Security in the cloud leads off in LIS exchange

November 2021—Cybersecurity and the cloud, COVID care gaps, and lab consolidation were among the topics CAP TODAY publisher Bob McGonnagle talked to LIS vendors and Toby Cornish, MD, PhD, about in a Sept. 20 virtual roundtable. A return to on-site trade shows, too, came up: “I do miss walking the vendor floor. I feel like I’m out of touch with what the developments are,” said Dr. Cornish of the University of Colorado Anschutz Medical Campus.

With Dr. Cornish and McGonnagle were Bob Dowd and Dayna Carlin, NovoPath; Nick Trentadue, Epic; Curt Johnson, Orchard; Jeff Watson, MT(ASCP), MBA, and Michelle Del Guercio, Sunquest; and Jonathon Northover, CompuGroup. As of Nov. 8, Del Guercio of Sunquest is chief marketing officer, Protenus.

CAP TODAY’s guide to laboratory information systems

Two issues have dominated laboratorians’ thinking in the past five months. One is cybersecurity. We’ve had lab and system outages in important places. The other issue is the significant labor shortage in laboratories and other parts of the health care system. Nick Trentadue, how is Epic reacting to these two problems?
Nick Trentadue, product manager, Beaker, Epic: Making sure you have a solid security system and apparatus in place is key for all our customers. That goes in a couple of different ways. We have sort of a split in terms of how our customers use Epic. Some are self-hosted, like Dr. Cornish’s in Colorado. Some use Epic as a hosting vendor. We have hosting operations here in Madison [Wis.] as well as in Rochester [Minn.] and some other data centers. We also allow our customers to use the public cloud or other hosting vendors. Making sure they have the proper security apparatus in place regardless of who they pick to host is key to that issue.

Second, in terms of the labor shortage, we’ve tried to focus on where technology has been going the past decade. Whether it’s automation lines, digital pathology, making it easier to need fewer people in the laboratory, and to be able to move work where it needs to go—to a center of excellence, for example—it’s making sure we continue to automate and make use of resources where we need them versus just having more people in the lab.

Bob Dowd, the question of remote hosting or IT in the cloud is a big issue and a big piece of news from NovoPath. Give us a brief take on the advantages of being in the cloud, particularly as it relates to cybersecurity for your lab customer.

Bob Dowd, VP of strategic accounts development, NovoPath: Yes, our product development is moving to implementation in the cloud. We have many clients that want to use cloud-based products for a lot of reasons, one of which is security that’s automatically built in. So we’ve enhanced our product; we have taken everything virtually from our on-premise version, updated it, updated all the user interfaces, made it more user-friendly using feedback from our client base, and we’ve reviewed workflow software to try to do two things. It is more secure, and internally at NovoPath we’ve increased our security through proprietary virtual private network software and we’ve done a lot to safeguard systems. We do some hosting, so we safeguard for our clients that want to go into the cloud and that have on-premise versions to ensure they’re up to date on cyber­security.

Everything we’re developing in our cloud-based product is an enhancement of our on-premise product with client input, helping with workflow and with distribution. Everyone knows where a specimen is at any point in the process. We’ve seen productivity enhancements there, and that helps a bit with the staff shortages, as does the digital pathology we’ve done to be able to shoot cases around the country. A key thing has been wonderful client feedback to help enhance the workflow.

Toby Cornish, despite your relative youth, I know you will remember a time when many laboratorians had some skepticism around the cloud. There was kind of a division for a while between those who wanted to have their system and the heavy iron on site and those who trusted the cloud. Has that debate shifted?
Toby Cornish, MD, PhD, associate professor, Department of Pathology, and vice chair of pathology informatics, University of Colorado Anschutz Medical Campus: Yes, the debate has shifted. It’s a little before my time, but this is sort of a cyclical thing. There was a time when people didn’t want to be running their LIS on x86 microcomputer architecture—Intel hardware versus a mainframe or minicomputer. Over time you have to move forward, and there are always going to be people who are uncomfortable with new platforms.

Personally, I would move as much to the cloud as possible, assuming all other things are equal. But there are a lot of people who are a little uncomfortable with the idea. It’s not always the laboratorians or the people running the information systems in the laboratory. Sometimes it’s the centralized security for hospitals or academic centers that are saying no to moving out to the cloud, although in the past couple of years attitudes seem to be becoming more liberal in this sense.

Curt Johnson, when we talk about cybersecurity, it seems to me we’re in a constant nuclear race between the people who are violating the security and those of you who are trying to do your utmost to maintain system security. Is this going to be an eternal problem?
Curt Johnson, chief commercial officer, Orchard Software: It’s a problem that will be with us for a long time. These things do evolve and catalysts typically occur that move us. In this case, for a long time the cybersecurity for hospitals and the IT infrastructure, IT personnel, and leadership were wanted on site. This gave them more control over it. But as you said, in the nuclear war we’re in, as the hackers improve, it’s probably better to have professionals who understand it. We can build more security into the cloud than we can count on in an on-premise solution.

