Staff Writer
One of Australia's largest juvenile justice departments will soon streamline its health services under a single Electronic Medical Record.
Justice Health Victoria is working towards implementing Global Health’s MasterCare Electronic Medical Record (EMR) in the support of clinical workflows across mental health, primary care, and alcohol and other drug services in its centres.
Specifically, MasterCare EMR will be used by Justice Health clinicians to handle clients’ medical assessments and management plans, along with the monitoring and measuring of on-going service activity outcomes.
MasterCare EMR comprises of an EMR and practice management solution with integration to MasterCare Data Warehouse for data analytics and ReferralNet for the secure exchange of clinical documents with external colleagues.
According to a spokesperson for the Department of Justice and Community Safety, Justice Health Victoria had multiple programs in place for its youth justice system, which all needed to be streamlined into one platform.
“This will ensure continuity in the healthcare services provided to young people in custody. Electronic medical records within the adult prison system are [and will continue to be] managed by Intrahealth,” the spokesperson told HITNA.
The initial deployment will see the Department of Justice and Community Safety business unit roll out the Global Health solution for these three service divisions across Melbourne. This includes Malmsbury, Parkville and other community outlets around Melbourne across the youth justice sector.
The Department of Justice and Community Safety spokesperson said the partnership came off the back of the Victorian Government’s $18.72 million investment for additional doctors, nurses and clinical staff to administer medication, as well as for extra allied health services.
[Read more: SA Health to overhaul EPAS | Bass Coast Health integrates clinical and administrative system using MasterCare EMR]
MasterCare EMR Product Manager Kye Cherian said the agreement will run for a minimum term of three years, with two further extension options.
“It’s important to note that our project with Justice Health does not end here. Global Health and Justice Health are committed to continuing the partnership in order to further improve client care and data capture to support the continued improvement of Youth Justice Health services in Victoria,” Cherian said.
Bass Coast Health also most recently equipped its healthcare facility with MasterCare EMR. Following rollout, the solution will be used by its clinicians to govern the assessment and management plans of clients, along with the monitoring and measuring of ongoing outcomes.
Australia is in an unprecedented period of technology innovation where data, analytics and artificial intelligence (AI) is impacting all sectors including the life sciences industry.
AI is defined as the broad field of new technologies that enable software to sense, comprehend, act and learn. It is disrupting how life science organisations operate and compete, while also accelerating the delivery of business outcomes in the ‘as-a-service’ economy.
Analyst firm IDC has predicted that the worldwide content analytics, discovery and cognitive systems software market will more than double from US$4.5 billion in 2014 to US$9.2 billion in 2019.
And using AI on the commercial side of the business offers tremendous opportunities.
In a recent Accenture survey, more than 90 per cent of life sciences’ executives recognised AI as important in driving innovation and achieving outcomes, such as hyper-personalised experiences, new sources of growth and new levels of efficiency.
So, what kind of use cases might arise? Accenture’s experience in AI shows just how broad the possibilities are with examples in commercial, marketing and sales operations as well as patient engagement:
SPEEDING UP COMMERCIAL OPERATIONS
By including AI as part of commercial operations, companies can automate processes that are repetitive and time consuming for staff. This could result in an increase in the overall process efficiency of the organisation.
Accenture’s experience shows that Robotic Process Automation (RPA) can increase work efficiency by 20 per cent and increase accuracy by 40 per cent.
For example, Medical Legal Regulatory (MLR) Review Automation uses RPA and machine learning to screen all MLR submissions in the identification and alerts of compliance issues before they reach reviewers.
This is made possible by the AI algorithm which can scan materials, identify possible gaps based on a checklist and make pre-approval recommendations based on precedents.
The benefits of using this technology is significant, as it notably speeds up the time to market and improves consistency because the process minimises human error whilst increasing the MLR reviewer’s capacity.
OPTIMISING MARKETING CAMPAIGNS
Perhaps the most mature use case of machine learning is the ability to leverage data science to create more personalised interactions with customers.
Today, applications can predict the next best channel, message and timing for customer engagement. AI has the ability to bring together data from across business units using technologies that automate tasks associated with traditional marketing activities.
This allows marketers to concentrate on higher order tasks such as developing a creative campaign, resulting in direct benefits such as improved customer satisfaction, retention and more sales.
Life sciences organisations also invest a significant amount in marketing promotions. Through AI, organisations can generate useful customer insights to ensure these efforts are highly targeted and generate ROI.
HELPING SALES REPS BECOME TRUSTED ADVISORS
The key to a company's’ sales success is building trusted relationships with the right prescribing doctors; so, having access to the right data can make all the difference.
Data such as the doctor’s prescribing habits, demographics of the area they serve, managed care impact on the drug they are selling and new treatments that are available is very valuable.
Most importantly, AI enables the pharmaceutical sales representative to provide personalised recommendations to the doctor. AI could enable sales reps to have greater insights into the prescribing doctors’ profiles and provide the right drug information including benefits, safety and side effects.
The technology could also make real-time content recommendations for a sales representative, tailored to where they are in the sales cycle, and greatly improve their chances of a successful outcome.
ENGAGING MORE PATIENTS
One of the biggest challenges healthcare practitioners face today is in the area of patient compliance, particularly in the case of chronic conditions.
Research has shown that during treatment of chronic illnesses, approximately 50 per cent of patients fail to comply with their doctors’ long-term therapy recommendations. Being able to improve patient engagement is an important area of focus for life sciences companies and one where technologies such as AI play a key role.
AI, when embedded in wearable devices, smartphones and tablets can be highly effective at keeping patients on track with their treatment pathway. Intuitive apps empower patients to self-manage their medication regimens and appointment schedules from their mobile or tablet devices.
When connected to cloud-based platforms, these technologies allow doctors and pharmacists to communicate with these patients to clarify their understanding of conditions, complex drug regimens and potential side effects.
For example, medical device company, Medtronic recently launched Sugar.IQ, a personal diabetes assistant exclusively available to Guardian Connect CGM customers on insulin injections.
