ABSTRACT
Importance: Patients with inequitable access to patient portals frequently present to emergency departments (EDs) for care. Little is known about portal use patterns among ED patients. Objectives: To describe real-time patient portal usage trends among ED patients and compare demographic and clinical characteristics between portal users and nonusers. Design, Setting, and Participants: In this cross-sectional study of 12 teaching and 24 academic-affiliated EDs from 8 health systems in California, Connecticut, Massachusetts, Ohio, Tennessee, Texas, and Washington, patient portal access and usage data were evaluated for all ED patients 18 years or older between April 5, 2021, and April 4, 2022. Exposure: Use of the patient portal during ED visit. Main Outcomes and Measures: The primary outcomes were the weekly proportions of ED patients who logged into the portal, viewed test results, and viewed clinical notes in real time. Pooled random-effects models were used to evaluate temporal trends and demographic and clinical characteristics associated with real-time portal use. Results: The study included 1â¯280â¯924 unique patient encounters (53.5% female; 0.6% American Indian or Alaska Native, 3.7% Asian, 18.0% Black, 10.7% Hispanic, 0.4% Native Hawaiian or Pacific Islander, 66.5% White, 10.0% other race, and 4.0% with missing race or ethnicity; 91.2% English-speaking patients; mean [SD] age, 51.9 [19.2] years). During the study, 17.4% of patients logged into the portal while in the ED, whereas 14.1% viewed test results and 2.5% viewed clinical notes. The odds of accessing the portal (odds ratio [OR], 1.36; 95% CI, 1.19-1.56), viewing test results (OR, 1.63; 95% CI, 1.30-2.04), and viewing clinical notes (OR, 1.60; 95% CI, 1.19-2.15) were higher at the end of the study vs the beginning. Patients with active portal accounts at ED arrival had a higher odds of logging into the portal (OR, 17.73; 95% CI, 9.37-33.56), viewing test results (OR, 18.50; 95% CI, 9.62-35.57), and viewing clinical notes (OR, 18.40; 95% CI, 10.31-32.86). Patients who were male, Black, or without commercial insurance had lower odds of logging into the portal, viewing results, and viewing clinical notes. Conclusions and Relevance: These findings suggest that real-time patient portal use during ED encounters has increased over time, but disparities exist in portal access that mirror trends in portal usage more generally. Given emergency medicine's role in caring for medically underserved patients, there are opportunities for EDs to enroll and train patients in using patient portals to promote engagement during and after their visits.
Subject(s)
Emergency Service, Hospital , Patient Portals , Humans , Female , Emergency Service, Hospital/statistics & numerical data , Male , Patient Portals/statistics & numerical data , Cross-Sectional Studies , Middle Aged , Adult , United States , Aged , Young AdultABSTRACT
OBJECTIVES: Healthcare ransomware cyberattacks have been associated with major regional hospital disruptions, but data reporting patient-oriented outcomes in critical conditions such as cardiac arrest (CA) are limited. This study examined the CA incidence and outcomes of untargeted hospitals adjacent to a ransomware-infected healthcare delivery organization (HDO). DESIGN SETTING AND PATIENTS: This cohort study compared the CA incidence and outcomes of two untargeted academic hospitals adjacent to an HDO under a ransomware cyberattack during the pre-attack (April 3-30, 2021), attack (May 1-28, 2021), and post-attack (May 29, 2021-June 25, 2021) phases. INTERVENTIONS: None. MEASUREMENTS AND MAIN RESULTS: Emergency department and hospital mean daily census, number of CAs, mean daily CA incidence per 1,000 admissions, return of spontaneous circulation, survival to discharge, and survival with favorable neurologic outcome were measured. The study evaluated 78 total CAs: 44 out-of-hospital CAs (OHCAs) and 34 in-hospital CAs. The number of total CAs increased from the pre-attack to attack phase (21 vs. 38; p = 0.03), followed by a decrease in the post-attack phase (38 vs. 19; p = 0.01). The number of total CAs exceeded the cyberattack month forecast (May 2021: 41 observed vs. 27 forecasted cases; 95% CI, 17.0-37.4). OHCA cases also exceeded the forecast (May 2021: 24 observed vs. 12 forecasted cases; 95% CI, 6.0-18.8). Survival with favorable neurologic outcome rates for all CAs decreased, driven by increases in OHCA mortality: survival with favorable neurologic rates for OHCAs decreased from the pre-attack phase to attack phase (40.0% vs. 4.5%; p = 0.02) followed by an increase in the post-attack phase (4.5% vs. 41.2%; p = 0.01). CONCLUSIONS: Untargeted hospitals adjacent to ransomware-infected HDOs may see worse outcomes for patients suffering from OHCA. These findings highlight the critical need for cybersecurity disaster planning and resiliency.
