Eric Sutherland is a Senior Health Economist at the Organisation for Economic Co-operation and Development (OECD). He works at this inter governmental organisation based in Paris, France. He leads the OECD’s work in digital health. His goal is to build integrated digital health ecosystems. He provides policy guidance on digital tools, data integration, and responsible analytics, including the use of artificial intelligence.
The theme for World Patient Safety Day 2024, ‘Improving Diagnosis for Patient Safety,’ is a crucial focus area. What challenges and opportunities do you foresee in achieving safer diagnostic processes in a digital health environment?
Eric Sutherland: I believe there is a great opportunity in the digital age to digitalise health systems. However, there are risks associated with digitalisation. On the opportunity side, computers can go through patients’ files, analyse their complete histories, and identify important links to inform a more precise and faster diagnosis. Additionally, digitalisation allows us to incorporate new insights from academic literature and connect health records with leading intelligence from academia to improve diagnostic practices.
An important point to note is that new medical information traditionally takes several years to be integrated into leading medical practices. However, with well-designed digital futures, this time can be significantly reduced, offering the best care and knowledge to people and doctors. So, overall, new technologies can bring better data quality, more extensive data use, and better linkage of relevant information to modern diagnostics. Together, all of those things sound like great things, and obviously, we should be exploiting them.
However, while the advantages seem promising, using technology also involves some risks that are important to be aware of. Machines may come up with a recommendation that doesn’t make sense. That’s why having a doctor, a health professional, in the loop to interpret the insights from the system is fundamental. It is also necessary to consider how messages are delivered, especially when they are negative diagnoses. For instance, in case of a terminal diagnosis, health professionals are better equipped to handle these situations with care and empathy.
There’s also the risk associated with the quality of historical health data used for current diagnoses. Older data may have been collected without the foresight of its future diagnostic use, leading to potential inaccuracies. While this data can still be valuable, it should be used cautiously. Finally, there’s the overarching need to keep doctors, health providers, and patients engaged and informed throughout the process to manage these risks effectively.
The OECD report on “Patient engagement for patient safety” highlights the positive economic impact of patient engagement on safety thanks to technology. What role do you believe digital technologies can play in influencing patient engagement, particularly in the context of diagnostic safety?
Eric Sutherland: Nowadays, our lives are heavily centred around cell phones. It’s interesting to see how much we rely on our phones for various tasks, such as ordering textbooks, meals, banking, and making travel arrangements. While I find it empowering to have these capabilities at my fingertips, it’s important that we use these tools and technologies responsibly.
That said, the use of smartphones, which we already have in our hands daily, offers a great opportunity to empower people to take charge of their own health. By providing better access to information, individuals can achieve the health results they want. Many countries and hospitals are creating patient portals to allow people to access their health records easily online, including data such as allergies, vaccinations, and prior medications. People also have the ability to look at who else has seen their records, which gives them the confidence that their data are being protected and kept private.
The digitalisation of health services also opens up the possibility of providing personalised advice and recommendations to individuals based on people’s health goals. While these tools and applications are capable of providing valuable guidance, it’s essential to remember that they should complement the advice of healthcare professionals, not replace it. Patients can become more informed about their health and treatment options, but the guidance of a healthcare professional remains crucial in achieving positive health outcomes.
According to OECD principles for digital security, a culture of digital security based on understanding digital security risk and how to manage it is necessary. How can European countries better manage and optimise digital health systems to collect, share, and utilise patient safety data effectively and securely?
Eric Sutherland: When it comes to security, it’s crucial to consider it in the design of health systems. The complexity and scale of the infrastructure should take into account that security risks are always present, with hackers continuously attempting to breach systems. Designing security into our systems and having protocols in place for potential breaches is essential.
Additionally, providing training for staff to recognize and prevent cyber attacks is a highly impactful measure. Similarly, from a privacy perspective, it’s important to ensure that people’s data are kept private and only accessible to the right individuals for the right purposes. For instance, healthcare providers may need detailed access to patient data for diagnosis, while researchers conducting general studies may only need anonymized data. It’s crucial to have effective approaches to prevent privacy risks and protocols in place to respond to any breaches. In addressing security and privacy risks, it’s important to have clear communication and penalties for individuals responsible for breaches. Furthermore, emphasizing positive achievements in utilizing data to improve safety and address problems is essential for fostering a balanced culture of communication that recognises both benefits and harms from digitalisation.
