Can and cannot do? And there's a number of things you can still do. Right? You can communicate with patients and members. Right? You can create the right conditions for better health outcomes and still communicate them and communicate them in a secure fashion. You can use all the tools as long as there's no get get chance of gathering PHI, and I should probably add insecurely. You can still gather PHI and you can still work with PHI, even if you are within a marketing or some other element that's leading to a better health outcome. For example, choose my hospital because we have the correct, the correct, specialists to see you and and to solve your your your health problems, well, of course, then that's that's allowable. You can work with patients and members across many channels. We've been focused mostly on web, but, of course, there's analytics and mobile. There's other elements as well. And you can still use a tag manager as long as the tag manager itself is secure and it sends data securely to funnel data to HIPAA compliant repositories. And that's the key, right, because the need to capture information and to understand and personalize an experience, and to understand what's happening on your site and optimize an experience for people who are using that, that hasn't gone away. What has changed is the fact that you still have to follow HIPAA when you do so. Now what can't you do? Well, you can't use any web social analytics tool that doesn't meet HIPAA guidelines. You can't use a tag manager to funnel events that may contain PHI to non compliant tools. And let me give you an example. There's a vendor that actually has two versions of analytics tools. That vendor uses one tag manager. The tag manager has been found to be secure. It's okay to use. But they can never send it to the noncompliance analytics tool. They have to send it to the new compliant analytics tool. I'm just gonna say. And you can also not send form data with PHI and Clear to any tool. Right? That includes HIPAA compliant tools because we're talking about PHI, in transit, that must be encrypted. So that's the highlight. But let's go a little bit deeper in terms of what that means. So there's a couple of implications. And you kind of saw it as like I kind of shot showed what I was going to showed what I was going to say. But you have to use the correct tech management analytic solution. If you're going to capture the information, if you're going to analyze the information, then you have to choose it correctly. And there's a variety of tools. There's on premise tools. There's online tools. You just have figure out what's going to work for you. It's not feasible to just disable tracking on certain pages. Well, gee, you know what? As long as I don't enable tracking on any form page or tracking on any find a doctor page, I'm okay. That that actually might be, on day one, successful, but it won't be successful on day five, day ten, day thirty. As soon as you create a new page, you know, marketing creates a new landing page. They don't even think about it. They enable the analytics because it should be, and now you're in a you're you're in a heap of trouble all over again. And keep in mind, fifty thousand dollars per, per lost or per per, infraction. So any tracking should be reviewed. It's not just web analytics, although that's where most of of our clients are focusing. But if you've got any kind of tracking, you know, it could be Facebook. It could be tracking, for personalization engine, where you're using either personalization engine. This is third party and they're using omnichannel personalization. Any of those types of tracking tools, we have to do a review and ensure that they're ready and they have a complaint. And, of course, it's obvious. It's something that we've always understood, but all unauthentic our authenticated experiences fall already, but as well as many unauthenticated. And I say many, but, really, you have to do a review for every unauthenticated experience just to see what's there and what you can do or not do. And then finally, a lot of people will be the the product of outbound campaigns, email campaigns, for example, or SMS campaigns. Are they impacted by HIPAA? Absolutely. Does this new guidance change anything as far as HIPAA is concerned? Not a lot. Right? They the the people who have been doing out outbound marketing when when it comes to health care organizations are also very well aware aware of what they can do and have taken a number of steps to make sure that they're compliant. Frankly, up until they actually hit the website when they had problems, but that's what we're talking about now. So those are some of the implications. If you wanna move on oh, go ahead, Marietta. Yeah. No. I was gonna say that's great. Thank you for, taking us through that. Sorry. Yeah. No problem. So let me give you some examples of PHI in non authenticated sites. And that's the key here. It's the reason why HHS is giving the guidance. First and foremost, one that comes to mind, most obviously because that's where they found the issue in the first place, is find a doctor. Right? And think about what happens. Someone comes in, they're looking for a doctor doctor. They find the right doctor, and they click on, they click on clip to call. Now just that debt information alone is enough to say it's PHI or it's very close to PHI. In other words, I found a specialist. I have a specific problem. It might be that I'm going to see an OB GYN, and it might be that I'm going to see an oncologist with a specialty in in in some type of cancer and so on and so forth. That's that's there. Now if they actually have you put information, like, what's the reason for your appointment, when