Dr Owain Rhys Hughes, former NHS surgeon and CEO of Cinapsis, explores why healthtech companies refusing to acknowledge the role they play in care delivery creates a range of security and clinical concerns for the NHS and its patients.
Anyone who's familiar with the rise and fall of Theranos, first told in The Wall Street Journal and then in John Carreyrou’s best-selling book Bad Blood, will recognise the dangers of a healthtech company led by a CEO who thinks that rules and regulations are for other people. The consequences of Theranos’ loose relationship with compliance were felt by patients who received incorrect blood test results - with catastrophic outcomes for some. And whilst this is an extreme example, it’s a cautionary tale that UK healthtech providers should be at pains to heed.
The NHS is a complex ecosystem; its operation depends on a vast network of internal and external service providers. Over recent years, this network has actively made space for new tech and digital solutions, in line with the NHS-wide push for digital transformation. However, as we embrace game-changing technology, one significant issue is being overlooked - one that has the potential to destabilise the entire healthcare model; a lack of clarity around where tech stops and care begins.
Most healthtech companies fall (or at least think they fall) into one of two camps. First, those who solely provide tech infrastructure for use in healthcare settings. Their offering is a neat package of code and algorithm, but the solution delivered does not decide what care a patient receives. These services hum in the background - an example is DrDoctor, which enables patients to schedule appointments at a time convenient for them. The members of the second camp, in contrast, are tech tools - or a combination of ‘tech plus services’ - which affect what care a patient receives. They recommend treatments, make a diagnosis or decide where or when a patient is referred. They are, in short, involved in the decision-making process.
Yet the stark disparity between these camps is, at the present moment, almost entirely overlooked by everyone in the space - including NHS decision makers and often the technology company themselves. Yet failure to scrutinise the role each individual company is playing in the provision of patient care is short-sighted at best, and dangerous at worst.
Because playing a role in the delivery of care changes the rules of engagement. It shifts the dial and raises the stakes. Being a provider of clinical services or clinical advice or decisions, whether you’re an NHS Trust or a technology company, means you’re on the frontline directing patient care. Any mistakes or missteps here have the most human of real-world consequences.
Some technology companies appear to think they can have a foot in each camp - ‘tech only’ when it comes to complying with regulation - data governance and clinical safety standards - but a clinical service provider when it comes to advertising and selling their offering. Far from being ‘tech only’ offerings, many are in fact directly involved in clinical delivery. And, by failing to acknowledge this, they are effectively taking commissioners for a ride by shrugging off responsibility for the consequences of their tech’s usage within the NHS.
This is problematic and unethical. Any NHS partner must, by the very nature of the partnership, accept the accompanying, inextricable burden of responsibility. We cannot hide behind the shield of ‘tech’ when it comes to our work in this space.
From having the right data security measures and clinical safety processes in place to having the necessary insurance and following the highest compliance standards; understanding health tech’s role in the delivery and quality of clinical practice is an exercise in comprehension. It’s an exercise that all digital health companies must undertake, and that commissioners of NHS services must understand.
Babylon Health, for example, are typically viewed as a tech provider. But, in fact, they are directly involved in the provision of healthcare services across the UK. When errors are made and data breaches occur - as happened in July when their GP at Hand app gave users access to recordings of other patients’ consultations - the consequences can be huge. A company like Babylon, simply cannot operate like a tech company - it must operate like a healthcare provider, which is why they are registered with the Care Quality Commission.
In the healthtech space in which I operate - facilitating specialist advice and enabling referrals - it continually surprises me that a handful of fellow technology players feel comfortable operating as a provider of clinical services without robust clinical and information governance frameworks in place. If we don’t push such technology companies to acknowledge and take responsibility for their true roles, we’re exposing patients and the NHS to significant risks. From data breaches to delayed treatment; the consequences are all too real.
There are, of course, healthtech companies who are already fully cognisant of the role they are playing in delivering clinical services. These partners abide by the letter of regulatory guidance (and sometimes go above and beyond) and take all possible steps to mitigate against clinical risk. They understand that whether a service is delivered virtually or in person there is the same need to meet the high clinical and regulatory standards that we expect from the NHS. These companies are typically led by clinicians and understand the role of governance and a culture that ensures patient safety. Yes, this is more expensive, bureaucratic, and complicated - but it’s also in the best interests of the people and families receiving care through our health service.
As its CEO Elizabeth Holmes prepares to fight charges of criminal fraud in a forthcoming US trial, Theranos has provided a clear warning that companies who are bullish about compliance, fail to encourage collaborative dialogue about their work and avoid transparency should raise suspicions, especially when they are responsible for patient safety.
It’s vital that healthtech companies working alongside our NHS have responsible leaders who welcome scrutiny and build a culture focused on clinical safety and good governance. This will require commitment, and, in some cases, it will require companies to reform their offering and review their leadership style. But to guarantee the safety of patients and to protect the whole NHS, we mustn’t settle for anything less.