The mobile app leverages the power of AI along with Medtronic’s diabetes knowledge. The app provides real-time information to the patient, helping them monitor their glucose levels and know when and how much insulin to use.
Another example is HealthTap, a World Economic Forum Technology Pioneer. It launched Dr. A.I., a personal AI-powered chatbot which operates like a ‘doctor’, translating a person’s symptoms into personalised, doctor-recommended courses of action.
Dr A.I. leverages HealthTap’s repository of data and doctor knowledge and, applies complex algorithms to shape clinical expertise and inform patients to the level of doctor recommended care.
KEY SUCCESS FACTORS
The best way to capitalise on AI’s potential is to start small, with highly targeted use-cases. Here are some guiding principles to consider:
Treat AI as a co-worker, collaborator, trusted advisor and enabler of rapid response to patients’ and the healthcare ecosystem’s needs
Ensure you have the appropriate budget and a task force to support AI development
Accept that failure is an option
Have enough data to draw conclusions or generate recommendations
Know what questions you would like your computer model to answer and what the next steps are once you know the answers.
If companies’ leverage the value of AI, they could propel themselves into a new level of efficiency, revenue making, customer personalisation and patient outcomes. Those that do not take on board these new technologies are at risk of being left behind, which may have profound effects on their business.
Dhannu Daniel is Accenture’s ANZ Life Sciences Lead.
Faxes have been used to send documents over phone lines since the mid ‘60s, and while many medical practices have changed since then, the fax continues on with many health systems still depending heavily on the technology.
The healthcare industry has begun understanding that fax can present a clinical risk when dealing with sensitive patient information as the faxed content can be misplaced or fall into the wrong hands.
Hence, replacing outdated fax machines with secure messaging systems has been a focus for some in the Australian healthcare industry as information sent via the latter is sent directly to the receiver.
But there is still resistance in the uptake of secure messaging even though there is a proliferation of medical referrals in the industry, requiring the use of secure messaging systems.
The Australian Journal of Medical Practice recently found that in 2014-15 alone, general practitioners made 15.9 referrals per 100 patient encounters, sending 9.7 million more referrals than in 2005-06, highlighting the scale of exposure to risk.
In addition, a Microsoft report in collaboration with Harvard Business Review Analytic Services, Embracing the Change Mandate: The 2020 Digital Transformation Agenda for Australia’s Health Care Sector, studied how a digitally augmented system could improve Australian healthcare and barriers to change.
The report found that 44 per cent of respondents said one of the top barriers to digital transformation was resistance to change.
As such, eradicating faxes in healthcare has been a key focus for the Australian Digital Health Agency (ADHA), with the statutory authority extending its its Secure Messaging Program across the industry over the last three years.
The Secure Messaging Program aims to help healthcare providers across Australia communicate quickly, easily and securely, and to reduce the sector’s current reliance on outdated technologies like the fax machine.
But even though a number of vendors do offer secure digital messaging services, interoperability issues and the lack of a universal format have resulted in hospitals like Ipswich Hospital, GPs and specialists still continuing to send referrals and discharge summaries using fax.
Late last year, a panel of speakers at the Wild Health Summit in Sydney stressed the importance of digital change, but supported the use of the fax machine, saying that the industry is still in its infancy in eradicating it and that its usage could still benefit some players in the sphere.
“We are quite conservative in healthcare. To rid the fax machine in a bigger network, we’re not there yet. There’s still a long way to go to have secure messaging systems rolled out and working efficiently in larger hospital settings,” UnitingCare St Stephen Hospital General Manager and Director of Clinical Services Darren Rogers said during the discussion.
“It’s hard to change a system that works a great deal of the time but a unified approach is needed for improving the quality and delivery of care.”
VIEWS OF THE INDUSTRY
The Royal Australian College of General Practitioners (RACGP) President Dr Harry Nespolon told HITNA that while some providers are using secure electronic communications more frequently, faxes are still required to communicate with parts of the healthcare sector that do not use electronic communications.
“For many years, the healthcare industry has been heavily dependent on paper, so moving away from paper and fax is a significant change,” he said.
“The majority of health services and government agencies communicating with general practice do not currently use electronic communication systems that are compatible with those existing in general practice, so the fax machine is currently as sophisticated as it gets with electronic messaging.”
[Read more: “Living in the dark ages”: NHS hospital trust launches ‘Axe the Fax’ campaign | UK’s Royal College of Surgeons calls out the NHS reliance on “archaic” fax machines]
Dr Nespolon added that there are technical challenges in searching for healthcare providers to communicate with and creating a solution for interoperability that supports communication across healthcare providers.
“General practices are often required to manually transfer information from their clinical or administrative systems into paper-based or online forms. This information is then sent to the relevant agency via an online upload, by post, fax, or via standard and unsecured email. Information leaving general practice through these methods requires significant manual processing,” he said.
“Most organisations fail to consider the implications and costs for general practices to manage information transfers safely, reliably and efficiently. The inefficiencies of current processes creates a heavy burden on GPs, diverting their time away from providing essential medical care for patients.”
According to Dr Nespolon, there needs to be broader support to adopt and implement secure messaging across the healthcare industry to make it a success.
“Faxed reports which are scanned into clinical records and saved as an image are not easily searchable. Standard and unsecured email is not considered suitable for routine communication between healthcare providers and patients due to inadequate privacy and security features, and because the content of these messages has to be copied and manually transferred,” he said.
“Information manually obtained from web portals presents similar issues. Documents received by general practice provide the most clinical value when they can be searched and interrogated by general practice clinical software.”
UPDATE ON THE SECURE MESSAGING PROGRAM
The ADHA is aiming to alleviate the problems associated with secure messaging systems.
Towards the end of last year, it held a workshop in Sydney for more than 50 State and Federal Government officials, industry stakeholders and international experts, to discuss the future of secure messaging and interoperability across the Australian health sector.
