New guidelines come on the heels of recommendations covering post-market modifications to AI products, including those incorporated into systems used by clinical laboratories
Artificial intelligence (AI) is booming in healthcare, and as the technology finds its way into more medical devices and clinical laboratory diagnostic test technologies the US Food and Drug Administration (FDA) has stepped up its efforts to provide regulatory guidance for developers of these products. This guidance will have an impact on the development of new lab test technology that uses AI going forward.
In December, the FDA issued finalized recommendations for submitting information about planned modifications to AI-enabled healthcare products. Then, in January, the federal agency issued draft guidance that covers product management and marketing submission more broadly. It is seeking public comments on the latter document through April 7.
“The FDA has authorized more than 1,000 AI-enabled devices through established premarket pathways,” said Troy Tazbaz, director of the Digital Health Center of Excellence at the FDA’s Center for Devices and Radiological Health, in a press release announcing the draft guidance.
This guidance “would be the first to provide total product life cycle recommendations for AI-enabled devices, tying together all design, development, maintenance and documentation recommendations, if and when finalized,” Healthcare IT News reported.
“Today’s draft guidance brings together relevant information for developers, shares learnings from authorized AI-enabled devices, and provides a first point-of-reference for specific recommendations that apply to these devices, from the earliest stages of development through the device’s entire life cycle,” said Troy Tazbaz (above), director of the Digital Health Center of Excellence at the FDA Center for Devices and Radiological Health, in a press release. The new guidance will likely affect the development of new clinical laboratory diagnostic technologies that use AI. (Photo copyright: LinkedIn.)
Engaging with FDA
One key takeaway from the guidance is that manufacturers “should engage with the FDA early to ensure that the testing to support the marketing submission for an AI-enabled device reflects the agency’s total product lifecycle, risk-based approach,” states an analysis from consulting firm Orrick, Herrington and Sutcliffe LLP.
Another key point is transparency, Orrick noted. For example, manufacturers should be prepared to offer details about the inputs and outputs of their AI models and demonstrate “how AI helps achieve a device’s intended use.”
Manufacturers should also take steps to avoid bias in data collection for these models. For example, they should gather evidence to determine “whether a device benefits all relevant demographic groups similarly to help ensure that such devices are safe and effective for their intended use,” Orrick said.
New Framework for AI in Drug Development
On the same day that FDA announced the device guidelines, the agency also proposed a framework for regulating use of AI models in developing drugs and biologics.
“AI can be used in various ways to produce data or information regarding the safety, effectiveness, or quality of a drug or biological product,” the federal agency stated in a press release. “For example, AI approaches can be used to predict patient outcomes, improve understanding of predictors of disease progression and process, and analyze large datasets.”
The press release noted that this is the first time the agency has proposed guidance on use of AI in drug development.
These include “bias and reliability problems due to variability in the quality, size, and representativeness of training datasets; the black-box nature of AI models in their development and decision-making; the difficulty of ascertaining the accuracy of a model’s output; and the dangers of data drift and a model’s performance changing over time or across environments. Any of these factors, in FDA’s thinking, could negatively impact the reliability and relevancy of the data sponsors provide FDA.”
The FDA also plans to participate in direct testing of AI-enabled healthcare tools. In October, the FDA and the Department of Veterans Affairs (VA) announced that they will launch “a joint health AI lab to evaluate promising emerging technologies,” according to Nextgov/FCW.
Elnahal said the facility will allow federal agencies and private entities “to test applications of AI in a virtual lab environment.” The goal is to ensure that the tools are safe and effective while adhering to “trustworthy AI principles,” he said.
“It’s essentially a place where you get rapid but effective evaluation—from FDA’s standpoint and from VA’s standpoint—on a potential new application of generative AI to, number one, make sure it works,” he told Nextgov/FCW.
He added that the lab will be set up with safeguards to ensure that the technologies can be tested safely.
“As long as they go through the right security protocols, we’d essentially be inviting parties to test their technology with a fenced off set of VA data that doesn’t have any risk of contagion into our actual live systems, but it’s still informative and simulated,” he told Nextgov/FCW.
There has been an explosion in the use of AI, machine learning, deep learning, and natural language processing in clinical laboratory diagnostic technologies. This is equally true of anatomic pathology, where AI-powered image analysis solutions are coming to market. That two federal agencies are motivated to establish guidelines on working relationships for evaluating the development and use of AI in healthcare settings tells you where the industry is headed.
“The SDPR will consolidate geographically fragmented EMR, PAS, and LIMS systems to create a detailed lifelong patient record and deliver cost savings,” NSW Health said in a news release.
