Healthcare in the 21st century
Being voted number two in Fortune 2016’s World’s Most Admired Company in the Healthcare, Pharmacy and Other Services category is an accolade to be proud of. For Michael Pomerance, Managing Director, Cerner Middle East and Africa, it is a reward for many years of hard work.
“Cerner has been doing what they do since 1978, and it is good to see that the effort and the vision which has really been there since the very beginning has led our company to achieve such great things and be recognised as the number two,” he says.
Pomerance describes the Cerner Middle East office as being like a mini Cerner Corporation, with all the relative business units its parent company has. The company is 100 percent self-sufficient, so his role encompasses everything from setting strategies to execution, implementation and financial responsibilities.
Liaising with clients and motivating and mentoring staff takes up much of his time.
“We have come a long way since the inception of our operations in Saudi Arabia in 1991 and are well entrenched in this geography with our pioneering presence that exceeds a quarter of a century. Our regional footprint has expanded considerably and currently we have more than 200 client facilities spanning Saudi Arabia, UAE, Qatar, Kuwait and Egypt, ranging from mega governmental hospital networks to elementary health clinics,” affirms Pomerance.
On an average, more than 68,000 users log into Cerner’s system every month and over 37 million people across the Middle East have health information stored in Cerner Millennium, a premium application suite facilitating a single patient database that gives holders a different view of the patient’s data in the hospital or clinic. “Cerner solutions can be localised and adapted for regional applications, as exemplified in our patented process that allows the ready translation of names from English to Arabic and vice-versa, and also adherence to Gregorian or Hijri calendar dates as applicable,” remarks Pomerance.
Healthcare is ever changing, with companies such as Cerner needing to stay on top of both latest technology trends and the change in what clients want. But the fact that the patient is central never changes.
“Our core belief system is that everything we do should make the patient better,” says Pomerance.
“It should help the patient get better faster, it should help them have better outcomes, and one of the major elements of that is patient safety during medication.”
He recalls one of the company’s clients in Qatar who migrated from a paper-based medical ordering system to a fully electronic Cerner one, including matching drugs with patients through barcoded administration. This change led to a notable 50 percent reduction in medical errors.
Electronic medical records (EMR) are slowly being implemented across all areas of healthcare, but what separates Cerner from its competitors is that it has moved beyond using EMR simply as a vehicle for data collection.
“Today we provide consulting services for systems that are not Cerner. We are looking at how we take information that is contained in an EMR and then leverage that to help predict which patients are going to be sick soonest, which ones are most likely to come back and visit the hospital, so that we can start building intelligence with the data that has been collected over the past 15 years. Most EMR’s of today are just a data collection tools. Just because you put data in a tool doesn’t mean you get any benefit from it. ”
The EMR can provide a wealth of information for population health management, but Pomerance describes the idea that this is all we need as a fallacy.
“Cerner sees population health management as trying to find out about that other 95 percent of data that exists in the world today, so a lot of people have smart phones, they have portal information where they enter how much they have walked or weight they have lost. You go to pharmacies over the city picking up drugs whenever you need them. You go to gyms where you work out or you don’t go to gyms and work out, and all that information is out there in our community.”
The Know, Engage, Manage continuum has been set up to highlight to healthcare providers how they can provide the best and the most efficient care for patients. ‘Know’ refers to knowing what is happening and predicting what will happen with the population. ‘Engage’ is about engaging with providers and patients in health and care delivery, and ‘Manage’ is about managing health and improving care.
“Today’s healthcare is reactive,” says Pomerance. “When we increase the data we have you can now look at the population you serve and say ‘who are the people that should be coming to us for care but are not?’ Then as a caregiver you can engage with them in a meaningful way.”
There has been an increase in interest in population health management, particularly with declining oil prices cutting budgets and most notably the ever-increasing cost of healthcare putting a strain on governments. Cerner has been involved in a number of projects. One in particular is the National Unified Medical Records project in the UAE. The aim of this project is to aggregate all the information from various sources in the UAE into a single record, so that the Ministry of Health has the ability to care for the people living here.
“By taking greater care of the citizens living here they will reduce the spend,” points out Pomerance. “We believe that all governments and communities will soon come to the realisation that healthcare is too expensive and needs to change. And we will be ready for them.
“One thing we are excited about is the fact that now insurance is becoming mandatory here in the UAE, and it will be in Qatar in another year, all the private and soon the public healthcare providers need a full solution, from the clinical EMR to the billing system. We have a combined system which enables them to also collect insurance, which I think is an advantage over other competitors that just focus on the clinical side. Now going forward if you don’t have a financial billing system connected to the clinical system you are really going to be at a disadvantage.”
The vision for the next 5 to ten years involves evaluating current markets and watching closely as new markets begin to evolve.
“When countries such as Oman, Bahrain, Morocco or South Africa become ready for next generation healthcare tools, we will be able to engage with them and help them go through that evolution,” says Pomerance.
Moreover, care and community work across the Middle East region is the credo as part of Cerner’s CSR responsibilities. The company is long associated with rehabilitation and other philanthropic and humanitarian causes. It raises funds for medical charities and contributes to endowments for women who deliver premature babies in Africa, cancer patients, and children with other impairments. The company’s long association with the Children’s Cancer Hospital Centre in Egypt is a case in point. It also supports various initiatives and educational programmes in the UAE.
“We have a very good outlook for the next few years. Today we have 250 people working in the Middle East; that could be as high as 700 by the year 2022 so we are very excited about it,” Pomerance concludes.
