Considerations on managing radiotherapy data
Importance of Radiotherapy data
Effective management of medical data is especially critical in radiotherapy as the data is required for each treatment. Without online access to a patient’s data at the time of treatment, it cannot occur. This means a lapse in access to data results in an interruption in patient treatments with potentially a direct impact on patient health and outcomes. Thankfully, radiotherapy, and other treatments, continue to improve patient outcomes but this does result in more recurrences and thus more retreatments. It is critical for planning those retreatments to have access to the previous treatment plans and data. There is also a legal requirement for healthcare data retention. On top of these reasons, as machine learning and artificial intelligence becomes more common place there is a need for data to test and educate these technologies. Both rely on historical data to build models for use going forward. Automation is much harder to implement without previous data being available. This also raises the need for effective and ongoing data curating and management.
Risks to Radiotherapy data
Beyond that, just managing a stable infrastructure for the data is the threat from crime. Cybercriminals are targeting healthcare data more and more aggressively. In 2022 medical data breaches increased by 94% with more than 66% of medical centers reporting some level of breach. There are several reasons for this. Healthcare as an industry is regularly the second lowest spender on IT technology compared to other industries. This combined with the fact that though medical device technology is always advancing the IT infrastructure supporting that technology is often lagging way behind. Given medical center IT teams are usually wary to work on something that is a medical device responsible for patient care there is often a gap in coverage on the systems. This leaves holes and vulnerabilities for cybercriminals to exploit. Since medical entities are dependent on that data for providing care they are also often willing to pay the ransoms and thus increase the target opportunity.
Considerations for protecting Radiotherapy data
No system will ever be impervious to risk, be it from breach or due to system failure. There are however, some relatively straight forward reasonable cost initiatives can drastically reduce the risk of down time and ensure higher uptime for patient treatments. This involves bridging the gap between the vendor and IT teams to ensure understanding and reliable infrastructures are in place. IT infrastructure design and configuration is not usually a strength with vendors, their focus is medical device development. From an IT technical point of view the systems are straight forward, but they fall into the gap of the vendor not fully understanding it and the local IT teams not wanting to touch it. Even if the vendor puts safeguards in place there is risk that during the installation and support process the measures are reduced or removed to facilitate easier support or work arounds for communicating with other systems. It is important for whomever is responsible for the management of the infrastructure to understand the function and how the data is both being transferred and stored within the systems. It means implementing safeguard systems to ensure the best possibility to detect a breach early and prevent it from becoming a bigger issue. Cybercriminals are often in systems for months before triggering the ransom request once they have taken copies of the data. Ransomware is also no longer just holding data ransom; it’s also become a type of blackmail by forcing entities to pay not to have the stolen data released on the internet.
Ensure and verify that there are adequate backup and restore procedures in place. Due to the extensive effort involved in testing and verifying data restore procedures, often this is neglected. This increases the risk that the systems in place are not functioning and thus are not able to restore the data when needed.
Lastly but no less important, ensure procedures are in place for when a breach or system failure happens. Too often lack of plan leads to larger problems during an already serious incident. Teams should be educated in the procedures and know what to do when something does happen. Eventually, something will happen to every organization.
Considerations for managing Radiotherapy data
It is never too late to begin cleansing and standardizing data. Over the years processes, protocols and naming conventions change. All of these make it harder to use the data for research or building models for machine learning. The phrase of garbage in garbage out has never been more relevant. Artificial intelligence is only as good as the data that is being fed in. Automating a non-standard variable process just leads to increased variability in results. Ensure that some regular process is in place to review and manage the data. Educate staff on processes to ensure data is being entered in a standard and uniform format.
Delos Wilbur
Director of Technical Services