Welcome to eHealth Network for Africa

Create an account today to see more

Good Morning
  • Articles (2,367)
  • What were the top ICT stories in 2017?

    Now 2017’s history, the significant ICT themes can be seen. A retrospective by Health IT Analytics found the top ten from its posts. They’re Big Data, Fast Healthcare Interoperability Resources ( FHIR) and machine learning are included. They’re:

    Top 10 Challenges of Big Data Analytics in HealthcareTop 4 Machine Learning Use Cases for Healthcare ProvidersWhat is the Role of Natural Language Processing in Healthcare?Judy Faulkner: Epic is Changing the Big Data, Interoperability GameHow Healthcare can Prep for Artificial Intelligence, Machine LearningExploring the Use of Blockchain for EHRs, Healthcare Big DataHow Big Data Analytics Companies Support Value-Based HealthcareBasics to Know About the Role of FHIR in InteroperabilityData Mining, Big Data Analytics in Healthcare: what’s the Difference?Turning Healthcare Big Data into Actionable Clinical Intelligence. 

    It’s a valuable checklist for Africa’s health informatics and ICT professionals for there personal development plans. eHealth leaders can use it too to ensure their eHealth strategies either include initiatives for the top ten, or lay down the investigative and business case processes for future plans. 

  • BYOD needs to sit on a strategy

    With mHealth, comes Bring Your Own Device (BYOD). It can be haphazard, random and uncontrolled, and can stretch across all eHealth. It’s best to avoid these high-risk scenarios. A white paper from MobileIron, an enterprise mobility service provider, describes an approach. The Ultimate Guide to BYOD deals with:

    Building a programmeRolling it outSustaining its security and performance.

    The overarching strategy’s using BYOD to drive transformation in a mobile enterprise. It fits Africa’s eHealth. MobileIron’s sequence of three BYOD maturity steps are:

    Prepare the organisationSet a risk tolerance level and impact for a BYOD programmeEngage stakeholders early to define programme goalsSurvey and communicate with employeesIdentify mobile and ICT capabilitiesUpgrade ICT infrastructure to support BYODInclude eight Components of a successful BYOD strategy:> Trust, the strategic core> Device choice> Liability> Internal marketing> App design and governance> User experience and privacy> Economics and financeSoft launch BYOD programmesDeploy programmes and training services.

    From this maturity stage, the desired result’s satisfactory cruising. It leads onto a culture of user independence comprising: 

    Self-registration of new devices, monitoring and managing current devices and retiring redundant devicesSelf-remediating hardware, software, application and compliance issues using explicit notifications and resolution instructionsContinuous productivity, efficiency and cyber-security compliance.

    From this second stage of maturity, the third’s:

    Incrementally add more devices, systems and appsEnsure safe and effective device retirementMeasure and demonstrate BYOD valueTake the measures needed to achieve mobile transformation. 

    These offer Africa’s eHealth a way to a sound BYOD strategy. It carries a financial cost. So does unfettered freedom.

  • Gamification and eHealth join on the Baltic Sea

    For eHealth enthusiasts making their plans for March 2018, how does a cruise on the Baltic sound? You can take in an international eHealth event while you’re there.

    Not to be outdone by the 22nd ISfTeH conference, a superb event I attended in Casablanca, Morocco in November 2017, the 23rd ISfTeH event’ll be held on a cruise ship travelling between Helsinki, Finland and Stockholm, Sweden.

    The theme for the conference is "Health communities facing cyber transformation". The event’s a collaboration between the Finnish Society of Telemedicine and eHealth and the International Society for Telemedicine and eHealth.

    ISfTeH has become known for innovative collaborations. The 2018 event will include eHealth2018 Game Jam organised by Games for Health Finland. Game Jam brings together healthcare professionals and game makers to create new ideas and ways to use eHealth technology and promote eHealth using gamification. The challenge’s to create a new solution in under 29 hours. Game jamming is a constant learning process for beginners and pros alike, inviting all skills to participate, whether you’re a programmer, designer or story teller. 

    Conference topics also include:

    Citizens as partners: disrupting healthcareCyber era in leadership and educationBenchmarking nationwide eHealth communitiesBeating Cancer with the help of cyber communityTackling acute crisis in local and distant environmentsCollaborating innovationsMy solutions: eHealth around the world.

    So whether it’s the Baltic Sea or the eHealth experts you’re most keen to see, the 23rd ISfTeH Conference sounds attractive. I hope to see you there.

  • Is eHealth mature enough for healthcare?

    Two opposing views of eHealth could be optimism and cynicism. An article in Fierce Healthcare identifies a view in between. It sees eHealth as a maturing endeavour that’s in an adolescent stage. While it’s a view of US eHealth, if it’s right, it has implications for Africa’s eHealth strategies too/

    It starts from a position where basic ICT infrastructure’s in place, such as EHRs, analytics and population health tools. This has created lots of data, but healthcare organisations don’t seem to know what to do with it. They’re entering a phase of trying to pull it together into a cohesive unit. Doctors are taking a core role in this, such as the Integrated Health Model Initiative (IHMI) reported on eHNA. 