NSW Health is the largest public health system in Australia with more than 220 public hospitals, 16 Local Health Districts, and three Specialty Networks. NSW Health Pathology operates more than 60 pathology laboratories (clinical laboratories in the US) and has 150 patient service centers.
“While this initiative will provide untold benefits to all the patients of NSW, we are excited about its potential for improving the health outcomes of our regional patients,” said Andrew Montague (above), former Chief Executive, Central Coast Local Health District in a press release. “By enabling greater collaboration across all local health districts and specialty health networks, the Single Digital Patient Record will provide clinicians with even better tools to keep the patient at the center of everything we do.” This project is more market evidence of the trend to bring clinical laboratory test results from multiple lab sites into a single data repository. (Photo copyright: Coast Community News.)
Cloud-based Realtime Access to Patient Records
Australia has a population of about 26 million and New South Wales, a state on the east coast, is home to more than eight million people. Though the scale of healthcare in Australia is much smaller than in the US, this is still a major project to pull patient data together from all the NSW hospitals, physicians’ offices, and other healthcare providers such as clinical laboratories and pathology practices.
With the change, NSW clinicians will benefit from a cloud–based system offering up real-time access to patients’ medical records, NSW Health Pathology Chief Executive Tracey McCosker told ITnews.
“Patients and our busy staff will benefit from clinical insights gained from the capture of important new data. Our work in pathology is vital to the diagnostic process and developing a statewide laboratory information management system will ensure we provide the best possible services,” McCosker told ITnews.
The KLAS Research report, “US Hospital Market Share 2022,” states that Epic, located in Verona, Wisconsin, has the largest US electronic health record (EHR) market share, Healthgrades noted. According to KLAS:
NSW Health’s decision to engage Epic came after a process involving 350 clinicians, scientists, and technical experts, Zoran Bolevich, MD, Chief Executive of eHealth NSW and NSW Health’s Chief Information Officer, told ITnews.
NSW Health’s Goal for Statewide Digital Patient Record
It was in December 2020 when NSW Health announced its plan to create the SDPR.
“Our vision is to be able to provide a single, holistic, statewide view of every patient—and for that information to be readily accessible to anyone involved in the patient’s care,” Bolevich said in the news release.
The SDPR, according to NSW Health, will address the following:
Challenges:
Current systems not connected statewide.
Inaccessible patient data.
Duplicative data collection.
Gaps in decision-making.
Goals:
Improve health outcomes.
Create patient centricity.
Leverage insights.
NSW’s government has already invested more than $106 million in the SDPR, Healthcare IT News reported.
Other Large EHR Rollouts
NSW Health is not the only large organization to take on such an ambitious project of creating a large-scale digital patient record. And not always to a successful conclusion.
The US Department of Veterans Affairs (VA)—also intent on EHR modernization—recently announced it is suspending roll-out of the Oracle Cerner EHR at VA centers until June 2023 to address technical issues affecting appointments, referrals, and test results.
Four VA centers in Washington, Oregon, and Ohio already went live with the system in 2022.
“We are delaying all future deployments of the new EHR while we fully assess performance and address every concern. Veterans and clinicians deserve a seamless, modernized health record system, and we will not rest until they get it,” said Deputy Secretary of Veterans Affairs Donald Remy, JD, in a news release.
For its part, Oracle Cerner wrote federal lawmakers noting the importance of continuing the project, which will move the VA away from its former VistA health information system.
“Modernization requires change and some short-term pain for the long-term benefits of a modern technology infrastructure,” noted Oracle Cerner Executive Vice President Ken Glueck in the letter, Becker’s Health IT reported. “A modernization project of this scale and scope necessarily involves time to untangle the decades of customized processes established in support of VistA, which inevitably involves challenges.”
NSW Health’s goal is to build a single repository of health information—including lab test results from multiple clinical laboratory sites. When finished NSW Health expects that sharing patient data will contribute to producing better healthcare outcomes.
However, the VA’s experience—and several other similar attempts at large-scale electronic patient record installations—suggest the work ahead will not be easy. But for NSW Health, it may be worth the effort.
Recent attacks illustrate how costly a security breach can be and why clinical laboratories and pathology groups must work to protect their information systems from ransomware attacks
Therefore, it is crucial clinical laboratories and pathology groups have a cybersecurity strategy in place for dealing with ransomware attacks. Running security drills may need to be part of that strategy. Managers and employees should undergo specific training and vendors must be vetted carefully. Without such a strategy, the question is not if an attack will happen, but rather when an attack will succeed.
Ransomware Attackers are Getting Better
“Ransomware is increasing in sophistication; it’s increasing in prevalence. The purveyors of ransomware are generally reinvesting the fees that they collect from the entities they extort to acquire more capabilities,” Beau Woods, Senior Advisor at the federal Cybersecurity and Infrastructure Security Agency (CISA), told The San Diego Tribune.