are you coming, and so on and so forth, All of that information, especially if now you're entering in your name, your address, your age, etcetera. There's tons of PHI that occurs when someone gets point where they're looking for health care. The same could be said for symptom checker, although it's not you're not pushing as much in there. But if you think about what a symptom checker is, you enter your symptoms. And then it says based on their evidence based assessments, they're saying, alright, well, you should be thinking about x, y, or z. And they give the typical things to say, hey, Don't, you know, if it's if it's an emergency, please don't use this. Just go straight to to, you know, call nine one or go straight to the hospital. But the very fact that they're entering in information and their IP address is being tracked, means that in Symptom Tracker, there's a potential to have PHI that's, unsecured. The same goes with any with with forms, and this is forms of any kind. It could be an interest in pregnancy classes. It could be an interest in any other type of class. It could be, you know, the form that you gotta talk talk to for find a doctor. But you think about, all sorts of other things that you might that that you might ask on the site itself. Sometimes it's a form to, to express interest as a volunteer, probably not as important. But everything else where you're saying there's something about my health tied to me as an individual, then you've gotta be very careful. And and keep in mind, right, that the form itself needs to be secured. The the as you as you transit the form, the form in transit needs to be secured. And, of course, when it gets to some place, it needs to go to some place that itself is secure. And so that's that's all the implications that that you need to be thinking about. And we're seeing a lot of times where, you know, someone might take a form for interest in a pregnancy class that goes to a CRM that's not necessarily HIPAA compliant, what are they gonna do? Well, you're gonna have to get to a CRM that's HIPAA compliant if you're gonna store that form information in order to act upon that. And then, of course, there's things like clinical trial finders. We think of hospitals as a place to go find a doctor, but hospitals, especially these larger hospitals, all do a ton of research. And then that research means that they're always looking for people to participate in clinical trials. And in order to do that, they'll they'll they'll be saying, hey. We've got clinical trials. We'll go we'll give you a tool to search for it. As soon as you do the tool and then you say, I express interest, now it's a formal course. But now you're you're you're putting information in there that says, here's my name, here's my address, and I have interest in your diabetes trial. Well, that's that's HIPAA. Right? That's that that right there, you've got those those things that are there. And these are not every single elements. But when I highlighted before that you've gotta be very careful with with how you think about it about this in an unauthenticated site. You can't just disable it because you create neutral in a new clinical trial, you pop up a new form, and all of a sudden, you're in you're in the land unauthenticated land where you you must, in all cases, with all of your tools, analytics and otherwise, be HIPAA compliant. So hopefully, that's given you some insight as to where it's going and how we need to be thinking about this, and and, frankly, why all of your tools, in all cases, at all times, must be HIPAA compliant. That's amazing. Thank you, Mike. And if you have any questions, please do feel free to submit those. We will cover them at the end of the presentation. What I'll talk about next is more of the Coveo, HIPAA cloud side. So, thank you for those great tips, Mike. And if we think about, you know, digital information, you know, that lives everywhere on your sites as as Mike mentioned. And so, for those of you that don't know, you know, Coveo is an AI search platform, and I thought it was important to, list the key capabilities, that make up this platform. Things like our in our unified index and search algorithms, our connectors, business rules and machine learning models, our flexible UI, dash board reporting, and analytics. Right? And so we exist to help, amplify that existing information, documents, data for your different stakeholders. And this helps you be able to deliver better digital experiences so that your key stakeholders, have a seamless digital journey so that they get personalization and that you're able to kinda track the their journey across sites. And we're proud to say, you know, we we do actually have a HIPAA platform and a HIPAA cloud, and that's, you know, part of the reason we're having this discussion today and why I asked Mike to to join this webinar. And, really, for us, we know that you know, Mike, you mentioned a a few area a few times people kind of just disable or they think they can just switch something off rather than solving for it in the right way. And so we see that you can actually deliver those world class digital experiences that people expect, whether that's on your dot com, your member, or your patient portals, as well as internally for your different team members. And we we expect and we operate in a way that we're helping you do this safely and securely so you're not missing out on cutting edge technology. You're able to take advantage of, things like AI and analytics, but, again, doing it on compliant platforms. We are secure by design. Even before I get into our HIPAA cloud, these are all of our security certifications and attestations that cover many different areas, of