    EHRs aren’t as communicative as they could be, and doctors don’t like the extra time they have to commit to eHealth’s demands. This extends to data entry too.

    Wearables can be full of potential for better health and healthcare. Unresolved challenges include designing effective service models and creating appropriate reimbursement arrangements. Reimbursement for telehealth remains elusive too, which doesn’t augur well for rising investment trajectories. It’s especially disappointing when over half of healthcare executives plan to expand their current programmes based on improved patient satisfaction and healthcare coordination achievements. 

    Recent huge global cyber-attacks, WannaCry  and Petya/NotPetya. revealed healthcare’s vulnerabilities. WannaCry breached several hospital systems in the UK’s NHS. For many weeks after the attack, the US Department of Health and Human Services was dealing with it’s operational aftermath for two multi-state health systems.

    Petya: 

    Damaged a US-based drug companyForced a West Virginia hospital to replace its entire computer systemCost Nuance some US$68 million by shutting down it’s medical transcription services.

    Repairs weren’t confined to technical cyber-security matters. They had to address a severe lack of ICT security talent too. 

    In this setting, US eHealth investment’s up. For Africa, it’s eHealth strategies need recognise and deal with both the challenges and opportunities. A wide range of resources need deploying to drive through eHealth’s complexities that extend beyond ICT. 

  • New telehealth code of practice's out

    As their mutual cycles evolve, telehealth’s developments lead onto updated codes of practice. Telehealth Global has released the 2018/19 International Code of Practice for Telehealth Services, updated be the Telehealth Quality Group (TQG). Its perspective’s consumer and service users, and deals with: 

    Remote consultationsActivity monitoringTelecare and social alarms (PRS)Vital signs monitoringmHealthVirtual coachingIncorporates ISO/TS 13131: Health Informatics – Quality Planning Guidelines for Telehealth Services.

    Interoperability (IOp) and cyber-security are given more emphasis. Enhancing telehealth’s IOp  can improve its fitness for purpose. Consistent data between hubs and remote centres, and people’s devices in their homes is the goal. It’s seen as offering greater choice. 

    Better cyber-security’s needed to ensure more trust. It means effective cyber-security needs reaffirming, leading on to action to strengthen defences.

    Demonstrating telehealth’s performance is important too. More openness means that performance measures and achievements are required to be honestly and openly displayed on service websites. These can lead to greater accountability. 

    As Africa expands its telehealth programmes, and the role mHealth plays in them, TQG’s updated code provides a sound foundation to build from. Using the IOp and cyber-security perspectives can direct projects towards better performance for Africans.

     

  • AI’s on the move in healthcare

    Perhaps the biggest display so far of AI potential and enthusiasm was at the Neural Information Processing Systems (NIPS) conference. It’s role in healthcare was a core theme of applied research, as reported in The Economist. 

    Initiatives presented at NIPS 

    Australia’s Maxwell MRI combines MRI and deep learning to improve prostate cancer diagnosesJohannes Kepler University has an AI system to track cell proteins to identify underlying biologyNorth Carolina’s Duke University uses machine learning to use a pocket colposcope to find cervical cancer. 

    Mining EHRs and doctors’ notes to estimate unplanned readmissions is increasing too. Another application’s categorising and understanding children’s allergic reactions. AI algorithms identify the use and distribution of Naloxone, a drug to reverse effects of narcotic drug, treat pain and block the effects of opioids. 

    With AI marching on, it adds to Africa’s eHealth priority challenge. How can it invest simultaneously in mainstream eHealth and AI? There’s no easy answers.

  • NIST updates its cyber-security framework

    Cyber-security measures keep stepping up. The US National Institute of Standards and Technology (NIST) has updated its proposals in its report on the Revised NIST Infrastructure Cybersecurity Framework. eHNA briefly summarised NIST’s first report. 

    Its core comprises four elements: functions, categories, sub-categories and informative references. They stretch across five aspects:

    IdentifyProtectDetectRespondRecovery.

    Four tiers are part of its overall risk management methodology: 

    Tier 1: partial:> Risk management >Integrated risk management programme>External participationTier 2: risk informed:Tier 3: repeatableTier 4: adaptive.

    Each tier has different degrees of rigour in its three common categories of: 

    Risk managementIntegrated risk management programmeExternal participation, 

    Organizations can adopt the framework now. It provides Africa’s eHealth teams with a sound template to work towards.

  • Telehealth reduces risk in chronically ill patients

    As the number of patients with chronic conditions increases, telehealth’s role might become more important to meet their needs. A study in the Journal of Medical Internet Research (JMIR) by a team in Alicante, Spain, evaluated telemedicine’s impact of adopting new care models that provide more home supervision. It found it appears useful to improve targeted disease control and reduce resource use. These are to important findings for Africa’s health systems and their eHealth strategies. 