The workshop also saw the Medical Software Industry Association and ADHA ink a communique, committing to further collaboration on the adoption and implementation of secure messaging.
ADHA Chief Operating Officer Bettina McMahon said the deal was made to “implement a nationwide [secure messaging] solution that embraces existing solutions and unifies them seamlessly”.
[Read more: Victorian man dies alone after test results faxed to wrong number – coroner slams use of “antiquated” tech | RIP the fax: Successful secure messaging trials solve final problems heralding fax-free future for healthcare, ADHA says]
“Secure messaging is a foundational capability enabling interoperability and safe, seamless, and secure information sharing between healthcare providers,” she said.
“Nationwide adoption of secure messaging will enhance the security, safety and efficiency of clinical information sharing across all sectors – ultimately aiding the provision of better healthcare for the community.
“To realise this goal… the ADHA is working collaboratively with industry, suppliers of secure messaging solutions and clinical software vendors to reduce existing barriers to adoption and to provide pragmatic and implementable solutions.”
A key priority for the ADHA, moving forward, is the creation of a transparent, national directory of service providers – the equivalent of a national ‘yellow pages’ for all registered healthcare providers – that can be used for securing messaging, enabling healthcare personnel to easily contact each other.
The agency is targeting to deliver a “minimum viable product” by June.
“We will continue to work together collaboratively to strengthen and develop secure messaging and interoperability within the healthcare landscape, for the benefit of all Australians,” McMahon added.
The ADHA has also started working with HealthLink, Telstra and a range of healthcare providers in the development of solutions that allow secure messaging between healthcare providers with different clinical information systems messaging vendors, in a way that can be scaled nationally.
STEPS THAT NEED TO BE TAKEN
Global Health National Sales and Marketing Manager Deborah Hudson said with healthcare professionals and organisations just starting to scratch the surface of moving to a paperless system, the industry as a whole needs to come together to push for change.
“Although faxing has worked for some time, healthcare professionals are coming to the consensus that as an industry, we have outgrown the fax machine and its limited capabilities; there is a clear need to move forward and secure messaging is the answer,” Hudson said.
“As an industry we are all working towards the same goal. There are ongoing projects and working groups involving several different secure messaging vendors and clinical system vendors, all aiming to address interoperability challenges.”
Hudson said the integration of secure messaging was an initiative that needed to be directed by a collaboration between government and industry.
“The government has set national standards for health organisations and the industry as a whole will facilitate this. Like any industry, the healthcare industry will grow and adapt as technology improves.”
The next step, Hudson said, is industry working with clinical and practice management system providers to achieve better integration in exchanging clinical information.
“There are two main challenges we still face. Firstly, the need for all secure messaging vendors to be able to exchange messages between each other, such as the interoperability that now exists between ReferralNet and Argus,” she said.
“Secondly the seamless integration with other health software vendors’ clinical and practice management systems. As an industry, we need to work on these challenges in collaboration with the ADHA.”
Hudson said for the benefits of secure messaging to be fully realised in future, there needs to be in place a system that connects all health organisations and practitioners, allowing for the effective flow of information throughout the system, which then improves the overall patient journey and experience.
“With the support of governing bodies such as the ADHA and the RACGP we hope to be fax free by 2025,” she said.
“Secure messaging is growing quickly and organisations are seeing real benefits. As the volume of information exchanged and organisations using secure messaging grows we expect to see others adapting to the change quickly.”
The cybersecurity implications of medical devices have come under scrutiny, as the digitisation of healthcare reaches a wider net of professional, personal and public environments.
In the bid to consider and plan for an evolving cybersecurity landscape to maintain patient safety, the Therapeutic Goods Administration (TGA) has released a draft regulation guidance on cybersecurity for medical devices, in line with the existing regulatory requirements.
The Medical Device Cybersecurity Draft Guidance and Information for Consultation report calls for a clear regulatory environment for connected medical devices and identifies strategies to influence the approaches of those who use medical devices.
“Connectivity and digitisation of medical device technologies may help improve or increase device functionality. However, the connection of devices to networks or the internet exposes devices to increased cyber vulnerabilities that can potentially lead to unacceptable risk of harm to patients,” the report identified.
“These include denial of service or intended therapy, alteration of personal health data or alteration of device function so that it can cause actual patient harm.
“In 2016, the Australian Government released Australia’s Cyber Security Strategy, detailing priority actions to improve Australia’s general cyber security posture, alongside supporting the growth of the local cyber security industry… In line with this, the continued safety, quality and performance of medical devices impacted by cyber-related issues is the responsibility of the TGA.”
According to the TGA, operating environments are highly variable and cybersecurity risks are dependent on the knowledge, expertise and approach of the users of medical devices.
“A compliant medical device will only be as secure as the most vulnerable aspect of the system it is expected to operate in. Users of medical devices also have share responsibility for providing a cyber secure environment for these devices to operate in,” the report stated.
WHAT IS NECESSARY?
Key to the implementation of medical devices, according to the report, is the development of a “clear and well documented” risk assessment and business continuity strategy, where the goal is to develop an environment where risk to patients is minimised.
It includes an injunction for device manufacturers and users to develop a cybersecurity strategic plan, which includes a cyber specific risk assessment and response strategies.
“The plan should have clearly defined event response procedures that define the responsibilities of each department in the event of an incident, and emphasise the importance of each area being familiar with these procedures,” it said.
“The strategy will need to be revised as new types and classes of connected medical devices are added to the healthcare environment.”
[Read more: Is your healthcare ecosystem cyber resilient enough? | "Humans are not the weakest link": Shifting the cybersecurity narrative to fend off healthcare hacks]
Cross-functional collaboration is a tool that the report claimed is essential for effective cybersecurity control of medical devices.
The TGA said healthcare service providers should aim to facilitate an environment which drives cross functional collaboration between the biomedical, clinical support and IT teams, helping all areas develop a better understanding of the work completed within each team.
