This period can reduce the profitability of drugs as the market opens up to other companies focusing on manufacturing generic drugs, driving down the price. However, it also makes life-saving medications accessible to a wider population, particularly in low-income countries who rely on medicines that are off patent or ‘generic’. This balance is crucial. Patents encourage investment in new drug development, while their expiration makes life-saving medicines more affordable.

This raises an important question: how can manufacturers manage patent cliffs to sustain their business and continue providing life-saving medications?

Managing product lifecycles to avoid patent cliffs

Pharmaceutical companies use several common strategies to manage the challenges of patent cliffs. One approach is to time new product launches to coincide with the patent expiration of existing products, maintaining a steady income.

But this strategy is fraught with challenges because of the unpredictable nature of drug discovery and development. Developing a new drug is a high-risk, high-cost endeavour, with only 1 in 500 drugs making it to market. The extensive research, clinical trials and regulatory approvals required often take over a decade and cost billions. Aligning product launches with patent expirations, while ideal, is easier said than done.

Another strategy is to further develop the existing drug to extend its lifecycle. For example, companies can develop new formulations or delivery systems for existing drugs, such as shifting from an oral tablet to an injectable form to reach more patient groups. Constant reinvention also allows companies to provide high-quality, best in class products.

A different approach involves expanding the use of an existing drug to treat a new patient group, which can result in additional approved indications. For example, the diabetes drug Ozempic was further developed and studied in other patient groups, eventually launching as a treatment for obesity, which helped secure extended patent protection.

Logistics after patent expiration

As drugs reach the end of their patent life, a thorough review and adjustment of logistics becomes essential to adapt to the new reality of increased competition.

One key consideration is likely changes in shipping volumes in line with new market conditions. The intense competitive landscape post-patent expiration puts even greater pressure on finding cost-effective solutions that do not compromise product integrity. Manufacturers might look for lightweight, durable packaging that maximises cargo space as this will help reduce shipping costs without sacrificing product protection.

While high-performance solutions are vital throughout a drug’s lifecycle to maintain product quality and patient safety, packaging choice may also be guided by stability data and risk assessments depending on the stage of the product being shipped.

For example, a product being newly introduced to the market may have little stability data available or may be shipped on a relatively unknown tradeline. In such cases, a solution with real-time monitoring is crucial for immediate intervention should the unexpected occur, helping maintain temperature control, product efficacy, and cost-effectiveness. This approach can also accelerate time-to-market and provide a competitive edge.

In contrast, a mature product approaching patent expiry may have a well-established shipping history and extensive stability data so its behaviour during transit is far more predictable. In this instance, a solution with real-time monitoring and extended autonomy, for example, may not be necessary but the focus may be instead on improving logistics efficiencies.

Another key consideration is partnering with trusted distribution partners with efficient logistics operations and a large enough fleet size to ensure timely delivery and reduced transportation costs. For example, regions with many generic manufacturers may experience increased competition, requiring even more efficient and cost-effective distribution solutions. Collaborating with logistics partners that can adapt to these regional challenges and offer flexible, scalable services becomes vital in sustaining profitability.

Preparing for unexpected events, such as the disruptions in the Red Sea, is essential. In a post-patent environment, the focus should shift to building resilience in the supply chain to handle increased competition and potential shocks. This means finding alternative transportation routes and using advanced risk management tools to keep the supply chain robust and adaptable to real-time changes in demand and transport conditions.

Additionally, managing inventory levels at distribution centres becomes critical to prevent stockouts or accumulating excess stock. By carefully analysing sales data and market trends, companies can adjust their distribution network to better match demand fluctuations after patent expiration. This helps keep products available when needed without overstocking, which would tie up valuable resources.

Looking ahead, technologies like IoT, blockchain for traceability and AI for predictive analytics will significantly enhance logistics operations, making pharma distribution more robust and reliable. Using data analytics to simplify processes, cut costs and boost performance will be especially important in the post-patent cliff landscape. These advancements will help companies better navigate the complexities of increased competition and market pressures, helping them stay competitive and efficient.

As the pharmaceutical landscape evolves, efficient logistics, particularly cold chain logistics, will become increasingly important. Currently, about one in three medicines requires cold storage[i], and this proportion is expected to rise. Nearly half of all new medicines in the next three years will require cold storage and distribution[ii].

Manufacturers need to bear this in mind and use the coming decade to prepare for the patent cliff. By establishing robust, adaptable cold chain processes now, companies can help future-proof the drugs’ cost-efficiency and product integrity when these reach the end of their patent life.

Beyond the patent cliff

As medicines approach the end of their patent life, pharmaceutical manufacturers must make critical decisions on how to manage these patent cliffs. The goal is to continue providing quality medications while sustaining their business to be able to support the next generation of life saving medicines

In this context, improving logistics is one reliable and effective method for navigating this challenging period. The end of a patent may appear daunting, but it doesn’t have to mark the end of a product’s lifecycle. With smart logistics and innovative strategies, it can be an opportunity for a fresh start.

By Diane Onken, Head of Sales, Americas at Envirotainer

References

[i] Pharma’s Frozen Assets: Cold chain medicines – IQVIA whitepaper, 2023
https://www.iqvia.com/-/media/iqvia/pdfs/library/white-papers/iqvia-pharmas-frozen-assets_final.pdf

[ii] Outlook for medicine use and spending through 2027 – IQVIA infographic, 2023

https://www.iqvia.com/-/media/library/scientific-posters/fip-global-outlook-poster-vertical-orientation_final.pdf

The post Managing Patent Cliffs in the Pharmaceutical Industry appeared first on .

Judy Sealey, clinical solutions specialist at Altera Digital health discusses the evolving role of digital nurses in health and care and explores why their roles are so important.

For background, digital nurses are registered nurses who already have a wealth of clinical experience and have developed expertise in using digital technologies to improve patient care. They bridge the gap between traditional nursing practices and the modern digital healthcare landscape, ensuring technology is effectively integrated into clinical workflows to standardise and streamline processes to improve patient safety and enhance their healthcare journey.

How and why did you make the transition into digital nursing?

Judy Sealey: I have worked in the NHS for over 15 years mostly in emergency department (ED) and critical care (ICU) nursing, I have also dabbled a bit in specialist fields like infection control, tissue viability and cardiology as I searched for my true passion. At one time, nursing education was where I thought my passion lie however, it was whilst I was a clinical educator in an ICU that was using an EPR that my passion for digital healthcare technology blossomed. I started off by making suggestions for optimisations, becoming more involved in refining some of the workflows and ensuring that staff were adequately trained and comfortable using the system, this led me to a variety of other opportunities and experiences.

For the last thirteen or so years I have taken on several roles within this space with my greatest passion and desire being continuous improvement to healthcare delivery and the huge role digital systems plays in this. I know first hand the challenges of excessive repetitive documentation, time wasted searching for patient paper records, inefficient and clunky digital tools and workflows. I leverage my nursing expertise and wealth of digital skills to advocate for more user-friendly designs, less complex workflows that will enhance patient care and reduce clinicians’ burden and burnout.

How do digital nurses affect patient care and outcomes?