ABSTRACT
Background: Cybersecurity incidents affecting hospitals have grown in prevalence and consequence over the last two decades, increasing the importance of cybersecurity preparedness and response training to minimize clinical disruptions. This work describes the development, execution, and post-exercise assessment of a novel simulation scenario consisting of four interlocking intensive care unit (ICU) patient scenarios. This simulation was designed to demonstrate the management of acute pathologies without access to conventional treatment methods during a cybersecurity incident in order to raise clinician awareness of the increasing incidence and patient safety implications of such events. Methods: The simulation was developed by a multidisciplinary team of physicians, simulation experts, and medical education experts at UCSD School of Medicine. The simulation involves the treatment of four patients, respectively experiencing postoperative hemorrhage, end stage renal disease, diabetic ketoacidosis, and hypoxic respiratory failure, all without access to networked medical resources. The simulation was first executed as part of the proceedings of CyberMed Summit, a healthcare cybersecurity conference in La Jolla, California, on November 19th, 2022. Following the simulation, a debrief session was held with the learner in front of conference attendees, with additional questioning and discussion prompted by attendee input. Results: Though limited to a single subject by the pilot-study nature of this research, the physician learner successfully identified the acute etiologies and managed the patients' acute decompensations while lacking access to the hospital's electronic medical records (EMRs), laboratory results, imaging, and communication systems. Review of footage of the event and post-experience interviews yielded numerous insights on the specific physician-focused challenges and possible solutions to a hospital-infrastructure-crippling cyber attack. Conclusion: Healthcare cybersecurity incidents are known to result in significant disruption of clinical activities and can be viewed through a patient-safety oriented perspective. Simulation training may be a particularly effective method for raising clinician awareness of and preparedness for these events, though further research is required.
ABSTRACT
STUDY OBJECTIVE: Cyberattacks are an increasing threat to health care institutions which potentially impair patient outcomes. Current research is limited and focuses mainly on the technical consequences, whereas little is known about health care staff experiences and the effect on emergency care. This study aimed to explore the acute care effect of several large ransomware attacks against hospitals that occurred in Europe and the United States between 2017 and 2022. METHODS: This interview-based qualitative study assessed the experiences of emergency health care professionals and information technology (IT) staff and investigated the challenges during the acute and recovery phase of hospital ransomware attacks. The semistructured interview guideline was based on relevant literature and cybersecurity expert consultation. Transcripts were anonymized, and traceable information regarding participants and/or their organizations was removed for privacy purposes. RESULTS: Nine participants were interviewed, including emergency health care providers and IT-focused staff. Five themes were constructed from the data: effects and challenges regarding patient care continuity, challenges during the recovery process, personal effect on health care staff, preparedness and lessons identified, and future recommendations. CONCLUSIONS: According to the participants of this qualitative study, ransomware attacks have a significant effect on emergency department workflow, acute care delivery, and the personal well-being of health care providers. Preparedness for such incidents is limited, and many challenges are encountered during the acute and recovery phase of attacks. Although there was profound hesitancy among hospitals to participate in this study, the limited number of participants provided valuable information that can be used to develop response strategies for hospital ransomware attacks.