“The biomedical team should… engage with medical professionals within the healthcare organisation to help broaden their understanding of the operating profile of their devices, the technology under their management, implementation of cyber security controls and the associated risk,” it said.
Collaborative procurement is another area for improvement as updating procurement practices to ensure the purchase of appropriately secure devices will create greater demand for improved cybersecurity within medical devices, the report identified.
“[One way is to] incentivise procurement teams to work with IT and biomedical teams on the procurement of new medical devices to help ensure that cybersecurity is a measurable factor in procurement.”
The report also suggested that organisations develop an inventory and risk profile of the current state of connected medical devices, providing insight to vulnerabilities in the operating environment.
This inventory could include information such as the operation and purpose of a medical device, its secondary uses, who the primary users are, expected life-span of the device, support agreements in place and support for critical components.
The report also called for more general training for all staff within organisations to raise baseline security awareness and skills.
“Many professionals in the health and medical sector have received little training on cybersecurity. [Organisations need to] actively work to create a culture of cyber security awareness, vigilance and reporting, and regularly communicate potential cyber security issues,” it said.
Segmenting the corporate network from the biomedical network could also help improve cybersecurity attacks.
“Ideally, this should be done with an internal firewall. This will significantly reduce the risk of malware spreading from one network to another. Medical devices should be segmented into logical groups (manufacturer or modality) to reduce the attack surface. When possible, medical devices should be isolated,” the report said.
[Read more: World-first cybersecurity trial safeguarding medical devices from hackers to take place in Victoria | Tyde set to become the first digital health company to earn the government’s top cybersecurity accreditation]
In addition, it recommended that healthcare organisations consider implementing multi-factor authentication for staff access to networks, especially in areas of high traffic, and reduce privileges to only those required.
“Access to the network is critical for most medical devices, especially with an Electronic Medical Record (EMR) system. Ensuring that only authenticated access is provided is key but when credentials are compromised, it can be challenging to define authenticated but unauthorised access.
“So, regular reviews of network access should be completed. These must be managed to ensure usability of systems is not adversely impacted.”
The report also said that more focus should be given to securing medical devices themselves, instead of just to ICT equipments.
“Monitoring the internal and external environment for medical device abnormalities and cyber security threats is important to building a stronger cyber security posture. One advantage of monitoring medical devices is that their range of normal operation is narrow. This means that anomalies can be easier to spot in medical devices than ICT equipment,” it identified.
The TGA has invited industry, peak bodies, professional and consumer groups, and individuals to provide comment on the draft guidance. Submissions for comment close on 14 February and will be used to help inform the final guidance document.
Traditional ways of patient care need to be turned on their heads when it comes to implementing clinical genomics. They now require technology platforms that support data streams, according to an expert in the field.
Melbourne Genomics Health Alliance Program Manager Kate Birch, who will be speaking at the upcoming HIMSS19 conference in Orlando, told HITNA that the alliance is examining ways to make data support part of a standard practice.
In doing that, it aims to bring global knowledge to individual care for Victorians.
“We aim to do it through a few ways: both delivering the clinical tests where they’re indicated and also making sure that the data is put in a way that can be used for research in future,” she said.
“Patients are asked about their preferences in the use of that data at the beginning, so it means that we’re not just diagnosing patients now but can translate that data into the future as we learn more.”
The Melbourne Genomics Health Alliance was established in 2013, encompassing Victorian organisations across healthcare, academia and research to establish systems that support genomics in practice and producing evidence to guide genomic medicine in Australia and internationally.
“Every day there are new discoveries being made about genes or particular new patients and because we don’t have that genomic information stored, we can’t look into that over time and provide diagnosis in the future. That’s what we aim to reduce,” Birch said.
According to Birch, there are two schools of thought when it comes to clinical genomics – people who say clinical genomics will change everything in healthcare and those that say it’s all hype.
“Like most new technologies, the first promises are always an overblow. This is not going to completely change the way we think about the future health system but it’s going to have a significant change in care for a big proportion of patients,” she said.
“Melbourne Genomics sits in the middle. We’re trying to find the right genomic test for the right patient and when in that care that should happen. We have found that some particular clinical indications do make a difference into the future of these patients.
“But what’s important is that we don’t think the answer is in genomics all the time; it’s actually about finding the right conditions to use data from these tests for.”
DOING IT RIGHT
The Federal Government’s $30 million investment in funding for the Parkinson’s Disease Mission, which integrates clinical trials and genomics research led by the Garvan Institute of Medical Research, is one example to the potential of clinical genomics, according to Birch.
This involves the sequencing of genomes of about 1000 people with Parkinson’s disease over five years to potentially use the data to recognise unknown causes, identify biomarkers and assess if there are Parkinson’s subtypes to target with specific drugs.
[Read more: Genomics for all Australians could revolutionise crisis focused healthcare; governments urged to prepare | Genome.One seeks investors as it scales up for a 2018 trial of genomics in GP software]
Birch said another example is the use of clinical genomics in pediatrics for children suspected with genetic conditions.
“We’re finding that we get five times the rate of diagnosis at less than half the cost to the healthcare system. So, genomics will change things for patients by providing diagnoses more quickly and at a cheaper cost for the healthcare system.”
Joint partners that have collaborated in the work with children with suspected genetic disorders, Royal Children’s Hospital and The Murdoch Children's Research Institute, are leaders in the use of clinical genomic data, according to Birch.
“A lot of times, children who may benefit from a genomic test have been to four or five clinicians. Some of these children have lots of health problems but are still relatively healthy, while other children may end up in the ICU. So, the Royal Children’s Hospital realised that it needed a program that turns around these tests quickly for those who need them,” she said.
“That resulted in the creation of a whole new model of delivering genomics – acute care genomics, which has delivered on lifesaving genomics in the ICU.”
From this example, Birch said that it’s important to understand that implementing genomics is going to take a whole-of-system approach.
“You need to think across all of your systems and all of the players in these very complicated organisations. The other part is the technologies that underpin it. We’re dealing with massive amounts of data when we talk about genomics and we need the right technologies to be able to support it.
