Declining health of UK’s population also affecting performance of the country’s national health service, report notes
England’s National Health Service (NHS) is “in serious trouble” due to long waiting times, outdated technology, misallocated resources, and numerous other problems, with dire consequences for the country’s populace. That’s according to a new report by NHS surgeon and former Health Minister Lord Ara Darzi, OM KBE FRS FMedSci HonFREng, who was tasked by the United Kingdom’s new Labor government to investigate the ailing healthcare system. His report may contain lessons for US healthcare—including clinical laboratories—as well.
“Although I have worked in the NHS for more than 30 years, I have been shocked by what I have found during this investigation—not just in the health service but in the state of the nation’s health,” Darzi stated in a UK government press release. “We want to deliver high quality care for all but far too many people are waiting for too long and in too many clinical areas, quality of care has gone backwards.”
Many of the problems he identified relate to wait times.
“From access to GPs (general practitioners) and to community and mental health services, on to accident and emergency, and then to waits not just for more routine surgery and treatment but for cancer and cardiac services, waiting time targets are being missed,” he wrote in his report.
For example, “as of June 2024, more than one million people were waiting for community services, including more than 50,000 people who had been waiting for over a year, 80% of whom are children and young people,” he wrote.
Accident and emergency care (A/E) “is in an awful state,” the report noted, “with A/E queues more than doubling from an average of just under 40 people on a typical evening in April 2009 to over 100 in April 2024. One in 10 patients are now waiting for 12 hours or more.”
“In the last 15 years, the NHS was hit by three shocks—austerity and starvation of investment, confusion caused by top-down reorganization, and then the pandemic which came with resilience at an all-time low. Two out of three of those shocks were choices made in Westminster,” said NHS surgeon and former Health Minister Lord Ara Darzi in a government press release. “It took more than a decade for the NHS to fall into disrepair so it’s going to take time to fix it. But we in the NHS have turned things around before, and I’m confident we will do it again.” (Photo copyright: Health Data Research UK.)
Delays in Other Critical Tests
Genetic test results are lagging as well. “In 2024, more than 35,000 genomic tests are being completed each month but only around 60% on time,” Darzi wrote.
He also noted that “only around 5% of eligible patients with brain cancer are able to access whole genome sequencing (WGS), which is important for treatment selection.” Just two-thirds (65.8%) get their first treatment within 62 days, and more than 30% wait more than 31 days for radical radiotherapy, according to the report.
Overall, “the UK has appreciably higher cancer mortality rates than other countries, with no progress whatsoever made in diagnosing cancer at stage one and two between 2013 and 2021,” he wrote.
Patients have also experienced delays in access to cardiovascular treatment. For example, in 2013-2014, high-risk heart attack patients waited an average of 114 minutes for intervention to unblock an artery, Darzi noted in his report. However, in 2022-2023, the average time was 146 minutes, a 28% increase.
“For the most part, once people are in the system, they receive high quality care,” he wrote. “But there are some important areas of concerns, such as maternity care, where there have been a succession of scandals and inquiries.”
Key Factors Leading to Delays
Darzi pointed to four key factors that have led to the problems.
Lack of funding. “The 2010s was the most austere decade since the NHS was founded, with spending growing at around 1% in real terms,” Darzi wrote, compared with a long-term average of 3.4%.
One result was that administrators took funds from the capital budget to cover day-to-day needs, leading to “crumbling buildings that hit productivity,” he noted.
“The backlog maintenance bill now stands at more than £11.6 billion and a lack of capital means that there are too many outdated scanners, too little automation, and parts of the NHS are yet to enter the digital era,” he wrote.
The COVID-19 pandemic. Given the preceding “decade of austerity,” NHS had fewer resources to deal with the crisis than most other high-income health systems, he wrote. As a result, NHS “delayed, cancelled, or postponed far more routine care during the pandemic than any comparable health system.” This led to “a bigger backlog than other health systems.”
Lack of patient and staff engagement. Patient satisfaction “has declined and the number of complaints has increased, while patients are less empowered to make choices about their care,” he wrote. In addition, “too many staff have become disengaged, and there are distressingly high-levels of sickness absence—as much as one working month a year for each nurse and each midwife working in the NHS.”
Management structures and systems. Darzi laid considerable blame on the UK’s Health and Social Care Act of 2012, which led to what he described as “a costly and distracting process of almost constant reorganization of the ‘headquarters’ and ‘regulatory’ functions of the NHS.”