    Target diseases were one, or more of, diabetes, hypertension, heart failure and Chronic Obstructive Pulmonary Disease (COPD).The study’s objective was to evaluate ValCrònic telemonitoring’s impact on patients with these long-term conditions who are at high risk for hospital readmissions and Emergency Department (ED) visits. It compared before and after effectiveness after a year of primary care monitoring.

    Using the Community Assessment Risk Screening Tool, 521 patients used a tablet to self-report relevant health information. It’s automatically entered into their eHealth record for consultation.

    Compared with the year before ValCrònic, there were significant reductions in: 

    Weight, down from 82 kg before to 80 kgThe proportion of people with high systolic blood pressure,36% to 33%High diastolic blood pressure, 14% to 8%Haemoglobin, 36% to 20%Patients attending primary care emergency services in, 13% to 6%Hospital ED visits, 19% to 13%Hospital admissions due to an emergency,20% to 14%Disease exacerbations, 10% to 8%.

    Taken as a group of measures, an important finding seems to be that they’ve all moved in the same direction. The team’s overall conclusion’ that ValCrònic has positive benefits for high risk patients and healthcare by reducing hospital readmissions and ED visits. It supports equivalent investment by Africa’s health systems.

     

  • Patient ID architecture needs an overhaul

    As eHealth expands its reach across more health and healthcare activities, each health system needs a more reliable Master Patient Index (MPI). Three activities are limited without it: 

    Co-ordination across the healthcare continuum and locatonsAccessing patient informationResolving patient identities across disparate systems and enterprises. 

    These need patient ID architecture needs to switch away from episodic modes. A whitepaper from        

    Verato, a cloud-based platform that matches identities, sets out how. It’s based on three components:

    Agreed business rules and policies for sharing patient dataStandardised EMR access protocols andPatient identity matching. 

    Significant progress on Interoperability (IOp) for data sharing rules and Health Level Seven (HL7) provide a foundation. What’s needed now's a set of Unique Patient Identifiers (UPI) so data sharing unambiguously refers to each patient. Easy to say, and Verato acknowledges the logistical and politically constraints. 

    Using demographic identifiers, such as names, addresses, birthdates, genders, phone numbers, email addresses and social security numbers, to identify individuals and their EMRs are error-prone when captured at receptions. They change over time too. Between 8 and 12% of people have more than one identity across healthcare organisations. Their medical histories are spread randomly across these different IDs. These duplicates are one of healthcare’s most intractable challenges.

    Current MPIs were created in the late 1990s and broadly deployed over the last ten years. They use probabilistic matching algorithms that compare all demographic attributes to decide if there are enough similarities to make a match. Common changes, such as maiden names, old addresses, second home addresses, misspellings, default entries twins, junior and senior ambiguities, and hyphenated names aren’t detected. 

    Verato’s approach uses pre-populated, pre-mastered and continuously-updated demographic data

    spanning countries’ populations. It referential matching that leverages the pre-mastered database as an answer key to match and link identities. This isn’t enough in eHealth’s changing and expanding world.

    Verato also aims to deal with:

    Adding new ICT by using standard Application Programming Interfaces (API)Automating existing MPI technologies stewardship, discovering missed duplicates and validating identities at registrationSupporting EHR consolidation where connections MPIs can’t reconcile patients’ data in other EHRsSupport HIE. 

    For Africa’s eHealth, these are valuable steps forward. It emphasises the need for better civil registration too, a long-standing challenge.

  • Successful EMR switching lesson from Scotland’s Fife

    Implementing EHRs from scratch is challenging. Switching from one set of EHRs to another is more daunting. NHS Scotland has been developing its latest Patient Management System (PMS) version over several years. Marianne Campbell, eHealth senior programme manager at NHS Fife, a health board in Scotland, has described provided five essential lessons in Connected Care Watch. An overarching requirement’s “Grace under fire … keeping a cool head in times of stress.”

    They five are:

    Early stakeholder engagementFull dress rehearsalClear leadership and delegationStick to the scopeUnderstand priorities.

    An connecting thread running under these is the long timescales needed for success. PMS has been many years in development. Implementing it extends across several too. It’s consistent with finding from Acfee’s eHealth evaluation database 

    Switching needed intensive preparatory efforts lasting over a year. Over 700,000 records were transferred from the existing system to PMS, and change management introduced new processes and procedures across ten acute, mental health and community facilities. More than 3,000 health workers completed the training programme. It also needed teething problems addressing. 

    Fife’s PMS project is part of a broader initiative across Scotland, promoted by the devolved Scottish government. There are 14 regional and eight specialist Sottish Health Boards. Twelve, covering 92% of the population, now use PMS.

    Engagement focused on internal stakeholders, reflecting PMS’s change management requirements affecting almost all health workers. A Fife lesson’s that more engagement was needed, especially regular immersive workshops. These started five months before go live. 

