The changing face of technology in healthcare

I recently had the pleasure of presenting at the annual Evolve user conference. It was a fantastic event with great representation of CIOs and CCIOs from many of the leading healthcare Trusts in the UK and Ireland.

Each of the CIOs who attended are the technology leaders within their organisation and have the privilege of being responsible for an ever growing range of systems, services and people. What was clear from speaking to the CIOs at the event was that being a CIO is no longer just about managing the “IT department” or running an isolated cost centre within a hospital. It is now a key function within and beyond the organisation that is a strategic driver of change. It is at the centre of the business and responsible for much of the innovation and agility required to enable increased efficiencies and the delivery of better outcomes for patients.

To do this, todays CIOs need to be looking ahead to ensure they are equipped to be this driver of change. They need to be looking at what the new and emerging technologies are and how they can start to pivot towards adoption of these. But this is not easy. The technology landscape in healthcare is infamously very fragmented and diverse. There are the challenges and limitations of existing legacy systems, often with ageing infrastructure and a shortage of skills. Then there is learning how to navigate the endless possibilities of today’s disruptive technologies, not to mention anticipating the advances in tomorrows technology that can often appear to be so close but in many cases is often still faraway.

But a technology-only view is not enough. Among many other things, CIOs need to also be considering how they address the mounting challenges around information security and privacy, how they leverage the growing opportunity of the cloud, how they evolve their team and the culture around them to embrace change and new ways of working. Importantly, they also need to be thinking about the approach they will take to delivering new digital services to their users. Adopting traditional waterfall or even more modern agile techniques are in themselves not the answer. To achieve better outcomes they need to be delivering services that are at their core based on understanding and addressing the needs of their users. To do this they need to adopt user-centred design.

User-centred design

User-centred Design is not a new thing. We have seen this approach being successfully adopted in many central government projects for a number of years. This approach has been central to the creation of many fantastic services that are transforming how citizens consume public services such as MOT modernisation for DVSA and transforming Individual Electoral Registration for the Cabinet Office. At the heart of each of these services has been the GDS Service Manual, which outlines an approach that is driven by data and user insight.

All service design must start with speaking to the people who will use the service. This will ensure the needs of these users are understood and documented, from the beginning of their journey to the end. It is also important to consider what others services, processes or infrastructure are needed to support the journey of the users. This process is called Discovery and is an essential first step in building any new digital service. The next stage is Alpha, where prototypes of the services are typically built and tested with users. This stage will identify if the user needs are being addressed and highlight any problems with the service and how best to overcome them. If Alpha is successful the process will move to Beta where a working version of the software is created and tested with a broader group of users. Before moving the service into Live confirmation is required that the user needs identified during Discovery, Alpha and Beta are addressed. Furthermore, it is necessary to demonstrate how the service will be supported, measured, secured and made accessible to its users.

We are now seeing these same principles making their way into healthcare. NHS Digital have created their own NHS Service Manual which follows many of the principles of the GDS Service Manual but optimised for healthcare. The recent policy paper from Department of Health & Social Care goes further and puts user need at the top of their four guiding principles stating that “every service must be designed around user needs, whether the needs of the public, clinicians or staff”.

When you says these things out loud they all make sense and the evidence is there that these approaches work but putting them into action is not always easy. It will mean a different way of working for many, especially within healthcare where this has not been the approach that has been historically adopted. So the next time you are considering implementing a new service, stop and consider how this being delivered. Is it being delivered iteratively and putting the needs of your users first? If not, stop and ask yourself why.

Technology

There is some technology that I believe will help shape the future of healthcare and there is a lot of technology that I feel probably won’t (Blockchain, I’m looking at you). I’m going to discuss the technology that will.

Cloud

About 3 years ago I presented at the same conference and the main focus of my talk was cloud. At the time cloud was mainstream in many industries but not in healthcare. AWS and Microsoft didn’t have a presence in the UK, NHS Digital still didn’t have a cloud policy and to make things more challenging they still held a position that organisations in England could only process and store data within England.

My message at the time was that I seen cloud as big part of the future of healthcare and within Kainos we would increasingly be adopting a cloud-first policy . This was well received by some of the more forward thinking CIOs who could see the many benefits, but there were still a number who strongly questioned my view. It was a good debate.

Three years later things have moved on, yet for some challenges remain. AWS and Microsoft both have a presence in England and NHS Digital have clarified their positioning around cloud. This has helped a-lot and CIOs now generally realise the benefits, whether these be an improved security posture, moving from a CapEx to an OpEx model or the reduced operational responsibility that the cloud can bring. However, it is interesting that even now the cloud still comes with challenges for some. There are still perceived challenges around security, uncertainly on the impact to local IT staff and more immediate challenges like how to get everyone access to a decent PC with a battery that works, on a network that is reliable, never mind moving systems to the cloud. I agree with the later and this is something the Secretary of State for Health and Social Care needs to find a way to address to avoid things like this blocking future innovation.