One consequence, he wrote, is that too many clinicians have been deployed in hospitals instead of community-based care, despite years of promises by successive governments to put more emphasis on the latter.
National Health in Decline
Along with issues within the NHS, “the health of the nation has deteriorated and that impacts its performance,” Darzi wrote. “There has been a surge in multiple long-term conditions, and, particularly among children and young people, in mental health needs. Fewer children are getting the immunizations they need to protect their health, and fewer adults are participating in some of the key screening programs, such as for breast cancer.”
Darzi’s investigation included frontline visits to NHS facilities as well as focus groups with NHS staff and patients, the press release states. He also consulted an expert reference group consisting of more than 70 organizations and examined analyses from NHS England, the UK’s Department of Health and Social Care, and external groups.
It is interesting that there is no mention of anatomic pathology and medical laboratory testing services in Lord Darzi’s report. As reported in recent years by new outlets in the United Kingdom, delays in cancer diagnoses—often as long as six months—were severe enough that, in 2018, the NHS announced funding for a program to create a national digital pathology network to improve productivity of pathologists and shorten wait times for the results of cancer tests.
Researchers note that many sources of errors associated with diagnostic testing involve how providers order tests and how specimens are handled
ECRI (Emergency Care Research Institute), a non-profit organization that focuses on healthcare quality and patient safety, has released results from a study which lays blame for most diagnostic errors on systemic issues that arise during clinical laboratory, radiology, and other diagnostic testing processes. These issues relate to “ordering, collecting, processing, obtaining results, or communicating results,” the organization stated in a news release.
“It’s a common misconception that if a patient has a missed or incorrect diagnosis, their doctor came up with the wrong hypothesis after having all the facts,” said ECRI President and CEO Marcus Schabacker MD, PhD, in the news release. “That does happen occasionally, but we found that was tied to less than 3% of diagnostic errors. What’s more likely to break the diagnostic process are technical, administrative, and communication-related issues. These represent system failures, where many small mistakes lead to one big mistake.”
The researchers based their analysis on reports of adverse patient safety events and “near-misses” submitted to ECRI and the Institute for Safe Medication Practices (ISMP) in 2023. Healthcare providers submitted the data from across the US, ECRI noted.
From a total of 3,014 patient safety events, ECRI determined that 1,011 were related to diagnostic errors. Then, it sorted the events based on “the appropriate step in the diagnostic process where the breakdown occurred,” according to the news release.
ECRI did not reveal how many errors were related to clinical laboratory testing as opposed to radiological or ultrasound imaging.
“The problem of diagnostic safety comes down to the lack of a systems-based approach,” said ECRI President and CEO Marcus Schabacker MD, PhD (above), in a news release. “Since there are multiple potential failure points, a single intervention is insufficient.” Diagnostic errors can also include imaging/radiology and other types of diagnostic procedures—not just clinical laboratory tests. (Photo copyright: ECRI.)
Where Errors Occur
According to ECRI’s analysis, the largest number of errors by far (nearly 70%) happened during the clinical laboratory testing process. Among these, “more than 23% were a result of a technical or processing error, like the misuse of testing equipment, a poorly processed specimen, or a clinician lacking the proper skill to conduct the test,” ECRI stated. “Another 20% of testing errors were a result of mixed-up samples, mislabeled specimens, and tests performed on the wrong patient.”
Outside the testing process, other errors occurred during monitoring and follow-up (12%) and during referral and consultation (9%).
One major factor behind diagnostic errors, ECRI noted, was miscommunication among providers and between providers and patients.
The organization also cited “productivity pressures that prevent providers from exploring all investigative options or from consulting other providers” as leading to diagnostic errors.
In some cases, providers who ordered lab tests delayed reviewing the results or the patients were not notified of the results.
“Referrals to specialists or requests for additional consultations can complicate the process, presenting more potential failure points,” ECRI noted.
Troubling Imaging Anecdotes, Previous Studies
The ECRI news release cites two de-identified patient stories, both related to imaging. One case involved a woman who “experienced abdominal pain and abnormal vaginal bleeding,” but a diagnosis of uterine cancer was delayed nearly a year. “MRIs were ordered, but not all the results were reviewed, as her symptoms worsened. Despite masses being detected on an ultrasound, a missed appointment and communication barriers delayed her diagnosis. She was finally diagnosed after severe pain led to hospitalization.”
