A secure and paperless NHS? Legacy applications have to go

The prevalence of legacy applications in healthcare is a ticking time bomb.

The prevalence of legacy applications in healthcare is a ticking time bomb. Healthcare organisations, globally, are running anywhere up to 300 legacy applications behind the scenes (often 500+ in larger facilities), despite their strategy for the Electronic Medical Record (in North America) or Electronic Patient Record (in the UK) to be the primary method of accessing clinical content. Here we’ll look at why retiring legacy applications is crucial and how hospitals can go about it efficiently, effectively and painlessly.

1. Recognise the problem. Many hospitals have hundreds of legacy applications, correlating to as many as one legacy application per bed in a hospital! To give an example, a recent survey of hospitals revealed that 90 per cent of respondents are still running Windows XP, with the blame for holding onto the ancient operating system placed on legacy applications and devices that were unable to use later versions of Windows.

2. Identify the drivers for retiring legacy apps. One of the main drivers is, undoubtedly, the impact on patient care – namely, the benefits of extracting the data from legacy applications and making it available to clinicians as part of the electronic healthcare record. At best, holding patient data in multiple departmental silos leads to inefficiencies in patient care, at worst it poses significant clinical risk. Secondly, there are serious data security threats when running old applications. Security loopholes present in legacy applications are an obvious target for ransomware attacks, such as that which recently resulted in hundreds of planned operations and outpatient appointments for the UK’s Lincolnshire and Goole NHS Foundation Trust. In North America earlier this year, Hollywood Presbyterian Medical Center in California was locked out of its EHR for a week, with providers forced to revert to pen and paper until the ransom was paid. Finally, and lower in priority for most hospitals than the first two crucial drivers, is the potential for huge cost savings by retiring legacy applications - from savings on licensing and infrastructure spend to reductions in manpower devoted to managing legacy applications, estimated by analysts to be up to 75 per cent of healthcare IT professionals’ time.

3. Avoid ‘do nothing’ and plan for the future. Overstretched and under-resourced, many healthcare organisations feel that it is easier to carry on doing what they are already doing than to make changes in this area. But, in addition to immediate drivers, there are multiple developments on the horizon that mean hospitals should be looking at application retirement now. Take, for example, increased cloud adoption, which is offering hospitals the opportunity to think differently about the storage, protection and accessibility of patient data. Healthcare organisations are now considering the role of independent clinical archives within the cloud as a new home for the older, static patient data, currently held in legacy systems that still has clinical value, but is unlikely to be required as a matter of urgency.

4. Improve data compliance and legal protection. When data is locked within legacy applications, it is very difficult for healthcare organisations to satisfy their regulatory and compliance obligations regarding patient information. With the 2018 changes coming from the General Data Protection Regulation (GDPR), European healthcare organisations will have increased responsibility - and face much greater penalties - for failure to manage their data appropriately. With legacy applications, for example, it’s not only more difficult to get hold of data in response to Freedom of Information (FOI) requests, it’s almost impossible to know if you’ve got all the data you need. By extracting that data and making it available to those that need it, when they need it, hospitals will find it much easier to meet their governance and compliance commitments.

5. Understand that value is in the data not the application. For many hospitals, the focus is on what the application does, rather than on the data it contains or uses. Our goal is to free the data from the application and/or storage on which it resides, so that it can be accessed and used in whatever way the hospital needs it. 

6. Decide what data needs to be extracted. In the process of helping our customers retire legacy applications, we often find more data than the hospital knew existed. Some data is of poor quality and simply will not be required anymore. As part of the retirement process, hospitals will need to identify the information they need, so that we can confirm the migration plan based on this. 

7. Determine your requirements for accessing and using data. Put simply, migrated departmental information needs to be available in a format that is a fit with the way it’s going to be used, whether that is PDF, TIFF, RTF and so on. As part of the process, hospitals need to be clear on what the data they decide to migrate is for.

8. Start small, prove the benefits and expand. Once the decision has been made to explore the process for retiring legacy applications, a first step is to identify the full range of applications that qualify. Next step is to assess the complexity – clearly large, legacy EPR solutions are likely to be more involved than a small, departmental database system. Our advice is to start with the easier, less complex ones. The process is quicker, easier and likely to bring about a swift ROI that has the advantage of acting as a test bed for the efficacy of the approach and as a way of proving the benefits to all stakeholders. Once achieved, this can be used to justify the move to more complex solutions.

9. Partnerships are key; let them do the heavy lifting. Take advantage of a trusted partner that has the knowledge, experience and track record to make the process as painless as possible. At BridgeHead, initial engagement is straightforward and our aim is to provide a statement of work to our customers only three weeks after a short initial meeting. This means that the time investment required from a hospital to discover if an application retirement programme is going to deliver the desired result is minimal. 

10. Don’t create future legacy applications in the process of retiring the old! Any new data being generated should be integrated with your core clinical archive, rather than leading to new information silos. One simple way to ensure this is to create a mandate, during the procurement process, to have a copy of any record sent to a defined location. Similarly, when embarking on application retirement, it’s important to find a vendor that will fit with the hospitals’ internal standards rather than that vendor determining the standards used.

Jamie Clifton, Vice President Product Management & Solutions, BridgeHead Software
Image source: Shutterstock/Wichy

ABOUT THE AUTHOR

Jamie Clifton is Vice President Product Management & Solutions, BridgeHead Software. BridgeHead Software is a healthcare data management company working with over 1,200 hospitals worldwide.