Dean Koh

Last week, the House Committee on Health in the Philippines House of Representatives chaired by Rep. Angelina Tan approved a substitute bill seeking to establish the National eHealth Systems and Services that shall deliver health services through cost-effective and secure information and communications technology (ICT). WHY IT MATTERS The landmark measure provides for an organised and structured application of electronic health or "eHealth" integrated in the regular workflow of healthcare facilities. Specifically, it seeks to utilise ICT to deliver health services which has the potential to be profitable, improve quality, change the conditions of practice, and improve access to healthcare, especially in rural and other medically underserved areas. The bill also aims to facilitate the exchange and access to secured personal health information, ensure harmonisation or integration, alignment, and interoperability among various eHealth initiatives, and facilitate inter-agency and inter-sectoral coordination at various levels of governance in both public and private sectors. The measure mandates the Department of Health (DOH) as the lead agency to implement the Act and provides for the creation of an inter-agency and multi-sectoral National eHealth Steering Committee to serve as an executive body of the Philippine eHealth System and Services (PNeHSS). Among the changes approved and introduced in the substitute bill is the provision for public-private partnership of eHealth Services. The bill mandates the DOH to promulgate the rules regarding the participation of the private sector in the provision of eHealth services and solutions, including public-private partnerships and other suitable arrangements. An additional provision on research and development was also introduced and will be accomplished through the formulation of expanded eHealth research priority areas under the National Unified Health Research Agenda (NUHRA) as well as the establishment of knowledge hub and research centers for eHealth that study, among others, capacity building, health technology assessment, knowledge management, standards development, and research utilisation. The approved bill also details violations of the Act and corresponding liabilities and penalties. For instance, the unauthorised processing of personal information shall be penalised by imprisonment ranging from one to three years and a fine of P500,000 to P2 million. The unauthorised processing of sensitive personal information shall be punished by imprisonment of three to six years and P500,000 to P4 million. Other violations include accessing personal information and personal sensitive information due to negligence; improper disposal of personal information and sensitive personal information; procession of personal information and personal sensitive information due to negligence for unauthorised purposes; unauthorised access or intentional breach; concealment of security breaches involving sensitive personal information; malicious disclosure; and unauthorised disclosure. Any person who commits a combination or series of these acts shall be subject to imprisonment ranging from three years to six years and a fine of P1 million to P5 million. THE LARGER TREND According to the official eHealth website by the DOH, two main challenges of the Philippines’ health system are access to health care services, and access to real time information for decision making. 70% of the population living in rural areas are still struggling with no or limited access to quality inpatient and outpatient care services. Delayed access to timely, reliable, accurate, and complete health information contributes to the challenges faced by decision makers. This condition is further exacerbated by various health data coming from disparate systems that use differing formats, lacking harmonisation, and putting additional strain on already compromised data quality. Based on the Philippines eHealth Strategic Framework and Plan 2014-20, the DOH envisions that “By 2020, eHealth will enable widespread access to health care services, health information, and securely share and exchange client’s information in support to a safer, quality health care, more equitable and responsive health system for all the Filipino people by transforming the way information is used to plan, manage, deliver and monitor health services.” With the proposed National eHealth Systems and Services Act approved, there is some progress made in the governance component of the eHealth vision but much of the real work will lie in the establishment of the necessary foundations – infrastructures, standards, rules and protocols for the effective implementation of eHealth services, processes and solutions. ON THE RECORD “The Department of Health welcomes the new version of this Act because the future of health is being designed with eHealth, the use of information communications technology in health,” DOH Assistant Secretary Enrique Tayag said. He also suggested that the measure should more clearly provide that private entities are free to use ICT in their delivery of health services.

In December 2018, Thailand’s Ministry of Commerce announced plans to put medical-related fees, including drugs, supplies and service charges, on the price control list of the government’s central committee on prices of goods and services. On January 9 2019, the plan was approved and the Thai government added medicine, medical supplies and medical services to its price control lists, which was announced by Minister of Commerce Sontirat Sontijirawong. A subcommittee has been formed to work out measures to control their prices, which consists of representatives from the ministries of commerce and public health, insurance associations, the Private Hospital Association, the Foundation for Consumers and the National Health Security Office, Minister Sontirat said. Impact on digital health adoption With the implementation of price controls on medical supplies and services, the impact would mostly likely be felt by the private hospitals and healthcare providers since their revenues and profits would be adversely affected. However, on a broader level, the price controls could result in a nationalised standardisation of healthcare terminologies and delivery in terms of how services are ordered. Currently, most hospitals in Thailand, especially those in the private sector, have unique software programs that are designed specifically for their internal use and operate quite comfortably within each institution’s legacy IT systems. What this also means is that it is virtually impossible for electronic information-sharing across hospitals but the price controls may pave the way for a more standardised way of recording health information to facilitate reimbursement both for healthcare providers and payers/insurance providers. A more standardised method of recording and sharing of health information at the national level using IT brings with it several benefits – patients can move across different healthcare organisations without having to bring along their physical paper medical records, reduction of diagnosis/prescription errors as clinicians have a more comprehensive medical record of their patients and potential opportunities for population health analytics with a unified national electronic health record. While the move towards a unified national electronic healthcare record in Thailand may take some time and effort to realise, the new price controls presents a shake-up and enormous opportunities for both public and private healthcare providers to provide more value and quality to their patients through leveraging health IT technologies.

