Hospitals may be providing patient care outside of normal clinical settings during the COVID-19 outbreak, but this raises the question of how to access patient data systems in these makeshift settings. Arthur Young, president and CEO of Interbit Data Inc., of Natick, Mass., told BioWorld that the company’s solution is to add Internet-based access to its Netsafe system so that health care professionals operating in these unplanned sites have continuous access to patient records, ensuring patient data will be available to health care professionals working on the front lines of the pandemic.
Much of the existing capacity in COVID-19 hotspots, such as New York City, was overwhelmed by admissions, requiring the use of a hospital ship and a convention center. Interbit’s Netsafe is an automated software solution that gives the subscriber a method of accessing patient data when a hospital’s IT system may be offline, which can happen during power outages and natural disasters. However, cyberattacks, including those designed as ransomware, can also impede access to patient data, making an alternate method of access to patient data critical.
Data sharing between systems still a headache
Young said data sharing between hospital systems, which has historically been challenging largely because of interoperability issues, is still no mean feat. There are more standards that are helpful in that regard, such as the standards published by Health Level 7 International of Ann Arbor, Mich. HL7’s Fast Healthcare Interoperability Resources, or FIHR, describes data formats and elements along with an application programming interface, and Young said that while FHIR and other standards simplify the task of shipping data across clinical sites, that transfer is still not necessarily easy.
“Each solution has its challenges,” Young said, explaining that “what we are offering is really aimed at when the systems are not available, to preserve access to the information they need for patient care.” In this scenario, the data are made available in a readable format, but not necessarily in an interactive format. In that scenario, the software functions to allow a health care professional to look up the patient’s data, for instance to view the medication record, while the site’s native IT system is under repair.
There are times when a data system is offline for system maintenance, but Young said data system outages can occur in such a manner as to affect only a floor or a wing of a hospital. “Any place where there is a linkage between me and the data is a potential source of failure,” he said, adding, that while the standard Netsafe service allows for access to these data via the local intranet, “what we’re doing is expanding that to allow them to access that from an Internet connection,” which is sometimes more available than the local area network connection. Interbit is making this Internet access available to its Netsafe customers free of charge through the end of June, a term that should cover a lot of off-site clinical care needs.
The question of the frequency of data refresh is of course topical, but Young said “it depends upon the data type. Some, like the medication and administration record, may be updated every half hour,” while a health care system’s master patient index may be updated only daily. Netsafe allows the user to pre-fetch data, depending on the type of data, such as appointments. Interbit is fully aware of the hazards of life in the data world, and Young said, “we can still preserve information that is needed for patient care even if the host system is attacked.”
Data recovery plan not optional for hospitals
Entities responsible for auditing hospital performance are concerned about preservation of information, a list that includes the Joint Commission for the Accreditation of Health Care Organizations. Hospitals and other clinical settings consequently have to have a disaster recovery plan at the ready so that if data are destroyed, there are near-line or offline mechanisms to bring those data back. Netsafe fills the niche between a disaster and full restoration of the hospital data system. “In that gap, you still have patients, and that’s where we target our offerings,” he said.
Hospitals are all running on tight budgets these days, but Young said he does not see any difference between for-profit and public hospitals in terms of adoption of this kind of service. He noted that the U.S. government has plowed large sums into health IT in an effort to get hospitals and physicians on board, and back-up services have started to become more common as a consequence. This is actually part of the mandate of the Health Insurance Portability and Accountability Act, and thus “the risk of not having that process available has increased,” Young said.
Young said his experience in this field started in the 1980s, when disaster recovery was mostly about payroll systems, while the documentation behind patient care at the time “was a lot of paper.” There are still a few clinical sites that rely principally on paper records, but they’re becoming fewer in number every year, interoperability problems notwithstanding. Nowadays, the thinking about cybersecurity is that “a single incident is too much,” Young said, although he added, “I think a lot of people are somewhat in a state of denial” about their risk profile. “It’s not a question of if, but when,” he said, stating that there is no such thing as a 100% solution to the cybersecurity problem.
“We have customers in 49 states and multiple (Canadian) provinces,” Young said, adding that the company has about 300 hospital customers at present. The biggest obstacle to signing up a new hospital or other clinical site is of course usually budgetary, although acquisition processes are often a hindrance. Hospital administrators tend to work conservatively “for all the good reasons, but they have been overwhelmed with many things” of late as well, he said.