“They’re getting better, they’re getting more frequent, particularly during the pandemic where we’ve opened up more connectivity to allow more remote work,” he added.
The Scripps Health attack is notable for several reasons, with one being the length of the outage it caused. The attack was first detected on May 1 of this year. It took four weeks before Scripps could restore most of its network and get its Epic EHR back online, Health IT Security reported.
However, the ransomware attack on Universal Health Services (NYSE:UHS) may be the biggest attack so far. It took place on September 27, 2020, and caused a three-week outage. The company told The San Diego Tribune the incident had a $67 million impact on operations.
According to HIPAA Journal, “The phone system was taken out of action, and without access to computers and electronic health records, employees had to resort to pen and paper to record patient information. In the early hours after the attack occurred, the health system diverted ambulances to alternative facilities and some elective procedures were either postponed or diverted to competitors. Patients reported delays receiving test results while UHS recovered from the attack.”
At Utah Pathology Services, an employee e-mail hack resulted in the potential exposure of patient data. The malicious actors attempted to divert funds intended for a physician but failed to do so. However, the information of 112,000 patients was accessible to the hacker during the attempt.
“The compromised data varied by patient but could include names, contact information, insurance details such as ID and group numbers, medical and health information like internal records numbers and clinical and diagnostic information, and some Social Security numbers,” Health IT Security reported.
“We are seeing adversaries that are targeting our pharmaceutical companies, pharmaceutical research, laboratory companies, testing and really even out into the future manufacturing of the vaccine systems,” Bryan S. Ware (above left) Assistant Director for Cybersecurity for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) told CyberScoop. CISA Director Christopher Krebs (above right) added, “At the onset of the COVID-19 pandemic, we recognized just how vital the healthcare sector was to the response and we established Project Taken to bring to bear the government’s particular set of skills to protect those organizations.” (Photo copyrights: CyberScoop/Business Insider.)
Value of Patient Data on the Dark Web is Increasing
In the case of the Utah Pathology Services attack, the hackers were specifically after money. However, according to cybersecurity company SecureLink, patient records are “the new prize” for hackers. Healthcare data carries a value of its own on the digital black market. In fact, healthcare data is more valuable than credit card or banking data.
“Healthcare data is valuable on the black market because it often contains all of an individual’s personally identifiable information, as opposed to a single marker that may be found in a financial breach,” SecureLink wrote in a blog post.
A 2018 Trustwave Global Security Report estimated that a healthcare record is worth about $250. Trustwave, however, estimated the value of a banking record at less than $5. That strongly suggests health records are increasing in value.
And even after a healthcare entity has regained control of its IT infrastructure, the hacker still has possession of the stolen patient information. It may take weeks or years for the hacker to sell that information, meaning the breach represents a continuing threat to the healthcare organization and its patients.
Clinical Laboratories Must Prepare for an Attack
Simply understanding the threat is not enough. Clinical laboratory and pathology group managers must have robust plans in place for both protecting patient information and for dealing with a security breach should one occur.
According to a Health IT Security report, “The ransomware attack that struck all 400 UHS care sites and caused three weeks of EHR downtime in September, cost the health system $67 million in recovery costs and lost revenue.”
The report added, “Security researchers have long-recommended the need for providers to shift into a proactive security model, like zero trust. Recent reports show successful cyberattacks on healthcare providers doubled in the last year, with at least 560 providers falling victim to ransomware.”
To deal with the ransomware attacks, we wrote, “CISA, FBI, and HHS advise against paying ransoms. ‘Payment does not guarantee files will be recovered,’ the advisory states. ‘It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.’ The federal agencies advise organizations to take preventive measures and adopt plans for coping with attacks.
“The advisory suggests:
Training programs for employees, including raising awareness about ransomware and phishing scams. Organizations should ‘ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.’
Regular backups of data and software. These should be ‘maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups.’ Personnel should also test the backups.
Continuity plans in case information systems are not accessible. For example, organizations should maintain ‘hard copies of digital information that would be required for critical patient healthcare.’”
Given the enormous amounts of money hackers can earn from selling protected health information on the Dark Web, it is a near certainty these attacks will continue. Clinical laboratory and anatomic pathology group managers would be well advised to plan for the inevitability that their health system will be targeted.
Could clinical laboratories use texting to improving patient compliance with the medical laboratory test orders given to them by their doctors?
California’s largest physician-owned medical practice has
employed text messaging to reduce patient no-shows. Just as other innovations such
as same-day walk-in clinical laboratory
testing and patient at-home self-testing made it easier for patients to comply
with physicians’ lab test orders, text messaging appears to help get more
patients through the doors and into doctors’ exam rooms.
