In less than six months, the European-wide General Data Protection Regulation (GDPR) will transform how organisation are able to use, store and share consumer data. While this impacts every industry from retail to financial services, the already heavily-regulated healthcare sector will be hit particularly hard.
Disparate locations, a steady influx of patients, squeezed budgets, limited technology expertise and growing regulations, all make safeguarding personal data increasingly difficult for healthcare firms. May 2017's WannaCry cyber-attack was undoubtedly the biggest breach to hit a health organisation. In the UK, nearly 20,000 NHS appointments were cancelled, five hospitals had to divert their ambulances and several computers at 600 GP surgeries were impacted. Doctors and nurses even had to revert back to pen and paper.
The National Audit Office's (NAO) published its investigation into the WannaCry attack recently and revealed the NHS could have prevented the breach if it had basic IT security in place. Following an on-site cyber-security assessment just months before, NHS Digital had issued critical alerts warning organisations to patch their systems to prevent WannaCry as the 88 health trusts tested failed. Unfortunately, there were no formal processes in place to determine whether local NHS organisations had followed their guidance and whether they were prepared for a cyber-attack.
This illustrates the underlying issues healthcare firms like the NHS are facing with their existing IT. Sensitive data and weak processes mean healthcare organisations are a perfect target for cyber-attacks. Add new advancements like the Internet of Things (IoT) on top and those issues rise tenfold. This isn't helped by the limited IT budgets and even lower headcount. But if WannaCry is anything to go by, something has to change. It's time to find a better way to safeguard patient data without crippling consequences.
Most healthcare networks, subsidised or private, have widely dispersed facilities with countless doctors, nurses, home healthcare workers and administrators all trying to access patient information through electronic health records (EHR/EMR) and across disparate devices. This complexity isn't going away, but taking a centralised systems management approach can drastically simplify the management of IT systems, increase security and protect critical information across every device.
This strategy eliminates fragmentation and enables organisations to monitor all systems remotely and push out system patches automatically to devices across multiple locations. Also, having an easy to-use service desk means smaller teams can easily action service issues automatically, making sure that patient care is top of the agenda for doctors and nurses not an IT glitch.
For example, Green Clinic, a primary and specialty care network in the US, introduced a state-of-the-art electronic medical records (EMR) system to provide fast access to real-time patient information. However, the organisation's aging desktops lacked the required processing power and memory to support the new EMR system. It impacted the doctors and nurse's productivity, as they had to spend more time typing up patient notes than caring for the patients themselves. As with every network Green Clinic had disparate locations that forced the IT team to travel long distances to fix broken PCs, causing a huge drain on time and resources.
As a result, Green Clinic moved to a more centralised systems management approach, that allowed the team to remotely update every computer which sped up the deployment of the EMR system. Doctors could seamlessly access to data, diagnose patients more accurately and ultimately, provide higher quality of patient care. By automating the deployment of the new desktops and laptops, Green Clinic has saved an estimated US$ 20,000 (£15,000) and shaved 20 hours a week off of their IT Team works – all by automating routine tasks that were previously done by hand. Now IT has more time for strategic IT projects that add real value to clinical staff and patients.
Contributed by Adrian Moir, senior director, product management, Quest
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.