In one “near-miss” incident, a patient did not receive an essential carotid ultrasound procedure prior to being scheduled for open-heart surgery. Staff caught the omission and canceled the surgery. A later ultrasound “revealed he would have had a catastrophic surgical outcome if the surgery had proceeded as scheduled,” ECRI stated.
Two earlier studies noted in the news release highlight the impact of diagnostic errors.
A 2017 study, published in the journal BMJ Quality Safety, estimated that diagnostic errors affect approximately 5% of US adults—a total of 12 million—each year. In that paper, the authors combined estimates from three observational studies that defined diagnostic error in similar ways.
“Based upon previous work, we estimate that about half of these errors could potentially be harmful,” the authors wrote.
And a 2024 study published in the same journal estimated that 795,000 Americans die or become permanently disabled each year due to misdiagnosis of dangerous diseases. “Just 15 diseases account for about half of all serious harms, so the problem may be more tractable than previously imagined,” the authors wrote.
Recommendations for Providers, Labs
ECRI advised that healthcare providers should adopt a “total systems safety approach and human-factors engineering” to reduce diagnostic errors. This is good advice for clinical laboratories as well.
Specific steps should include “integrating EHR workflows, optimizing testing processes, tracking results, and establishing multidisciplinary diagnostic management teams to analyze safety events,” the news release states.
Schabacker also advised patients to “ask questions to understand why their doctor is ordering tests, and are those tests urgent,” he said. “Schedule your appointments and tests quickly and follow up with your provider if you’re awaiting results. If possible, ask a family member or friend to join you in important appointments, to help ask questions and take notes.”
Clinical laboratory managers have been alerted to the involvement of lab testing in incidents of medical errors. This report by ECRI is more evidence of the gaps in care delivery that often contribute to medical error. Medical lab professionals may want to review the ECRI report to learn more about what the authors identify as the specific breakdowns in care processes that contribute to medical errors.
Program is open to providers that exclusively offer telehealth services, and those providers that offer the telehealth services to other hospitals
In another sign that telehealth is now an established presence in the healthcare marketplace, The Joint Commission recently implemented a new Telehealth Accreditation Program. The initiative, which took effect on July 1, 2024, aims to provide “updated, streamlined standards” enabling “safe, high-quality” delivery of telehealth services to patients, according to a press release. The organization announced the program in April.
Dark Daily has regularly commented on the importance for clinical laboratories to recognize this trend and add the necessary services to meet the expectations and needs of telehealth/virtual doctor visits where the physician orders medical laboratory tests for the patient.
“The use of telehealth in the United States increased 154% during early stages of the COVID-19 pandemic and stabilized at levels 38 times higher than levels in 2019,” said Joint Commission President and CEO Jonathan B. Perlin, MD, PhD, in the press release.
“As telehealth continues to evolve, it was imperative to create a new accreditation program to provide a framework to support the integrity of patient safety regardless of the care setting,” he added.
The accrediting organization is reacting to market demand. Patient and doctor acceptance of virtual doctor visits and telehealth consults is now an established fact.
[PHOTO OF PERLIN HERE]
“Our new Telehealth Accreditation Program helps organizations standardize care and reduce risk so that all patients, including those obtaining services remotely, receive the safest, highest-quality care with outcomes consistent with traditional settings,” said Jonathan B. Perlin, MD, PhD (above), President/CEO, The Joint Commission, in a press release. Clinical laboratory accreditation nationwide is also handled by the not-for-profit organization. (Photo copyright: International Hospital Federation.)
Eligibility
The Joint Commission describes itself as “the nation’s oldest and largest standards-setting and accrediting body in healthcare.” The not-for-profit organization certifies more than 22,000 healthcare providers in the US, according to its website, including hospitals and medical laboratories. Its evaluations are based on surveys in which qualified experts conduct inspections of the facilities to ensure compliance with patient safety and quality standards.
Accreditation is not mandatory, however many states have licensing, certification, or contracting requirements that mandate accreditation by The Joint Commission or other accrediting bodies.
The program is open to providers that exclusively offer healthcare services “via telehealth or remote patient monitoring, with no in-person visits or encounters,” according to The Joint Commission website. This can include organizations that provide:
Primary care, specialty care, or urgent care,
Medical or behavioral consultation,
Remote patient monitoring, and
TeleICU, telestroke, telepsychiatry, or teleimaging services to hospitals.
