Cyber for Good: A Blueprint for Health - Putting The Citizen At The Centre

I recently had the great privilege to be invited as a guest to a dinner at the Royal College of Physicians Edinburgh, and where we talked about how we could transform the provision of healthcare in Scotland using data, and a core part of this was the provision of cyber security, the sharing of data, and in the transformation of health and social care services.

To sit with world-leading clinicians and health system architects, and talk of our vision in a common way is something that fills me with great hope for the future.

Introduction

When it comes down to it, some of the best things we can do as a country is to provide: a strong and fair legal system; an education system that allows our citizens to achieve their full potential; and a health and social care system which is caring, compassionate and considerate. Each of these should only have one focus ... you!

A graphic that we created many years ago, still seems relevant in the way we need to transform our health and social care systems:

It's often crime and ransomware that hits the headlines, but Cyber Security can provide a platform for us to transform our public services, and where we provide citizens with more control of their world, while also protecting them. Many of the systems that we currently have in place, though, were never designed to have any interaction with the citizen, and where data is often siloed. The barriers, too, are not just technical:

A Blueprint for Cyber for Good

We all know that the UK has one of the best health care systems in the world, but it is far from being perfect in a digital context, and is increasingly overloaded (as we have an aging population).

What we need is to be smarter in the way that we design our health and social care systems, and put the citizen at the core of this. With this we need to understand how we can collect, process, and analyse, in a way which puts the citizens at the centre of our systems, but also respects their rights to privacy. We need to better understand risk and patient pathways, and put in-place care plans which matches the citizen.

And so the BCS has published their blueprint for cyber security in health and care [here]:

John Kell, Head of Policy at The Patients Association, hits the marks on the two most important aspects .. trust and ownership:

‘Cybersecurity is vitally important to patients, and will become ever more so. It almost goes without saying that people must feel confident in the security of their personal data. But at least as important is that we are able to seize the opportunities presented by digital technology to enable patients to take control of their care.

The BCS know that no one domain can transform our health and social care infrastructure and that bridges need to be built:

By building a willing coalition of those who share this goal to come together with urgency to set out a roadmap that turns this vision into reality.

So they are asking for support from the NHS, industry, academia, the public sector, citizens groups, and others, to step forward to be part of the creation of new health services.

Large companies still dominate

For all the great work in the NHS, there has been a resistance to the adoption of IT, and it still lags behind other areas in the usage of digital health. One of the greatest barriers, apart from staff resistance for change, has been in the way that digital methods are integrated into the system, where large companies have created virtual monopolies in providing services, and where they have failed to innovate and provide up-to-date solutions.

One of the best examples of an innovative company who have created a citizen-focused health system is Sitekit - forged on the beautiful Island of Skye - and who created the e-Red (a replacement for the Red Book which tracks the health of a child and which is owned by the family):

It's the same in the US

The HHS (U.S. Department of Health and Human Services) Health Care Industry Cybersecurity Task Force recently reported to Congress [report]. It outlined that health cyber security for health care in the US was in a:

Critical condition

and that the industry generally struggled to attract and keep the best talent. The poor state of cyber security in health care in the US is highlighted by 39 data breaches in March 2017, alone, and over 1.5 million records breached

and that the industry generally struggled to attract and keep the best talent. The poor state of cyber security in health care in the US is highlighted by 39 data breaches in March 2017, alone, and over 1.5 million records breached.

While defining many recommendations, the six main imperatives are:

• Defining and streamlining governance and expectations for cyber security.
• Increasing the security of medical devices.
• Creating the workforce capacity necessary to prioritise cyber security awareness.
• Increasing readiness via cybersecurity awareness and education.
• Finding ways to protect R&D efforts and intellectual property from attacks.
• Improving information sharing of threats and weaknesses.

Included in the report is the setup of a clear leadership role, along with the setup of an incident response team (MedCERT - Medical Computer Emergency Readiness Team) and in providing better access for citizens to manage their own health record. Along with this the recommendations also define some form of formal clearance for those accessing health care records.

Conclusions

We are on a journey, and it is one which will disrupt, but it needs many stakeholders to come together with a shared vision, and I see the signs of discussions across different domains. Those involved should clearly understand the benefits and the risks involved.

I draw inspiration from data sharing partnerships in London, who have mapped out how data should be shared across the city:

and who have mapped a clear vision of where they want to go:

... the "citizen as an active commissioner" is a long way from where we are now, but with a strong cyber security infrastructure, and with data sharing in-place, we can move to a world which is less Big Brother and more caring and supportive.

I fully support the focus of the BCS, and will do everything possible to help them achieve their vision. For me, we need more innovation in the provision of health and social care, and we need to support our great SMEs to produce systems which break the mold and do things differently, and which use modern and up-to-date methods and devices.

Let's be bold, and dream a little, but let health care be our driver for social and economic advancement. The integration of primary and secondary health care is going to be a challenge, along with the integration of social care, but when you add in the citizen, it requires us all to understand the risks and benefits involved, and for us to provide our expertises, in order to reduce the risks and maximise the benefits.

To me, a little company from the Isle of Skye (Sitekit), and have built their company fully with UK-based talent, and who have never deviated for one minute away from their vision, fills me with hope that we can transform our health system. In Scotland, too, I see the DHI (Digital Health Institute) providing a vision on where our health and social care should go, but in understanding the route we have to take.

Don't just grumble about it ... go read it ... and get involved ... and help make the blueprint happen ... [here]