DeepQ, the healthcare division of HTC, yesterday announced a deployment of HTC VIVE™ hardware at Taipei Municipal Wan Fang Hospital to create the first multiuser patient education room in VR. Using VIVE Focus (a stand-alone VR headset from Vive) with the VR human patient education application, surgeons and families can join a shared VR world where surgeons can explain surgical procedures and educate patients. “Vive Focus can be used as a tool to break down barriers between doctors and their patients to improve care and drive education of patients to new levels,” said Edward Chang, President of HTC’s DeepQ division. “With Vive Focus, medical consultation can become mobile and more approachable to patients and doctors alike. We’re proud to work with Taipei Municipal Wan Fang Hospital to explore how VR can begin to change medicine.” “In the past, it has been difficult to educate patients on the impacts of a procedure or medical need. Through VR, physicians can now easily talk to patients about human organ structures and treatment plans in a shared environment,” said Kuan-Jen Bai, Dean of Taipei Municipal Wan Fang Hospital. A typical patient consultation today can involve human anatomy models, however, micro structures such as nerves, vessels, and lymph nodes are difficult to be displayed. Using VR, patients can more easily understand the impact of diagnosis and treatment plans alongside their physicians.  In the future, Wan Fang Hospital will also integrate the VR education platform with the Health Information System (HIS) system of the hospital's patient educational review system. After each VR patient education, the public, the family, and healthcare personnel’s review will be digitalised. According to a market forecast on VR in the healthcare market that was published in March 2018, it is predicted that VR technologies will enjoy a 54.5 percent compound annual growth rate in healthcare over the period of 2017-2023. Currently, most of the established VR offerings in healthcare often fall under a few major use cases, including education and training for physicians, and distraction therapy for inpatients and seniors. However, ever-advancing technology and growing acceptance by physicians and patients alike has many digital health researchers excited to investigate more novel clinical use cases and tackle the various hurdles that remain for VR.