JS: Nurses are the largest workforce in health and care and are therefore the primary users. Digital nurses bring a unique skill set to the table. They leverage their clinical knowledge and expertise to enhance digital tools like electronic patient records (EPRs), mobile health apps and telehealth platforms. By doing so, they ensure the system is user-friendly, practical, efficient and safe. For example, at Bolton NHS Foundation Trust, collaboration between digital and clinical teams has significantly improved patient safety through better EPR configuration and optimisations.

It sounds like collaboration is key. Can you tell me a bit more about what happens when there’s a disconnect between clinical and digital teams?

JS: Unfortunately, that disconnect can be traced to a reluctance among clinical teams to embrace technology. Without clinical input, digital solutions may lack the context needed to be truly effective, which can disrupt workflows and compromise patient safety. That’s why digital nurses are essential—their input at every stage of the project ensures collaboration and bridges this gap, ensuring the creation of a system that enhances patient care and patient safety while improving efficiency.

How can healthcare systems better support digital nurses and foster collaboration?

JS: To truly support digital transformation, we need to invest in the digital nursing profession to ensure nurses have the necessary training, skills and dedicated time to be successful in this very important role. Digital nurses should be involved in all patient-facing digital projects, from planning, testing, training to delivery and optimisation. Nurses, being on the frontline, are uniquely positioned to identify service gaps and act on opportunities to make impactful changes.

NHS England’s National Chief Nursing Information Officer (CNIO) advocates for CNIOs in every NHS organisation. What’s your take on this?

JS: That’s a fantastic initiative. CNIOs are essential for every hospital because they play a vital role in ensuring the nursing perspective is represented in all aspects of digital health and care transformation. It underscores the importance of nursing leadership in driving the digital agenda and aligns with the goal of embedding digital nurses in all areas of care delivery. Crucially, the CNIO bridges that gap between clinical and digital teams, translating nursing needs into technical requirements and ensuring technology truly meets the needs of supporting patient care.

Looking ahead, what role do you see digital nurses playing in the future of health and care?

JS: As health and care continues to evolve, digital nurses will play a central role in driving the change in successfully navigating the future of digital healthcare. They will become more involved in the entire process, from selecting the most suitable digital solutions, to designing, implementing, testing, training and, indeed, optimising them. From EPR rollouts to telehealth projects and beyond, they’ll be key in ensuring that digital transformation truly meets the needs of frontline staff and continuously improves patient outcomes. Their involvement will drive innovation, improve patient safety and create efficiencies across the board.

Do you have any final thoughts for organisations looking to embrace the digital nursing profession?

JS: Yes, invest in your nursing workforce and be sure nursing curriculums include some aspect of digital training. Involve digital nurses in all patient-facing projects and make collaboration between clinical and digital teams a priority.

Without this, organisations risk digital transformations that compromise patient safety, hinder rather than supports care and increase nurses’ workloads, which can contribute to burnout. An approach that embraces the involvement of digital nurses will drive effective inter-organisational collaboration that will help unlock the full potential of digital transformation and ensure it delivers real value to patients and staff alike.

Thank you for those insights. It’s clear that digital nurses are vital to the future of health and care.

The post The Role of Digital Nurses in Transforming Healthcare appeared first on .

However, federal oversight is failing to keep pace with the escalating risks. A recent report revealed that the Health and Human Services (HHS) Office for Civil Rights (OCR) examined just 8 of 180 HIPAA requirements during audits, leaving critical gaps that expose healthcare organizations to compliance failures and serious data breaches.

In this high-risk environment, hospitals and healthcare providers can’t afford to wait for stricter enforcement – they must take matters into their own hands to secure patient data before the next breach occurs. Because, as any cybersecurity professional will tell you, it’s not a question of if a breach will happen, but when.

Balancing patient care with cybersecurity

Healthcare organizations face a delicate challenge: maintaining fast, efficient patient care while upholding rigorous cybersecurity standards. In high-pressure environments, healthcare workers often sidestep security protocols – whether by sharing passwords, reusing weak ones, or bypassing encryption – to save time. These shortcuts, while expedient in the moment, introduce critical vulnerabilities that cybercriminals can exploit.

The consequences of neglecting cybersecurity extend beyond compliance violations. A breach can disrupt hospital operations, compromise patient safety, and erode trust in the healthcare system. From delayed treatments to the exposure of sensitive patient records, these incidents have far-reaching effects that demand proactive measures to protect critical data.

Successfully balancing patient care with cybersecurity requires organizations to design systems that align with the realities of healthcare workflows. For example, requiring frequent password changes or complex authentication processes without considering the urgent nature of patient care may lead staff to prioritize speed over security. To address this, organizations should focus on implementing user-friendly tools, such as single sign-on systems and biometric authentication, which streamline access without compromising data protection.

Emerging threats

The landscape of healthcare cybersecurity is evolving rapidly, with emerging threats adding new layers of complexity. Cybercriminals are increasingly leveraging sophisticated tactics, such as AI-driven phishing campaigns and ransomware-as-a-service (RaaS), to exploit vulnerabilities in healthcare systems.

AI-driven phishing campaigns are particularly concerning. These attacks use machine learning to craft highly personalized and convincing emails, making them harder to detect. For instance, attackers might reference a specific patient case or use internal jargon to trick staff into divulging sensitive information. The success of these campaigns underscores the need for advanced email filtering tools and continuous staff training to identify and report suspicious activity.

Ransomware-as-a-service has also lowered the barrier for entry for cybercriminals, allowing less technically skilled individuals to execute high-impact attacks. Healthcare organizations are prime targets due to the critical nature of their services, which makes them more likely to pay ransoms to restore operations. These attacks can paralyze hospital systems, delay treatments, and compromise patient safety.

Another growing concern is the Internet of Medical Things (IoMT). Devices like smart monitors, infusion pumps, and wearable health trackers are increasingly connected to healthcare networks. While these devices improve patient care, they also expand the attack surface, providing cybercriminals with more entry points. Many IoMT devices lack robust security features, making them vulnerable to exploitation.

Reducing risk

To address persistent cybersecurity challenges in healthcare, organizations must adopt a proactive approach that balances security and operational efficiency. Implementing role-based access controls is a crucial step. This measure ensures employees can only access the data necessary for their specific tasks, limiting exposure to sensitive information and reducing the risk of breaches.

Tailored security training is another essential strategy. Programs should address the unique demands of healthcare environments, teaching staff how to identify phishing attempts and handle patient data securely under real-world conditions.

Fostering a culture of vigilance is equally critical. When patient data is treated as a valuable asset, employees are more likely to scrutinize requests for access and take necessary precautions. Simple practices, such as verifying unusual requests or questioning unfamiliar access attempts, help prevent lapses that could otherwise compromise sensitive information.

Additional measures

Healthcare professionals can further reduce cybersecurity risks by adopting the principle of “trust, but verify.” If a staff member receives an unusual request – particularly one asking for access to sensitive data – following up to confirm its legitimacy can prevent costly mistakes. A quick phone call or double-check can thwart social engineering attacks, where cybercriminals impersonate trusted individuals to manipulate staff.

Leadership roles, often prime targets for cybercriminals, require additional security layers. Advanced email filtering, multi-factor authentication, and other protective measures can reduce risks for executives and senior staff, safeguarding both individuals and the organization as a whole.