What strategies can European countries adopt to establish better platforms and networks for sharing patient, family, and caregiver experiences, and how can these shared stories effectively inform and improve patient safety initiatives?
Eric Sutherland: An individual’s circle of care should include caregivers, authorized family members, and other individuals. From a digital standpoint, individuals should be able to designate who can access their health records. A Canadian study – admittedly with a small sample – showed that 100% of patients expressed the expectation that their data should be available for use among their designated circle of care.
To enable this capability, countries should ensure that their health portals allow individuals to manage and designate who has access to their health records. This includes the ability to monitor who has seen their detailed health records for security and privacy purposes. Empowering individuals to choose who has a role in their care, such as a family member who is more knowledgeable about digital technologies, is vital for personalised care. This concept is becoming more prevalent in emerging health apps and personal health portals.
How can we ensure that our digital security preparedness is robust enough to maintain health system resilience during cyberattacks?
Eric Sutherland: We published a report at the end of last year on cybersecurity in the healthcare industry. We focused on leading practices for countries to enhance their cybersecurity measures. For example, we looked at how frequently countries train their staff on digital security, whether they have a formal risk management program in place, whether they conduct simulations of cyber attacks, and whether they periodically simulate phishing attacks within their organisation. It’s important for countries to recognise that cooperation across borders is crucial in dealing with cybersecurity threats.
Another central point was the importance of managing communications within a country and across borders in the event of a cyber attack. For instance, Costa Rica effectively managed a cyber attack in May 2022 by swiftly shutting down all links across hospitals to prevent the spread of the attack. One of the major issues of a cyber attack is not just the initial breach, but also the spread of the attack throughout the entire health system.
Therefore, having a specific strategy for digital security in the healthcare system is fundamental. We found that countries with a dedicated digital security strategy demonstrated better alignment with leading cybersecurity practices than those without a strategy.
Given that 90% of digital security challenges start with phishing, what cost-effective measures can be implemented across Europe to mitigate these risks effectively?
Eric Sutherland: Awareness and encryption. Awareness through education programs and through periodic phishing simulations to re-enforce learning. Education has been shown to be among the most effective methods to combat issues of digital security as it helps to establish a culture where security is everyone’s accountability and provide meaningful tools for every person to play their part as a shield against cyber attacks.
Encryption helps to prevent that even when someone accesses data, they are not able to make sense of it. Encryption should be in place when data are at rest and when data are in motion, which is to say it’s moving between systems, and data themselves should not be readable natively. The applications that are used to actually access the data should be the point of decryption. But when the data are stored or when the data are in motion, they should be inherently encrypted in a way that prevents people who do manage to get access to actually have nothing of use unless they actually have the decryption algorithms.
What should European countries focus on in the years to come to guarantee better patient safety in digital health?
Eric Sutherland: People who have access to health information through technology should be better able to achieve their personal health goals or improve their health outcomes in a way that suits them. However, if people are not comfortable using these technologies, meaning they are not digitally literate, this is not helpful. Therefore, it is crucial to improve the digital literacy of the public to encourage the effective use of these tools for their health.
People often receive a lot of health information on their phones, including lab test results with various acronyms and measurements that they may not understand. This lack of understanding can make it difficult for them to know what actions to take. It’s important for people to feel comfortable using and understanding their health data to make informed decisions.
Encouraging public participation and trust in the system is vital for collective safety and improving overall health. While individuals have the option to opt-out, it’s important to communicate the potential consequences of opting out, such as missing safety issues that could affect them and the public. Building trust and demonstrating the benefits of using personal data can help address these concerns.
I’ve found that one of the most powerful approaches to understanding a group of people is to ask them directly. For instance, countries like Finland, Sweden, and the UK have established citizen assemblies and citizen juries. These bring together diverse groups of the public, present them with challenging questions, and give them time to deliberate and come up with what they believe to be the best option, considering various factors. This representative group of the public then conveys what they believe is best for the broader public. Using such groups not only helps in understanding how best to communicate but also fosters trust as the public’s input is taken into account.