    The full dress rehearsal enables a seamless go live. It revealed troubleshooting actions in a controlled test environment. They were addressed in advance.

    and iron out any kinks before the big day.

    Two leaders dealt with and technology and business in parallel. They weren’t the only ones, Decentralised leadership from each area were empowered to make effective decisions quickly. Two technical teams from of NHS Five and InterSystems worked as a cohesive unit. 

    Sustaining the scope required strict discipline. It had to deal with some robust debates to balance the requirements of services with the go live timeline goal. Being controlled and systematic was the only way to a project of PMS’s scope could succeed. 

    The numerous stakeholders had many competing priorities. Clarity about critical activities was a daily discipline. 

    Success’s attributed to careful planning by many people over a long period. As Ms Campbell points out successful implementation doesn’t preclude issues arising down the track.

    eHNA’s looking forward to her next report on  PMS’s realised benefits compared to the previous system. Lessons from the realisation timescales and activities are as valuable as implementation lessons.

  • Eleven cyber-security measures can reduce risks

    Healthcare’s cyber-security risks are increasing partly due to eHealth trends. AA whitepaper from Osterman Research, sponsored by KnowBe4, a cyber-security training firm, describes them. Protecting Data in the Healthcare Industry also sets out eleven good practices than can help to mitigate the risks. It’s important for two reasons:

     Healthcare deals with life and death, so can’t afford disruptionCyber-breach disruption damages healthcare’s reputation and value. 

    Increasing cyber-threat is a combination of eHealth and criminal trends. eHealth trends include: 

    Increasing cloud use for file storage and sharingSystematic under-investment in cyber-securityData breaches are becoming more commonHealth workers face an expanding array of eHealth communication and collaboration tools

    Cyber-criminals’ activities and trends include:

    Healthcare personal data has a high criminal valuePhishing and ransomware growth.

    Adopting and sustaining good practices are essential. Eleven set out in the whitepaper are:

    Take cyber-security risks seriouslyBuild cyber-threat awareness across healthcare organisationsDevelop and implement cyber-security strategiesEstablish thorough, detailed and effective cyber-security policiesEnable encryption at every pointUse cyber-threat intelligenceTest cyber-attack recovery capacity and capabilityInvest in cyber-security awareness trainingGovern user behaviour for tools, devices, and repositoriesTighten password policies and account accessEnsure effective cyber-security defences are in place and working smoothly. 

    These provide a helpful checklist for Africa’s eHealth. After it’s complete, it’s important that the actions and investment revealed as needed are implemented. Without it, cyber-holes will remain.

  • Will AI improve cyber-security?

    AI is seen as a big step up in eHealth and healthcare. Will it help to improve cyber-security too? Forrester, a strategy firm, says it will. Its report Artificial Intelligence Will Revolutionize Cybersecurity But Security Leaders Must View All Vendor Claims With Skepticism also offers caution.

    While AI can help, pure AI, the sci-fi version won’t. It’s the building block technologies of pragmatic AI that can provide applications that can support cyber-security in dealing with about current and future threats. Like all solutions, AI’s not a silver bullet, but it’s part of the cyber-security armoury that can help analysts to keep up with new and emerging threats and the daily deluge of alerts and events they have to deal with every day. This emphasises an important AI theme. Human knowledge is paramount and can be enhanced by AI.

    AI for cyber-security’s a second joint priority. About 34% of organisations say it’s their objective, the same percentage as improving analytics and insights. Better ICT efficiency’s the top priority at about 40%.

    Some AI vendors are incorporating one of more components into their services. The range includes: 

    Biometrics to authenticate users unique physical characteristicsNatural language processing (NLP) technology to reads and understand people’s textMachine learning, composed of tools, techniques, and algorithms to analyse dataDeep learning, a branch of machine learning focusing on algorithms that construct artificial neural networkSecurity automation and orchestration (SAO) to help with cyber-threat investigations and responses.Cyber-security analytics.

    Forrester sets out six ways to scale cyber-security with machine learning. It identifies and advantage and disadvantage of each one. The core role is automatically identifying suspicious, anomalous patterns and user behaviour that appear faster. The techniques are:

    1. Thresholds set on continuous metrics to detect anomalies. Advantage: thresholds are very simple to configure. Disadvantage: they may detect situations after the fact, not before

    2. Built-in rules using vendors’ years of expertise can automatically raise alerts based on this internal. Advantage: built-in rules require little setup and codify vendors’ expertise with other customers. Disadvantage: rules may not exist for all threat surfaces and may be based on outdated information

    3. Customisable rules to let cyber-security professionals apply their experience using their organisations’ own unique complex combinations of software and systems. Advantage: security professionals can codify their expertise in the solutions. Disadvantage: they may create rules based on theories instead of concrete data

    4. Built-in models, can go beyond rules created by people to address complex relationships from historical data faster and find complex, nuanced relationships than people can. Advantage: models are created by machine learning algorithms that analyse historical cyber-security data, yielding better predictions that improve over time. Disadvantage: models need more data science knowledge to tune and maintain.