Subject(s)
Delivery of Health Care , Hospitals , Humans , United States , Computer Security , Health Personnel , Emergency Service, HospitalABSTRACT
Importance: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. Objective: To examine an institution's emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. Design, Setting, and Participants: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70â¯000 care encounters and 11% of San Diego County's total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. Exposure: A month-long ransomware cyberattack on 4 adjacent hospitals. Main Outcomes and Measures: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. Results: This study evaluated 19â¯857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). Conclusions and Relevance: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster.
Subject(s)
Emergency Medical Services , Emergency Service, Hospital , Adult , Humans , Female , Child , Middle Aged , Male , Cohort Studies , Hospitalization , HospitalsABSTRACT
OBJECTIVE: Cyberattacks on healthcare systems are increasing in frequency and severity. Hospitals need to integrate cybersecurity preparedness into their emergency operations planning and response to mitigate adverse outcomes during increasingly likely cyber events. No data currently exist regarding the level of preparedness of United States hospital systems for cybersecurity attacks. We surveyed hospital emergency managers to assess cybersecurity preparedness for these events. METHODS: Fifty-seven emergency managers representing hospitals across the United States participated in an online Qualtrics survey regarding current preparedness and response procedures for cybersecurity hazards. RESULTS: Survey responses between April 2019 and May 2021 demonstrated that a majority of hospital systems surveyed included cybersecurity disasters in their HVA (82.4%; 47/57), and most ranked it as 1 of their top 5 priorities (57.4%; 27/47). However, over half denied specifically mentioning cybersecurity in their Emergency Operations Plans (EOPs; 52.6%; 30/57). Fourteen of the 57 hospital systems (24.5%) endorsed previously activating an emergency response for a cybersecurity incident unrelated to information technology (IT) failure. CONCLUSIONS: The survey results suggest that American hospitals are currently underprepared for cybersecurity disasters. We emphasize the importance of prioritizing cybersecurity in Hazard Vulnerability Analyses (HVAs) and implementing specific EOP annexes for cybersecurity emergencies.
Subject(s)
Civil Defense , Disaster Planning , Disasters , Humans , United States , Hospitals , Surveys and Questionnaires , Delivery of Health CareABSTRACT
PURPOSE: Cancer patients frequently utilize the emergency department (ED) for a variety of diagnoses both related to and unrelated to their cancer, yet ED outcomes for cancer patients are not well documented. This study sought to define risks and identify predictors for inpatient admission and hospital mortality among cancer patients presenting to the ED. PATIENTS AND METHODS: We utilized the National Emergency Department Sample to identify patients with and without a diagnosis of cancer presenting to the ED between January 2016 and December 2018. We used multivariable mixed-effects logistic regression models to assess the influence of cancer on outcomes of hospital admission after the ED visit and hospital mortality for the whole patient cohort and individual presenting diagnoses. RESULTS: There were 340 million weighted ED visits, of which 8.3 million (2.3%) were associated with a cancer diagnosis. Compared to non-cancer patients, patients with cancer had an increased risk of inpatient admission (64.7% vs. 14.8%; p < 0.0001) and hospital mortality (4.6% vs. 0.5%; p < 0.0001). For each of the top 15 presenting diagnoses, cancer patients had increased risks of hospitalization (odds ratio [OR] range 2.0-13.2) or death (OR range 2.1-14.4). Although our dataset does not contain reliable estimation of stage, cancer site was the most robust individual predictor associated with the risk of hospitalization or death compared to other clinical or system-related factors. CONCLUSIONS: Cancer patients in the ED have high risks for hospital admission and death when compared to patients without cancer. Cancer patients represent a distinct population and may benefit from cancer-specific risk stratification or focused interventions to improve outcomes.