course, HIPAA cloud, ISO, GDPR, California data protection, customer data management, cloud security. So we take this very seriously, and one of our product team members mentioned, you know, we don't paywall our security. If you use our general Coveo platform today, you get, all of the security, and the additional options which I have here, which is, unlike other companies or other, solution providers, we also index, your security from your documents and information. We call it early binding security. So we are respecting your existing access controls on all of your documents. In addition to that, we have multiple lever levels of different user types that you can use within the platform to make sure that only those that need to have access to information do get to see it. And then lastly, you mentioned this a couple of times as well, Mike. We encrypt all of our data at rest and while it's in transit. So for us, this is something that we provide even with our basic platform. Right, everyone gets these great benefits and securities and protections. On top of all of this, we have a separate HIPAA platform, that we are maintaining. And so I'll go through and cover, you know, what's included in that. But in addition to everything that we that I covered, above in terms of our features, our capabilities, our security, we also have the HIPAA compliant platform, which means for us, we are doing a bi biennial HIPAA audit. We're maintaining that on an ongoing basis, and I think we've had this since two thousand and seventeen, actually. We also provide extra access controls for team members that have been HIPAA certified trained only. We have dedicated r and d resources that are maintaining that security and uptime. Again, they've been HIPAA they've been HIPAA trained. They're compliant, you know, really taking this very seriously. There's a breach notification protocol that helps to work with our customers and the government should a breach occur, which is one of kind of the benefits and requirements as well. In addition to that, we maintain audit logs for up to six years, to adhere to the HIPAA requirements. And lastly, you mentioned the BAA Mike, the business associate, agreement. We have that as well, that we are, entering to as a partner with our customers, again, to make sure that you're you're getting that HIPAA compliance and, you know, having secure and protected data and information. I think one of the key things that you kinda talked about, Mike, is, you know, authenticated, unauthenticated. And as a marketer and I'm sure there's, you know, marketers on the call here with us as well. The entire digital journey, the entire user journey matters. Right? And it's not a linear experience. So what you see here is a typical journey, where you kinda have the unknown phase, unknown phase, and then post sales or, you know, once you become a customer, you have perhaps authenticated experiences. And, you know, each user's journey could could, you know, jump through each one of these stages. You know, as a member, I might log in. I might not log in. I'm trying to find information when I need it. Right? I don't wanna have to worry about my information being shared as well. And so, the entire journey matters. And, you know, again, with the HIPAA compliant platform, you can rest assured that you're you're, being compliant with government, but also protecting your members and patients' information as well. One thing that that I think, a lot of companies don't think about a lot is the fact that, you you we have different stakeholders. Right? You have different stakeholders, including your patients and members as well as your internal teams. And so, we are really trying to look across the entire digital journey to provide those great experiences in a secure and protected way. So, hopefully, this resonates for you to think about the different types of sites and areas that we are helping, our different clients work with today. I also wanted to mention, a little bit more about Coveo AI and our journey and our capabilities, especially since this is such an important topic in today's market. I'm sure everyone's hearing about generative AI. And I wanted to show this as really our journey. Right? We started back in two thousand and five in enterprise search and Coveo time have continued to add new capabilities, including unified search, our personalization, our recommendations. And we're now getting into the generative AI component, which I know is a little bit of a sensitive topic, I think, for highly regulated areas, but, you know, we are taking steps to make sure that whatever we are doing is safe, secure with your own information, and, again, doing that with a compliant platform, HIPAA compliant platform as well. So we have some great things on our road map that we are bringing to you in the Coveo platform, and that would apply and be, you know, even more secure on the Hippo platform as well. And I think what why why I wanted to mention that as well is, you know, a lot of things are a trade off, right, when you don't understand them fully or deeply. And so, hopefully, with Mike covering different considerations or areas that you need to be thinking about, you also understand, like, it doesn't have to be a trade off. Right? You don't have to trade off having great or delivering great member and patient care or having great digital experiences and having to you know, having secure and and privacy in place as well. We believe we can help you deliver all of that with our platform and now, additionally, with the HIPAA compliant platform that we we offer as well. And I did want to just share some of the top health health organizations that we work with today that we are proud and