Minister for Health Gan Kim Yong delivered a ministerial statement on the Committee of Inquiry (COI) report on the SingHealth cyberattack in the Singapore Parliament on January 15 2019. In the statement, he said that the Ministry of Health (MOH) has appointed a Cybersecurity Advisory Committee to conduct a horizontal review of the cybersecurity governance structures and processes across the public healthcare clusters and Integrated Health Information Systems (IHiS), the IT agency for the Ministry. He also outlined four key responses to the COI report’s recommendations. The first is enhancing governance and organisational structures as there is a “need for clearer cybersecurity risk ownership and accountability between IHiS and the public healthcare clusters, underpinned by a strong relationship to avoid fragmenting the Ministry’s healthcare IT strategy.” At MOH, the Chief Information Security Officer (CISO) is currently also the Director of Cyber Security Governance at IHiS but these roles will be separated. The MOH CISO will be supported by a dedicated office in MOH and report to the Permanent Secretary. The MOH CISO office will be the cybersecurity sector lead for the healthcare sector. It will coordinate efforts to protect Critical Information Infrastructure in the healthcare sector, and ensure that the sector fulfils its regulatory obligations under the Cybersecurity Act.  For its part, IHiS will have its own separate Director of Cyber Security Governance. At the clusters, the cluster Group CIO office will now be made fully accountable to the respective cluster management and Boards. The GCIO office will be adequately resourced to carry out its role. The position of the Cluster Information Security Officer will be elevated to report directly to cluster management, and be accountable to the IT and Risk Management Committees of the cluster Boards. Secondly, a cybersecurity model with multiple lines of defence will be put in place. A more robust ‘Three Lines of Defence’ structure within the public healthcare: The first line comprises units and personnel who develop, deliver and operate the IT systems. This is the Delivery Group. MOH will strengthen the IT delivery group to better integrate cybersecurity into IT delivery initiatives, improve the management of network security, and increase emphasis on security architecture and monitoring.    The second line of defence comprises units and personnel who have the specific responsibility to oversee security strategy, risk management and compliance. MOH will strengthen and elevate this second line of defence by establishing a dedicated Cyber Defence Group in IHiS headed by a senior leader at or equivalent to the Deputy Chief Executive level. The strengthened group will have independent oversight of cybersecurity implementation, compliance and risk management, and will oversee incident reporting and management. This will ensure that cybersecurity is managed at the senior management level, and an appropriate balance is struck between service delivery and cybersecurity considerations.   The third line of defence comprises checks and assurances independent of IHiS and our healthcare clusters, and independent of the first two lines of defence. MOH Holdings Group Internal Audit will continue to play this role. MOH also intends to commission and tap on independent third parties where appropriate. The third aspect would be improving the cybersecurity awareness and capacity of staff. Starting this year, IHiS will engage specialist providers to conduct realistic hands-on “Cyber Range” simulation training to raise the competence of their security incident response personnel. IHiS also intends to learn from GovTech’s bug bounty and vulnerability disclosure programmes and start similar efforts. Lastly, a tiered model of Internet access will be considered. In its report, the COI has recommended that an internet access strategy which minimises exposure to external threats should be implemented. Following the cyberattack, temporary Internet Surfing Separation (ISS) was implemented across Singapore’s public healthcare sector. However, the implementation of the ISS has posed several challenges in the provision of patient care in some areas such as emergency care, decision-support for prescriptions and treatments, access to patient education resources, and booking of clinical appointments. ISS also caused delays to frontline patient management and backend administrative tasks. Research and education initiatives in the public healthcare institutions have also been impacted by ISS. The current model of ISS is still workable but there needs to be longer-term solutions that are more efficient and sustainable. One such solution is the “virtual browser”, which allows access to the Internet through strictly controlled and monitored client servers. The client server acts like a decontamination room in which a file is opened and only an image/copy of the file is taken and sent to the recipient. In this manner, any malicious material or hidden content is ‘left behind’ in the decontamination room, greatly reducing cybersecurity risks. This “virtual browser” pilot will begin in the first quarter in 2019 at the National University Health System. “Virtual browsers” will be deployed in selected job functions at selected departments and clinics. Some of the job roles participating in the pilot include frontline pharmacists, and emergency department clinicians. The conduct and evaluation of the pilot is expected to take about 6 months and MOH will closely with the Cybersecurity Agency of Singapore (CSA) to assess the cybersecurity adequacy of the solution. The effectiveness of the Virtual Brower will also be assessed. Mandatory contributions to the National Electronic Health Record (NEHR) system will continue to be deferred as it is undergoing a series of cybersecurity assessments conducted by the CSA, GovTech, and independent firm PwC. The NEHR will also be subject to further testing and reviews, including exercises to test its defences against targeted attacks, as well as business continuity and disaster recovery plans.

Following the release of the public report by the Committee of Inquiry (COI) for the SingHealth cyberattack which occurred in July 2018 and Integrated Health Information Systems (IHiS) taking disciplinary action on staff members involved in the incident and senior management team staff, the Personal Data Protection Commission (PDPC) has imposed financial penalties on both IHiS and SingHealth, according to an official statement. The PDPC administers the Personal Data Protection Act 2012 (PDPA) in Singapore, which aims to safeguard individuals’ personal data against misuse and promote proper management of personal data in organisations. PDPC’s investigations into the data breach arising from a cyberattack on SingHealth’s patient database system, found that IHiS had failed to take adequate security measures to protect the personal data in its possession. PDPC has imposed a financial penalty of S$750,000 on IHiS. A financial penalty of S$250,000 has also been imposed on SingHealth as the owner of the patient database system. PDPC found that the SingHealth personnel handling security incidents was unfamiliar with the incident response process, overly dependent on IHiS, and failed to understand and take further steps to understand the significance of the information provided by IHiS after it was surfaced. These financial penalties (a total of S$1 million) are the highest ever imposed by PDPC to-date. PDPC took into account the fact that the data breach was the largest breach that Singapore has ever experienced, as well as the sensitive and confidential nature of the patients’ data. In addition, the penalties took into account the fact that IHiS and SingHealth were cooperative throughout the investigations and took immediate remedial actions. PDPC also recognised that both organisations were victims of a skilled and sophisticated threat actor bearing the characteristics of an Advanced Persistent Threat group, using numerous advanced, customised and stealthy tools and carrying out its attack over a period of more than 10 months.