It is also interesting to observe the changes to the cloud landscape over the last three years. Three years ago it was mainly about lifting and shifting on-prem solutions into the cloud and managing those vm’s and the associated infrastructure in the cloud. This is still very much a thing, but it is changing in front of us now. The consumer no longer wants to (or needs to) think about the infrastructure that underpins their service. We are moving to a world where everything is provided as a service — or “Anything as a Service”. This applies at all levels. For example, a CIO who subscribes to a cloud service for one of their applications does so because they do not want to worry about how to manage the infrastructure behind the service. Equally, the vendor who provides the service does not really want to worry about the infrastructure that underpins their own service. As someone who is responsible for managing a service in the cloud I want to use as many cloud services as I can and shift as much responsibility onto the cloud vendor. Doing so means I don’t need to worry about managing my databases or the storage for my content. But this is just the start — the next generation of applications and services wont even use VM’s. Everything will be written as functions using services like Azure Functions or AWS Lambda. This will eventually replace VM’s. This is called Serverless and it is the future of cloud computing. In three years time when I’m hopefully presenting back at the same conference I expect adoption of Serverless to be more mainstream.

Artificial Intelligence

Artificial Intelligence and machine learning are not new concepts — they have been around for many decades, but have mostly been on the periphery of the business. I believe that now is the time for AI and Machine learning to move into the main stream as now for the first time the technology has caught up with the opportunity. This has been fuelled by the movement in the open source community, providing wide scale access to approaches and techniques not seen before and secondly the large cloud providers have been investing millions in providing AI and ML as a service in the cloud (a bit like what we talked about above).

Whilst this commoditisation provides a huge opportunity is also comes with some challenges.

In years gone by AI and ML was a difficult field to get into. This meant that the people who invested the time to get into it generally knew what they were doing. The challenge today is that this field is so much easier to get into and quite often people that get into it often don’t understand the fundamentals. At Kainos, we believe there is a big future for AI and ML, so we are investing in our people, from new grads coming in through our AI Camp all the way through to hiring industry leaders to grow our AI capability. We want to ensure that our people not only understand the fundamentals but also the best way to use the frameworks and services that are available to them. We will use this combination of great people together with great services to help build customer led solutions following a user centred design approach.

Within healthcare there are additional challenges. Ethical and compliance concerns being at the top of most peoples list. Getting access to the right data is also a challenge, but with the rise of interoperability supported by standards such as HL7 FHIR the barriers are starting to come down (I’ll get onto that below). But these challenges should not dissuade us from making progress in this area. During the conference Mike Meers, CIO at ESNEFT, spoke passionately about their philosophy of “time matters”, an unrelenting focus on removing unnecessary stress and frustration for their staff and patients in an effort to give people back more of their time to focus on the things that are important. When you look at many of the repetitive, manual, administrative tasks that are performed by staff and patients across the NHS there are huge opportunities for AI and ML to make a positive difference without falling into many of the traps and challenges like those above.

Wearable devices and sensors

Today most of us are wearing some form of fitness tracker and we occasionally monitor this on our phones or share it with our friends and family. This is great and it supports an increased awareness of our wellness and fitness, but this is not the future of healthcare.

When these devices transition to be trusted real time monitoring devices with real-time feedback and alerting mechanisms, they will empower the patient to take more control of and monitor their own health, while at the same time enabling the health professionals involved in their care to do the same thing. When this happens we will be in a position to develop better solutions that enable better outcomes for patients, which will hopefully lead to other positive side effects, such as less people visiting their GP or hospital.

Historically, the transition of wearables from fitness tracking to clinical device has been hampered by the passing of rigorous regulatory approval processes. But again, the tide is turning here. The FDA has announced a pilot program to let selected companies fast track their health developments. The latest Apple Watch for example, is an FDA Class 2 Medical Device with fall detection and heart monitoring capabilities. It also has the ability to notify your emergency contacts if it senses you have fallen and are immobile for 1 minute. A great example of something that can deliver better outcomes for patients and their families today.

However, as the amount of data being collected increases, people will demand better assurances that their data is being processed securely and in line with their privacy preferences. Today I am reasonably happy to collect and store personal health information on my phone. Apple can’t necessarily guarantee the safety of my data but I understand how this data is being processed and stored and I’m comfortable with this. But for this data to be meaningful and to help deliver better outcomes for me I need to be able share it in a way that those involved in delivering care to me can access. And this is the bit that I feel still needs much more work. I need a single place where I can go to that will allow me to define my consent and sharing preferences. I want to know in what downstream systems my information will be stored and I want assurances that these systems have the necessary security controls in place to protect my data. To support this, two things are key — interoperability and security.