Subject(s)
Emergency Service, Hospital/standards , Neoplasms/therapy , Adolescent , Adult , Aged , Female , Hospitalization , Humans , Male , Middle Aged , Young AdultABSTRACT
BACKGROUND: In March of 2020, the World Health Organization declared coronavirus disease 2019 (COVID-19)-a disease caused by a novel coronavirus-a pandemic, and it continued to spread rapidly in the community. Our institution implemented an emergency medicine telehealth system that sought to expedite care of stable patients, decrease provider exposure to COVID-19, decrease overall usage rate of personal protective equipment, and provide a platform so that infected or quarantined physicians could continue to work. This effort was among the first to use telehealth to practice emergency medicine in the setting of a pandemic in the United States. DISCUSSION: Outside the main emergency departments at each of 2 sites of our academic institution, disaster tents were erected with patient care equipment and medications, as well as technology to allow for telehealth visits. The triage system was modified to appropriately select low-risk patients with symptoms suggestive of COVID-19 who could be seen in these disaster tents. Despite some issues that needed to be addressed, such as provider discomfort, limited medication availability, and connectivity problems, the model was successful overall. CONCLUSIONS: Other emergency departments might find this proof of concept article useful. Telehealth will likely be used more broadly in the future, including emergency care. It is imperative that the health care system continues to adapt to respond appropriately to challenges such as pandemics.
Subject(s)
COVID-19/epidemiology , Emergency Medicine/organization & administration , Pandemics/prevention & control , Telemedicine/organization & administration , Aged , COVID-19/prevention & control , Female , Humans , Medicare , Pregnancy , SARS-CoV-2 , United States/epidemiologyABSTRACT
PROBLEM: Academic health centers (AHCs) face cybersecurity vulnerabilities that have potential costs to an institution's finances, reputation, and ability to deliver care. Yet many AHC executives may not have sufficient knowledge of the potential impact of cyberattacks on institutional missions such as clinical care, research, and education. Improved cybersecurity awareness and education are areas of opportunity for many AHCs. APPROACH: The authors developed and facilitated a tabletop cybersecurity simulation at an international conference for AHC leaders in September 2019 to raise awareness of cybersecurity issues and threats and to provide a forum for discussions of concerns specific to CEOs and C-suite-level executives. The 3.5-hour interactive simulation used an evolving, 3-phase case study describing a hypothetical cyberattack on an AHC with a ransomware demand. The approximately 70 participants, from AHCs spanning 25 states and 11 countries, worked in teams and discussed how they would react if they held roles similar to their real-life positions. The authors provide the full scenario as a resource. OUTCOMES: The exercise was well received by the participants. In the postsession debrief, many participants noted that cybersecurity preparedness had not received the level of institutional attention given to threats such as epidemics or natural disasters. Significant variance in teams' courses of action during the simulation highlighted a lack of consensus with regard to foundational decisions. Participants identified this as an area that could be remedied by the development of guidelines or protocols. NEXT STEPS: As health care cybersecurity challenges persist or grow in magnitude, AHCs will have increased opportunities to lead in the development of best practices for preparedness and response. AHCs are well positioned to work with clinicians, security professionals, regulators, law enforcement, and other stakeholders to develop tools and protocols to improve health care cybersecurity and better protect patients.
Subject(s)
Academic Medical Centers , Computer Security , Physician Executives , Simulation Training , Congresses as Topic , HumansABSTRACT
INTRODUCTION: The coronavirus disease 2019 (COVID-19) pandemic has seriously impacted clinical research operations in academic medical centers due to social distancing measures and stay-at-home orders. The purpose of this paper is to describe the implementation of a program to continue clinical research based out of an emergency department (ED) using remote research associates (RA). METHODS: Remote RAs were trained and granted remote access to the electronic health record (EHR) by the health system's core information technology team. Upon gaining access, remote RAs used a dual-authentication process to gain access to a host-based, firewall-protected virtual network where the EHR could be accessed to continue screening and enrollment for ongoing studies. Study training for screening and enrollment was also provided to ensure study continuity. RESULTS: With constant support and guidance available to establish this EHR access pathway, the remote RAs were able to gain access relatively independently and without major technical troubleshooting. Each remote RA was granted access and trained on studies within one week and self-reported a high degree of program satisfaction, EHR access ease, and study protocol comfort through informal evaluation surveys. CONCLUSIONS: In response to the COVID-19 pandemic, we virtualized a clinical research program to continue important ED-based studies.
