HCA Healthcare and Google Cloud are partnering to use data analytics and artificial intelligence along with patient information in a move they say will transform health care delivery and improve outcomes.
It’s the latest step in the evolution of the fusion between health care and data.
Prisma Health recently announced a partnership with Siemens Healthineers. And the Medical University of South Carolina has been working with Siemens Healthineers for years as well as Microsoft.
Proponents say these arrangements benefit patients and providers alike. But they also raise concerns about the security of patient information.
“What they’re doing is harnessing the power of big data to drive informed change and informed decision making,” said Dr. Christine Carr, an emergency physician and senior clinical advisor with the South Carolina Hospital Association.
“Instead of a clinician on the floor saying, ‘I think this is the best way we should do our physician schedules or manage heart failure,’ we have so much data and analytic power now,” she told Integrated Media, publisher of Greenville Business Magazine, Columbia Business Monthly and Charleston Business Magazine. “It’s kind of like your iPhone, knowing where you’re going when you get in the car. We realize we have to get ahead of the disease.”
If a patient has shortness of breath, for example, providers can use data tools to predict if he has a pulmonary embolism without doing any testing, Carr said. And if he does, other tools can help determine whether he should be admitted to the hospital or sent home on medication, she said.
“The real power of using big data in health care is that it helps us deliver more efficient, high-quality care with fewer disparities,” adds Caroline Brown, chief of external affairs for MUSC and the Medical University Hospital Authority.
“There is tremendous value in marrying disparate data that lives in different places to transform the way we deliver care. There are huge benefits for patients for this data to come together,” she said. “We can practice in a more preventive way than a reactive way.”
But how accurate are these tools? Carr says they’re validated to a high degree of certainty so the clinician knows the risks.
“They are extremely accurate,” she said, adding that doctors are still the ones making the decisions.
“It delivers information but you as a human have to ultimately decide what to do,” she said. “And any unique person is a unique person. Sometimes, I just override it. And sometimes I’m right. There are still humans, for now, at the end.”
Another benefit of predictive analytics is lowering costs, Carr said.
For instance, by analyzing a patient’s information, a doctor may determine that she only needs a mammogram every three years instead of annually, she said. And it can predict the risk of hospital readmissions too, she added, “which is a big financial driver for hospitals.”
Carr speculates that all large health systems are getting into the predictive analytics space, adding that insurance companies have been using it for years to predict population health based on ZIP code, health history and socioeconomic factors.
Founded in 1968, Nashville-based HCA Healthcare is a for-profit system with some 2,000 care locations - including 186 hospitals - in 20 states and the United Kingdom.
Google Cloud, which “aims to accelerate companies’ digital transformation,” says it has business customers in more than 200 countries.
A spokesman for HCA said the company would have no comment beyond a press release and a Google spokeswoman did not return calls.
But in that release, HCA CEO Sam Hazen said that “next-generation care demands data science-informed decision support so we can more sharply focus on safe, efficient and effective patient care.”
And Google Cloud CEO Thomas Kurian said, “The cloud can be an accelerant for innovation in health, particularly in driving data interoperability, which is critical in streamlining operations and providing better quality of care to improve patient outcomes.”
Meanwhile, Adam Landau, vice president of marketing and corporate affairs for HCA’s South Atlantic Division, said in an email that it’s too early to know what the partnership will mean for its South Carolina hospitals - Colleton Medical Center in Walterboro, Grand Strand Medical Center in Myrtle Beach and Trident Health, which consists of Trident Medical Center in Charleston and Summerville Medical Center in Summerville.
“I can tell you that we’re proud to be a part of HCA Healthcare,” he said. “In combination with significant investments in mobility to support clinical care … this partnership accelerates the work of HCA Healthcare clinicians, data scientists and developers by providing highly scalable technology from Google Cloud.”
For example, he said, technology has been developed using predictive analytics that helps detect sepsis early, potentially saving lives. Another application uses clinical observations and ventilator-streamed data to reduce the length of stay for patients with acute respiratory distress syndrome (ARDS) and increase survival rates of Covid patients by 28 percent, he said.
Brown said that health care is behind other consumer-driven industries in delivering on 21st century data technology.
“One thing the … industry has been behind on is this whole consumer experience and digitalization of that over the last years,” she said. “Customers are expecting and demanding easier access to health care, they want to do so virtually from home, and in other formats that previously weren’t commonplace.”
MUSC is using data analytics to help identify gaps in care, to map workflow so the system is more efficient, and to reduce wait times for patients, among other things, she said.
A partnership with Medtronic uses more consistent monitoring technology in hospitalized patients to reduce the number of adverse respiratory events in patients prescribed opioids, she said. Another project aims to prevent hospitalizations by catching patients with heart failure and intervening earlier.
MUSC also worked with Microsoft using artificial intelligence (AI) and machine learning to detect and address potentially deadly sepsis in hospitalized patients, she said.
