How InHealth is streamlining patient care
Marc O’Brien is CIO of InHealth, having taken the helm just over two years ago. He began his career consulting with PwC, later moving on to financial services and then spending a decade in aviation. He then joined the buyout team to create Spire Healthcare – and thus O’Brien entered the world of health.
InHealth itself was established over 20 years ago and in that time has undergone two major changes. The first was five years ago, and the other is ongoing since O’Brien took over as CIO. “We started out as an MRI provider; we would only scan for the NHS,” he says. “Now, we supply multiple diagnostic and healthcare services to the NHS and independent providers, ranging from MRI and X-ray to audiology, endoscopy, and cardiac services. Ultimately, we are focused on collaborating with the NHS and other partners to provide high quality diagnostics and healthcare solutions in hospitals and accessible community settings.”
“Of course, much of what we do is highly dependent on technology and that’s where I come in.
I’m accountable for all our IT, ranging from day-to-day service, through to projects and development of new services.”
The software journey
The main challenge, O’Brien says, was creating a patient relationship management system that met InHealth’s specific needs.
“Within a diagnostic services organisation there are two key applications,” says O’Brien. “One is called RIS – radiology information system – and the other is PACS – the picture archiving communication system. The former stores information about the patient, and the latter stores images of scans. About five years ago, InHealth realised that the RIS’s available off the shelf didn’t meet their needs. We see a million patients a year across 350 sites, very different to an acute trust, where you might see a lot of patients, but you’re in one place with the same team. We were different because of the breadth and reach of the organisation.”
InHealth’s solution to this issue is based on Microsoft Dynamics, but the IT team needed to design its own patient management system. The customised system allows the team to book slots in all clinics, access patient referrals, contact the patient and offer a number of appointments, book appointments, record outcomes and ensure the report gets back to the referrer. The new system has been live for six months, and InHealth is processing around 1,300 patient referrals per day, 25 percent more than with the previous system.
It is the patients who are truly at the core of everything InHealth does, and its Patient Referral Centre, which O’Brien oversees, ensures the greatest possible flexibility for customers and medical professionals alike.
“For all intents and purposes, the Patient Referral Centre looks like a call centre, but we use very different techniques,” O’Brien explains. “We use call centre technology, but we’re not interested in how quickly someone can move onto the next patient. If you’ve been referred to us, you may be very ill, so the patient care advisors have to know how to speak to potentially anxious individuals to put them at their ease and organise their appointment with minimum anxiety.”
The Patient Referral Centre exists to ease patients through their journey. The new system facilitates this by incorporating all required clinical information on the screen and taking the patient care advisor through the necessary workflow. This enhanced technology extends beyond arrangement of appointments.
“Flexibility is the key to what we’re trying to do,” O’Brien explains. “Where possible, we use a system generated email rather than post. We also send reminder texts, and we offer a patient portal, which allows patients to make changes to their own appointment online. This isn’t instead of using the telephone – it’s as well as. A lot of the patients we communicate with are quite elderly and may not be as tech savvy as others, but we are seeing a demographic shift with the number of older people using computers increasing all the time.”
The wider network
The other advantage of the portal is that it works as an alternative for patients with hearing difficulties. According to O’Brien, a frequent issue for patients contacting the centre is the need for new hearing aid batteries, and the portal allows them to order new ones easily.
While the patient is the focus for InHealth, it also wants to make everything easier for both the commissioners, who pay for the treatment, and for GPs. O’Brien and his team offer a commissioner portal to automate information flow between them and InHealth, ensuring that all information regarding the patient and their treatment is readily available.
“Maintaining a connection to the GPs is attractive to their community,” O’Brien continues. “While they may not ask for a service that specifically makes things easier for them, that’s what our system does. We use the Docman service which allows GPs to organise their files electronically. GPs are overworked, and this is just one thing that makes their lives simpler.
