The NHS is pursuing an urgent digital transformation project to streamline operations, improve patient care, make data available for deep analytics, and more. In the plotting of the transition, there seems to be a recognition that centrally designed architecture and systems are not viable for an organisation of this size and complexity.
Instead, the various NHS Foundation Trusts, Clinical Commissioning Groups, and NHS Digital will be unleashed to create solutions to meet their particular needs. The NHS is looking toward interoperable systems which are free of proprietary restrictions, capable of being developed as isolated instances and then “hooked in” to the larger infrastructure.
The NHS has also announced it will permit the use of public cloud services to store patient data. But what will the impact be on costs and security within the increasingly diverse environment that will unfold?
If we take a lesson from the corporate sector, we can expect to witness steep growth in cloud adoption within the NHS, but the use of this technology will ultimately reach a limit. Issues of data security in particular have led many private companies to maintain their most sensitive information and differentiating technologies on wholly owned systems, whether on premises or in a colocation facility. Moreover, the subscription-based cost of long-term cloud storage is a deterrent to its use for archival purposes—and this may be a key consideration for the NHS with regards to patient records and research data.
If anything, the accountability demanded of a public organisation is likely to temper cloud adoption and may set a lower ceiling than exhibited by the private sector. Bets are that the NHS of tomorrow won’t be 100% cloud but will wind up, like most businesses, a hybrid system.
The pursuit of interoperability within a hybrid cloud model offers budgetary and technological advantages. However, it also presents challenges with regard to the maintenance and security of the infrastructure at all points in its evolution. How can the NHS handle these issues so that its hybrid is a reliable resource and not an out-of-control, budget-eating Frankenstein monster?
Protect the legacy with managed maintenance
The NHS has no alternative but to “start where they are”—and that means with legacy systems. Government budgets are often subject to deep cuts, and investment in IT systems generally trails the private sector by a large margin. Reliance on legacy technologies is the norm and probably always will be.
Older hardware presents several challenges. An IT organisation lacking funding for capital investment can find itself hemorrhaging money in equipment upkeep and repairs while suffering reliability issues. Hardware manufacturers’ limits on support—which can end after five years—can leave an organisation to its own devices in terms of expertise, spare parts management, break/fix, and performance optimisation. These are huge burdens to impose on internal personnel.
While the issue of legacy hardware is especially common to the public sector, and to healthcare generally, myriad corporations are reliant on older equipment for at least some functions. In fact, there is a trend toward identifying the “sweet spot” for hardware lifespan, which is frequently far longer than sales-focused manufacturers imply.
The trend for many of these companies—and one that the NHS should consider following—is using third party maintenance providers to support legacy systems. These specialist vendors maintain the deep bench of engineering expertise required to work on a full array of installed systems from a wide variety of manufacturers, reaching all the way to mainframes, when necessary.
The advantages of outsourcing the function are many. By taking on the maintenance and break/fix tasks, these support providers relieve internal staff to tackle strategic objectives. Most vendors offer 24/7 remote monitoring, and the service-level agreement’s guarantee of routine maintenance is performed regularly, together increasing uptime. Spare parts management—including innovative upgrade options—is also a big part of the business.
Third party maintenance can be highly effective in keeping legacy systems operating at peak performance without significant downtime, despite their age. Surprisingly, they also average cost-savings of about 60 percent. Such support options can thus play a large role in freeing resources—staff and budget—for digital transformation, while making existing systems more resilient and secure.
Protect data with a service
The NHS fell prey to the WannaCry ransomware virus in 2017. The hack leveraged known exploits, which demonstrated to the British public—or at least the IT professionals among us—that there are shortcomings in IT maintenance within the NHS. Basic tasks, such as patch installation, had clearly not been completed, leaving data vulnerable. Whether the situation has been fully remedied is not known, but it is doubtful that a comprehensive solution has been implemented.
Ransomware, of course, is not the only threat to sensitive data, and cybersecurity vulnerabilities will increase with the use of remote devices and edge computing. Together, these threats underscore the need for comprehensive, up-to-date backups. Within the larger rubric of third party maintenance, Data Protection-as-a-Service (DPaaS) can fill gaps in organisations’ backup processes.
In many cases, backups are not optimised and integrity isn’t tested on a regular basis. This can leave any organisation exposed when the worst happens – especially the NHS. DPaaS takes over backup verification and can even incorporate complete disaster recovery, whether the NHS ultimately relies on traditional approaches or more customised services.
Similar to IT maintenance contracts, DPaaS removes the data protection burden from internal staff and could be a good fit for the NHS as its backup needs and systems evolve. Fortunately, hardware design is changing to incorporate stronger security features. Pairing high-quality support of these more hardened systems with DPaaS, the NHS can reduce the likelihood of the next WannaCry, and subsequently reduce the prospect of large ransom payouts, data breaches or systems outages.
Fully leverage the cloud
One of the big questions for the NHS will be when and how to use the cloud. As discussed above, most IT organisations have arrived at a hybrid public/private infrastructure model, leveraging whichever technology is right for the job at hand.
For public cloud-ready workloads, the NHS should consider its migration pathway and the vendors it taps to guide implementation and mitigate risk. There can be advantages to using the same providers who work with the on-premises/co-located systems. Knowing the performance and expectations of existing systems is an asset when mapping those capabilities to the cloud, and can avoid over-provisioning. This intimate understanding can also inform migration and go-live planning to protect against downtime during the transition.
One would expect, however, that many workloads and a significant portion of archival data will remain on owned equipment, for both security and cost reasons—but there can still be a role for the cloud. Specifically, cloud-based monitoring should be considered a vital resource for the NHS.
Recent advances in artificial intelligence have enhanced predictive maintenance capabilities. There are commercial options for 24/7, cloud-based monitoring that can effectively identify and diagnose problems before they bring systems down. Unplanned outages and even planned maintenance requiring hardware downtime can be substantially reduced.
Such remote services are being integrated with existing maintenance plans, and early adopters are seeing significant benefit. Most relevant to the NHS are case studies from healthcare entities such as the University of Illinois Hospital & Health Sciences System. Not only are they seeing a drop in trouble tickets for their IT teams, but subscribing to a cloud-based monitoring and maintenance service is helping to address the budget pressures of a public institution.
Similar AI-based monitoring capabilities are being leveraged for security as well. Threat detection and response systems will help IT organisations enhance data protections in an emerging era of IoT and edge computing, when perimeter security will no longer be sufficient. The NHS will likely be forced to get on board.
Coda: Withstanding a future of cost pressures
Among the few constants for the NHS is a limited budget. As the service expands to care for a larger, aging population, providers could face further budget pressure. In such an environment, it will be tempting to invest primarily in front-line hospital equipment and patient care, rather than spend on backup systems for patient records, cybersecurity enhancements, and other technologies.
A combination of affordable maintenance, DPaaS, and cloud-based monitoring may be the recipe that the NHS needs. This would allow it to budget more clearly, support a complex, hybrid infrastructure with significant legacy components, and survive future rounds of budget cuts with minimal downtime affecting the vital services that the organisation delivers.
By Chris Adams, President and Chief Operating Officer at Park Place Technologies