The IHiS Board of Directors appointed an independent human resource panel to examine the roles, responsibilities and actions of the IHiS staff involved, and assess the appropriate HR actions to be taken.

Last week, Deqing county hospital in Guangdong Province launched free consultations featuring artificial-intelligence (AI) cameras to detect ocular fundus diseases, which are major causes of blindness, according to a report by Xinhua News. About 300 residents from Zhaoqing City in Dequing County attended the free consultation sessions. The hospital became the first to use the device, co-developed by China's search engine Baidu and Sun Yat-sen University, to serve the general public. The instrument is capable of diagnosing three types of fundus disorders -- diabetic retinopathy, glaucoma and macular degeneration. It scans the eyes and generates a report in 10 seconds, all done without the need for an ophthalmologist to be present. Baidu’s AI-powered camera was first unveiled in China in November 2018, according to a MobiHealth News article. Fundus diseases are a major cause of blindness in the developing world, where the short supply of eye doctors and instruments has stymied timely diagnosis and treatment. China, with a population of 1.39 billion, has only thousands of ophthalmologists capable of analysing fundus photos screening. “As a doctor working at the grassroots level, I believe AI can greatly help in all aspects of screening. For instance, there is so much imaging data during medical checkups and it takes up a lot of time and energy for doctors to physically look at this data, which is simply not efficient. In ophthalmology, the use of AI to verify test results from fluorescein angiography and OCT examinations can help doctors expedite their analysis, which saves time and improves their efficiency,” said Dr Honghu Xia, Director of Ophthalmology at Deqing county hospital. Xu Yanwu, a Baidu engineer developing the instrument, said the AI cameras were specifically designed to address the lack of medical instruments and ophthalmologists at grassroots health facilities. "It is easy to use and can be operated by a non-professional. Its 94-percent sensitivity and specificity at analysing photos can match a senior doctor at a tertiary hospital," Xu said. As of 10 January 2019, Baidu already has four of said AI cameras operating in four hospitals in Deqing County to assist ophthalmologists in fundus screening. It is estimated that by end of March, Guangdong Province will have 14 hospitals using the AI camera instrument.

One of the fast-growing sectors that have been identified in Thailand is healthcare and it is expected to be a key driver of the country’s economy. Deloitte estimates that the health care spending in Thailand would have reached $18.7bn last year, growing by 8% between 2014 and 2018. The consultancy added that total spending was $12.8bn in 2013. The medical equipment market is growing quickly as well, having risen in value from BT25.92bn ($780.2m) in 2010 to BT38bn ($1.1bn) in 2015. Nearly 80% of this medical equipment is imported. The government’s share of sector spending is the second highest in the region, at 77%, yet private sector spending is on the rise. In 2008, the Thai government spent BT8.2bn ($246.8m) on health care while the private sector spent BT2.6bn ($78.3m). By 2015, the government was spending BT12.5bn ($376.3m) for health care, while the private sector spent BT4bn ($120.4m). Private hospitals have benefited from government efforts to provide universal health care. Local hospitals report having experienced sharp increases in patient numbers, and this has led patients with the financial means to seek treatment at privately run establishments. Private sector growth According to the data from the Health Service Support Department at the Ministry of Public Health in 2015, there were 343 private hospitals operating in Thailand, up from 321 in 2011. Around 40% of these were in the Bangkok Metropolitan Area. The private hospital sector has been undergoing structural change and the effects of this are becoming increasingly clear. Large hospitals which are able to expand rapidly are doing so through mergers and acquisitions and by expanding their commercial networks both in the Bangkok Metropolitan Area and in important regional centers, especially those in border regions. Thailand’s Medical tourism industry is largely driven by private hospitals. Some of the well-known private hospital groups in the country include: (i) Bangkok Dusit Medical Services, the largest private hospital group in Thailand which consists of six major hospital groups – Bangkok Hospital, Samitivej Hospital, BNH Hospital, Phyathai Hospital, Paolo Hospital and The Royal Hospital and (ii) Bumrungrad International Hospital, one of the largest private hospitals in Southeast Asia and the first hospital in Asia to receive Joint Commission International (JCI) accreditation in 2002. The above-mentioned private hospitals are also continually looking to expand their international reach through Memorandum of Understanding (MoUs) with foreign online health platforms or companies. For instance, Bangkok Dusit Medical Services signed an MoU with China’s Ping An Good Doctor in November 2018 and Bumrungrad International Hospital signed an MoU with Malaysia’s BookDoc in June 2018. New players such as huge conglomerate companies in Thailand are also increasingly interested in investing in healthcare. These investments are huge and tend to be concentrated in the Bangkok Metropolitan Region. Examples of investors include Pruksa Holdings (Vimutti Hospital, scheduled for opening in 2020), RSU Group (RSU International Hospital, also scheduled for opening in 2020), CP Group, and TCC Group. Convergence of public initiatives and private sector developments Through a number of incentives, the Thai government wants to capitalise on the market development of medical tourism. Thailand is shifting public policy towards creating an environment wherein medical tourists can access the country’s services with ease. Part of the government’s strategic plan to become a global medical hub involves the loosening of visa restrictions and the creation of smart visas. Extending visas from 30 days to 90 days for citizens of China along with those of Cambodia, Laos, Myanmar and Vietnam (CLMV) will increase treatment options and draw customers with the promise of quality facilities. The private healthcare sector will be expected to grow and become more competitive due to the entry of non-traditional players such as huge conglomerate companies. Additionally, some public hospitals have also noticed the potential opportunities and have developed services (e.g. specialist treatments or providing services outside regular working hours) that match the standards of the private hospitals. Piyamaharajkarun Hospital, part of the Siriraj Hospital network and the Somdech Phra Debaratana Medical Centre at Ramathibodi Hospital are examples of public hospitals which have followed this path. Challenges and conclusion Thailand provides universal health coverage to its citizens, which is great but comes with several challenges. Some of these big challenges include fiscal sustainability in the long term, maintaining healthcare service quality and the shortage of healthcare professionals to meet the demands of universal health coverage. There is also the existing urban-rural divide in terms of the provision and quality of healthcare. The clever and practical use of technologies could address some of these issues, but this also requires significant buy-in and commitment from the policy makers and public sector.