“It’s quite different to what the hospitals have done before in other areas – probably most akin to radiology in terms of the volume of data,” she mentioned.
THE WAY FORWARD
The Melbourne Genomics Health Alliance previously received $25 million in investment over four years from Victoria’s Department of Health and Human Services to ingrain genomics into practice, but Birch said there’s more that needs to be done in this space.
“We’re getting to the end of that four-year program now and we’re not quite done. We’ve seen other national implementation projects and those have taken 10 years or so to shift the system. So, we think we need another four years for this to be fully embedded,” she said.
“Clinical genomics provides a huge potential going into the future. As we generate more knowledge, we collect more genomic data and we understand it better.”
[Read more: Data analytics is the “gold mine” for operations improvement | How Sydney Children’s Hospital Network improved pediatric physiotherapy with telehealth]
Birch highlighted the way the US uses data for clinical genomics, especially in understanding the underlying mutations that has driven a particular cancer so as to find treatments for the molecular makeup of that particular tumour.
“This is the move into precision medicine and it’s going to change care in the future. Getting the technology to keep pace with the development in genomics is important to focus on in managing the data that comes out of it.”
Birch claimed that healthcare organisations are currently “incredibly interested” in adopting these technologies, but the only thing that’s slowing them down is the plethora of tech in the industry.
“We’re in the midst of EMR implementations across Victoria, which are big and involved projects that take up a lot of time and effort. So the appetite for clinical genomics is there, but we’re just one of many needs of digital support in health at the moment,” she said.
In improving this support, she addressed the need for industry, academia and governments to come together to supporting this future.
“The Victorian Government has made early investments into genomics and I would hope it sees the value in continuing those investments. Victoria has done a great job in positioning ourselves as a leader in this space and we’ve got a good opportunity to maintain that,” she said.
“In academia, we have big research organisations that are part of our alliance that hold the position to take advantage of the clinically generated data into the future. And as for industry, there are now some members moving into the space, but we could use further investments.”
Birch will be speaking about how a collaboration of hospitals and research centers in Victoria was formed to bring concerted effort to overcoming the challenges associated with clinical genomics and ways to implement it into everyday standard care at the upcoming HIMSS19 conference in Orlando.
Her session is on February 13, at 8.30-9.30am, and is titled Technology to Enable the Clinical Genomics Revolution in Australia.
The health sector has topped the list of notifiable data breaches for the fourth consecutive quarter, as identified by the Office of the Australian Information Commissioner.
In its latest Notifiable Data Breaches Quarterly Statistics Report, which captures data notification breaches received between 1 October and 31 December 2018, the Office of the Australian Information Commissioner (OAIC) said the private health service provider sector reported the most data breaches, accounting for 54 of the 262 breach notifications received.
Of these notifications, 54 per cent were the result of human error, including incidents involving communications sent to the wrong recipient, insecure disposal of personal information, or loss of paperwork or a data storage device.
Malicious and criminal attacks was the second largest source of data breaches from the health sector, at 46 per cent. Cyber incidents were the most common type of attack, accounting for 44 per cent, while theft of paperwork or data storage device was the second most common type of attack (32 per cent).
The OAIC said these notifications do not include those made under the My Health Records Act 2012 as they are subject to specific notification requirements set out in the act.
In addition, it stated that most of the health sector notifications in the period involved the personal information of 100 individuals or less (59 per cent of breaches).
The report also showed that the number of notifiable data breaches are on the rise. Between 22 February 2018 (when the notifiable data breaches scheme commenced) and March 2018, the sector reported 15 cases.
Between April and June that year, there were 49 cases and between July to September 2018, there were 45 such cases. The latest quarter’s results are the highest to date.
INDUSTRY RESPONSES
As one of the most data rich and vulnerable sectors when it comes to cybersecurity, the health sector faces a unique challenge of balancing security with accessibility to patient records, while at the same time, coordinating care that supports a patient-centric approach to healthcare.
Zscaler ANZ Country Manager Budd Ilic said it was becoming increasingly clear that traditional security solutions are no longer up to the task when it comes to protecting organisations.
“Our environments and architectures are now so complex it’s difficult, if not impossible for practitioners to effectively monitor their environments and is a contributing cause to incidents like these,” Ilic said.
“The growing usage of mobile devices and cloud-based applications and services means users are not protected, and internet gateways are unable to handle advanced threats.”
[Read more: Is your healthcare ecosystem cyber resilient enough? | "Humans are not the weakest link": Shifting the cybersecurity narrative to fend off healthcare hacks]
Ping Identity Asia-Pacific Chief Technology Officer Mark Perry said balancing security with customer convenience and employee productivity has never been an easy exercise.
“But, there is really no excuse these days as modern authentication solutions provide the means to secure the most common enterprise attack vectors without getting in the way of the employees, partners and customers who need access,” Perry said.
“As a result, IT professionals need to understand the value and effectiveness of the appropriate security controls for their businesses before taking a one-size-fits-all approach to protecting data.”
CQR Consulting Co-Founder and Chief Technology Officer Phil Kernick said the mix of human error and malicious attacks composing the source of majority of data breaches will see an “expensive enforceable judgement” against at least one Australian company which finds itself in breach of the legislation.
“If this should happen, there will be a scramble among businesses to adopt a heightened data security, risk and compliance culture, who until now may have taken a rather laissez-faire approach to their cybersecurity footing,” Kernick said.
"The good news is that Australian businesses will continue their mass migration to the cloud in 2019 and while the cloud is not without its vulnerabilities, the security measures which cloud providers offer as standard will be a positive step forward."
Aura Information Security Australia Country Manager Michael Warnock agreed and added that the healthcare industry should understand the data risk if insecure cloud practices aren’t addressed with robust security measures and ongoing workforce education.
