This editorial refers to ‘Back to the vinyl age: a narrative report of a total computer blackout at a large university medical center’, by L.H. Lehmann and B. Meder, on page 167.
We are at the start of the innovation curve of digital health, with intelligent systems providing doctors and clinical staff with new tools to augment their delivery of care. The rapid role out of electronic patient records (EPRs) has given clinicians the ability to quickly analyse medical data and images, request tests and message colleagues. The clinical benefits of these systems are quite clear; however, there are potential downsides. In order to use data wisely for clinical support, data quality has to be high, requiring lengthy manual input. Many EPRs have numerous clicks, steps and fields that need to be completed in order to proceed to the next step of a clinical entry. Processes that on paper could take seconds are now taking minutes, meaning that doctors and nurses can be spending more than half of their clinical time on computers—rather than with patients.
The reliance on technology also means that redundant manual paper systems are forgotten much like the way that people rarely remember telephone numbers and rely on GPS for navigation. So, when technology fails and we lose our electronic aids, how can we deliver healthcare safely and what can we do to ensure that we are ready for when the lights go out?
In 2017, the ransomware WannaCry infected hundreds of thousands of computers and devices across the world. Healthcare was particularly affected, and in some instances, hospitals ground to a standstill directly impacting patient care. Many hospitals had failed to identify cybersecurity as a risk to patients and some organizations had overestimated their ability to respond to such cyber incidents. Infected hospitals had unpatched, or unsupported Windows operating systems so were susceptible to the ransomware. Following WannaCry, hospitals quickly replaced vulnerable legacy computer systems, segregated networks were implemented, firewalls redesigned, user access-privileges reviewed, and off-site data backups improved. Business continuity plans were revised with effective disaster recovery techniques enabled for digital health systems. Healthcare started to take the threat from cyber-attacks more seriously.
However, it is not just malicious cyber-attacks that can threaten health information systems. Outages can be caused by a number of different reasons including power failure, fires and floods. Human factors remain a threat. In this month’s journal, Drs Lehmann and Meder describe the events which occurred when their hospital digital health systems suddenly failed in Heidelberg during Summer 2020. A straightforward computer maintenance work resulted in the sequential failing of core systems including the hospital information system, communication suite, image storage, and user logins. The information technology team took 2 days to restore digital services to fully functioning which included the physical replacement of key hard drives. During this time, paper systems were rapidly reintroduced and new ways of working were forced upon staff so that they could maintain the safe delivery of care. In many respects, the organization was required to function in a pre-digital way with some interesting observations from the authors. They identified that doctors started spending more time with their patients, performed more comprehensive examinations and assessments and communicated more effectively. Investigations were requested more appropriately, with greater clarity and thoughtfulness. These changes to working practice were found by many staff to be ‘liberating’.
It will be interesting to learn if the computer blackout changed the way that staff continued to work once the digital systems were up and running again. The main learning from Heidelberg seems to be that if you want to give clinicians ‘the gift of time’ then just turn off the computers.
So as a fundamental requirement, new digital health solutions should focus on providing doctors and nurses with time to deliver care prior to their procurement or implementation. Systems should by default take clinicians away from keyboards and screens, and to the bedside. Digital health design should be focused on how to make the patient feel better, how to make the patient live longer, and how to enhance the health and wellbeing of the user or health worker. These principals should apply to every decision and interaction within health, from the prescription of medicines to the introduction of a new EPR. Attention should be given to use new technologies to improve clinical outcomes rather than just to achieve a digitized system. Unfortunately, economic decisions and medical billing needs have historically been placed in front of clinical requirements. For example, in the USA, the rapid, ill-considered implementation of a multitude of electronic record systems have worsened patient care as well as the health and well-being of many staff.
So, with the development of new digital services, we must ensure that we do not just focus on technology but also on our clinical teams. Delivering a technological future requires the investment in people, the building of digital skills, new leadership capabilities, and a change in organizational culture. Nearly all healthcare jobs require some element of digital skill and literacy so digital health training should be developed across workgroups to develop an agile workforce which could blur traditional role boundaries. Consideration could be made for novel staff roles such as ‘Digital Associates’—a data processor for clinical staff to free them from computers and keyboards. Staff and patients will need to be educated and reassured that new (and challenging) digital health technologies are a means of addressing the healthcare difficulties that we and all other healthcare organizations are facing.
So what else can we do to prepare for events such as Wannacry and Heidelberg? Aside from technological changes to protect vital patient data, hospitals need to consider the impact of unpredictable events and run organizational digital disaster scenarios, like they do for major incident training. Let staff know how to deliver medical prescriptions when the EPR is not functional and relearn how to use paper systems. Teach clinicians to quickly access medical information when the power is down. Organizations need to focus on digital literacy as well as competency with a focus on data protection and reducing organizational vulnerability to cyber-attacks. With these changes comes digital health resilience and the ability to continue to deliver care when the lights go off (Figure 1).
Figure 1.
Turning out the lights
Conflict of interest: none declared.
The opinions expressed in this article are not necessarily those of the Editors of the European Heart Journal in this article or of the European Society of Cardiology.