Hospitals or other healthcare providers can also apply if they have contracts to offer “care, treatment, and services via telehealth to another organization’s patients,” The Joint Commission states. Examples include acute care or psychiatric hospitals that provide telehealth services to other facilities. In this case, the hospitals can obtain telehealth accreditation for the contracted services while maintaining their current accreditation for services provided onsite.
Requirements for Certification
The requirements for accreditation are similar to those in other Joint Commission programs, the organization says. This includes “requirements for information management, leadership, medication management, patient identification, documentation, and credentialing and privileging.”
In addition, it includes requirements specific to telehealth. For example, emergency management requirements have been streamlined to account for services provided remotely. It also contains standards related to telehealth equipment as well as provider and patient education about use of the technology.
“Additionally, the program’s standards may be filtered based on the telehealth modality or service provided,” the organization’s website notes.
Other Accrediting Organizations
The Joint Commission is not the only organization that offers telehealth accreditation or certification. The Utilization Review Accreditation Commission (URAC) provides accreditation programs for telehealth and remote patient monitoring, as well as a certification program for telehealth support services.
The telehealth accreditation program consists of three modules accounting for different forms of delivery:
Provider-to-provider (one provider offers services such as consultation to another provider).
The accreditation process takes up to four months, URAC says.
The Accreditation Commission for Health Care (ACHC) offers what it describes as a telehealth “Distinction” for certain kinds of healthcare providers that it has accredited, including:
Additionally, in April 2022, ACHC announced a telehealth certification program open to “any healthcare provider or organization that delivers health-related services via electronic information and telecommunication technologies,” regardless of whether they are accredited, according to a press release.
“The pandemic really pushed healthcare providers to adopt and grow telehealth services to maintain access for patients and, as a result, many of our clients were seeking ways to optimize this offering in the context of providing quality services,” said program director Teresa Hoosier, RN, in the press release. “ACHC Telehealth Certification establishes national standards. It promotes best practices for digital healthcare services. Certification confirms quality, safety, and consistency—strengthening trust in an organization and assuring patients that they are receiving the best care possible.”
This development is a reminder that clinical laboratory managers need a consumer/patient focused strategy and operational capability to collect specimens and provide medical laboratory tests for telehealth visits when the doctors order tests. It confirms that the trend of consumers/patients using remote healthcare is real, robust, and has legs.
Another report finds nearly half of all healthcare systems planning to opt out of Medicare Advantage plans because of issues caused by prior authorization requirements
Prior-authorization is common and neither healthcare providers (including clinical laboratories) nor Medicare Advantage (MA) health plans are happy with the basic process. Thus, labs—which often must get prior-authorization for molecular diagnostics and genetic tests—may learn from a recent KFF study of denial rates and successful appeals.
“While prior authorization has long been used to contain spending and prevent people from receiving unnecessary or low-value services, it also has been [the] subject of criticism that it may create barriers to receiving necessary care,” KFF, a health policy research organization, stated in a news release.
Nearly all MA plan enrollees have to get prior authorization for high cost services such as inpatient stays, skilled nursing care, and chemotherapy. However, “some lawmakers and others have raised concerns that prior authorization requirements and processes, including the use of artificial intelligence to review requests, impose barriers and delays to receiving necessary care,” KFF reported.
“Insurers argue the process helps to manage unnecessary utilization and lower healthcare costs. But providers say prior authorization is time-consuming and delays care for patients,” Healthcare Dive reported.
“There are a ton of barriers with prior authorizations and referrals. And there’s been a really big delay in care—then we spend a lot of hours and dollars to get paid what our contracts say,” said Katie Kucera (above),Vice President and CFO, Carson Tahoe Health, Carson City, Nev., in a Becker’s Hospital CFO Report which shared the health system’s plan to end participation in UnitedHealthcare commercial and Medicare Advantage plans effective May 2025. Clinical laboratories may want to review how test denials by Medicare Advantage plans, and the time cost of the appeals process, affect the services they provide to their provider clients. (Photo copyright: Carson Tahoe Health.)
Key Findings of KFF Study
To complete its study, KFF analyzed “data submitted by Medicare Advantage insurers to CMS to examine the number of prior authorization requests, denials, and appeals for 2019 through 2022, as well as differences across Medicare Advantage insurers in 2022,” according to a KFF issue brief.