Final thoughts

The digital transformation of healthcare offers immense benefits but also exposes patient data to significant cybersecurity risks. With limited federal oversight and persistent enforcement gaps, healthcare organizations must take the lead in safeguarding sensitive information. By implementing strong security measures, fostering a culture of vigilance, and embedding cybersecurity into daily operations, they can protect both their operations and patient trust.

By Eva Pittas of Thoropass

The post Why the HIPAA Auditing Process is Broken appeared first on .

What Is Health Care Interoperability and Its Importance?

Health care experts juggle countless technologies simultaneously, including imaging machines, at-home medical devices and patient information software. Interoperability describes their connection to each other. Big data, machines and programs must sync and share information without compromising security. It is essential for quick triage, treatment and recovery.

Without secure systems, a single ransomware attack could compromise the golden hour — the first 60 minutes after a traumatic event — for countless in an emergency.

The surface area is ever-increasing, with numerous opportunities for hackers to take advantage of a backdoor or vulnerability. Entry into a customer service program could lead cybercriminals into billing software or an artificial intelligence (AI) database. The lackluster defensive measures of a sensor-based vitals monitor could threaten a hospital’s network security.

The expansiveness is why many could consider the seamless connection between medical devices a threat to patients instead of a boon. Interoperability is essential because information flow from integrations has these impacts on medical systems:

• Greater convenience
• Stronger customer service
• Better access to real-time patient records
• Boosted accuracy
• Improved safety
• Easier collaboration

These oversights must motivate more proactive responses from health care IT professionals to promote continuity of care and enhance the patient experience.

What Threats Arise Because of Interoperability and Why?

Threat actors compromised 51 million EHRs in 2022. Several global shifts caused the influx, with interoperability being part of the concern. The COVID-19 pandemic introduced a new era of health care with widespread telehealth and remote treatment options. These solutions required medical entities to normalize remote access and make systems as connected as possible. It also encouraged more people to have constant EHR access.

Data collection has also become easier and essential for competitive health care. This made information storage a priority, introducing a deeper need for cloud solutions. Not all providers operate with the same transparency or credentials. Hackers could take advantage of the most vulnerable with ease.

The combination of these factors, among others, created the perfect storm for these common cybersecurity threats in interoperable systems:

• Social engineering: More people became potential insider threats to secure systems because of increased access.
• Denial-of-service: Integrations give cybercriminals the choice of what systems they want to overwhelm to create disruptions.
• Ransomware: Connectivity makes it simpler for hackers to spread malicious codes and extricate what they encrypt.
• Phishing: The number of attack vectors gives threat actors more options on where to send campaigns, infecting multiple systems at a time.

How Can Health Care IT Professionals Reduce Risk?

IT staff must take action to make the most out of connected systems before hackers get inside.

Remove Silos

Just because technologies and programs are connected does not imply every department uses the same processes to store, transmit and use data.

Complications like cumbersome shadow IT, which is software and hardware that run outside of what’s sanctioned by the company, prevent interoperability from being as secure as it could be. Unauthorized assets can still communicate with the rest, but they might have security oversights, or the third-party provider could stop servicing them. Experts have to ensure procedures across teams use the same digital infrastructure and have the same hygiene habits.

Additionally, vendor lock-ins with legacy systems often force hospitals to use outdated software for their most critical devices, like CAT scanners. Companies can evaluate these partnerships and upgrade them as needed.

Balance Compliance With Proprietary Decision-Making

Health care must use the industry’s best practices from established agencies to receive preliminary guidance on how to manage interoperability. However, there are places where frameworks are insufficient. Medical facilities need to invest resources to comply with rules like HITRUST and ISO.

They should also assume responsibility for finding intermediary solutions for an organization’s current risks instead of awaiting legislative orders. Waiting for industry standards to catch up should not be an excuse for neglecting interoperability.

Limit Access and Data

Interoperability allows many endpoints to have a wealth of information from multiple sources. To keep this benefit available for health care professionals to leverage, IT teams must do two things — harness less data and make it harder to access.

Many authorization strategies can defend electronic resources connected to a network. Least-privilege measures make it so only those who need the information can get it. Zero-trust architecture protects interconnected devices at a big-picture level. It requires all users to request access, treating all entry attempts as a potential threat. Layering these methods with verification protocols like multifactor authentication and encryption will make them even stronger.

Data minimization is also an up-and-coming recommendation that is notably important in guidelines like the GDPR. It reminds all industries, including health care, that not all data is essential. Medical organizations must phase out collection of irrelevant metrics to reduce the amount of information hackers have on victims if they obtain entry.

They must also implement regular schedules to delete or store old data in secure environments outside of the interoperable ecosystem. Using blockchain alongside minimization is proven to enhance privacy while streamlining digital assets.

Reframing Health Care Interoperability as a Cybersecurity Asset

Threat actors see interoperability as a benefit to their operators, but the landscape can switch. The medical and IT industries can transform defensive strategies, making interoperability a protective technique instead of a gap. To do this, analysts must curate solutions based on the most prominent threats to interoperable medical technologies and use the connections between software and hardware to make cybersecurity stronger.

By Zac Amos, ReHack

The post Is Health Care Interoperability a Cybersecurity Risk? appeared first on .

It’s no secret that our mental health system is in crisis. Long waiting times, widening socioeconomic inequalities and a surge in the number of children being referred to mental health services mean a struggling system is under more pressure than ever, with barriers to access hitting neurodivergent children hard.

Neurodiversity takes many forms, research by Autistica reveals that 70% of autistic children alone experience a mental health condition, with 40% affected by more than one. Despite this, many neurodivergent children have been denied access to Children and Adolescent Mental Health Services (CAMHS) after being told that the service lacks the resources to support them, with only a third (32%) of parents of children with autism saying that CAMHS has improved their child’s mental health.

Access to mental health support for neurodivergent children isn’t just about the system’s capacity, it’s also about equality.

While some families can afford private treatment or are able to fight tooth and nail for their child to get the urgent treatment they need on the NHS, many more cannot afford the cost of treatment and are forced to join the queue and wait.

For others, social factors including ethnicity, gender and economic status affect the likelihood of neurodivergence going undiagnosed. This is in part due to knowledge gaps around the ways in which neurodivergence presents in children of different genders, ethnicities and backgrounds, as well as the challenges inherent in delivering joined-up care for children in a devolved social care system. Children inevitably fall through the cracks.

This has consequences. Research suggests that where the healthcare needs of neurodivergent children and young people are not met, they may grow up to have poorer health, lower educational attainment and poorer occupational outcomes compared to neurotypical children. For some neurodivergent conditions, research has also shown a high co-morbidity rate with mental health conditions such as anxiety. This has implications for “diagnostic overshadowing”, where a primary condition is identified, and other co-occurring conditions are overlooked.

Even where support is available, it often isn’t personalised or integrated, making it ill-suited to the specific needs of the individual. It’s clear that mental healthcare needs a reboot to meet the needs of this critically underserved group.

The need for inclusive solutions

Building a society where neurodivergent children are appropriately supported cannot be done with a one-size-fits-all approach. Inclusivity and adaptability must be at the heart of our response.