    5. Built-in models can learn the peculiarities of organisations’ cyber-threat surface. Advantage: predictive models are based on actual data collected from infrastructure and analysed by machine learning algorithms. Disadvantage: false positives and false negatives are often problems with predictive models generated by machine learning

    6. External, importable models let organisations’ communities share knowledge. Advantage: organisations can share and reuse AI models used for cyber-security. Disadvantage: community models may vary widely in efficacy and applicability to specific organisations.

    The report provides Africa’s health systems sophisticated, balanced insights into AI’s wider user. It is essential to include its perspectives into their eHealth strategies with AI having more than one role in frontline healthcare. It adds a new, constructive dimension to eHealth’s essential cyber-security strategies and plans.

  • Lessons for Africa on making eHealth work

    Investing in the right eHealth then realising its benefits are global challenges. England’s NHS’s taking advice from the National Advisory Group on Health Information Technology  in England, chaired by

    Professor Robert Wachter Chair of University of California, San Francisco Department of Medicine. The report, Making IT work: harnessing the power of health information technology to improve care in England, sets out findings and recommendations that can inform Africa’s ehealth programmes too. The core perspective’s that while continuously changing healthcare’s a considerable challenge, eHealth that creates a fully digitised NHS important, will be the most sweeping and challenging.

    There are ten findings and principles:

    Digitise, so adopt eHealth, for the right reasonsIt’s better to have the right eHealth than quick eHealtheHealth’s Return on Investment (ROI) isn’t just financial, patient safety and healthcare quality are important tooDecisions on eHealth centralisation should learn, but not over-learn, the lessons of the National Progarmme for Information Technology (NpfIT) Interoperability (IOp) should be built in from the outsetBoth privacy and data sharing are very importanteHealth must embrace user-centered designThe end of implementation’s the beginning, not the endSuccessful eHealth strategies must be multi-faceted, requiring workforce developmenteHealth entails technical and adaptive change.

    For Africa’s eHealth, Acfee would add two other interacting principles. One is to adopt a business case methodology that enables rigorous, reliable eHealth investment decisions and lays a foundation for M&E. It leads on to the second principle; undertake M&E before, during and after implementation. The learning value is considerable, and leads to better business cases and investment decisions.

    Ten recommendations are:

    Complete a thoughtful, long-term national engagement strategyAppoint national chief clinical information officer with an effective roleDevelop a workforce of trained clinician-informaticists in hospitals, with appropriate resources and authorityStrengthen and grow the CCIO roles, others trained in clinical care and informatics and health ICT professionals Allocate national funding to help hospitals implement eHealth and maximise benefitsSet a time for substantial eHealth maturity when central financial support for hospitals can end and regulators deem those that have not achieved high eHealth levels as not compliant with quality and safety standardsLink national finance viable local implementation and improvement plansOrganise local and regional learning networks to support implementation and improvementEnsure IOp as a core eHealth component needed to promote better clinical care, innovation and researchSupport a robust, independent evaluation of eHealth strategies and act on the findings.

    Sustained investment in eHealth leadership across Africa’s healthcare’s needed too. Acfee proposes a triumvirate of clinical, political and executive eHealth leadership throughout healthcare. It’ll take time to reach a critical mass, so starting now’s essential. Future eHealth Leaders at eHealth ALIVE 2017 in October’s provides a step forward. 

    Appendix F’s an eHealth maturity index. Its self-assessment has three main themes:

    Readiness, strategic alignment, leadership, resourcing, governance and information governanceCapabilities of records, assessments and plans, transfers of care, orders and results management, medicines management and optimisation and remote and assistive care and standardsInfrastructure for WiFi, mobile devices, single sign-on and business continuity.

    Africa’s eHealth will benefit from a fourth component, benefits. It include benefits realisation and the timescales need to reach the critical mass to provide a socio-economic return on eHealth investment.

  • England’s NHS could have prevented the WannaCry cyber-security breach

    It was a bad day for England’s NHS. On 12 May, the WannaCry ransomware attack breached over a third of its organisations’ cyber-security defences. Without access to data, many patient services and schedules were disrupted and brought to a halt. It was a shock to the health system. NHS Digital believes not data was stolen.

    A report from the UK’s National Audit Office identified 14 facets of the breach. The lessons are essential for Africa’s eHealth. 