“Many [organisations] will remain a happy hunting ground for cyber criminals as company management continue their reluctance to allocate investment for high-tech protection. At the same time, they don’t expect an attack to happen to them, so they refrain from elevating the issue on their training agendas,” Warnock said.
“The harsh reality is, cyber attacks will continue to grow in both frequency and complexity over the coming year. [Organisations need to] implement ongoing training to teach employees to recognise potential threats, adopt responsible data protection behaviour and allocate sufficient funds to cover protection measures commensurate with their risk profile.”
[Read more: Greg Hunt announces legislative changes to tighten privacy and security protections for My Health Record | Tyde set to become the first digital health company to earn the government’s top cybersecurity accreditation]
LogRhythm Asia Pacific and Japan Senior Regional Marketing Director Joanne Wong addressed the need for healthcare providers to take a more holistic approach to cybersecurity and practice good IT and security hygiene such as patching systems and applications, updating and modernising their systems, applications and infrastructure, and controlling access to only those that need access.
“They also need to be able to validate identities, and encrypt or apply other safeguards to critical business systems and data,” she said.
“There’s no doubt that any company having anything of digital value will eventually be compromised. The question is, how fast can a security operations team detect these compromises and neutralise threats? Businesses don’t stand a chance without sophisticated analytics and modern workflow automation that can drive accurate threat detection.”
LOOKING TO THE FUTURE
SailPoint Chief Product Officer Paul Trulove said with only four OAIC notifiable data breaches reports issued and spanning a period of less than a year, it’s “impossible to determine” if these patterns will continue into the future, especially as Australian businesses continue to learn how to report breaches.
“Health service providers are a gold mine of valuable personally identifiable information for cybercriminals, especially as more health information is digitised,” he said.
Trulove added that the report findings highlight that healthcare has a long way to go to improve its security posture.
“The report reiterates that an organisations’ users have become the easiest route into an organisation for hackers. This is a trend we do not expect will ease up, as hackers now know that users offer them the keys to the proverbial kingdom, once compromised,” he said.
“The most secure path forward for organisations today continues to be taking a comprehensive approach to security, one that puts identity governance at the centre, ensuring visibility and governance over all users and their access to all applications and data.”
WatchGuard Technologies ANZ Country Manager Mark Sinclair said for healthcare organisations to stay out of these quarterly reports, they will need to have in place business continuity plans and a “well-balanced cybersecurity strategy”.
“This strategy will spread funds across threat prevention, detection and response, user education, business continuity and disaster recovery,” he said.
“And why not test that plan in 2019 to see your technology and employee response in the event of a disaster? Prior preparation could be the difference between picking up the pieces and closing your doors.”
An Australian-developed app is combining mobile phones with telehealth principles to bring burns sufferers fast, accurate and secure specialist advice from clinicians.
Telehealth researchers from CSIRO’s Australian e-Health Research Centre have collaborated with the Fiona Stanley Hospital, part of the South Metropolitan Health Service in Perth, to develop and pilot this mobile app – Mobile Image and Communication Exchange, named ‘the MICE app’ for short.
As recovering from a burn can be a slow process, the Fiona Stanley Hospital runs a Burns Early Discharge Programme for patients to leave hospital and receive ongoing care from home.
The MICE app is being trialed as part of this program to let a visiting nurse take photos of the patient’s wounds and send those photos to clinicians and specialists for ongoing monitoring and advice without having to visit hospital.
The specialist can then take a closer look at the wound and send back real-time advice on clinical decisions and treatment through the app, enabling the visiting nurse to administer immediate care to the patient.
CSIRO Senior Software Engineer Janardhan Vignarajan told HITNA that the app aims to reduce unnecessary patient wait times, enable them to receive quick and timely specialist advice, and bring efficient healthcare to remote Australians.
“For people with burn injuries, getting fast and appropriate treatment is critical. But some patients live far from the closest burns specialist. So, digital technology can help bridge the gap in healthcare delivery for people who live far from medical care,” he said.
“Burns can also take a long time to heal and patients need ongoing advice to support their healing process, which the app helps with.”
The MICE app also complies with patient confidentiality requirements, only storing treatment advice and images in the hospital’s systems, while automatically deleting a patient’s burn photos from the phone used.
“Patient’s images stored in a clinician’s private phone raises lot of issues related to confidentiality. Our MICE app has been developed with patient care in mind, while also alleviating privacy, security and data integrity concerns that come with using mobile phone images,” Vignarajan said.
“The image and related diagnostic data needs to be stored and archived for future references but doesn’t need to remain on a mobile device. The MICE app solves this by allowing the records to be stored where they should be – secure within a hospital IT system.
“The technology behind the app ‘talks’ to internal hospital systems and protect patient’s images, which is a huge leap towards improving Australian healthcare.”
[Read more: New burns app gives instant assessment of scars | Australian developed spray-on skin for burns treatment seeks FDA approval]
CSIRO Australia intends to soon extend the use of the MICE app to patients instead of just clinicians.
“At this stage, our focus is to enhance communication between specialists, doctors and healthcare workers by providing the app to these health professionals. But we are working on ways to deliver this technology to patients themselves,” Vignarajan said.
Vignarajan also mentioned that there’s potential for the app to reach other areas of specialist healthcare, such as wounds or dermatology.
“Wounds can be monitored by viewing previous images taken from different time points. This is very important for a proper treatment. By allowing a close look at the image in an easily accessible and secure platform, the treatment can be provided efficiently without delays,” he said.
Data is a critical asset in the healthcare industry – our medical professionals rely on accurate and up-to-date clinical information in order to best assist patients. But in Australia, there have been concerns around the use and management of this data in healthcare.
There is an ongoing debate surrounding the security of the government’s digital record-keeping system, My Health Record. This has been compounded by the Australian Digital Health Agency (ADHA) recently reporting 42 breaches which affected My Health Record during the 2017-2018 financial year.
Following this, critics have called for the full rollout of My Health Record to be further delayed in order for the platform’s architecture to be better assessed – if it’s simply a ‘honey pot’ of personal and compromising clinical data or can the potential for privacy breaches be limited to an acceptable level?
