May 17, 2020

Making the Best Use of Patient Data for Effective Diagnosis

medical devices
Medical equipment
Jamie Clifton, VP, product man...
6 min
Effective Diagnosis
Patient history is crucial to clinical decision making and studies have shown that history alone can lead to a final diagnosis in 76% of patients. It...

Patient history is crucial to clinical decision making and studies have shown that history alone can lead to a final diagnosis in 76% of patients. It’s important that clinicians have access to a rich patient history, offering them the most complete patient information, such as test results, past visits, previous diagnoses and mental health notes.

Even the most up-to-date electronic patient record (EPR) systems have gaping holes in a patient’s history. As a result, this can lead to clinicians searching through legacy and ancillary record systems (both digital and paper) or gathering history by asking questions of the patient or relatives. In some cases, these systems, such as PACS (used for managing medical images), aren’t even connected to the EPR. It’s fair to say that the extra time spent by doctors, nurses, porters, etc. searching for patient information is inefficient and often results in valuable time lost by clinicians when consulting, diagnosing and treating patients.

The importance of actionable information

Over the last six years, the number of misdiagnosis claims against the National Health Service (NHS) has risen by 22% - it’s estimated that this resulted in £1bn pounds in damages between 2016/2017. It’s no secret that accident and emergency (A&E) departments in NHS hospitals throughout the country are responsible for diagnosing and treating millions of patients each year.

In March 2018 alone, the total A&E attendances and emergency admissions was 2,047,000. These challenging conditions place enormous demands on medical practitioners that can, understandably, lead to omissions and errors. In fact, a multi-institutional project funded by the Agency for Healthcare Research and Quality (AHRQ) sums up the challenges facing clinicians in pressurised situations, explaining that “critical information can be missed because of failures in history-taking, lack of access to medical records, failures in the transmission of diagnostic test results, or faulty records organisation (either paper or electronic) creating problems for quickly reviewing or finding needed information.”

The study recommends utilising information technology tools to overcome the challenges presented. It also points to the streamlining and presentation of documentation as well as the need for better access and display of historical data.

When medical records and test results go missing, they can leave a hole which means clinicians may have to make ‘judgement calls’ without all of the necessary information – this carries additional clinical risk. Or, often, a new order is placed for the patient to be re-tested, which may delay diagnosis and treatment. Clearly, both situations are less than ideal.

The demand to quickly access complete patient records points to the need for an independent clinical archive (ICA). An ICA has the ability to aggregate historic and referenceable patient data from a wide range of applications—including information from other departments within the hospital or external healthcare organisations.

The patient data held within the ICA is accessible directly through the EPR to provide a longitudinal patient record to aid more accurate clinical decisions. Importantly, the ICA can also integrate with a hospital’s clinical portal or integration engine.

Understanding the challenges of EPRs

When a hospital installs a new EPR, the vendor will negotiate with the Trust on how much data will be migrated from its legacy and/or departmental systems to the new one. It’s certainly the case that only a relatively small proportion a hospital’s overall data will be taken across. But even this will vary from vendor to vendor and Trust to Trust.

See also

For example, one vendor may agree to transfer over information about allergies, vaccinations, future appointments and patient identifiers—but nothing else. Whilst another provider might sync a year or two of historic patient data. There are good reasons for this. Data quality issues are a huge concern – patient information in older systems may not stand up to the modern-day quality standards expected in today’s EPR applications. New EPR projects are complex, time-consuming and costly enough without creating further obstacles that might delay implementation.

However, what we currently see as a result is that this valuable historic patient data does not formulate part of the patient record. It generally continues to reside in siloed systems (often with costly ongoing maintenance and support contracts) that do not integrate or interoperate with primary systems and is, thereby, not easily available to clinicians, despite the clinical value of that information.

For young and relatively healthy patients, it’s easier for staff to gain a quick overview of their medical history, without incident. But, for many older patients, those with altered mental status or those who are unresponsive, clinicians only have their observations, current test results and what they can uncover in the EPR to make diagnoses.

Time spent wading through multiple legacy systems to track down missing information not only takes time, but also diverts resources away from diagnosing and treating patients, slowing down patient throughput and, potentially, denying care to other patients.

So, as we’ve established, whilst EPR systems are able to aggregate some patient data they fall significantly short of what clinicians would rightly call a complete patient record. Interestingly, research shows that 25% of EPRs cannot access lab results, 33% of EPRs cannot access radiology reports, and 49% of EPRs cannot access patient consent information. The statistics are even worse for other data types such as mental health notes, ophthalmic data, sleep studies, ultrasound or nearly any type of historic data. But how can healthcare facilities create an environment where clinicians get a full picture of a patient’s information?

Effectively integrating EPR systems with an independent clinical archive

In an ideal scenario, a patient’s history would be presented alongside current information in the EPR to complete the patient record – displaying all the information the treating physician needs to see, as part of the usual workflow, at the point of care. This would reduce the number of places clinicians need to look for data, saving time, while also allowing them to focus more on the patient.

The good news is that this ‘ideal’ is no longer a pipedream – it’s becoming a reality. Forward-thinking hospitals are migrating the actionable information from their legacy EPRs and other departmental systems to their new EPRs, while reference data is being placed in an independent clinical archive (ICA). The ICA then acts as a clinical repository effectively ‘mopping up’ the rest of the historic and referenceable patient data, allowing the source legacy systems to be retired.

As this data is ingested, important meta-data is captured within the ICA so that clinicians can easily search, locate and filter the patient information they require as best suits their specialty – whether through the EPR or directly from the ICA itself.

With current resources in the NHS stretched, arming hospitals with the tools to make quick, accurate diagnoses helps patients receive the right level of care that can positively impact treatment and outcomes, as well as the patient’s experience. But, this is only possible by providing clinicians with a longitudinal patient record featuring a full and rich array of current and historical patient information.

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article