Here are key findings:
Requests for prior authorization jumped 24.3% to 46 million in 2022 from 37 million in 2019.
More than 90%, or 42.7 million requests, were approved in full.
About 7.4%, or 3.4 million, prior authorization requests were fully or partially denied by insurers in 2022, up from 5.8% in 2021, 5.6% in 2020, and 5.7% in 2019.
About 9.9% of denials were appealed in 2022, up from 7.5% in 2019, but less than 10.2% in 2020 and 10.6% in 2021.
More than 80% of appeals resulted in partial or full overturning of denials in the years studied. Still, “negative effects on a person’s health may have resulted from delay,” KFF pointed out.
KFF also found that requests for prior authorization differed among insurers. For example:
Humana experienced the most requests for prior authorization.
Among all MA plans, the share of patients who appealed denied requests was small. The low rate of appeals may reflect Medicare Advantage plan members’ uncertainty that they can question insurers’ decisions, KFF noted.
It’s a big market. Nevertheless, “between onerous authorization requirements and high denial rates, healthcare systems are frustrated with Medicare Advantage,” according to a Healthcare Financial Management Association (HFMA) survey of 135 health system Chief Financial Officers.
According to the CFOs surveyed, 19% of healthcare systems stopped accepting one or more Medicare Advantage plans in 2023, and 61% are planning or considering ending participation in one or more plans within two years.
“Nearly half of health systems are considering dropping Medicare Advantage plans,” Becker’s reported.
Federal lawmakers acted, introducing three bills to help improve timeliness, transparency, and criteria used in prior authorization decision making. Starting in 2023, KFF reported, the federal Centers for Medicare and Medicaid Services (CMS) published final rules on the bills:
Rule One (effective June 5, 2023), “clarifies the criteria that may be used by Medicare Advantage plans in establishing prior authorization policies and the duration for which a prior authorization is valid. Specifically, the rule states that prior authorization may only be used to confirm a diagnosis and/or ensure that the requested service is medically necessary and that private insurers must follow the same criteria used by traditional Medicare. That is, Medicare Advantage prior authorization requirements cannot result in coverage that is more restrictive than traditional Medicare.”
Rule Two (effective April 8, 2024), is “intended to improve the use of electronic prior authorization processes, as well as the timeliness and transparency of decisions, and applies to Medicare Advantage and certain other insurers. Specifically, it shortens the standard time frame for insurers to respond to prior authorization requests from 14 to seven calendar days starting in January 2026 and standardizes the electronic exchange of information by specifying the prior authorization information that must be included in application programming interfaces starting in January 2027.”
Rule Three (effective June 3, 2024), requires “Medicare Advantage plans to evaluate the effect of prior authorization policies on people with certain social risk factors starting with plan year 2025.”
KFF’s report details how prior authorization affects patient care and how healthcare providers struggle to get paid for services rendered by Medicare Advantage plans amid the rise of value-based reimbursements.
Clinical laboratory leaders may want to analyze their test denials and appeals rates as well and, in partnership with finance colleagues, consider whether to continue contracts with Medicare Advantage health plans.
Request for money upfront comes at a time when many patients already struggle with medical debt
In its reporting of healthcare trends gathering momentum, a national newspaper caused quite a stir this spring when it published a story documenting how some hospitals now require patients to pay in advance of specified surgeries and procedures. Hospitals are recognizing what clinical laboratories have long known—a larger proportion of Americans do not have the cash to pay a medical bill.
Hospitals and surgery centers are requesting advanced payment for elective procedures such as knee replacements, CT scans, and childbirth procedures, according to an Advisory Board daily briefing.
“In some cases, they may also have a contract with an insurance company. And in that contract are terms that stipulate hospitals need to collect deductibles or co-insurance before a procedure,” Evans added.
According to Bankrate’s 2024 Annual Emergency Savings Report, nearly half of all American’s would be unable to pay cash for an unplanned $1,000 bill. Therefore, one wonders why hospitals would attempt to extract payments from patients in advance of medical visits and clinical laboratory testing. Wouldn’t that just reduce the number of patients electing to undergo needed surgeries and other costly procedures? Nevertheless, it appears that many hospitals struggling financially are doing just that, according to The Wall Street Journal.