The solution starts with building a better understanding of how mental health and neurodivergence intersect in children. While neurodiversity and mental health issues are distinct, we know that conditions like autism often co-occur with physiological conditions and mental health disorders. Factors such as the psychological burden of ‘masking’ neurodivergent traits and the social stigmatisation of neurodivergence can exacerbate mental health challenges, which can affect daily functioning. By better understanding the needs of this group, we can deliver appropriate, individualised care which could significantly improve life outcomes.

We also need to empower schools to deliver deeper support. Educators are one of the first lines of defence when it comes to children’s mental health. While teachers and mental health support staff in schools do not carry sole responsibility for meeting the mental health needs of children, they are uniquely positioned to spot issues early and help reduce pressure on health services in the long term. Teachers often have established relationships with children and understand their needs in ways that other professionals might not. Providing training and early intervention tools to educators in schools is a vital first step to providing personalised, timely mental health support to neurodivergent children.

Individualised digital therapies, delivered at the right time, can also help but must be child-led and tailored to each child’s specific needs. Whilst interventions like CBT have a proven record of helping some children overcome mental health challenges, they are by no means a panacea for neurodivergent children. Empowering children with agency over how they learn about mental health, how they engage with interventions (for example, some may prefer digital as opposed to face-to-face support), and what kinds of help they’d like to experiment with as they grow up, helps to foster an inclusive, child-led approach to mental health care suited to each individual child. To make this a reality, more research into child-led therapies that work for different minds and at different times in their lives is desperately needed.

Mental health services have come a long way in recent years, but we must continue to work on developing systems and interventions that are inclusive, accessible and adaptable to all children. This week and beyond, let’s celebrate neurological differences by committing to creating a mental healthcare system that does not discriminate.

By Manjul Rathee, founder of BFB Labs

The post Mental Healthcare needs a Reboot to Support Neurodivergent Children appeared first on .

Ask Google’s Gemini assistant how many articles have been published on AI in the UK over the past year, and the response is that the data is “too vast and dispersed” to say, but “it’s a very active area of discussion.”

Or, as Jeremy Nettle, chair of the Highland Marketing advisory board, said it’s almost impossible to avoid news about AI and new uses of AI just now: and not all of it is good.

“There has been some pretty horrific AI coming out of the US about Trump, and Gaza,” he said, referring to a widely circulated video showing a golden statue of the US president in a Las Vegas-style Gaza strip.

Putting the full weight of the British state behind AI  

This has not stopped the government making a big bet on AI. Last July, UK science secretary Peter Kyle asked tech entrepreneur Matt Clifford to conduct an AI ‘opportunities review’ and in January the government accepted its recommendations.

These range from creating the power and water infrastructure needed for new data centres, to setting up a library of public data sets to train new models, to creating ‘growth zones’ and running ‘scan, pilot, scale’ projects’ in public services.

Prime minister Sir Keir Starmer made a speech promising to put “the full weight of the British state” behind the plans. And a week later, the government published a ‘blueprint for modern, digital government’ with a big role for AI – and a suite of tools for civil servants, called Humphrey.

But haven’t we been here before? 

While Sir Keir’s speech made a splash, consultant and former NHS CIO Neil Perry pointed out that we’ve heard similar things before. “Previous governments have talked about being leaders in technology and investing in new UK companies, and we’re not seeing it come through,” he said.

As a case in point, the advisory board considered the development of AI in the NHS, which has so far mainly focused on clinical decision support tools and automated reporting for x-rays and scans.

Entrepreneur Ravi Kumar, whose company CyberLiver works on digital therapies for advanced liver disease, said this requires a huge amount of development work, regulatory compliance, and liaison with clinicians.

“Getting AI into a practical, implementable state to work in a clinical setting is very expensive,” he said. “So, when the government talks about creating a home-grown industry, we have to be realistic about the number of companies that will be able to persist long enough to make the grade.”

NHSX, the digital unit set up by former health secretary Matt Hancock, recognised this problem. It set up a National Artificial Intelligence Lab to “bring together academics, specialists and health tech companies” to “work on the biggest challenges” facing the system.

While it did some interesting work, advisory board members felt its record was spotty when it came to growing UK businesses. Some prominent health-AI companies have lost out to over-seas competitors or left for bigger markets themselves. And there’s no money on the table for anything similar, today.

Decision support tools: company and clinician experience has been mixed 

From a clinical perspective, radiology expert Rizwan Malik also felt mistakes had been made. “Millions have gone into AI in the NHS, particularly in the diagnostic imaging space,” he said. “But we gave a lot of companies money to develop things without asking what the business case was.

It was: ‘AI is the answer, now what’s the question?’” As an example, he said AI is good at detecting abnormalities in chest x-rays, but so are radiologists, who now have to check both the chest x-ray and the AI’s interpretation of it. Which adds to their workload, for unclear benefit.

“That’s why I say we need business cases,” he said, underlining that those business cases need to think about how AI can help individuals to work smarter, not just harder.

“At the moment, it’s always: ‘how many more scans will you be able to do with this, Rizwan?’ It’s never: ‘how will this make your practice safer’? Or: ‘how will it improve outcomes?’ Or: if it can do those things, is it worth the price tag?”

Coming soon: generative AI 

The AI that everybody is talking about right now, though, is generative AI or the large language models like OpenAI’s ChatGPT, Google’s Gemini, and the open-source Llama.

These take large-scale data inputs and use them to predict what character is most likely to follow another character, creating (or generating) new outputs in the process, such as a response to a web query, or a block of code, or a social media post.

Jason Broch, a GP and CCIO, said he was worried about putting LLMs into clinical spaces. “We have used Microsoft Copilot for administrative work,” he said. “Some of the people who take minutes at meetings have tried it, and they have found it can cut the time involved in producing a report from three hours to one hour.

“But that is because they are experts at producing reports. In a clinical setting, we don’t know whether the output from an LLM is good, or not.”

People are using AI assistants because they are free or, increasingly, built into consumer software packages. But they’re not transparent. “We don’t really know what data [a model] has been trained on,” he said. “It produces an output, but we don’t really know how it does that.

“If you run a prompt again, it can come up with a completely different output. We need guardrails for the use of LLMs. Or we need healthcare specific models, because if we are going to scale the use of these tools in the NHS, we need to be able to trust them.”

Sam Neville, a nurse and CNIO, agreed. “Trust is an important word,” she said. “Staff do not trust this technology, and patients don’t trust it either.

“If we tell patients that we are going to put their information into a third-party system like a patient portal, they don’t like it. If we tell them that the NHS is looking at AI, they think Trump video. They think we are just going to make things up.”

Where’s the regulation, where are the guardrails? 

David Hancock, a consultant and interoperability expert, said he is worried that the government is paying far too little attention to these issues, in its dash for growth and productivity gains.

The EU, he pointed out, has passed legislation (the EU AI Act) to ban certain uses of AI and encourage transparency and labelling. Whereas the UK’s approach does not have the same level of emphasis on human rights protections.

“The UK government has said that it sees not being in the EU as an opportunity, so it sounds as if it is not going to go down the same route,” he said. “It looks as if it will allow this to be more commercially driven, as it is in the US.”