“The NHS is a particularly intricate customer and the general public thinks of it as one entity, but of course it’s not – it’s a myriad of different organisations. It’s a complex mix, and each individual piece of integration we undertake is a mini project in itself.”
A digital overhaul of this magnitude is a huge project for a company of InHealth’s size, but O’Brien is pleased with the results: “It has had a couple of bumps along the way, but we’ve delivered a really great solution that everyone is really pleased with. We have management information instantly available, which is something we used to struggle to collect, and we can manage patient workflow effectively.”
O’Brien and his team now plan to extend the system outwards and do away with the paper trail entirely. He hopes that this will eliminate the last remnants of clinical risk by removing human error: “If we can enable the GP to link a referral to us electronically, we would significantly reduce risk,” he says. “The rest is streamlining our processes. All the work we’ve done in the last two years has been really patient-focused and I suspect once it’s completely stable, it’ll give us more time to look at our back office systems.”
O’Brien considers InHealth’s relationships with suppliers to be one of the lynchpins of its success. The organisation treats suppliers like business partners and achieves the best possible result thanks to this positive relationship.
“We’ve partnered with EE to assist with connectivity,” says O’Brien. “We can connect up a new site within days rather than months, which would be the option with a standard leased line. The EE project is a game-changer; without connectivity you have to move CDs around with patient information on, which is a very outdated process. The EE offer will be deployed into all of our mobiles next year.”
Another essential supplier is InHealth’s data centre provider, OCSL, which has stabilised the operating platform and allowed it to iron out any previous issues: “When I first joined InHealth, I had some concerns because we had a number of IT operational issues,” O’Brien admits. “As a CIO, that can be a little scary. Now, it’s been many months since we had a failure like that, and that’s due to some great effort by OCSL and the InHealth IT Team.”
O’Brien also praises Gap Consulting for configuring the CRM suite and allowing greater flexibility. This CRM system – actually called XRM by InHealth – facilitates the seamless throughput of referrals.
“We’ve increased the volume of referrals by 25 percent with no increase in headcount. Under our old system it would take between four and six weeks to get a patient care advisor within the Patient Referral Centre up to speed, and thanks to the more advanced system, we can now do it in about two weeks. We’ve achieved so much, and despite of all of the bumps in the road, it’s been really rewarding.”
How healthcare can safeguard itself against cyberthreats
One of the most fundamental lessons from the COVID crisis is that health should always be a priority. In a similar fashion to the human body that frequently fights off viruses and foreign invaders that intend to cause it harm, the sector itself is now a prime target for another type of external threat: cyberattacks.
The figures speak for themselves: between December and January this year, hospitals in the UK were at 89% capacity, with 7,000 fewer available beds than there usually are. As the pandemic increased pressure on hospitals, clinics, and research facilities to create a treatment for patients globally, it has left the sector exposed to hackers who, like a virus, have been targeting it relentlessly and evolving their tactics.
From patient records being held ransom, to fake emails claiming to originate from the UN WHO, the NHS, or vaccine centres, through to attacks on the cold supply chain to find out the secret formula of the COVID vaccine, the healthcare industry is facing constant cyberattacks and struggling to cope. This threat is unlikely to go away anytime soon – and as such, the industry needs to take a proactive, preventative stance to stay safe in a dynamic digital world.
The responsive nature of healthcare – particularly of hospitals – means that efficiency is crucial to the industry’s standard operations. To support this, the sector has been embracing technological advancements that can improve the quality of work, enabling staff to meet pressing deadlines, and enhancing patient care. For example, the industry has been digitising records and improving its ways of working through digital means over the past few years.
This shift is critical to offer high quality patient care; yet, it also means the sector has become more dependent on IT, which can come with a risk if cybersecurity processes employed are deemed as inadequate.
Without the correct security measures in place, the desired efficiency gains realised, can be easily lost in a heartbeat. Simply put, an elementary glitch in the system can have a tremendous ripple effect on many areas, from accessing patient records and conducting scans, to maintaining physical security and protecting the intellectual property of experimental treatment development.