Genetic testing laboratories have a similar problem because of high-deductible health plans ($5K/year for individual, $12K/year for family). It means that many patients, even with insurance, struggle to pay a $1,000 to $5,000 bill for a genetic test.
Requesting payment from patients before healthcare visits is not new. However, the practice is on the rise and comes at a time when consumers are already struggling to make ends meet.
“Hospitals collected (in Q1 2024) about 23% of what patients owed them before they set foot in a hospital or doctor’s office. That’s up from about 20% in the same period a year earlier,” said reporter Melanie Evans (above) of The Wall Street Journal, referring to data from 1,850 hospitals analyzed by Kodiak Solutions. Genetic testing laboratories experience similar challenges getting paid due to many people struggling with high deductible health plans. (Photo copyright: LinkedIn.)
Price Transparency Behind Upfront Payments
According to a recent KFF survey of US families, “about half of adults would be unable to pay an unexpected medical bill of $500 in full without going into debt.”
Regardless, asking for payment for nonemergency care has become more common as people increasingly choose health plans with high-deductibles and amid the push for greater price transparency, according to Richard Gundling, Senior Vice President, Content and Professional Practice Guidance at Healthcare Financial Management Association (HFMA), in an interview with Advisory Board.
“It’s very common if not the norm” for hospitals to give patients a cost estimate and ask for advance payment, Gundling stated during the interview.
In fact, healthcare providers and insurers are required to shared charges and estimates as part of newly implemented federal rules. According to the American Hospital Association (AHA) those statutes and rules include:
The Hospital Price Transparency Final Rule (effective January 2021) which requires hospitals to publicly post “standard charges” via machine readable files.
The No Surprises Act which mandates the sharing of “good faith estimates” with uninsured/self-pay patients for most scheduled services and also requires insurers to provide explanation of benefits to enrollees.
According to Consumer Reports, hospitals are finding consumers less reliable payers than insurance companies. “No one would say, ‘Pay up or we won’t treat you.’ But we’re saying that, ‘You have a large out-of-pocket cost, and we want to know how are you going to pay for it,’” explained Jonathan Wiik, Vice President of Health Insights at FinThrive, a revenue cycle management company.
Razor Thin Hospital Margins
For their part, hospitals, health systems, and medical practices wrote off $17.4 billion in bad debt in 2023, Kodiak Solutions, an Indianapolis-based healthcare consulting and software company, reported in a news release.
“With the amounts that health plans require patients to pay continuing to grow, provider organizations need a strategy to avoid intensifying pressure on their already thin margins,” said Colleen Hall, Senior Vice President, Revenue Cycle, Kodiak, in the news release.
“Patient collections have become an increasingly difficult challenge for hospitals due primarily to a shift in payer mix. Because of rising deductibles and increased patient responsibility, the percentage of healthcare provider revenue collected directly from patients increased to more than 30% from less than 10% over 10 years,” the HFMA noted.
Thus, the financial tension being experienced by both patients and providers, and the need for patients to prepay for some treatment, are extreme challenges. The situation may call for clinical laboratory leaders to not only focus on quality testing and efficient workflow, but also affordability and access to services.
Inability to access clinical laboratory test results forced hospitals to suspend critical procedures and surgeries causing major disruptions to healthcare
Cyberattacks continue to shut down the ability of hospitals to process orders for clinical laboratory tests, medical imaging, and prescriptions. One such cyberattack recently took place against Ascension, the largest nonprofit Catholic health system in the United States. It took more than a month for the health network’s electronic health record (EHR) system to be fully restored, according to a cybersecurity event press release.
Immediately following the event, Ascension announced it had hired a third party company to resolve the fallout from the cyberattack.
“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cybersecurity event. … Access to some systems have been interrupted … We have engaged Mandiant, a third party expert, to assist in the investigation and remediation process, and we have notified the appropriate authorities,” a press release states.
Based in Reston, Va., Mandiant is an American cybersecurity firm and a subsidiary of Google.
Cyberattacks are happening more frequently and medical professionals need to be aware that patient care can be severely disrupted by such attacks. The Ascension attack locked its employees out of the healthcare provider’s computer databases, rendering medical personnel unable to track and coordinate patient care. The health network’s EHR, phones, and databases used to order certain clinical laboratory tests, imaging services, procedures, and medications were all affected.