As we move toward the cloud, it allows for better security and a partnership between the vendors and clients. We understand the hosting. We understand the cloud. We can have data recovery centers in multiple places, as Nick mentioned. All your eggs aren’t in one basket. You have a little more capability to help your clients.

It will continue to move that way. There will always have to be vigilance between the clients and the partner vendors to make sure we’re doing everything in conjunction with them to mitigate as much security risk as we can. Will it ever be perfect? Not in the foreseeable future, but we can get really close.

Jonathon Northover, what is your perspective from CompuGroup on cybersecurity and the effect the cloud may or may not have on systems security?
Jonathon Northover, VP of product management, CompuGroup Medical US: It is certainly not going away—that’s not contentious—and it is a question of keeping ahead, to the extent you can, of any changes or compromises with ransomware or other related security risks that can crop up.

What we’re trying to do, and it is a challenge for all of us, is to standardize, because you have various labs with different security requirements. We all want to make sure we’re not only meeting those but sometimes going beyond those. But they’re all different. We are focused on standardizing it in the most flexible way so that when a new client pops up, we fully support them according to their requirements as well as the industry standards.

Working with Amazon Web Services or Microsoft Azure, for example, always comes with the gold standard of security. I’m not saying that’s what we have to rely on, but it’s a key piece.

Jeff Watson, are the resource limitations and lab worries about labor and cybersecurity going to affect the marketplace? That is, will laboratory budgets be harmed in terms of how they would have been used had these two issues not cropped up so dramatically in the past year?
Jeff Watson, MT(ASCP), MBA, senior product manager, Sunquest Information Systems: There are always tradeoffs, but lab budgets are not accelerating; they tend to be under pressure to be reduced. This plays into the cloud strategy you talked about. If a client is operating their system on premises, there are resources they have to apply to their systems. In a cloud environment oftentimes Sunquest or your vendor will take care of those, which frees up those resources. That’s where the vulnerabilities come in—you can do as much in the application around security and leave yourself vulnerable to a cyberattack by not patching your Windows servers or not staying current on your database servers. Being able to offshore that from the client to the vendor will increase security for them, because now you’ve got the resources from the vendor and maybe the cloud-hosted provider too. 

Michelle Del Guercio, would you like to weigh in on this effect on the market?

Michelle Del Guercio, VP of marketing, Sunquest Information Systems: Besides the normal reimbursement that is hit constantly, we’re seeing the differences with labor staffing and shortages. Laboratories are looking to their technology vendors to help them with better workflow efficiencies within their solutions to help augment those areas where staffing might be reduced, by budget cuts or retirements. The more the technology vendors can help provide solutions to support those differences and gaps, the better it is for the laboratory and patient outcomes.

CAP TODAY publishes a monthly roundtable I have with the Compass Group, and its members are indicating that this labor issue is eating into budgets and may not even be solved by technology. Toby, do you see this at the University of Colorado?
Dr. Cornish (University of Colorado): Maybe only once in the more than five years I’ve been here did anyone tell me we were fully staffed. We will again be fully staffed in November in the histology and cytopathology labs, thanks to an aggressive recruitment strategy in which we used professional recruiters, which we had not done before for histotechnologists. It’s a real problem.

To the credit of the LIS companies, a saving grace has been the technology we’ve put into our AP lab as far as interfacing with stainers and the barcode-driven workflows. Our histology supervisor says that has saved them, made them much more efficient. But we all would like to be fully staffed.

Nick, there’s been news about the lack of adequate and timely cancer diagnoses as a result of COVID in the past year. Do you see reports about that?
Nick Trentadue (Epic): Yes. During the pandemic we launched the Epic Health Research Network [EHRN.org], where we use the Epic Cosmos database, which has more than 100 million deidentified patient records, to look at different data elements. We published a couple of studies on the site, specifically on colorectal cancer, breast cancer screening, much of the preventive care that people weren’t getting.

Our customers are seeing more advanced, later-stage cancers. I was talking to pathologists in Minnesota, Florida, Texas—everyone is seeing it.

We are seeing groups, too, that are trying to combat this in a different way. Instead of going for a colonoscopy, they are working with a company like Exact Sciences to do a Cologuard test, to help bridge the gap.

Toby, can you comment on the volumes and the delay of diagnoses or biopsies?
Dr. Cornish (University of Colorado): We haven’t noticed it as much. As a large referral center, we get so many cases that other hospitals aren’t willing or able to take that it hasn’t been as noticeable. I agree with Nick there is very likely a trend, and we’re probably going to see some unfortunate data getting published on this.

Curt, can you comment on these disruptions in the quality of care in cancer?

Curt Johnson (Orchard): COVID has disrupted health care, it’s disrupted the lab, and a lot of positives have come out along with the negatives. The modernization and mainstreaming of molecular testing are positives. In the long run that’s going to improve cancer diagnostics.