Short read: If cyber infection created disease, we'd be dead. Taking it seriously?

It was in the late 1840s when Ignaz Semmelweis, as head of the maternity services in a Vienna hospital, observed that women cared for by physicians were more likely to die (13-18%) from infection than women cared for by midwives (2%). Recognising that infection control was critical, he implemented mandatory handwashing that brought mortality rate down to 2%. Since then infection control has been a key part of all aspects of the care process.

Today, health organisations face a new infection challenge, that of keeping their IT systems free of viruses and other attacks on their health, and they will need to treat this threat with the same seriousness, according to James Mucklow and Richard Corbridge, both experts in healthcare technology, policy, and innovation.  

For starters, promoting awareness that digital technology is now integral to healthcare should help encourage health leaders and providers to take this challenge seriously, the experts point out. 

Indeed, information technology touches all parts of the process: clinicians look at records electronically, lab tests are computerised, and ambulances are dispatched by computers. This role will continue to increase as health systems and clinics move to paperless, integrated and patient-centred approaches. 

Second, IT systems need to be connected and this exposes them to risk, the experts note. Connectivity in health organisations brings real value to patients. For example to support continuity of care, or support peripatetic carers with mobile devices, a connection to the worldwide web is necessary, but that web is a potential source of digital infection.

"Connecting to [the web] exposes the organisation to risks, and it needs to understand those risks, manage them, be ready for them and react effectively when they inevitably strike," Mucklow and Corbridge say.

Third, understanding why these cyber issues occur, and what can be done to prevent them, starts with getting the right governance and recognition at board level, explain the two health IT experts. "Boards now need to scrutinise digital cleanliness in the same way as they treat the latest infection control key performance indicators." 

In the same way that a ward has a hygiene owner, digital security needs its own champion. The advent of the Chief Clinical Information Officer, for example, helps to address this. Mucklow and Corbridge emphasise that digital cleanliness has to be more than the equivalent of a poster asking you to wash your digital hands properly, but be recognised as a critical priority across the organisation.

Finally, having a digital strategy and a cyber security and resilience plan – similar to having an infection control plan – is crucial. That strategy should be linked to patient care and recognise that it is not just about investing in technology, but in people and training. The best way to reduce these security risks is through training and communication, the two experts note.

It's also important to recognise that cybersecurity is an arms race. 

"Threats evolve over time and so the work is never done, similarly to the increased resistance we currently face with antibiotics. There is a clear need for regular reviews of the threats and security measures, followed up by action to update systems, and update them when security flaws emerge," the experts explain. "These activities will help organisations see that digital technology, when it is properly protected from infection, is an asset that allows them to deliver better care."

James Mucklow is currently affiliated with PA Consulting Group London, UK. He has been delivering complex innovative projects for over 25 years across all aspects of the lifecycle.

Richard Corbridge is the Chief Digital Information Officer at Leeds Teaching Hospital NHS Trust Leeds, UK. He is a globally recognised expert in healthcare strategy and technology, with over 20 years’ experience in the Health and Clinical Research Information sectors.

Source: HealthManagement.org