Nicola Haywood-Cleverly, a former CIO and consultant who also works as an NHS non-executive director, felt the NHS also needs to think much harder about the data that is being fed into these tools. “We all know there is a lot of concerns regarding data quality out there,” she said. “If we want to train good models, we need better data to train them on.”

The NHS will also need better infrastructure, she added, to make sure new tools are properly embedded into clinical workflows, and clinicians are clear about when they are using AI outputs.

Neil Perry said this raised the question of how the NHS can make sure new AI tools are implemented safely. “I have just joined one of NHS England’s panels looking at refreshing DCB 0129 and 0160 [clinical risk management standards for companies and organisations looking to roll-out digital systems].

“One of the first questions asked was: is the standard fit for AI? And the answer is: not really. In fact, it’s not really fit for two-week sprints [software development cycles]. When DCB 0129 and 0160 were written, the NHS was lucky if it got a system update yearly. We need to refresh methodologies. And we need to educate and include clinicians and patients.”

Jane Brightman, a social care expert who works at Skills for Care, said social care staff and people drawing on care also need to be brought into the picture. The social care sector is doing some work with the University of Oxford on the “ethical use of AI” that should lead to some basic principles for its development and deployment.

Time to think clearly on NHS AI

Jason Broch also suggested that the NHS needs to avoid some of the mishaps that it has made with AI to date by thinking clearly about what LLMs are good at and where that can resolve some of the challenges that the NHS is facing.

“We need to get cleverer about language,” he said. “We talk about LLMs as if they generate meaning. But they don’t. We talk about ‘hallucinations.’ But the LLM isn’t hallucinating. It’s doing what it’s meant to do, it’s just that we don’t like the output. So, we need to understand that these things are a great language tool, but they are not a cognition tool.”

Following on from this, he suggested the best uses of generative AI in the NHS might be in helping with language tasks, such as summarising a mass of patient records before an appointment, or generating communications.

Advisory board members had many other ideas for using AI alongside other technologies. Sam Neville said she is looking at an AI tool that can review trends in outpatient appointments to identify patients who may be at risk of ‘DNAing’ or not attending appointments.

David Hancock said the NHS could usefully run something similar over its patient reported outcomes or PROMS data, to find out what it is getting for its money.

Highland Marketing chief executive Mark Venables said it is working with an AI firm that can take vital signs information from patients waiting for admission and alert clinical teams to signs of deterioration.

Neil Perry suggested that similar technology could be used in A&E, to make long waits safer. “We can argue about whether all of this is AI, or whether it is just technology,” he said. “The point is that it automates what we do anyway, accurately enough to trigger an alert that leads to a human decision.”

Build out, take people with you 

The biggest problem, he said, is that in the current NHS financial environment projects like this are difficult to implement. He argued that instead of making big statements about NHS AI, the government should focus on where it could address the big “volume” issues and use its buying power to secure solutions for the whole system.

“Back in the days of the national programme for IT we used to talk about ‘ruthless standardisation’,” he said. “Perhaps we could do a bit of that now. Build AI tools into the NHS App and 111 services to detect and diagnose conditions, or read vital signs from a selfie and direct patients to the most appropriate service.

“The technology is available; we need to make it meaningful, useful and used at scale.” Meanwhile, Rizwan Malik argued there were some good things to have come out of the faltering start that has been made on AI so far.

“The upside is that we have experience of decision support tools,” he said. “So, perhaps we can start talking about the best way to use them. Instead of sending everybody for an MRI or CT scan we can start talking about which patients really need them. Or which patients need to go first.

“We could make incremental improvements. For the millions invested so far, we cannot say we are at the forefront of AI in healthcare in the UK, or that we are supporting UK plc. But we do have a workforce ready to have meaningful conversations going forward.”

About the Highland Marketing advisory board        

The Highland Marketing advisory board includes: Jeremy Nettle (chair), formerly of Oracle and techUK; Cindy Fedell, regional chief information officer at North western Ontario Hospitals, Canada; Nicola Haywood-Cleverly, a former integrated care system chief information officer, non-executive director for NHS foundation trusts, and health tech strategist and advisor; Andy Kinnear, former director of digital transformation at NHS South, Central and West Commissioning Support Unit and now consultant at Ethical Healthcare; Ravi Kumar, health tech entrepreneur and chair of ZANEC; Dr Rizwan Malik, consultant NHS radiologist and director of SMR Health Tech Consultancy; James Norman, EMEA health and life science director, Pure Storage; Ian Hogan, CIO at the Leeds and York Partnership NHS Foundation Trust; Neil Perry, former director of digital transformation at Dartford and Gravesham NHS Trust and now director at Synergy Digital Health Innovation; David Hancock, digital health strategist specialising in interoperability; Jane Brightman, director of workforce strategy at Skills for Care; Jason Broch, GP and CCIO at Leeds Health and Care Partnership.  

About Highland Marketing           

Highland Marketing is a specialist marketing, communications, market access and consultancy agency, focusing on the health tech and med tech industries. We offer an integrated range of services, covering all elements of the marketing mix, to help organisations achieve their goals by ensuring their messages are heard, understood, and acted upon by their chosen audiences. Our highly experienced and well-connected team has deep knowledge of health and care technology, strong contacts in the industry, and is well-versed in delivering effective campaigns and content. We support clients across the NHS and EMEA healthcare markets and work with clients looking to expand from the UK into international markets, and with overseas companies looking to enter the UK market.       

Website: www.highland-marketing.com  X: @HighlandMarktng

The post AI in Healthcare – How does the NHS get from Hype to Reality, Safely and Effectively appeared first on .

In light of these shifts, Yuval Yashiv, CEO at Thermology Health, explores what the shift from FFS to VBC payment models means for the delivery for healthcare more broadly, and what opportunities and barriers this presents for European MedTech.

1. What has been the impact of the shift to value-based care for the global Medtech landscape?

To date, many healthcare systems, particularly in the U.S. and private sectors, have predominantly relied on an FFS model. Nevertheless, many publicly funded European healthcare systems use capitation or budget-based models

Under FFS, cost is determined by the number and type of services used, focusing on the treatment and services patients receive. By charging based on the supplied treatment, rather than outcome, this can create the incentive to schedule more appointments, tests and procedures than necessary in order to increase revenue, leading to an inefficient use of resources.

In contrast under value-based care, treatments are prescribed based on the need and expected outcome for the patient, rather than the cost of the services used. This approach can support healthcare providers in addressing rising capacity and cost pressures by prioritising the most effective care for patients, rather than the number of appointments and treatments carried out. Enabling better allocation of resources by incentivising efficiency, VBC frees up time for healthcare providers and, therefore, makes treatment available to more individuals.

2. How important has this move been in the delivery of healthcare more broadly? What are the benefits for patients?

Matching outcome with funding creates a healthcare model that is more patient-focused, encouraging providers to allocate resources in order to deliver the greatest human benefit. FFS can sometimes incentivise treatment that is inefficient or ineffective as well as time consuming for patients, resulting in unnecessary tests and with it, stress for patients. Refocusing the incentive structures around needs and outcomes creates a more seamless experience, in addition to freeing up capacity to treat more patients.

3. What are the opportunities for European Medtechs under this model? How can they ensure that they are in a position to take advantage?