happy to call our customers as well. Some using our HIPAA platforms, today, actually. So, also, this gives you an idea of the different use case areas that teams are using this for. So, for example, on Humana, they've used this on their dot com site to help, people find information when they need it. So this is ninety five percent of the click through rate is, you know, after applying our machine learning models, which are helping people get to the information they need. For athenahealth, here we're showing just one, you know, one stat stat or one point in time metric, but this is on the support side. Seventy five percent of all clicks that are done by support agents, so those agents servicing customers, those are being machine learning boosted. So, again, employees are getting help from our machine learning models. And then lastly, on the UW Health, we help them deliver a reduction in content gaps on the Internet. So, again, a slightly different use case, helping employees find information, again, to deliver that better care experience. So, hopefully, this gives you an idea of the breadth of what we're able to do and help, our different customers and companies deliver. And what we wanted to offer you is, a few different things. If you're new to Coveo and you wanna learn a little bit more, either about our platform or the the HIPAA cloud that we offer, please, you know, feel free to book a meeting directly. If you're an existing customer, we highly recommend if you have not yet to, contact your CSM who can talk to you more about our HIPAA cloud and what it takes to get you moved over to that, infrastructure. And then lastly, we did wanna offer a new ebook, customer experience or HIPAA compliance. Finally, you don't have to choose, and that'll just give you a little bit more information and insight into our thinking on HIPAA, the digital experiences, and, helping you see that, again, you don't have to choose between those two. So with that, I do want to thank you all for the time today. We will open it up for questions, and, I think I might have one or some coming through. Before we get into questions, I wanna I wanna make one highlight. You know, we we think about HIPAA and it's all everyone thinks about the fact that it it must be encrypted at rest. It must be encrypted in in transit. But it's it's the secondary and tertiary, use cases that get in the way. And let me give you an example. We were working with one of our partners. They had a product. They said, hey. Help us make this product better. And they had already gone made what what they thought was halfway down the path. We were the icing on the cake before they did a HIPAA audit. And and we had one of my architects look at the product and immediately noted that they had a search. And and the search was not Coveo, but the the search had no controls on it. It wasn't encrypted, and etcetera. And and what that meant is that even though they might have encrypted everything but the index, because the search creates an index or crawl creates an index, the index wasn't encrypted and also the access to it. It was universal access. If you had anywhere close to admin access for it, you had access to that, which meant that from in in the spirit of HIPAA, you were breaking it. And so these types of tertiary things where you might say, well, my product or my my site is already secured is okay. But as soon as you start looking having other other, tools starting to look at it, it's very important, as Coveo has done, to ensure that the access is correct and also that the that the data that they pull is also kept secure. Thanks for that, Mike. We do have one question here which says, if we're a current Coveo customer, do we have the HIPAA compliant platform? You would have to check that with your CSMs. They are two different infrastructures and environments that exist. I'm going to say, generally speaking, if you don't know if you have it, you probably don't, but you can always check with your CSM. I will say this is something we've had over the last, I think, five five or six years. But, again, every organization has is at a different level of digital maturity, and I think HIPAA's kinda changed. And, they're kind of enforcing a little bit more now, Mike, would you say? I'm making that point just to say that, you might not be on the HIPAA platform. They are two different environments and infrastructures. You will get all of the same capabilities that you get with our existing platform, but now you're just getting them on a compliant platform and infrastructure. So do please, check with your CSM on that one. And I think I asked you I kind of asked you a question in between there, Mike. I'm sorry. I missed the I missed the question. It's okay. Yeah. While we wait for, some other questions to come in, I wanted to ask you, are there specific areas that you think people miss, that are not as obvious in terms of being compliant or protecting information? I I think there's a lot of different areas, and it and it comes down to those secondary and tertiary needs that we that we talk about. Right? It's one thing to say, you know what? We got it. We have it secured. But then, you know, for example, if you can let anyone in your organization have access to, you know, for example, a list of all the appointments that that were made, you know, in the last little while because you're trying to do attribution. Well, if you're using it for attribution, for example, and you captured that information and you show PHI, you've kind of broken HIPAA, because you you need to capture the information in the first place, but you don't need in order to do reporting on marketing, you don't need to know who made the appointment. Just