The My Health Record conversation is following a familiar pattern: a debate between privacy and innovation. The question is whether the benefits of data sharing, collaboration and open innovation can be balanced against concerns about security, identity, trust, governance, consent and transparency.
This debate has brought the value of clinical data, and the need to protect it, into sharp focus across the industry and Australia at large. And as the healthcare industry is digitally disrupted, there’s no doubt that sustaining technological innovation will be critical to maintaining both national and international standards.
BLOCKCHAIN AND SMART CONTRACTS
One of the concerns around My Health Record is its centralised record system that could potentially be viewed by anyone with access to login credentials. Is there technology available that could securely store clinical data, ensuring only the right people can access only the information they need, when they need it?
Blockchain could very well be part of the solution. The much-lauded digital distributed ledger-based technology, originally deployed to underpin the exchange of cryptocurrencies, has the potential to revolutionise the use and protection of clinical and personal data across the board.
In international markets, for example, blockchain is already being trialled for processing insurance transactions.
The healthcare industry, at large, is bloated with cost, red tape and inefficient protocols for verifying and handling transactions. There is little doubt that blockchain could become the favoured method for conducting, verifying and recording secure online transactions, without a middle man.
What blockchain offers to organisations is the ability to simplify and automate processes, including verifying, handling, and authorising payouts using predefined parameters. This could all be done using a permissioned distributed ledger, with the added benefit of securing customer data in the process.
As an example, insurance provider MetLife is trialling an initiative in Singapore with a blockchain-based parametric insurance product for expectant mothers with gestational diabetes. The technology allows the patient’s condition to be confirmed by their OB-GYN via the smart contract system. Once the patient’s condition is verified, their payouts can be expedited and automated to ensure the expenses aren’t out of pocket.
This example showcases how blockchain can streamline and automate interactions between health insurance stakeholders, resulting in reduced costs and improved transparency. Clinical and user data can also be secured via a blockchain, with the addition of tools like digital wallets, keys, and signatures.
Utilising these tools in conjunction with blockchain constructs and approaches, users can have the ability to maintain more control over their information, revoke access as desired and ensure that only authorised people have access to the right information, which may also be encrypted as needed.
THE FUTURE POTENTIAL IN AUSTRALIA
While international organisations are demonstrating the potential for a worldwide digital overhaul of the healthcare industry using blockchain technology, there is still a long way to go in Australia.
Countries like Estonia are setting the bar with an increasing number of national services opting to use blockchain to carry out transactions. However, the technology remains in comparative infancy in Australia.
The relatively slow uptake of the technology is further fueled by the recent declaration from the Australian Government’s Digital Transformation Agency (DTA) that, while the technology has potential, it still requires compelling evidence that blockchain can deliver better value for government services.
In addition to concerns about the security of digital records, many Australians are also frustrated by the cost of private healthcare, the time it takes to process claims, and the changeability of their insurance cover.
As shown by MetLife, the use of blockchain-powered smart contracts has the potential to remove the middleman in transactions, enabling a more secure, efficient and cost-effective outcome for the end customer.
This further supports the use of blockchain to optimise the handling of clinical data and deliver on outcomes in the healthcare industry.
Nelson Petracek is the Global CTO of integration server software company, TIBCO.
The current processes around many clinical information systems are “not patient or GP-centred” and is “highly inefficient and frustrating for general practice”, according to a report by the Royal Australian College of General Practitioners (RACGP).
The RACGP Practice Technology and Management report claimed that current clinical information systems (CIS) tend to be a “heavy burden for GPs and their teams”, diverting their time away from providing medical care for patients.
As such, the peak lobby group for GPs is calling for industry to meet a number of general practice CIS requirements to improve usability in the collection, management, use and sharing of information and deliver on efficient patient care.
The report outlines recommendations for better digital patient health records, systems to improve the exchange of patient information across the healthcare sector, patient consent in the secondary use of their data and amplified information security.
RACGP said with the increasing use of shared care models and the potential increase in use of My Health Record, the quality of information is now more important than ever.
“No longer serving only individual GPs or practices, information in a patient’s health record is likely to be shared between, and relied upon by primary, secondary and tertiary healthcare services, and the patient themselves.
“Maintaining high-quality health records is not always regarded as a priority by general practices or GPs. Competing demands on busy clinicians and practice staff means the importance of quality health records is often overlooked, and some may not be aware of what is expected of health records,” RACGP reported.
To improve usability, it recommended that CISs facilitate the input of data by displaying core clinical information in a way that makes it easy for users to access and view, adopting a GP reference set for core general practice data, aligning with clinical workflows and enabling structured data entry.
As for the communications of health records, RACGP said all electronic communications must correspond with secure data handling principles to protect patient privacy and confidentiality, and that any electronic communications sent externally must be capable of seamlessly populating with existing data from the local CIS.
“Despite most general practices using electronic clinical and practice management systems, patient information is still being faxed, mailed in hard copy or provided in an electronic format not compatible with clinical software,” the report identified.
“In most circumstances, when patient information is transferred to a general practice, the details need to be manually transcribed into the local CIS. This is not only very time consuming, but also results in a significant risk of transcription error.”
[Read more: RACGP claims gaining patient consent for My Health Record uploads is not the job of doctors and calls for improved incentives | There’s “a long way to go” before we eradicate fax in healthcare: panel]
As for the challenge of patient consent for secondary use of general practice data, RACGP suggested that CISs must allow users to record patient consent for the secondary use of both identified and de-identified data in a secure manner and provide opt-out mechanisms to exclude patients and healthcare providers who do not want their data or subsets of their data shared for secondary purposes.
“General practices are custodians of patient data, with a responsibility to ensure it is accessed and used appropriately. Practices must protect patient rights and privacy when providing data for secondary use.
“This will be aided by implementing policies and procedures specifically for managing requests for access to data which can be supported by CIS,” the report stated.