Value-Based Care prioritises outcome-driven care, which includes preventative and home-based care, as well as more efficient hospital and outpatient services, and creates exciting opportunities for innovation and the development of digital, predictive and remote monitoring tools.

For example, by using remote monitoring for patients with chronic diseases, VBC becomes the preferred approach, as optimising resources, freeing up hospital space, and enhancing patient comfort are prioritised, offering the same level of care at home. Preventative care also promotes cost savings as it is far cheaper to monitor high-risk patients and intervene early than to treat their conditions after they escalate. For example, this could be at home monitoring to support the prevention of diabetic foot ulcers, reducing strain on hospital resources and improving patient outcome.

In contrast, FFS offers fewer opportunities to innovate in this space as the incentive structures don’t always support the business case for developing early diagnostic and preventative solutions.

By shifting to value-based care, healthcare providers are actively seeking cost-effective solutions that maintain or improve patient outcomes with fewer resources and minimal disruption. This move will accelerate advancements already taking place in remote monitoring and treatment, creating further opportunities for those innovating in the space.

4. What role do you believe AI and predictive analytics will play in early diagnosis and chronic disease management under value-based care?

AI and predictive analytics have the potential to significantly reduce costs through more efficient use of resources. More importantly, as healthcare systems face growing demand, this will free up staff time to handle more challenging cases.

While we saw a shift towards monitoring chronic illnesses at home during the Covid pandemic, AI and predictive analytics will free up additional resources and improve welfare for patients through the creation of virtual wards. By increasing the monitoring of chronic illnesses within the community and using AI to predict which patients are at risk and need extra support, it will be possible to treat and manage conditions without the need for a hospital visit, vastly improving the allocation of resources.

5. What are the main barriers healthcare providers are facing in their adoption of MedTech?

While there is growing enthusiasm amongst healthcare providers to innovate and adopt emerging technologies, several challenges are holding back widespread uptake:

Regulatory barriers

The healthcare industry is heavily regulated, meaning that any new solutions which providers adopt must demonstrate robust compliance with safety or efficacy requirements. While regulations are adapting to new healthcare technologies, some outdated policies and complex approval pathways still pose barriers to MedTech adoption.

Reimbursement structure

The funding model healthcare providers operate within directly influences how treatments are valued. As a result, providers must clearly demonstrate how new technologies deliver value over existing methods. This includes measuring and validating new technologies and demonstrating their advantages over existing methods and technologies.

Operational complexities

The need to operate securely and seamlessly is crucial. For community-based applications in particular such as remote patient monitoring, this can be a real challenge. Solutions must integrate with existing electronic data records to enable doctors to monitor changes remotely, while also feeding back into the mainstream hospital system.

Human resistance

Finally, cultural barriers pose a significant challenge as practitioners are accustomed to established processes and may be resistant to change. With doctors already overburdened, it is crucial to demonstrate how investing time and funding in new solutions can ultimately ease their workload, improve patient outcome or both. This is particularly important when introducing solutions into areas where a treatment or a test already exists, as there needs to be a clear benefit for practitioners or improvement in outcomes for patients.

6. What trends do you foresee in preventative care technologies in the next five years?

The pandemic started a movement towards the use of wearable and telehealth technology to improve patient monitoring and diagnostics, and this is only going to gain momentum as strong use cases emerge and the benefits become increasingly apparent.

Healthcare providers are increasingly looking at remote patient monitoring as a solution to reduce pressures on hospitals and move to treatment in the community. As adoption grows and providers embrace new innovations, preventative care technologies will continue to advance, creating significant benefits for both patients and practitioners alike.

By Yuval Yashiv, CEO at Thermology Health

The post Opportunities and Challenges for European MedTech in the Era of Value-Based Care appeared first on .

Understanding the Proposed HIPAA Security Rule Update

The Department of Health and Human Services (HHS) proposed a HIPAA Security Rule update on December 27, 2024. This rule has remained unchanged since 2013, so the proposal aims to catch regulations up to a decade’s worth of shifts in cybercrime and health care data management.

As is to be expected of the first update in over 10 years, the document is lengthy, spanning nearly 125 pages. In general, though, the revised regulations add specificity to the Security Rule’s standards and definitions, clarify compliance requirements and hold covered entities to a higher cybersecurity standard.

Most notably, the update would require protections like encryption, multifactor authentication (MFA), network segmentation and antimalware software. Similarly, it mandates annual penetration testing, awareness training and compliance audits. Such measures are common in newer government regulations like the Cybersecurity and Maturity Model Certification but haven’t been strictly mandatory under HIPAA.

Other new requirements include:

• Regularly updated asset inventories and data maps
• Formal incident response plans
• Controls and notifications for ending a former employee’s access permissions
• Notifications when an entity enacts its contingency plans
• Considerations for third-party risks

Why HIPAA Needs Updated Cybersecurity Regulations

The extensive proposed update to the HIPAA Security Rule is an important shift. In many ways, the regulation is overdue for a change due to several key trends since its last revision.

Rising Cybercrime in Health Care

The most apparent reason why HIPAA needs a cybersecurity update is because cybercrime has skyrocketed. In the 10 years since regulators implemented the last Security Rule version, the health care sector has become a favorite target of cybercriminals.

In 2023, health care data breaches averaged $10.92 million in losses per incident, more than any other industry. Those costs do not tell the whole story, either. Hacking, ransomware and other security events can disrupt critical patient services, leaving people without access to the care they need.

Before this proposed update, HIPAA’s Security Rule did not reflect appropriate urgency relative to such attack trends. As cybercriminals’ techniques advance and target hospitals with rising frequency, tighter cybersecurity controls are essential.

Lack of Specificity in Current Rules

HIPAA also needs additional clarity within its Security Rule. The current revision leaves too much to interpretation to be a reliable standard in today’s cybersecurity environment.

As it stands today, HIPAA does not explicitly require encryption of protected health data. While it says covered entities must maintain “reasonable safeguards” to keep patient information confidential, it does not specify what such safeguards are. Many other parts of the Security Rule are similarly vague, which leaves too much room for improper protections.

While a court would likely find failing to implement encryption as a breach of the Security Rule, the regulation should be more specific upfront. The explicit standards in the proposed update would clarify expectations before covered entities experience a breach. The requirements could then protect patient data before an event, not only in post-breach litigation.

Outdated Regulations

Similarly, the existing version of the HIPAA Security Rule needs modernization. Cybercrime methods and technologies have advanced considerably over the past decade. As such, regulations need to address the threats and appropriate protections that are now prominent.

The proposed mandates for MFA, network segmentation and penetration testing are prime examples. All are standard defenses today — just 17% of security leaders in 2024 said they never pen test — but HIPAA does not yet require any of them. Consequently, medical organizations could technically be HIPAA-compliant but fall far below acceptable modern cybersecurity standards.

Requiring covered entities to implement newer defense strategies will help keep the industry up with changing cybersecurity trends. Cybercrime shifts quickly, so relevant regulations should likewise be adaptable.

Remaining Challenges to the Updated Rule

As important as an updated HIPAA Security Rule is, the proposal faces a few challenges. The medical sector and its regulators must consider these obstacles as they seek to modernize cybersecurity standards.

