We are in a new era of personal technology. With the rise of data-driven consumer experiences we are all more connected, more mobile, more tech savvy than we've ever been before.
High-speed internet is a commodity we all depend on like water or electricity. The Internet of Things (IoT) has arrived and connected technology is all around us – from wearable payment devices to smart thermostats to internet-connected appliances.
These new consumer expectations have reached a tipping point. Broadly, consumer-driven experiences are disrupting traditional businesses. As end users, consumers are demanding intelligent, personalised digital moments that are increasingly proactive and intuitive.
The tipping point - Healthcare challenges range the entire care continuum
Consider the digital challenges within health context, across the patient, clinical and healthcare organisation experience. We start with the patient/consumer experience: “Why is it so hard to navigate the health system?”
Patients as consumers now expect ready access their information and the ability to manage it themselves, often wanting health to be more like online banking. In dealing with healthcare providers, patients do not want to feel like they’ve disappeared into a digital ‘black hole’. They are seeking both digital and human connections in health service delivery.
Simultaneously, clinicians are often frustrated by multiple systems and sign-ons; drowning in data but not getting useful insights that may assist clinical decision making. With an unfulfilled desire for technology to be mobile, support workflow and facilitate connection with colleagues, clinicians are left wondering “Why doesn’t technology seem to make my job any easier?”
Finally, healthcare organisations are seeking to implement new models of care, but are often busy juggling patient demand, workforce shortages and quality issues. There is also the ever present and escalating threat of cyber-attacks.
Digitisation is not transformation
Many healthcare organisations have started the journey of transforming, beginning with digitising core systems of record. While there are certainly benefits from digitising the current state, including legibility, accessibility, availability and security, these initiatives themselves don’t constitute transformation.
Digitisation is however the right place to start. It is a fundamental building block for systems of insight, where information can be aggregated from multiple sources, creating a holistic view and insights that reveal past performance, facilitate real-time decision making, and predict issues before they arise.
Transformation realises its potential when systems of engagement place these insights into the hands of end-users who can make decisions and take action. Modern systems of engagement involve familiar and intuitive experiences, on mobile devices that support workflow, and which embed communication and collaboration capabilities. Healthcare providers can support new models of care with these configurable, flexible tools.
AI is technology’s most important priority, and health care is its most urgent application”
Satya Nadella, Apr 2021
Healthcare is data rich but insight poor, and increasingly recognised by bigtech as a candidate for digital transformation.
Drumbeat.ai – proof that innovation doesn't need to be huge scale
A meaningful example of using AI on a modest scale is Drumbeat.ai, tackling health access and equity issues in Aboriginal and Torres Strait Islander communities. This project demonstrates how AI can be used to evaluate medical data and speed up the ability to make a diagnosis.
With Drumbeat AI, nurses in rural and remote settings can upload images of a patient's ears and the AI algorithm presents a score which indicates the risk of hearing loss. They can refer a child, if required, to an ENT doctor or they can initiate treatment to minimise the gap between assessment and action.
How can health organisations ethically and responsibly leverage data?
Having a good data strategy is essential for success, but it doesn't happen accidentally. Organisations need a clear description of the problem that they're trying to solve before embarking on using data. Without this clarity, digital transformation projects can waste scarce resources (time and money) and deplete enthusiasm for these projects amongst clinicians.
It is important to recognise that, just because an organisation holds data, it doesn't mean that the data can be lawfully used. So, the first task in a journey to digital transformation should be to identify what data the organisation holds or intends to use, and any technical or legal constraints that apply to that data. This may require a process of identifying the data lineage of the datasets over an extended period during which it was collected. A privacy impact assessment is an excellent tool for identifying privacy risks and recommendations for mitigating those risks.
The Therapeutic Goods Administration (TGA) regulates medical devices including software as a medical device. This is software that functions as a medical device in its own right and software that controls or interacts with a medical device. Recent reforms have sought to balance the need for safety and efficacy of these devices while not inhibiting innovation in the sector. Another early task in the journey to digital transformation is to consider whether the software solution being assessed by an organisation is, or needs to be, registered with the TGA.
People are also critical to getting digital transformation right. It is hard to overstate the value of medical knowledge and wisdom in the use of data.
Clinicians have important insights for designing systems so that they will be useful and used by clinicians. Ultimately, this will drive the uptake of the technology in an organisation.
Patients are a critical group in an organisation's data strategy. Meeting community expectations about the use of data is a different question to whether the system is legally compliant. Failure to meet community expectations about management of data may cause or contribute to the failure of a project and may erode trust in the organisation. Trust is fundamental to the way that patients interact with their healthcare providers.
What about cyber security risks?
In the last financial year the Australian Cyber Security Centre (ACSC) received 166 cyber security incident reports for the health sector, an increase from 90 in 2019. Globally, around half of hospitals experienced an IT shutdown in the first half of 2021 as a result of a cyber-attack. According to IBM, the average cost of data breach is US$4.35m.
Many healthcare organisations are saddled with legacy infrastructure – around 22% are using end of life systems. 83% of medical imaging devices still rely on legacy technologies that are too old to update. All of this means lots of unpatched and vulnerable systems.
The healthcare industry also uses increasingly complex supply chains including outsourced IT services, logistics, medical equipment suppliers, government agencies, and pharmaceutical companies. The more links in a chain, the greater the surface area for cyber-attack, as hackers will target the weakest link.
It is in this fraught environment that healthcare organisations are engaging in digital transformation.
What can healthcare organisations do to manage the risks?
A key action is to implement a cyber resilience plan. This should be incorporated into the broader enterprise risk management framework, so that cyber security forms a fundamental aspect of the organisation's approach to crisis management and disaster recovery. Cyber resilience can be enhanced by:
- implementing cyber security governance across the organisation, from the board and executive level to employees;
- acknowledging that security is not just about products but about people and processes and embedding a security-by-design and security-by-operation culture;
- developing a data breach response plan addressing technical, operational, insurance, reputational and revenue implications, and processes for escalation and compliance requirements;
- regularly testing and updating data breach response, business continuity and disaster recovery plans;
- raising cyber awareness and capability across the organisation;
- reviewing the organisation's insurance policies for cyber liability coverage;
- considering the organisation's cyber expertise and its cyber-attack monitoring and detection processes.
The team at MinterEllison can support you through your digital transformation, wherever your organisation is on that journey.
Our team provides privacy and cyber law compliance advice and analysis, including:
- privacy and security impact assessments,
- the development of policies and procedures to achieve legislative compliance,
- advice on TGA registration requirements,
- IT and data processing contract reviews and negotiation,
- data breach management and
- insurance advice.