Hospital employees, including two doctors and a registered nurse, spoke anonymously to the Detroit Free Press regarding the issues at their facilities resulting from the cyberattack.
“It’s so, so dangerous,” said the nurse, describing the immediate aftermath of the cyberattack. “We are waiting four hours for head CT [computed tomography scan] results on somebody having a stroke or a brain bleed. We are just waiting. I don’t know why they haven’t at least paused the ambulances and accepting transfers because we physically … don’t have the capacity to care for them right now.”
“In some cases, what are supposed to be unique medical record numbers assigned to patients when they register in the emergency department at Ascension St. John [Detroit, Mich.] have been given to more than one patient at a time,” Detroit Free Press reported. “Because of that, the nurse told the Free Press she couldn’t be confident that a patient’s blood test results actually were his own.”
“We’ve started to think about these as public health issues and disasters on the scale of earthquakes or hurricanes,” Jeff Tully, MD (above), Associate Clinical Professor, Anesthesiology, and co-director of the Center for Healthcare Cybersecurity at the University of California-San Diego, told NPR. “These types of cybersecurity incidents should be thought of as a matter of when and not if,” he added. Inability to verify clinical laboratory test results or access patients’ electronic medical records endangers patients and undermines the confidence of critical healthcare workers. (Photo copyright: UC San Diego.)
Losing Track of Patients and Their Records
According to the HIPAA Journal’sH1, 2024 Healthcare Data Breach Report, “In H1 [first half of the fiscal year], 2024, 387 data breaches of 500 or more [healthcare] records were reported to OCR, which represents an 8.4% increase from H1, 2023, and a 9.3% increase from H1, 2022.”
After the Ascension cyberattack, the healthcare organization’s computer systems were inoperable, and its pharmacy services were temporarily closed. Medical orders for clinical laboratory testing, imaging tests, and prescriptions had to be handwritten on paper and faxed to appropriate departments, which led to long wait times for patients.
There were cases where singular medical record numbers were assigned to multiple patients. Staff resorted to Google documents, paper charting, and text messaging to communicate with one another. But they still lost track of some patients.
“For a lot of our nurses, they’ve never paper charted at all,” said Connie Smith, a charge capture coordinator and head of the Wisconsin Federation of Nurses and Health Professionals, in a ThinkStack blog post. “We were using forms that we pulled out of drawers that hadn’t seen the light of day in a long, long time.”
“They are texting me to find out where the patient went,” a St. John Hospital Emergency Room physician anonymously told the Free Press immediately following the Ascension cyberattack. “They don’t even know where the patient is going or if they’ve been admitted. People are getting lost.
“The pharmacy is getting requests for patient medications, and they have no idea where the patient is in the hospital,” the doctor continued. “Some of the attending physicians are putting in orders for medications, somewhat dangerous medications, and we have no idea if the medications are actually being administered. It’s a scary thing when your medical license is tied to this. If medication mistakes become lawsuits, they will follow us throughout our entire careers and that is not fair to us. It’s not fair to patients.”
According to online updates provided by Ascension, the cyberattack began when an employee downloaded a malicious file thinking it was a legitimate document. That allowed hackers to access seven of Ascension’s 25,000 servers. The resulting cyberattack stifled operations across the organization’s facilities and among its healthcare providers for weeks.
A June 12 update read, “we are pleased to announce that electronic health record (EHR) access has been restored across our ministries. This means that clinical workflow in our hospitals and clinics will function similarly to the way it did prior to the ransomware attack.” The updates did not mention how the attack was resolved or if a ransom was paid to restore the hospitals’ systems.
Preparing for System Disruptions
According to its website, St. Louis-based Ascension has 134,000 associates, 35,000 affiliated providers, and 140 hospitals serving communities in 18 states and the District of Columbia.
“Despite the challenges posed by the recent ransomware incident, patient safety continues to be our utmost priority. Our dedicated doctors, nurses, and care teams are demonstrating incredible thoughtfulness and resilience as we utilize manual and paper based systems during the ongoing disruption to normal systems,” Ascension noted in a Michigan Cybersecurity Event Update.
Clinical laboratory managers and anatomic pathology practice administrators may want to learn from Ascension’s experience and make advanced preparations that will secure patient information and enable their lab to continue functioning during a cyberattack. The Ascension cyberattack illustrates how easily computer systems containing critical information can be hacked and affect patient care.