Programming in a Pan(dem)ic: The Promises and Perils for Healthcare IT

A Public Health Crisis Accelerates Digital Transformation

This won’t be the first time you’ve read that the digital transformation of healthcare is accelerating because of the coronavirus pandemic, but let’s briefly review. Many healthcare IT trends that were expected to play out over the next few years have been compressed into a few months—even a few weeks—by the pressures of the public health crisis.

Medical researchers, public health officials, and healthcare providers are doing the most critical work to rescue us from COVID-19. Technology is playing an important but supportive role to their efforts. The promise of healthcare IT is great, and my company has leveraged our experience in this space to do our part. 

The shift to telehealth was one of the most dramatic changes in the early weeks of the pandemic. A 2018 survey by Merrit Hawkins had found that 18% of physicians were offering telehealth visits, and a 2019 survey by Amwell found that 8% of patients had used telehealth.

Then COVID-19 hit, and suddenly it wasn’t safe for many at-risk patients to go into doctor’s offices and hospitals… and not safe for them to delay medical treatment either. In March of 2020, a detailed study of four physician practices, published in the New England Journal of Medicine, showed a literally overnight transition from 100% in-office visits to more than 90% of visits conducted via telehealth. When Merrit Hawkins revisited the issue in April of 2020, 48% of physicians surveyed were offering telehealth.

This is just one example among many. EMRs and EHRs, online payments, electronic prescriptions, remote patient monitoring… the pandemic has transformed healthcare IT from a nice-to-have to a must-have, and IT departments and software engineering firms are racing to deliver on the need.

The Promise

As the telehealth example shows, healthcare IT has real promise for supporting better public and patient health.

Remote patient monitoring technology allows doctors to closely monitor patient vitals and symptoms while those patients remain isolated at home, protecting them from exposure to potential infections.

Better patient portals and secure messaging systems let doctors and their patients communicate more frequently, giving doctors a more detailed picture of their patients’ progress and patients quicker access to their doctors’ advice. They also allow patients to fill out forms and sign documents from home, reducing their exposure time in doctor’s offices and hospitals.

EMR and EHR systems make sure that, even in the midst of a crisis that is overwhelming the emergency health system, doctors can easily access a patient’s complete health history. This helps them make better decisions for personalized patient care and avoid any dangerous prescription interactions.

Because the current public health crisis is also an economic crisis, healthcare IT can join up with fintech to help patients afford the care they need while keeping healthcare providers in business. (My company helped iVita Financial offer just such a solution.)

And as we all look for safe ways to return to work, school, and play, technology can provide platforms for health screening, contact tracing, and, as it becomes widely available, testing. (My company developed WellEntry, a solution that does just that.)

The Peril

So healthcare IT is rapidly providing platforms to support the critical work of healthcare providers and public health officials. However, I also worry about the pace at which new solutions are rolling out. Programming in a panic puts everyone in peril.

My wife is a structural engineer. She knows that a bridge can help people cross a river or send them to the bottom of it. Better not to build a bridge at all than to build one in a rush and make a critical mistake that gets someone killed. That’s why her field has strict licensing requirements, certifications, regulations, and practices to ensure that bridges, tunnels, and buildings are built safely and right.

Software engineering is a much younger field, without the legal regulations and best practice traditions of structural engineering. Maybe that’s not that important if you’re developing the next Candy Crush. But today we’re trusting computers to run more and more of our economy, our transportation infrastructure, our energy grid, and our healthcare system.

This puts a heavy responsibility on software engineers even in normal times. Now add in a public health and economic crisis. As I wrote in an earlier article, in a crisis situation it’s more important than ever to “slow things down at the beginning and come up with a plan to build things right.

Because while quality healthcare IT solutions can help our healthcare heroes keep us healthy, bad code can kill people. I’m not speaking figuratively here, and it’s not an exaggeration. I mean that bad code actually can and does kill people.

I remember learning about this in an ethics class in Georgia Tech’s computer science program. There’s an infamous example from the 1970s that’s taught in many software engineering programs. The Therac-25 was a radiation therapy device designed to treat cancer patients, but the software that controlled it was poorly developed. Several patients ended up receiving radiation doses hundreds of times greater than the therapeutic dose. Three of them later died from the overdoses.

Software doesn’t need a powerful X-ray machine to be deadly. Critical healthcare decisions are driven by data, and today that data is often collected, processed, stored, and delivered digitally. The consequences of getting that data wrong can kill.

What if an EHR system fails to flag that a new prescription will interact dangerously with a patient’s existing prescriptions? What if a remote patient monitoring system fails to raise an alarm when someone’s blood pressure falls dangerously low? What if a COVID-screening platform approves someone for entry when they showed clear signs of infection?

Back in March, a controversy erupted on GitHub over the CovidSim microsimulation released by Imperial College of London’s MRC Centre for Global Infectious Disease Analysis. The issue is complex, but, briefly, public health policy decisions were made based on the modeling and predictions of sloppy code that was nearly impossible for other computer scientists to validate. Whether the simulation’s predictions were ultimately valid or not, the issue damaged the Centre’s reputation and hurt public support for policy decisions informed by the model, possibly leading to more COVID-19 infections and deaths.

There are less deadly but still consequential dangers too. Rushed healthcare IT may cut corners on data security, confidentiality, and privacy, risking HIPAA violations, cybersecurity breaches, and the destruction of any trust patients may have placed in their healthcare providers. Insecure payment solutions carry similar risks with the potential to bankrupt the organization.

The Imperatives

So yes, software engineers have to rise up to the current crisis and do everything we can to help. But we’ve got to do this with care. As rapidly as we can, but never at the expense of doing it right. This leads to some non-negotiable imperatives, principles that should apply to all software engineering but are even more critical in the case of healthcare IT.

Privacy and HIPAA Compliance

Plan for patient privacy from the beginning. Who is permitted to access what information in which circumstances? Configure databases and access controls accordingly. Automate the data retention practices required by HIPAA.

Data Security

Security shouldn’t be a patch you apply later. It should be inherent in the original architecture. Encrypt everything, in transit and at rest. Grant least privileges to services and implement rigid access controls from day one. Use two-factor authentication or similar secure authentication protocols.

Processing Integrity

As the Therac-25 and CovidSim cases show, errors can have deadly personal and public health consequences. Develop valid code from the beginning. Test it. QA it. Do so rigorously, even—especially—when you’re in a rush. Refuse to deploy code that hasn’t been properly tested.

Scalability and Availability

If a social media platform goes down for an hour, all its users suffer a temporary dopamine withdrawal, but they’ll be OK. When a patient needs emergency care, an EHR platform has to be available, no matter how much load the system is experiencing. It could be life or death. Healthcare IT platforms must be engineered from the beginning to be highly stable and to scale automatically to handle any foreseeable load.

Our Mission

As software engineers, we can do a lot to support and power-up the work of healthcare providers and public health agencies. We can do our part to help the world get through this pandemic, and we can help build a better healthcare IT infrastructure for the post-pandemic world. There is urgency in this mission. People are dying right now from COVID-19, and delays mean more will die before help arrives.

However, we can’t let this urgency make us forgetful of our field’s standards of excellence. It matters more than ever that we develop solutions that are secure, stable, and scalable. We’re building digital bridges here to a post-pandemic world. We have to build them well and right, giving everyone safe passage to healthier days to come.