that an appointment was made, and, Jen, you can justify your job. You you only do it when it comes to to helping the patient with their with their, you know, health care needs. And so it's it's things like that that that sometimes people just forget because they're they're thinking, oh, yeah. It's already secure. It's already in there. We're already good. But, you know, there's plenty of examples. We work for a hospital that that, had a very specific policy that when a VIP was in there, that, you know, nurses couldn't go or other clinicians couldn't just go into the EMR and access it. They might have had the right to access it and, therefore, it was secure, but the policy that went along with it said that you can only do it when it comes to actually working for health care. If they just happen to be if you're not treating a a VIP and you're looking at a VIP's record just because, you know, it's a VIP, you still work in HIPAA. So just keep in mind as you do some of these things, you know, especially when it comes to reporting and whatnot, a lot of times aggregation and and anonymization is better when it comes to those things, even though you may have that information in your repository for a variety of valid reasons. Thank you for that. And another question for you. Do you see differences in how maybe, payers and providers might be thinking about, HIPAA or HIPAA compliancy? Yes. And and you probably noticed that I spent most of my time talking about providers, and that's because this has the most impact on providers. It's where where it was found. What we still see, and this is kind of funny, many of the of the payers, they will send out member communications, usually having to do with health and wellness, although there's a ton of other possible communications and that we see in the provider world all the time. You know, it's been you know, you don't necessarily tell a patient, it's been a year since we last saw you. Please come in for your your up your your latest endocrinology update. That's that's HIPAA. But they they they they basically send out information that's more informative and then they're reminding of the avenue. There's things that they can do. We still encounter payers who think that they cannot, except for health and wellness, communicate with their members. And that's not necessarily true. So oddly enough, even though everything we've talked about is absolutely, relevant to the payer world, they do a lot less communication to their pay patients, and they spend a lot less time focusing on their patients, especially in non authenticated sites. There's plenty of care management portals. There's plenty of plenty of health, health and wellness portals where, you know, it's authenticated. They're being careful, etcetera. You still need to be extra careful if you're doing any kind of analytics, of course. But they they're they're not doing as much as as the providers are doing, especially in the non educated world. So there's a difference, and the difference isn't that it's not applicable to them. It's just that they're not necessarily pushing the boundaries and having to make sure what they what they do and how they measure that. That's great. We also ask you one more question. We talk a lot about authenticator, unauthenticated, and how both, need to be thought about in terms of, you know, data and information. Could you share any more maybe insights on, like, the differences or the risks or, like, what you're seeing out in the market in terms of where people are focusing or maybe missing? Well, I would know because we've already we we we've walked through all the implications of things that could be missing in in the United Kingdom. I think we've hit that. You know, we we might have flagged it to death. We've we've we've done a good job. In the authenticated side of the world, it's still important, and and everything hits. Right? If you have a member portal, for example, and you apply, you know, Google Analytics to it, well, you've got a problem. I actually ran into a a vendor of ours where they talked about the fact that they had they were using Google Analytics on a patient portal, actually. They applied it to a patient portal, and I was just shocked that you can't do that. What what are you doing? You know? And it's because they're thinking again. It's those those tertiary. It's authenticated. It's HTTPS. The portal itself is given by an EMR vendor like Epic or Cerner. We're good. No problems. Right? And even though you're trying to gain additional insights in the usage of the site, which is a valid idea, you wanna you wanna understand how to ensure and optimize and make sure you you're you're handling all of these Kubernetes needs. But if you're using a tool that doesn't work, you're still in the in trouble. And so even though I focused on on unauthenticated use cases in terms of what you can do, the authenticated use case the authenticated scenarios are equally as important. And if you've done something to implement personalized search, which is, you know, of course, where where Coveo is. Or if you're you're doing the analytics, well, you'd you'd for darn sure had better ensure that everything in all areas is secure. Thank you for that. I think it's important to emphasize that a little bit more. Awesome. Well, thank you for the time today, Mike, and thanks to those of you that have joined us. Feel free to connect with us on LinkedIn, And, again, reach out to our teams if you're a customer today. And if not, we'd be happy to follow-up with you, to dig a little bit deeper. Mike, I appreciate your time today, and thank you for so many great insights. Yeah. You're welcome. I'm glad to be here. Thanks. Thank you. Take care. Yeah. Bye.