Interoperability

The NHS has historically had a very silo’d approach to data, with systems, especially across organisational boundaries, unable or unwilling to share. Where we have been able to work through these issues we will often see a systems integration approach being adopted where we create a collection of systems or sub-systems which co-operate to deliver the overarching functionality. It is common for significant time and effort to go into assembling this collection of systems. In the best of cases some components can be re-used again but even when this happens other parties need to go through the same steps in understanding more about the mechanics of how the APIs work and how they exchange information. In the worst of cases point to point integrations are created that cannot be re-used.

For me it is clear that we need to move away from this approach if we are to support patient centred applications and the potential of technology like AI. We need to move to a world of plug and play interoperability and the only way we are going to do is through what is known as Semantic Interoperability. I quite like the definition on Wikipedia.

“Semantic interoperability is the ability of computer systems to exchange data with unambiguous, shared meaning. Semantic interoperability is a requirement to enable machine computable logic, inferencing, knowledge discovery, and data federation between information systems”

The key here is “shared meaning”. We need a set of APIs that have an agreed meaning enabling any (suitably approved) application to consume these APIs using an agreed standard with a set of behaviours and rules that have been agreed and validated by the community. Within the NHS it is fantastic to see the leadership of InterOpen and NHS Digital to establish these APIs.

InterOpen are an action group aiming to accelerate the development of open standards for interoperability and they are actively developing a set of FHIR based APIs called CareConnect, which aim to standardise how information is shared across different care settings within health and social care. Adoption of CareConnect is now starting to be enforced by NHS England with very near term targets being set out. We will soon see CareConnect being used as the standard for sending discharge summaries or clinical letters to primary care and more broadly for the interoperability of local, regional and national clinical IT systems.

As an example, the new LHCREs announced by NHS England will be mandated to adopt these API’s which will drive significant innovation within each of these partnerships. New patient centred applications will be able to use these APIs, including the NHS App or future applications for population health or research to name just a few. It could also provide the building blocks for a single place for patients to mange their consent and sharing preferences. The possibilities are endless.

Security

For all of this to work it needs to be underpinned with secure systems that are focused on protecting peoples data. If people do not trust clinical systems to store their data then they won’t consent for their information to be shared and the opportunity of patient centred applications or technology like AI will not the harnessed to its full potential. Trust is currently at a low ebb with very public attacks such as WannaCry reinforcing how vulnerable IT systems are within the NHS. WannaCry is not the last attack so now is the time to drive a change so we are better prepared for the next one.

At a simple level, GDPR represents the legal basis for data protection and privacy, but on a more practical level the 14 principles of the National Cyber Security Centre are a great bar for all applications to align themselves with. Across these 14 principles we see a range of technical and operational controls, but if I was to summarise I would boil them down to the following simple principles:

1. Protect the data — encryption of data in transit and at rest is mandatory.
2. Build as securely as possible — adopt secure design and coding practices, ensuring that security is part of the pipeline you use to build and deploy your service.
3. Understand your risks — ensure you know who may impact your service. Have a system in place that allows you to measure these risks and implement appropriate controls to mitigate them. It is important to note that internal staff members need to be included in this assessment and you will need to have the correct operational controls in place to mitigate against malicious or negligent people.
4. Monitor your service — Ensure all levels of your service are monitored, from the infrastructure layer up to the the application itself. It is important to define which types of behaviour should be considered as suspicious enabling appropriate alerts to be triggered quickly to detect potential threats before they become serious security breaches. Increasingly AI and ML will be used in this area, especially as the volumes of data grow and the ability of human operators to parse events becomes unrealistic.
5. React quickly, to an agreed plan — While there are many controls and mitigations we can put in place it is not possible to completely prevent a security breach. Assume a breach is inevitable and have a tested plan in place that allows you to react and respond appropriately.

All of these principles apply to both new services being built or legacy systems that are already in place. If you do not have the capacity or the capability within your team to implement the controls around these principles then consider how you can shift to consuming your solution as a service (similar to what we talked about above).

People and Culture

Finally, it is important to note that moving forward with better digital services that support the needs of the user is not just about technology — it is also very much about people, processes and culture. We need to take an open and collaborative approach that is inclusive and supportive of the teams and people around us. But we also need to challenges existing behaviours. If we have a culture of “it is what it is” or “we are where we are” then we will not be able to move forward with better ways of working. We need to work within our existing teams to change behaviours and we need to do this in a way that is linked to user needs and business objectives. Working with our teams to identify the small number of key behaviours that need to change first will allow us to start small and demonstrate impact quickly.

A key part of doing this successfully is to do it in a way that allows our people and teams to fail. If we follow the principles of service design we should be setup to fail quickly. We can then understand the reasons for failing and how we can adapt our direction to succeed. Failure in this way is a good thing as it minimises the cost of failed initiatives and helps us learn from our mistakes.

If we can adapt the behaviour of people (at all levels) in this way we will start to organically grow a culture that empowers our people to work in a way that is aligned to both our business objectives and the needs of the user. Once we do this we will start to see more and more services being delivered that help to address the ultimate goal of anyone working in healthcare — better outcomes for patients.