How healthcare can safeguard itself against cyberthreats
One of the most fundamental lessons from the COVID crisis is that health should always be a priority. In a similar fashion to the human body that frequently fights off viruses and foreign invaders that intend to cause it harm, the sector itself is now a prime target for another type of external threat: cyberattacks.
The figures speak for themselves: between December and January this year, hospitals in the UK were at 89% capacity, with 7,000 fewer available beds than there usually are. As the pandemic increased pressure on hospitals, clinics, and research facilities to create a treatment for patients globally, it has left the sector exposed to hackers who, like a virus, have been targeting it relentlessly and evolving their tactics.
From patient records being held ransom, to fake emails claiming to originate from the UN WHO, the NHS, or vaccine centres, through to attacks on the cold supply chain to find out the secret formula of the COVID vaccine, the healthcare industry is facing constant cyberattacks and struggling to cope. This threat is unlikely to go away anytime soon – and as such, the industry needs to take a proactive, preventative stance to stay safe in a dynamic digital world.
The responsive nature of healthcare – particularly of hospitals – means that efficiency is crucial to the industry’s standard operations. To support this, the sector has been embracing technological advancements that can improve the quality of work, enabling staff to meet pressing deadlines, and enhancing patient care. For example, the industry has been digitising records and improving its ways of working through digital means over the past few years.
This shift is critical to offer high quality patient care; yet, it also means the sector has become more dependent on IT, which can come with a risk if cybersecurity processes employed are deemed as inadequate.
Without the correct security measures in place, the desired efficiency gains realised, can be easily lost in a heartbeat. Simply put, an elementary glitch in the system can have a tremendous ripple effect on many areas, from accessing patient records and conducting scans, to maintaining physical security and protecting the intellectual property of experimental treatment development.
To prevent this, healthcare organisations need to ensure they’re considering cybersecurity as part of their overall digital transformation strategy – and setting the right foundations to create a culture where safety goes hand in hand with patient care.
Before implementing cybersecurity process, healthcare organisations need to assess the potential risks they face. Depending on how much confidential data the trust has, where it is stored, who has access to it and via which means, the cybersecurity strategy and associated solutions will change.
It’s fair to say that a medical device start-up where all employees have a corporate-sanctioned laptop and access data via a VPN will have radically different needs to a large hospital with hundreds of frontline workers connecting to the hospital’s Wi-Fi using their personal device.
These requirements will pale by comparison to a global pharmaceutical giant with offices in multiple locations, a large R&D department researching new treatments for complex diseases and a fully integrated supply chain. Considering the existing setup and what the organisations is looking to achieve with its digital transformation strategy will therefore have an immediate impact on the cybersecurity strategy.
Despite this, there are fundamentals that any organisation should implement:
Review and test your back-up policy to ensure it is thorough and sufficient – By checking that the organisation’s back-up is running smoothly, IT teams can limit any risks of disruption in the midst of an incident and of losing data permanently.
In our recent State of Email Security report, we found that six out of ten organisations have been victims of ransomware in 2020. As a result, afflicted organisations have lost an average of six days to downtime. One third of organisations even admitted that they failed to get their data back, despite paying the ransom. In the healthcare industry, this could mean losing valuable patient records or data related to new treatments – two areas the sector cannot afford to be cavalier about.
Conduct due diligence across the organisation’s supply chain – Healthcare organisations should review their ways of working with partners, providers and regulatory institutions they work with in order to prevent any weak link in their cybersecurity chain. Without this due diligence, organisations leave themselves exposed to the risks of third party-led incidents.
Roll out mandatory cybersecurity awareness training - Healthcare organisations shouldn’t neglect the training and awareness of their entire staff – including frontline workers who may not access the corporate network on a regular basis. According to our State of Email Security report, only one fifth of organisations carry out ongoing cyber awareness training.
This suggests it is not widely considered as a fundamental part of most organisations cyber-resilience strategy, despite the fact many employees rely on their organisation’s corporate network to work. By providing systematic training, healthcare organisations can help workers at all levels better understand the current cyberthreats they face, how they could impact their organisation, the role they play in defending the networks, and develop consistent, good cybersecurity hygiene habits to limit the risks of incidents.
Consider a degree of separation – Information and Operational Technology (IT and OT) networks should be separated.
Although mutually supported and reliance on each other, employees shouldn’t be accessing one via the other. This should be complemented by a considered tried and tested contingency and resiliency plan that allows crucial services to function unabated should there be a compromise. Similarly, admin terminals should not have internet access to afford a degree of hardening and protection for these critical accounts.
As the sector becomes a common target for fraudulent and malicious activity, putting cybersecurity at the core of the organisation’s operations is critical. It will help limit the risks of disruption due to cyberattacks, reduce time spent by the cybersecurity team to resolve easily avoidable errors, and ensure that institutions can deliver patient care, safe in the knowledge that their networks are safe.
Fighting future threats
With technology continuing to change the face of healthcare, the surface area and vectors available for attacks by malicious actors is constantly increasing. With the introduction of apps, networked monitoring devices, and a need for communication, the attack vector is ever expanding, a trend that needs to be monitored and secured against.
To prevent any damage to patients, staff, or the organisation they are responsible for, healthcare leaders must put security front and centre of their digital transformation strategy. Only then can the sector harness the full benefits of technology. Doing this should include implementing cybersecurity awareness training to challenge misconceptions around security, encourage conversation, and to ensure employee knowledge of the security basics and threats faced.
This ultimately allows healthcare organisations to do what they do best: provide the highest standard of patient care, safe in the knowledge that their operations, patients, and data are safe.