At least that’s the experience at Riverside Medical Clinic
(RMC) in Riverside, Calif. The multi-specialty practice has more than 170
providers who see more than 400,000 patients annually. After struggling to
lower its 15% baseline no-show rate using a phone-only reminder system, RMC turned
to a two-way texting appointment reminder system from Santa Barbara, Calif.-based
WELL Health (WELL).
According to a case
study, prior to the texting
system implementation, no-shows were costing RMC more than $3 million per year.
“The problem we were trying to resolve was getting a hold of our
patients in an expedient manner without having to do redundant work,” Diego
Galvez-Ramirez, Associate Vice President, Patient Business Services at
Riverside Medical Clinic, told Healthcare IT News. “We wanted to
give time back to our staff. A big frustration was not having enough time for
staff to accomplish their duties.”
After RMC implemented WELL’s HIPAA-compliant text-based reminder
system, front office efficiency and productivity improved, and the practice
experienced a 33% decrease in appointment no-shows.
Additionally:
No-shows decreased from 15% to 10% within the
first month of going live across the enterprise.
Confirmed appointments rose from 29.45% to
94.45%, translating to a savings of more than $40,000 in two months.
91% of patients who confirmed via WELL presented
for their visit.
Phone volume at RMC’s two call centers decreased
by 4% to 6%.
Galvez-Ramirez suggests that healthcare providers—including
clinical laboratories and anatomic pathology groups—keep pace with the
realities of today’s connected world. “Most of the time, the cell phone is not
used to make phone calls,” he told Healthcare IT News. “You have to adapt
to the new ways that your patients want and are used to communicating.
“In our environment,” he continued, “you also have to be
quick to respond to your patients. No patient wants to spend unnecessary time
on a phone call. Being able to send them their appointment to their phone is
not a new concept, it’s an expectation.”
Based on an Axway survey of 1,200 smartphone users aged 18-60, the graphic above supports the view that text messaging is now the preferred method of communications for most people. Could clinical laboratories employ text messaging to lower patient no-shows and increase the proportion of patients who actually show up at a patient service center to provide a specimen in response to the medical laboratory test orders given to them by their physicians? (Graphic copyright: MakingCharts.com/Axway.)
The WELL messaging app draws a patient’s information from the
physician’s electronic
health record (EHR) system to configure the appointment reminder. This
includes appointment type, date/time, and location. Based on the patient’s
preferred method, the system sends reminder messages via phone, text, or e-mail.
As Healthcare IT News noted, WELL’s competitors in the
patient communication space include:
Texting Reduces No-Shows at Other Healthcare Networks
Other healthcare organizations also have replicated RMC’s
success in reducing its no-show rates by moving away from telephone-based
reminders.
An Athena Health
study examined 54.3 million patient visits in 2015 and found no-show rates
dropped to 4.4% when patients received a reminder text from their provider. By
comparison:
Athena patients who received a phone call
instead of a text failed to show up 9.4% of the time;
E-mail reminders resulted in a 5.9% no-show rate;
and,
10.5% of patients who received no form of
reminder message missed their appointments.
Is Texting Secure and HIPAA Compliant?
A 2018 poll conducted by the Medical
Group Management Association (MGMA) found that 68% of healthcare organizations
used text messaging to communicate with patients about appointments. But is it
secure?
An MGMA
article notes that according to HIPAA Journal,
“Recent changes to HIPAA
have introduced new rules relating to how Protected
Health Information (PHI) should be communicated and many healthcare
organizations and other covered entities are now at risk of financial sanctions
and legal action should an avoidable breach of PHI occur.” The MGMA goes on to
state that, “As text messaging is not typically a fully-secure channel for the
communication of PHI, practices must be vigilant when sending information via
text messages.”
With proper training and precautions, clinical laboratories and
pathology groups might want to add text messaging to their patient outreach
programs. Data indicate that doing so could improve patient compliance with the
medical lab test orders given to them by their physicians. Industry experts
estimate that for every 100 medical lab test requests written by providers,
only about 60% of patients show up to provide the specimens needed for a lab to
perform those tests. Improving on those numbers would help clinical
laboratories and patients alike.
As the Medicare program expands telemedicine services, the opportunity may arise for sub-specialist pathologists to offer consultation services across state lines
More use of telemedicine across state borders has long been predicted as a way to improve access to care—particularly for patients in rural areas—as well as to give physicians and patients access to talented sub-specialists. Within the anatomic pathology profession, however, there are probably as many pathologists who view telemedicine across states lines to be a threat as there are pathologists who see it as an opportunity to raise the quality of care.