Implementation Costs

One significant barrier to the proposed update is how much it would cost to implement. Because the new rules cover much more and are far more specific, complying with them likely means investing in many technologies covered entities have not yet adopted. Such a transition could be prohibitively expensive in some cases.

Small and medium-sized enterprises would find it the hardest to comply. However, they may also need the additional protections the most, as attacks against them have risen by 150% in recent years. This situation leaves regulators in a difficult position of balancing appropriate security measures with making such protection accessible.

Administrative Roadblocks

The proposed update may also encounter resistance from lawmakers before it can go into effect. President Trump has already temporarily halted all rulemaking processes and has expressed interest in rolling back many of the government’s stricter regulations. It’s unclear if such a change would come to HIPAA, but the possibility may call the future of the proposal into question.

Executive administration aside, the update will likely go through at least one round of revisions before taking effect. Covered entities should not act before regulators establish a final rule, so attention to the ongoing revision process is necessary.

It’s Time for HIPAA to Evolve

While several roadblocks remain, the HIPAA Security Rule needs updating. The proposed changes — or a shift like them — are a necessary step forward to ensure regulations reflect the current threat environment.

Regardless of what happens on a regulatory level, health care businesses should consider how their security posture may need to evolve. Cybercrime is growing and transforming, so cybersecurity must do the same.

By Zac Amos, ReHack

The post Does HIPAA Need a Cybersecurity Update? appeared first on .

“The only thing that was impossible was to do nothing.” These are the words of Terry Pirovolakis, CEO of Elpida Therapeutics, and father to Michael who was diagnosed as an infant in 2019 with an ultra-rare neurological condition, SPG50. Despite being told there was no cure, Terry moved mountains over four years to find a breakthrough gene therapy that his son and other affected children all over the world could benefit from.

Michael, Terry, and their family are not alone in facing a long, daunting journey to access life-enhancing therapy for a disease with no cure. In the European Union, less than five percent of rare diseases have at least one approved treatment.[1] It can take up to five years for adults to receive a diagnosis, and half of patients will receive a misdiagnosis first.

By 2030, the goal is to support the development of 1,000 new therapies in Europe.[2] However, rare diseases challenge traditional ways of doing business. Once a medicine is approved, organizations must launch and scale quickly, often across multiple markets. Field medical teams must keep track of complex science at a time when the volume of medical knowledge is doubling every 73 days.[3] They need to identify, engage, and provide education to relevant healthcare professionals (HCPs) and experts even though they’re harder to reach via traditional methods (Veeva Pulse data shows that in-person meetings with physicians have declined in Europe in the last 12 months).

Despite these difficulties, life sciences organizations are improving how their teams organize market access and educate prescribing doctors on new medicines. Companies with comprehensive, accurate healthcare ecosystem data and insights relating to medical experts can prepare the market pre-launch and hit the ground running to accelerate execution after launch. This helps all customer-facing teams to deliver a consistently high-value scientific exchange in which every interaction builds off the last.

Greater agility during launch

Emerging biopharmas play a key role in delivering treatments for affected patients. Of the 192 orphan medicinal products (OMPs) authorized by the European Medicines Agency (EMA) between 2010 and 2022, one in ten successful applicants was designated an ‘SME’.[4] Facing more resource constraints than their competitors (which may have sales organizations multiple times their size), early-stage companies are increasingly seeking the best customer reference data and key opinion leader (KOL) insights to become more nimble when launching new treatments.

Rich information on experts, available in CRM, supported Sweden-headquartered Sobi to launch the first and only medicine for hemophagocytic lymphohistiocytosis (HLH) — a rare, hyperinflammatory condition affecting one in 50,000 resulting in a two-month life expectancy. In the U.S., MSLs at the company now routinely use real-time intelligence to find the right KOLs, understand their interests, priorities, and activities, and consolidate scientific information and updates. “90% of MSLs found new insights for their next engagements, which is critical for a rare disease company with lean teams,” says Rich Palizzolo, executive director of CX and advanced commercial capabilities at Sobi.

An added complexity is that rare diseases often involve several specialties. MSL teams have to get up to speed quickly on multiple areas before meeting experts — while also being responsible for other (more mainstream) therapeutic areas. ADVANZ PHARMA, which focuses on specialty, hospital, and rare disease medicine, found having scientific resources and activity data in one place helped MSLs use their time efficiently. Head of CRM and Digital Solutions for Global Commercial Excellence, Andy Eeckhout, notes: “Our customer-facing teams need to be agile communicators and effectively switch to a more patient-oriented, in-depth scientific discussion than with generics. Pre-call planning is crucial for MSLs before and after launch. The more data they can find, including on past interactions, the better.”

Other companies use customer reference and patient data to improve operational agility as they launch and scale their first products across Europe. For example, one late-stage biotech leveraged its data on the healthcare ecosystem to get a head start on launch by identifying market access roles in Spain, Benelux, and the Nordic countries.

One voice to the physician

After identifying the right experts, teams can engage them more effectively by ensuring that each HCP interaction builds off the previous one. However, sales, marketing, and medical teams often use disconnected technology. As a result, 65% of HCP engagements are not synchronized.

When these teams are connected in the same system handovers are smoother, and HCPs can find answers quickly or connect with MSLs if needed. ADVANZ PHARMA introduced a pre-launch module in its CRM to help market access, medical, and commercial teams share information compliantly. Eeckhout explains: “Physicians need a direct line to the industry, so they know who to contact when they have questions. Medical and commercial teams need to talk to each other and remain agile across customer conversations.”

ANI Pharmaceuticals, which delivers treatments for certain rare autoimmune and inflammatory conditions, only had 75 days to commercialize following swifter-than-expected regulatory approval. By using an industry-specific CRM with master data management, it consolidated its view of each HCP to include interactions with medical and sales reps. “Having this information accessible within the CRM system facilitates more thoughtful and helpful conversations with providers, as well as sales teams’ success and high click-through email rates,” explains Bob Acropolis, executive director of operations and analytics at ANI.

The foundation of successful interactions is accurate reference data — on physicians, healthcare organizations (HCOs), or affiliations. If applied across functions as part of a complete life sciences-specific CRM, it helps companies speak with one voice. In most cases, data change requests (DCRs) can now be made (and resolved) in hours, so reps and field medical don’t duplicate attempts to modify account information and instead work from the same database. With greater trust and confidence in reference data, teams save time so they can focus on high-value scientific exchange.

Sharing medical content that engages

Europe’s fragmented regulatory landscape and evolving local requirements intensify the pressure on marketing teams: they must provide highly personalized, compliant medical content that field teams can share at scale with scientific experts and physicians. With a single view across the entire content lifecycle, biopharmas can streamline and speed up medical, legal, and regulatory (MLR) reviews.

To deliver highly personalized content across a large rare disease portfolio, marketing teams need clarity on which content to recommend, and when. One global biopharma uses data analytics on its global repository of promotional and medical engagement tools to support content use across 17 areas of focus (and a growing global footprint). As its head of marketing and customer engagement noted, “How we engage with HCPs is critical. We need to know what percentage of our content is being developed and relevant to support different HCPs, whose patients rely on them for their rare disease diagnosis and management.”

