We take it for granted that most of the services we receive today are powered by innovative technology and software: from flying to clothes shopping – practically every industry we rely on in our day to day lives is built on technological innovation.
There seems to be one glaring exception to this brave new world: the healthcare services that we receive. Healthcare industries and institutions haven’t exactly been early adopters of new technologies. Anyone of us who has had to interact with health services over the past few years, might not be surprised that as recently as 2010, 84% of hospitals were still managing records in hard copy rather than using software.
And while open source software is playing a major part in the advancement of cutting-edge technologies we read about every day – like IoT, AI and data storage, until recently, it seemed like the healthcare services industry had not yet joined the party.
The healthcare industry, offering an intricate array of facilities and services, contains a lot of moving parts: from medical practitioners, nurses and health professionals, to hospitals, clinics, government and non-government agencies. This is an extremely complex and fragmented eco-system, involving so many players. The UK's National Health Service (NHS), for example, is one of the largest employers in the world today. That translates into quite a few software requirements for healthcare tech leaders to deal with.
Not surprisingly, the healthcare industry is driven by volumes and volumes of data that require management by varied and complex IT systems. Most of these systems are considered eHealth.
Healthcare technologies include a dizzying variety of software, including: Electronic Health Records (EHR), Electronic Medical Records (EMR), telehealth and telemedicine, health IT systems, consumer health IT data, virtual healthcare, and mobile health (mHealth) – to name a few, and all these are required to work together and communicate smoothly. Since all of these involve complex record-keeping, big data systems to manage all the information also play a big role in the healthcare industry.
Much like other service-providing industries, healthcare organizations have traditionally created systems to manage these solutions autonomously – both within individual organizations and industry wide.
But while most industries have moved away from depending exclusively on proprietary software, the healthcare industry is still feeling the pain of being tied down to these monolithic legacy systems.
Proprietary eHealth software systems are extremely expensive to acquire, adopt, and manage. In addition, healthcare legacy systems lock organizations into a siloed software solution that will require even more resources to upgrade or enhance – not to mention the lack of compatibility with other systems.
The healthcare and open source community have a lot in common: they both thrive on research and innovation, knowledge sharing, and now – also the “democratization” of medical information. Slowly but surely, healthcare institutions are adopting open source solutions, and the open source community has been more than happy to help over the past few years, with solutions that can be developed quickly and efficiently, without license restriction, allowing sharing and re-use throughout both public and private healthcare organizations.
Luis Falcón, founder of GNU Health – one of the first open source projects to create a free health information system, now used globally both by public and private healthcare organizations, discussed the open source project, and listed its three main advantages over proprietary software:
#1 Administrators and providers can download the software for free, study it, then adapt it to their needs.
#2 There's no vendor lock-in, no hidden costs or upgrade scripts. Latest versions will always be available for free upgrade.
#3 There is an international community of support around GNU Health, including a community GNU Health demo server, documentation, IRC channels, mailing lists, bug tracking systems, and a development environment.
As the healthcare industry finally learns the many advantages of working with open source components, it’s very important that managers, administrators and users are also aware of the risks that might come with open source usage. The “Wanna” ransomware attack that recently hit the NHS was only one example of the possible outcomes when not complying with the automatic and continuous processes required to monitor and manage application security and open source usage.
Considering the volume of both personal data and of funds that are maintained throughout healthcare industry software systems – not to mention the cost to patients in the event of a malware attack on healthcare software, industries need to adopt a devops approach to their open source management processes.
This means being vigilant about open source software components and application security from the earliest stages of adoption, and then throughout the devops cycle: confirming that the components are up-to-date and vulnerability free.
An automated and continuous open source management tool, used throughout the software development lifecycle, will alert DevSecOps teams regarding any security and compliance risks or vulnerabilities found in the healthcare software, and recommend an available fix.
Adoption of open source software enables healthcare organizations to provide both their employees and customers with a level of service that was previously not available. However, this new-found agility and innovation comes with the responsibility of being continuously on top of application security practices.