Updated 13 April 2016 1217: Maize announced today it had completed a second round of funding of undisclosed magnitude, led by entrepreneur and investor Jim Sohr.-Ed.
MAIZE ANALYTICS, a healthcare information-technology startup led by Vanderbilt University Assistant Professor Daniel Fabbri, Ph.D., is talking with potential future investors about its plans.
Fabbri confirmed that Maize is considering mounting a Seed-capital raise in the $500K to $2MM range. The goal it eventually sets will be partly dependent on the traction the company achieves near term, as well as the appetites of Angel, VC or strategic investors.
A Seed round could be triggered by the turn of the year; and, a Series A effort could be undertaken by 3Q 2015, said 29-year-old Fabbri.
Maize's Explanation-based Based Auditing System (EBAS) is used to determine "whether there are valid clinical or operational reasons for accesses [to a patient's EMR]. EBAS then filters out legitimate cases, leaving a smaller subset for manual inspection," to determine whether or not there has been a breach of patient privacy, according to its website.
"Inside threats" to patient data privacy are Maize's focus, not outsiders' intrusions, said Fabbri. Both inadvertent breaches of patient data, as well as employee "curiosity" ("a huge problem") are among the drivers of data-privacy breaches that require compliance responses, he noted.
Its intellectual property, developed by Fabbri and a co-researcher, is licensed from the University of Michigan, Ann Arbor, where Fabbri earned both his computer-science doctorate and master's, and was in graduate and post-doctoral research. He joined VU Medical Center 10 months ago, focusing on bioinformatics and computer science.
Angel, strategic and venture-capital investors are likely to be interested in the company, and Nashville-area VCs have particularly strong healthcare expertise and networks, said Fabbri, who is majority owner of the company.
The software development effort that he personally put into Maize technology would have cost "hundreds of thousands of dollars," commercially, he said, adding that he had used contractors only sparingly.
Although he's had no accelerator backing, in 2013 he and then-teammates participated in National Science Foundation (NSF) Innovation Corps training for technology commercialization. In addition, he said, shortly after joining Vanderbilt he participated in LaunchTN's VentureMatch program, via an event co-sponsored by PYA Analytics in Nashville.
Fabbri said he'd be happy for the company to remain based in Nashville, which he described as a "great incubator."
The biggest challenge here, he said, is "finding the right tech talent" for a company that could grow from its current single full-time employee to perhaps 25, within two years. Nashville has some "excellent" computer-science talent on its campuses and within its healthcare corporations, but the city still needs a talent pool that is "larger and more robust."
Maize will soon be looking for crucial hires among developers and sales staff, with the pace of hiring better determined after its market-penetrating business model and pricing are in-place.
It currently has one full-time employee, business development VP Jared Barrett. Fabbri plans to remain aboard the company, though post-funding Maize may recruit a CEO or COO, he said.
He acknowledged that Ann Arbor-based investors could be interested the company. Technology-transfer folks at the University of Michigan naturally keep an eye on Maize's progress; and, Maize, itself, was formed in Michigan and is registered there and in Tennessee. Its advisors include attorneys with Ann Arbor-based Bodman and sometimes attorneys with Marshall Gerstein Borun.
Immediately, the company is focused on converting to Customer status one or more hospitals that are now using its software on a "free-trial" basis. It released a new version of its tool, about two weeks ago.
In trials, it has already demonstrated Maize's interoperability with EMRs from Cerner, Epic, Meditech and others. Installing Maize's software at a hospital on a desktop or in a datacenter typically takes less than an hour, said the CEO.
Fabbri said he believes Maize's offering goes beyond simply addressing a "pain point," to "setting a new standard" for speed and cost-effectiveness of compliance. He said that's the sort of outcome he had in mind several years ago, when he deeply realized that the scholarly work he'd completed and published "had practical uses, beyond being a research paper that sits on the shelf."
Central elements in its approach include using local data to illuminate each hospital's embedded "social network," including identifying necessary collaborations among staff of various departments involved in addressing a patient's specific diagnoses.
An exit via sale to a strategic buyer within three to five years is the most likely path for the company, said Fabbri. The company is likely to make two more iterations of the product prior to its exit to a major technology company or a large consulting firm, he said. He said he could also imagine a "SaaS model," in which the company offers compliance-as-a-service (CaaS).
Maize technology automates much of the data-sifting that providers's privacy officers must do to find instances of "suspicious behavior" that could signal impermissible use or disclosure that compromises the security or privacy of protected health information contained in electronic medical recors (EMRs). Such audits are required under the Health Information Portability and Accountability Act (HIPAA) and other regulation.
Fabbri said that without Maize technology, hospital auditors must perform manually their investigation of all incidents that may prove to have been inappropriate accesses to patients' information.
The company plans further enhancements to the tools it offers, including developing broader analytic capabilities that enable more predictive or proactive interventions; and, enhancements that allow farflung hospitals within a single system, which may have regional compliance offices, to get more value out of regionalized support, said Fabbri.
According to materials provided by Fabbri, Maize's EBAS software tool is installed at healthcare sites and mines data that never leaves the institution, to allow auditors to focus their personal effort on EMR access-session data that does not conform to patterns of appropriate authorized access (e.g., for setting appointments, scheduling lab work, etc.).
EBAS software "learns" about appropriate use by extracting local information -- for a specific patient, during a specific timeframe -- including information regarding routine EMR accesses; lists of visits, labs and other patient "encounters/events"; a patient's diagnosis codes; and, departmental assignments and other data about the employees who accessed a patient's records.
Asked about competitors, Fabbri said he believes other offerings involve "static rules," rather than Maize-type machine learning.
Without naming particular offerings, he said a major drawback of "static" approaches is that they often generate "alert avalanches," potentially overwhelming users. VNC