As a new generation of digitally-savvy HCPs comes through, companies are considering the most effective tactics to engage them. More scientifically active than their peers and four times more likely to adopt a new treatment, younger HCPs require a different mix of scientific channels and content. They seek medical insights to inform their clinical and commercial decisions, which requires close coordination between medical affairs and field medical. “Gone are the days when medical could just focus on the top-tier scientific thought leaders. The range of stakeholders has broadened, and it’s imperative to expand our engagement strategies beyond traditional experts,” says Angela Smart, director of global medical excellence and operations at ADVANZ PHARMA.

Defying the odds, then beating them

Scientific discovery continues to bring hope to patients affected by rare diseases and their families. Life-changing conditions will eventually become chronic illnesses, thanks to the efforts of organizations willing to launch in a high-risk commercial environment. Companies ranging from emerging biotechs to global biopharma are using high-quality customer reference data, deep data on scientific experts, and connected technology to identify, engage, and provide medical education to the most relevant HCPs and KOLs.

Every rare disease patient faces a daunting journey. When Terry Pirovolakis’ son, Michael, was diagnosed, his family was told he was the only child in Canada with SPG50. Life sciences will do its part to help patients defy overwhelming odds — and eventually beat them.

By Chris Moore, President, Veeva Systems Europe

References

[1] “The building blocks to make rare disease treatments more common,” European Commission, February 2022

[2] “What is Rare Disease,” EURODIS, 2024

[3] “Challenges and Opportunities Facing Medical Education,” American Clinical and Climatological Association, 2011

[4] “Trends in orphan medicinal products approvals in the European Union between 2010–2022,” Orphanet Journal of Rare Diseases, 2024

The post Defying the Odds: Speeding Patient Access to Life-Changing Treatments in Rare Disease appeared first on .

State of UK Healthcare at Present

The UK healthcare sector has experienced its fair share of high-profile cyberattacks involving data breaches, leading to significant operational disruptions and compromising patient care. The most notable being the WannaCry Ransomware attack in May 2017 which affected over 60 NHS trusts. The incident led to the cancellation of appointments and surgeries as well as infecting more than 200,000 computer systems across 150 countries while encrypting sensitive data. More recently, in June 2024, healthcare provider Synnovis was hit by a ransomware attack that forced several London hospitals to cancel services and surgeries with the hacking group publishing the personal data of patients – including NHS numbers, names and test codes.  This is just the tip of the iceberg and demonstrates the real-life impact on hospitals, their ability to deliver patient care and the victims who have their confidential patient information leaked – which could cause emotional distress and lead to fraud.

A key focus for many threat actors who target the healthcare industry is to extract the confidential patient information held within these institutions. This includes medical histories, diagnoses, treatment plans, and genetic information – all of which can be sold on the dark web or held for ransom for millions. In fact, according to Verizon’s 2024 Data Breach Investigations Report, the healthcare industry is one of the most targeted industries for cyberattacks and data breaches, with 98% of cybercriminals’ motives being financially driven. Unauthorised access or misuse of this data can severely impact patients and lead to personal embarrassment, discrimination, fraud or even psychological harm.

Data Protection Requires Compliance

The UK has robust data protection laws and frameworks that are designed to protect sensitive health information and ensure its ethical and lawful use. This includes the UK GDPR and Data Protection Act which defines health data as special category data that requires additional safeguards for its processing and security. NIS2 also aligns with these laws as it mandates clear requirements for organisations to adopt robust risk management measures to help protect patient data from breaches, unauthorised access and other cyber threats.

Addressing these data protection requirements goes beyond ensuring regulatory compliance – it is key to building patient trust, driving sustainable improvements in care delivery, and fostering continued innovation in medical technology and healthcare services. A clear example of such innovation is the use of AI within the healthcare industry which is driving advancements in diagnosis, treatment, and efficiency. It is enabling earlier and more accurate detection of diseases through predictive analysis and medical imaging which is having positive patient outcomes.

In general, this presents a complex set of data protection challenges for healthcare providers to navigate. These challenges arise not only from the diverse nature of data processing activities, such as patient care, research, and administrative functions but also from the intricate relationships with partner organisations, suppliers, and third-party service providers. With AI, issues around transparency, establishing an appropriate lawful basis, and sharing of such data with third parties or various other health services come into question.

Moreover, non-compliance with these regulations and frameworks can result in severe consequences for healthcare institutions, including substantial financial penalties, legacy actions, and reputational damage. The harshest fines can reach up to £17.5 million or 4% of annual turnover for GDPR breaches yet the maximum fine in the UK in the healthcare sector to date has been €90,334, issued by the ICO to The Tavistock & Portman NHS Foundation Trust. Should an organisation be found non-compliant with the NIS2 framework, they may incur maximum penalties of €7,000,000 or 1.4% of the annual global revenue, whichever the greater amount if the institution is classified as an ‘important entity’. For ‘essential entities’, the fine could reach up to either €10,000,000 or 2% of the global yearly revenue, again, whichever is the greater amount. The NHS specifically has its Code of Confidentiality which guides NHS organisations around handling patient information and the Digital Data Security and Protection Toolkit which aids healthcare organisations review and improve data security practises.

Operational disruptions, increased oversight and costly remediation measures can further impact severe delivery and patient care. Failure to comply erodes trust among patients and partners, risks disqualification from contracts, and stifles innovation. Ultimately, robust data protection and cybersecurity are essential to maintaining patient safety, trust, and institutional resilience.

Outsourcing a DPO is an Option

Responsibility for ensuring data protection compliance typically falls on the shoulders of the Data Protection Officer (DPO) but because there is a shortage of skills within the data protection industry, finding a DPO that has the relevant experience or qualifications is a challenge in itself. Often, security professionals within the company, like the CISO, or Heads of Security, Legal or IT may include DPO responsibilities within their job roles, but this would generally be considered a conflict of interest (and therefore non-compliant). This is because, even if a DPO is recruited in-house, they may struggle to maintain independence from other business functions. There may also be budgetary restrictions in place – an issue well documented within the healthcare sector – where hiring a dedicated DPO will be difficult. As an alternative solution, it is recommended organisations obtain the DPO expertise through consultancy or DPO as a Service which can be full-time or on a part-time basis, according to demand.

DPO as a Service is a structured approach to enhancing data protection and compliance. It uses assistance and expertise from certified data protection experts to help the organisation review and prioritise its data protection goals. These experts can also help the business stay compliant with the law by offering guidance and overseeing adherence, playing a crucial role in the success of the data protection programme. The outcome is a thorough, cost-efficient, and fully accountable service that ensures compliance with all relevant policies, procedures, and legal obligations.

With the real threat of suffering a cyberattack, having a DPO – whether in-house or outsourced – is essential for healthcare organisations due to the sensitive nature of the data they handle. The industry has several regulations and laws that require compliance and address the need to safeguard patient personal data and mitigate the impact of suffering a data breach. By having a dedicated expert focused on data protection, healthcare institutions can build trust with patients, avoid legal penalties, and ensure the integrity and confidentiality of patient information. Thankfully, there are options available to those who don’t already have a dedicated DPO in place.

By Chris Linnell, Associate Director – Data Privacy at Bridewell

The post Addressing Data Protection and Security Effectively Within Healthcare appeared first on .