To prevent this, healthcare organisations need to ensure they’re considering cybersecurity as part of their overall digital transformation strategy – and setting the right foundations to create a culture where safety goes hand in hand with patient care.
Before implementing cybersecurity process, healthcare organisations need to assess the potential risks they face. Depending on how much confidential data the trust has, where it is stored, who has access to it and via which means, the cybersecurity strategy and associated solutions will change.
It’s fair to say that a medical device start-up where all employees have a corporate-sanctioned laptop and access data via a VPN will have radically different needs to a large hospital with hundreds of frontline workers connecting to the hospital’s Wi-Fi using their personal device.
These requirements will pale by comparison to a global pharmaceutical giant with offices in multiple locations, a large R&D department researching new treatments for complex diseases and a fully integrated supply chain. Considering the existing setup and what the organisations is looking to achieve with its digital transformation strategy will therefore have an immediate impact on the cybersecurity strategy.
Despite this, there are fundamentals that any organisation should implement:
Review and test your back-up policy to ensure it is thorough and sufficient – By checking that the organisation’s back-up is running smoothly, IT teams can limit any risks of disruption in the midst of an incident and of losing data permanently.
In our recent State of Email Security report, we found that six out of ten organisations have been victims of ransomware in 2020. As a result, afflicted organisations have lost an average of six days to downtime. One third of organisations even admitted that they failed to get their data back, despite paying the ransom. In the healthcare industry, this could mean losing valuable patient records or data related to new treatments – two areas the sector cannot afford to be cavalier about.
Conduct due diligence across the organisation’s supply chain – Healthcare organisations should review their ways of working with partners, providers and regulatory institutions they work with in order to prevent any weak link in their cybersecurity chain. Without this due diligence, organisations leave themselves exposed to the risks of third party-led incidents.
Roll out mandatory cybersecurity awareness training - Healthcare organisations shouldn’t neglect the training and awareness of their entire staff – including frontline workers who may not access the corporate network on a regular basis. According to our State of Email Security report, only one fifth of organisations carry out ongoing cyber awareness training.
This suggests it is not widely considered as a fundamental part of most organisations cyber-resilience strategy, despite the fact many employees rely on their organisation’s corporate network to work. By providing systematic training, healthcare organisations can help workers at all levels better understand the current cyberthreats they face, how they could impact their organisation, the role they play in defending the networks, and develop consistent, good cybersecurity hygiene habits to limit the risks of incidents.
Consider a degree of separation – Information and Operational Technology (IT and OT) networks should be separated.
Although mutually supported and reliance on each other, employees shouldn’t be accessing one via the other. This should be complemented by a considered tried and tested contingency and resiliency plan that allows crucial services to function unabated should there be a compromise. Similarly, admin terminals should not have internet access to afford a degree of hardening and protection for these critical accounts.
As the sector becomes a common target for fraudulent and malicious activity, putting cybersecurity at the core of the organisation’s operations is critical. It will help limit the risks of disruption due to cyberattacks, reduce time spent by the cybersecurity team to resolve easily avoidable errors, and ensure that institutions can deliver patient care, safe in the knowledge that their networks are safe.
Fighting future threats
With technology continuing to change the face of healthcare, the surface area and vectors available for attacks by malicious actors is constantly increasing. With the introduction of apps, networked monitoring devices, and a need for communication, the attack vector is ever expanding, a trend that needs to be monitored and secured against.
To prevent any damage to patients, staff, or the organisation they are responsible for, healthcare leaders must put security front and centre of their digital transformation strategy. Only then can the sector harness the full benefits of technology. Doing this should include implementing cybersecurity awareness training to challenge misconceptions around security, encourage conversation, and to ensure employee knowledge of the security basics and threats faced.
This ultimately allows healthcare organisations to do what they do best: provide the highest standard of patient care, safe in the knowledge that their operations, patients, and data are safe.