The Committee of Inquiry, which was convened on 24 July 2018, identified five key findings and a total of 16 recommendations for SingHealth and IHiS to improve its cybersecurity defences.

“I think the biggest trend (in healthcare) is towards greater integration. Traditionally, healthcare has been very fragmented, where many different groups serve specific clinical needs without necessarily coordinating with each other. But going forward, the trend is towards integration – not just of things like databases and systems, but integration of the way we process the data and how this influences the clinical workflow,” said Prof Ngiam Kee Yuan, Group Chief Technology Officer of National University Health System (NUHS) in Singapore, in response to what he thought would be the key trends that will impact healthcare systems in future. It was with the same motivation and mission to best use the healthcare data for research at NUHS that led to the building and development of the DISCOVERY AI platform, which started about four years ago and the platform was officially announced in July 2018. The platform is what Prof Ngiam describes as a ‘sandbox’ that allows the staff at NUHS to develop AI tools in a safe and equitable way – the platform is scalable and can be applied to more than one system within the organisation. “We saw the opportunity because we had datasets which were large enough to support the development of these AI tools. And one of the advantages we have at NUHS is that we have clinicians and allied health professionals who understand, and are willing to develop these tools. I cannot emphasise enough the importance of having the clinicians onboard throughout the development process.” Currently, a randomised control trial of a system as part of the platform is a free-text diagnosis machine at the Accident & Emergency (A & E) department. When doctors input a certain set of findings as part of clinical documentation, the machine would automatically provide a suggestion for a diagnosis. The team is exploring diagnosing appendicitis for a start. The trial is slightly under halfway through and Prof Ngiam hopes by the later part of 2019, they would be able to have results, which would be the basis for them to operationalise the AI tool. One of the early milestones for the NUHS DISCOVERY AI platform is its ability to sustain multiple proof-of-concept projects. With the platform, individual projects are no longer fragmented and there is the ability to aggregate, link and share large data sets. “It took us four years to get to this point and the next milestone for us is to finish our trials and to actually launch them as “software as medical devices”. Again there are some hurdles to get through before we get there but seeing where we are right now, it is very likely we should be able to get through them.” Prof Ngiam also pointed out that as the platform is unlike anything they had before and behaves like an advanced form of clinical decision support system (CDSS), which are not based on a set of rules but based on a set of complex trained weights and multiple factors that affect a certain outcome. Despite its complexity, the AI tools need to be thoroughly trialed before it can be used in routine clinical practice. “This is why we are running it as a trial now in the hospital. In essence, the platform is run under the ambit of a trial to mature the workflow and test the system under real world conditions. Operationally, what the doctors are doing during the trial is no different from what they would have done, except that we collect the data on the basis of the trial,” he added. Looking to the future, Prof Ngiam and his team is working towards completing the trials in 2019 and hopefully heading towards registration in terms of the platform being used as a medical advisory device.