    The NHS was not the specific target, but it resulted in a major incident and emergency arrangements to maintain health and patient careOn the evening of 12 May, a cyber-security researcher activated a kill-switch, stopping WannaCry locking devices and avoiding more disruptionWannaCry was the largest cyber-attack to affect the NHS, following attacks on several organisations, the NHS trusts, before 12 May 2017, two of which breached by WannaCry had been breached beforeThe Secretary of State for Health asked the National Data Guardian and the Care Quality Commission (CQC) to reviews and report on data security, identifying, in July 2016, that cyber-attacks could lead to patient information being lost or compromised and jeopardise access to EPRs, resulting in all health and care organisations needing to provide evidence that they were improving cyber-security, including moving off old and obsolete operating systems, such as Windows XPThe Department of Health (DoH) and its arm’s-length bodies did not know if local NHS organisations were prepared for cyber-attacks, including their responses to NHS Digital alerts in March and April 2017 warning organisations to patch their systems to prevent WannaCry, crucial knowledge because NHS Digital cannot mandate local bodies to act, even if it has vulnerability concernsWannaCry spread across the Internet, includingthe broadband network connecting all NHS sites in England, the N3 network, but there were no instances of it spreading across the NHS email system, NHSmailAt least 34% of England’s NHS trusts were disrupted, but DoH and NHS England don’t know the full extent of the disruptionThe scale and scope of the disruption isn’t known, but an estimated 19,000 thousand appointments were cancelled, operations were cancelled and in five areas, patients had to travel further to A&E departmentsThe Department, NHS England and the National Crime Agency confirmed that no NHS organisation paid the ransom, in line with NHS Digital advice, but the DoH doesn’t know how much the service disruption cost the NHS and patientsA DoH plan that included roles and responsibilities of national and local organisations in responding to cyber-attacks had not tested at local levels, so the NHS was not clear about actions it should take when WannaCry struck, a deficiency exacerbated because WannaCry was different to previous incidents, such as a major transport accident, and took more time to determine the cause and scale of the problemWithout rehearsals for a national cyber-attack, it was not immediately clear who should lead the response, and there were communications problems tooIn line with its existing procedures for managing a major incident, NHS England initially focused on maintaining emergency care All organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to prevent the breach by patching obsolete Windows operating systems and managing their firewalls facing the Internet would have guarded organisations against infection.

    In response, the NHS’s:

    Developing a response plan setting out what it should do to respond to cyber-attacksEstablishing roles and responsibilities of local and national NHS bodies and the DoHEnsuring organisations implement critical CareCERT alerts for emails sent by NHS Digital providing information or requiring action, including applying software patches and keeping anti-virus software up to dateEnsuring essential communications work during attacks when systems are downEnsuring organisations, boards and their staff take cyber-threats seriously, understand the risks to front-line services and work proactively to maximise their resilience and minimise impacts on patient care. 

    Since WannaCry, 39 CareCERT alerts have been issued by NHS Digital between March and May 2017. They require essential action to secure local firewalls.

    These insights and lessons are valuable for Africa’s eHealth. They provide a component of the cyber-security strategies and plans they need.

  • Dell offers better access to imaging data

    Modern eHealth can provide mountains of clinical data. Storing and accessing it effortlessly in real-time’s an increasing challenge. A whitepaper from Dell EMC, available from EHR Intelligence, describes a way to do it. 

    Key Strategic Technolgies (sic) to Improve Access to Clinical Data promotes two principles for PACS. One’s that storage infrastructure shouldn’t need redesigning every time new data’s added. The other’s to have a Vendor Neutral Archive (VNA).

    Affording a fully-fledged solution can be a challenge for Africa’s tight eHealth finances. Dell EMC proposes a phased approach that supports future VNA deployment. It is flexible enough to support a wide range of performance demands such as data analytics, expansion into private, hybrid, or public clouds and changing clinical workflows.

    It’ll need Africa’s eHealth programmes to partner with infrastructure development vendors who can: 

    Scale local architecture without downtimeMaintain daily performanceReduce or eliminate future migration burden.

    These will help to achieve several objectives that improve healthcare quality:

    Integrate imaging with other eHealthEnable doctors to taking clinical decisions using the most pertinent, complete, accurate and timely patient data. 

    Can this find a place in Africa’s eHealth strategy? The principles fit all types of clinical data.

  • Conférence internationale sur la télésanté et la télémédecine au Maroc

    Casablanca, la case blanche poumon économique du Maroc moderne, est célèbre pour beaucoup de choses, y compris la diversité architecturale des bâtiments (célèbre mosquée Hassan II), de l'art déco à la modernité traditionnelle. Cette semaine, c'est l'architecture numérique de la santé qui est à l’honneur. C'est là qu’à lieu la 22ème conférence internationale sur la télémédecine et la télésanté, qui débute aujourd'hui avec un vaste programme technique. Je suis heureux d'être présent, avec Dr Sean Broomhead, Président d'Acfee, et de nombreux collègues et amis de toute l'Afrique.

    Les objectifs de la conférence sont de présenter des expériences pratiques et des résultats de recherche dans le domaine des solutions de télémédecine et de télésanté, et de fournir aux professionnels de la santé, aux représentants de l'industrie, aux décideurs politiques, aux chercheurs et aux scientifiques et de nouveaux concepts et idées en télémédecine, en télésanté et en santé électronique.