Prisma said its 10-year partnership with Siemens will use AI to develop algorithms to help clinicians make more informed decisions, allowing for quicker and more precise diagnoses and treatment plans.
Some of the AI will be embedded in new imaging machines as software while other AI will be developed through the partnership. Siemens will also have health economists on site studying new technologies to see if they reduce health care costs.
But with a growing number of entities gaining access to patient information, just how secure are arrangements like these?
Nationwide, the number of health information data breaches affecting 500 or more people grew from 329 in 2016 to 648 in 2020, with hacking events growing from 78 to 230 and ransomware attacks soaring from 36 to 199 during that time frame, according to the U.S. Department of Health and Human Services.
Ransomware is a multibillion-dollar industry, said James Andrew Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies.
And hospitals make good targets because attackers are purely about the money and go after what will generate the most return, he added.
“You can hack a hospital and make $4 million or hack an individual and make $4,000,” he said. “These guys like bulk business. Not onesies or twosies.”
Most hospitals pay because it’s not worth the hassle, Lewis said.
Some have insurance to cover ransomware attacks. But most attackers hone in on what they think the target can afford and go for that at the hospitals that are easier to breach, he said. And if they think the hospital can pay $4 million, they’ll start out asking for $6 million, he said.
So moving to the cloud makes sense, Lewis said, because while it’s not impossible to hack, it is much more difficult and could be more secure. A lot depends on the terms of the contract, such as where the data will be stored and how it will limit the risk to privacy, he said.
Both Google and HCA say their arrangement will protect patient privacy and data by using “layers of security controls and processes” and complying with federal privacy requirements.
“The partnership is founded on strict guiding principles around privacy and security,” Landau said. “Our contract prohibits Google Cloud from the use of patient identifiable information.”
Brown said MUSC also only uses deidentified patient data for its projects. That means information like names and addresses are removed but relevant clinical data remain, subject to privacy guide rails, she said.
“Cybersecurity is a huge issue globally across all industries, and health care is no different,” she said. “Any arrangement … has to be done with utmost scrutiny to make sure patients are kept first, and commit to making sure they are protected.”
A lot of the push for these types of relationships comes from hospitals looking to solve complex health care problems on a large scale, said MUSC chief information security officer Aaron Heath.
Machine learning is helping to do that with the use of lots of data, he said, but when those two intersect, there has to be a mechanism to share the least amount of data necessary.
At the end of the day, he said, a hospital doesn’t need to put patient privacy on the hook to solve its problems.
“If we want to solve for sepsis in the hospital - detect it often and early and respond quickly - we don’t have to share patient data,” he said. “Hospitals are … only sharing the minimum amount of data to accomplish goals.”
Nonetheless, he said, it’s not without risk and hospitals need to have contracts with digital companies that prevent data from being used for any other purpose.
“There are a lot of controls we can take,” he said, “because it’s really important.”
Prisma Health said that protecting patient privacy is critical and that it has multiple systems and checks in place to safeguard it.
“As part of our Siemens Healthineers’ intelligent insights center, we will use de-identified, blinded patient data,” spokeswoman Sandy Dees said in a statement. “Under no circumstances will specific identifiers such as names, birth dates or addresses be used.”
When it comes to ransomware, hospitals are in a tough position because they can’t stop business for an attack, said Heath. MUSC has layers of defense designed to mitigate the ransomware threat so if one is breached, another kicks in, he said.
“You may not get hit by ransomware, but I can assure you your system is being targeted by phishing emails,” he said. “We are monitoring systems at all times to look for and flag potential phishing emails and get them out of our system because it’s such a common (and easy) avenue of attack. We have seen phishing emails come in to us intended to ultimately trigger an attack, but have caught them.”
A significant problem in dealing with ransomware is that most attacks come from outside the U.S. and there’s a lack of international law enforcement to allay it, Heath said.
“It’s a real challenge to stop this activity across the globe because it can be conducted from anywhere,” he said.
So MUSC invests “quite a bit” in new technology and the staff to support it, he said. And the system is constantly monitoring security and conducting training because cybercrime is a moving target that requires frequent adjustments, he said.
Still, Lewis said that ransomware “is not rocket science,” and that hospitals should be able to deal with it by backing up and encrypting data and spending more on IT to keep current.
“A big cloud provider makes you more secure. It’s their business,” he said. “Hospitals - their business is patient care, and (those) that invest proactively are better able to protect data.”
A federal health care cybersecurity task force established by HHS produced a report in 2017 that outlined ways to improve protection of health information, among them increasing the security and resilience of medical devices and health IT like electronic medical records; ensuring that the health care workforce prioritizes cybersecurity; and enhancing health care industry readiness through improved cybersecurity awareness and education.
“It’s sad we have to do this,” Lewis said. “But it’s the world we’re in and we have to pay more attention.”