RACGP also addressed the need for beefed-up security requirements within a CIS, recommending identity management and access control frameworks consistent with industry best practice, as well as mechanisms to ensure software currency. It also identified the importance of being able to back up and recover data either natively or via a third-party product.
“CISs should support quality practice in terms of identity management, access controls, role-based permissions, software redundancy, failover, data security, audit trails and in maintaining software currency,” it identified.
“Information security is critical to the provision of safe, high-quality healthcare and the efficient management of a general practice. It is a fixed cost of doing business, and requires adequate allocation of financial and human resources to ensure business continuity and the protection of information assets.”
According to RACGP, designing CIS to support general practice can be challenging, as a balance is required in the design of CIS between comprehensiveness and utility.
“If CIS are too complex, with too many detailed structure and content requirements, users often take shortcuts (e.g. avoiding documenting what they consider to be less relevant types of information),” it said in the report.
[Read more: Better access to health data could save $3bn and improve Australians’ health | What’s needed to drive innovation and improve affordability in healthcare?]
It addressed the need for the transfer of information between care teams, across disciplines and between care sites in modern healthcare delivery models to alleviate challenges.
“As the volume of information generated and held within CIS grows, it is becoming increasingly difficult for systems to respond to the needs of GPs and patients as part of normal clinical workflows,” the report identified.
“For GPs to work safely with any CIS, information needs to be collected, managed and used in a standardised way, which will also contribute to creating a positive user experience.
“There is now growing recognition from users and developers that a set of minimum requirements could, in the future, become standards governing the design and development of CIS,” it added.
As Australia goes through the inevitable digitisation of hospitals, moving away from paper into the digital environment, data-driven approaches are key to informing system evaluation and redesign, improving flow through hospitals and delivering improved patient outcomes.
CSIRO Australian E-Health Research Centre Principal Research Scientist Justin Boyle told HITNA that this digital environment is a “gold mine” for the industry in terms of improving hospital operations and offering better, more personalised patient care.
“Data analytics is not just icing on the cake as a nice-to-have, but in the current climate of value-based care and performance frameworks in hospitals, particularly in the areas of safety, quality and access in the face of a tsunami of patient demand, there is an urgent need for analytics-based solutions to deliver high value care,” he said.
According to Boyle, who will be speaking at the upcoming HIMSS19 conference in Orlando, to meet this demand, healthcare organisations need to work on strategies that will help “decongest the patient flow system”.
“There is no one silver bullet that can solve all problems and implementing several capacity management strategies is a good point to start. Most hospitals in the public system have low numbers of beds per capita, so given that constraint, we need to figure out how to use data to improve flow efficiency and productivity.”
As capacity management is one of the more visible barometers of the performance of a health system, Boyle said “statistical rigour” needs to be put into analytics of patient flow, but it also needs the engagement of clinicians.
“It needs to start with behaviour changes within an organisation. Clinical champions are needed to get staff behind an initiative as the early stages can be hard. It’s also important to have a solution that’s scalable and personalised to an organisation's needs,” he said.
“There are three steps to this: determining the predictive accuracy of a particular tool, embedding it into workflows, and as a result, enabling healthcare professionals to make better decisions in support of clinical judgements.”
Boyle provided a few examples where data analytics can come into play to improve clinical workflows:
The first is to use historic clinical data to get efficiency improvements. He suggested healthcare organisations look at target occupancy rates for hospitals as it’s not a “one-size-fits-all” approach.
“It’s important to have targets that are specific to hospitals that allow us to identify specific occupancy bottlenecks where flow performance declines. The whole goal is to avoid patients waiting and adverse outcomes that include mortality,” he mentioned.
[Read more: To deploy AI tech, healthcare needs to first be data literate | Ambulance Victoria aims for better resource allocation with predictive analytics tech]
Another approach is by accelerating the time of patient discharge. Boyle said this is based on the idea that patient flow can be improved when patients are discharged an hour or two earlier, which is then quantified by the impact it has on the emergency department.
“We can’t add more beds so we need to look into what else we can do, such as analyse situations around discharge timing or the configuration of beds.”
Predicting demand is the third approach.
“What we do here is forecast patient arrivals and departures resulting in hospital preparedness. For example, we work with health departments on early warnings of outbreaks like influenza from a number of data sources. So in this case, being aware of the timing of the flu season and its magnitude from numerous data sources could provide early warning,” he said.
MOVING INTO THE FUTURE
Boyle said there’s potential for this technology within areas such as telehealth, mobile health and genomics as the intelligence derived from the data enables clinicians to prescribe healthcare that’s targeted to individual patients.
“It’s great to get insight about what happened last week or is happening now, but the aim should be to use this data to predict what is going to happen in future,” he said.
“Looking at things like vital signs data that are recorded routinely within the digital environment, for example, will provide lots of potential in future. Not feasible in the paper environment, this would provide a significant advantage with regards to early detection and risk stratification.
[Read more: Engaging the power of data for smarter drug development and clinical trials | How Sydney Children’s Hospital Network improved pediatric physiotherapy with telehealth]
“In the long-term, this may support the delivery of advancements like clinical genomics, where genome-based outcomes can be tailored to an individual.
“But in the foreseeable five-year future, data analytics will revolve around delivering care for a specific patient – so using their health contact data, social media data and internet footprint as useful indicators will aid in personalising their healthcare experience.”
Boyle mentioned that the biggest challenge, looking into this future, is the change management that needs to happen to make it work – who needs to use that information, what time they need to use it, and workflow procedures that need to be created from it.
“Sustainably embedding solutions into business-as-usual workflows is the greater challenge compared to the mathematics of developing and validating predictive models,” he added.
Boyle will be joined on stage by CSIRO Australian E-Health Research Centre Senior Research Scientist Sankalp Khanna and together, they will be presenting on the topic of Deriving Value from Patient Flow Analytics at the upcoming HIMSS19 conference in Orlando. Their session is on February 14, at 8.30-9.30am.