    MeHealth 2017 réunit les membres de la Société marocaine de télémédecine et de télésanté (MSfTeH), de la Société internationale de télémédecine et de télésanté (IsTeH) et un large éventail d'autres institutions et organisations locales et internationales impliquées dans le développement et la mise en œuvre de la télémédecine.

    La conférence MeHealth 2017 de Casablanca, la 22ème conférence internationale de l’ISfTeH veut présenter des expériences pratiques et des résultats de recherche dans le domaine de la télémédecine et des solutions eHealth, et fournir des opportunités aux prestataires de soins, des représentants de l'industrie, des décideurs, des chercheurs et des scientifiques de se rencontrer et discuter des projets en cours, de la recherche et des nouveaux concepts et idées en télémédecine, en télésanté et en santé mentale.

    L'utilisation des technologies de télémédecine et de télésanté représente une réelle opportunité d'améliorer la qualité de vie des patients et de réduire les coûts de santé. Cependant, il fait face à d'importants défis liés à la propriété des données et à la vie privée des patients, à l'engagement du professionnel de santé, à l'adhésion du patient, à l'intégration dans les soins courants, aux aspects financiers et de remboursement.

    Les conférenciers comprennent des intervenants de classe mondiale comme:

    Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoM. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars

    Les sessions parallèles couvrent les thématiques suivantes:

    Santé numériqueTélémédecine en AfriqueGNU SantéInformation médicaleBioinformatique Casablanca est également célèbre pour le film de 1942 portant le même nom et son célèbre Rick's Café. Alors que le café original était sur un plateau de tournage hollywoodien, un entrepreneur marocain a depuis créé le véritable Rick's Café à Casablanca. Le restaurant est logé dans un grand bâtiment traditionnel marocain construit en 1930. Nous vous invitons à le découvrir.

  • eHealth and Telemedicine meeting kicks off in Morocco

    Casablanca, Morocco is famous for many things, including diverse building architecture, from Art Deco to modern. This week it’s a digital health architecture attraction. It is the venue for the 22nd International conference on Telemedicine and eHealth, which kicks off today with an extensive technical programme. I am happy to be attending, along with Acfee Director Dr Ousmane Ly and many colleagues and friends from across Africa.

    The goals of the conference are to present practical experiences and research results in the field of Telemedicine and eHealth solutions, and to provide opportunities for healthcare providers, industry representatives, policy makers, researchers and scientists to meet and share and discuss current projects, research, and new concepts and ideas in Telemedicine, Telehealth and m/eHealth.

    MeHealth 2017 brings together members of the Moroccan Society for Telemedicine & eHealth (MSfTeH), the International Society for Telemedicine & eHealth (IsTeH) and a wide range of other local and international institutions and organizations who are involved in Telemedicine/eHealth development and implementation.

    Speakers include:

    Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoMr. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars

    Satellite workshops cover:

    Digital HealthTelemedicine in AfricaGNU HealthMedical InformationNA Student Symposium BioinformaticsStartathon: Innovation in Telemedicine and eHealth. Casablanca is also famous for the 1942 film and its infamous Rick’s Café. While the original café was a Hollywood film set, an enterprising entrepreneur has since created a real Rick’s Café in Casablanca. The restaurant is housed in a traditional Moroccan grand mansion built in 1930. I look forward to checking it out. 
  • eHealth Africa pilots AVADAR to track Toward Polio Eradication progress

    In response to the reported cases of wild poliovirus in Nigeria, eHealth Africa (eHA) partnered with Bill & Melinda Gates Foundation, the  WHO, and Novel-T to pilot a mobile surveillance app for Acute Flaccid Paralysis (AFP) in children. It’s a condition of a rapid onset of weakness of people’s extremities, and includes Guillain-Barré syndrome.  AFP often causes weakness of respiration and swallowing muscles, progressing to maximum severity within one to ten days. 

    WHO defines AFP surveillance as six goals:

    Track wild poliovirus circulationUse data to classify cases as confirmed, polio-compatible or discardedMonitor routine coverage and surveillance performance using standard indicators in all geographical areas and focus efforts in ones that are low-performingMonitor seasonality to determine low season of poliovirus transmissions to help to plan National Immunisation Days (NID)Identify high-risk areas to plan mop-up immunisation campaignsProvide evidence to certification commissions of interruptions of wild poliovirus circulation. 

    Standard indicators are: 

    >90% of expected monthly reports>1/1000,000 annualised non-polio AFP rate per 100,000 children under 15>80% of AFP cases investigated within 48 hours>80% of AFP cases with two adequate stool specimens collected 24-48 hours apart and less than 14 days after onset>80% of specimens arriving at laboratories in good condition>80% of specimens arriving at a WHO-accredited laboratories within three days of despatch>80% of specimens for which laboratories’ results sent within 28 day turn round. 

    AFP surveillance’s one of four cornerstone strategies of polio eradication. The objective’s to identify all cases of polio through a system that targets any case of AFP as a potential case of polio.  AVADAR’s a surveillance tool on android mobile devices provided to health workers and community informants. It aids AFP detection and reporting both in health facilities and local communities.

  • IBM Watson supports better care plans

    Horizons provoke considerable sentimentality and concepts.  Pankaj Patel, an Indian businessman and chairman of Cadila Healthcare urged people “Dwell on possibilities to open up your horizon.”

    It seems that IBM Watson aims to help too. Its Whitepaper. Population health management beyond the EHR:Part 2 unsurprisingly builds from Part 1 that EHRs are necessary but not sufficient. It proposes a care collaboration platform based on a data lake to which all care team members contribute.

    Cognitive computing ‘s the means to achieve it, combining parallel processing with augmented intelligence. It structures unstructured data, enabling fast searches of medical literature, finding connections and patterns among myriad data types and enables computers to learn. These can be used to:

    Identify real outcomes from similar patientsEnable clinicians to make informed decisions about diagnosis and treatmentUtilise data on social determinants of health and genetic and environmental factors that influence healthProduce personalised clinical guidelines, so patients’ personalised care plans are more effectiveImprove clinical decision support over time.

    Central data registries can be expanded to include many elements not typically available through clinical and claims data alone. Extra content be added from care managers and community health workers whose pertinent patient observations might not be able to be document in EHRs.

    This wider range of data can be used for better:

    Performance management with retrospective concurrent, and predictive analytics applied to new payment and delivery modelsRisk identification and mitigation of stratified populations into cohortsOperational processes.

    Personalised care’s the core goals. Achieving it needs more than IBM Watson. Clinical eHealth leadership’s vital too. Warren Bennis, founding chairman of The Leadership Institute at the University of Southern California has a concept to achieve this. “The manager has his eye on the bottom line; the leader has his eye on the horizon.” Which eHealth horizon?

  • How can bad robots be kept out?

    Automation’s steadily progressing across healthcare. It relies on AI and robotics, but not all robots are up to the job. Keeping bad bots at bay’s vital. An eBook from Quocirca sets out a way to do it, leaving the way clear for good bots to help in a range of services. Examples are admin bots that can make appointments, help to access clinical records, answer billing queries and process payments. Chat bots can deal with routine ailments, freeing healthcare professionals to deal with more complex patients. AI’s the driver behind these changes.

    Four types of bad bot activity’s:

    Stealing personal informationCredit care fraudHealthcare insurance fraudBribery and extortion. 

    The OWASP Foundation, a global not-for-profit charitable organisation aiming to improve security of software, runs the Open Web Application Security Project that combats bad bots. Its Automated Threat Handbook lists criminals’ 20 most common activities that use bots. It also publishes its Top 10

    Most Critical Web Application Security Risks, the latest for 2017 are:

    InjectionBroken authenticationSensitive data exposureXML external entities (XXE)Broken access controlSecurity misconfigurationMissing function level access controlCross-Site Scripting (XSS)Cross-Site Request Forgery (CSRF)Insecure DeserialisationUsing components with known vulnerabilitiesInsufficient logging and monitoring. 

    Developers can introduce these vulnerabilities in their software code, making it easy for bots to find, then mimic human behaviour to achieve illicit access. Three traditional ways to mitigate their threat and enable good bots to succeed are: 

    Firewall rules can be changed to block source IP addresses used by cyber-criminals’ bots, but they regularly change IP addresses, can’t deal with previously unknown bots and may block legitimate usersWeb Application Firewalls (WAFs) protect web applications by exploiting common software vulnerabilities, but apart from vulnerability scanners, most bad bots don’t target vulnerabilities, they mimic real users, so WAFs can’t stop themCompletely Automated Public Turing tell Computers and Humans Apart (CAPTCHA), are-you-human tests can work can, annoy some users, but some bad bots can bypass themGeofencing can limit access to websites and apps to users from specified locations, but cyber-criminals can move their location using VPN links to a local Point of Presence (PoP)Direct Bot Detection (DBB) tools and mitigation can distinguish bots from humans and classify them in real time using behavioural analysis and digital fingerprinting, and across several organisations, can improve their understanding of bad-bots through machine learning, identifying bots, determining their provenance and deciding if their activity should be allowed, controlled or blocked. 

    Quocirca says all 20 of the bot types identified by OWASP can be managed using DBB and unwanted activity curtailed. DBB tools aren’t an alternative to the other measures. They can be integrated with other network protection technologies such as WAFs, Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM). 

    Adopting the increasing range of cyber-security measures is essential for Africa’s eHealth. Keeping up with trends is too, and links with OWASP can help. Individual membership’s US$50 a year, US$95 for two years and US$500 for lifetime. Corporate membership starts at US$5,000.