Subject(s)
Betacoronavirus , Biomedical Research/organization & administration , Coronavirus Infections/prevention & control , Electronic Health Records , Emergency Service, Hospital/organization & administration , Pandemics/prevention & control , Pneumonia, Viral/prevention & control , Research Personnel/organization & administration , Academic Medical Centers/organization & administration , COVID-19 , California , Humans , Medical Informatics , Program Development , SARS-CoV-2ABSTRACT
As a result of the extensive integration of technology into the healthcare system, cybersecurity incidents have become an increasing challenge for the healthcare industry. Recent examples include WannaCry, a nontargeted ransomware attack on more than 150 countries worldwide that temporarily crippled parts of the National Health Service in the United Kingdom, and the 2016 ransomware attack on Los Angeles's Hollywood Presbyterian Medical Center. The attacks cost millions of dollars in lost revenue and fines, as well as significant reputational damage. Efforts are needed to devise tools that allow experts to more accurately quantify the actual impact of such events on both individual patients and healthcare systems as a whole. While the United States has robust disaster preparedness and response systems integrated throughout the healthcare and government sectors, the rapidly evolving cybersecurity threat against healthcare entities is outpacing existing countermeasures and challenges in the "all-hazards" disaster preparedness paradigm. Further epidemiologic research of clinical cybersecurity attacks and their effects on patient care and clinical outcomes is necessary to prevent and mitigate future attacks.
Subject(s)
Civil Defense , Computer Security/economics , Delivery of Health Care/organization & administration , Electronic Health Records , Computer Security/trends , Delivery of Health Care/standards , Hospitals , Humans , United StatesABSTRACT
BACKGROUND: Connected medical technology is increasingly prevalent and offers both a host of new therapeutic potentials and cybersecurity-related considerations. Current practice largely does not include discussions of cybersecurity issues when clinicians obtain informed consent. OBJECTIVE: This paper aims to raise awareness about cybersecurity considerations for connected medical technology as they relate to informed consent discussions between patients and clinicians. METHODS: Clinicians, health care cybersecurity researchers, and informed consent experts propose the concept of a cybersecurity informed consent for connected medical technology. RESULTS: This viewpoint discusses concepts designed to facilitate further discussion on the need, development, and execution of cybersecurity informed consent. CONCLUSIONS: Cybersecurity informed consent may be a necessary component of informed consent practices, as connected medical technology proliferates in the health care environment.
Subject(s)
Computer Security/standards , Informed Consent/standards , HumansABSTRACT
The future of connected health care will involve the collection of patient data or enhancement of clinician workflows through various biosensors and displays found on wearable electronic devices, many of which are marketed directly to consumers. The adoption of wearables in health care is being driven by efforts to reduce health care costs, improve care quality, and increase clinician efficiency. Wearables have significant potential to achieve these goals but are currently limited by lack of widespread integrations into electronic health records, biosensor data collection types, and a lack of scientifically rigorous literature showing benefit.
Subject(s)
Wearable Electronic Devices , Drug Delivery Systems , Humans , Monitoring, Physiologic , Precision Medicine , TelemedicineSubject(s)
Computer Security/standards , Disaster Medicine/organization & administration , Disaster Planning , Emergency Medicine/organization & administration , Terrorism , Disaster Medicine/trends , Disaster Planning/organization & administration , Emergency Medicine/trends , Humans , Risk AssessmentABSTRACT
OBJECTIVE: The coronavirus disease 2019 pandemic has inspired new innovations in diagnosing, treating, and dispositioning patients during high census conditions with constrained resources. Our objective is to describe first experiences of physician interaction with a novel artificial intelligence (AI) algorithm designed to enhance physician abilities to identify ground-glass opacities and consolidation on chest radiographs. METHODS: During the first wave of the pandemic, we deployed a previously developed and validated deep-learning AI algorithm for assisted interpretation of chest radiographs for use by physicians at an academic health system in Southern California. The algorithm overlays radiographs with "heat" maps that indicate pneumonia probability alongside standard chest radiographs at the point of care. Physicians were surveyed in real time regarding ease of use and impact on clinical decisionmaking. RESULTS: Of the 5125 total visits and 1960 chest radiographs obtained in the emergency department (ED) during the study period, 1855 were analyzed by the algorithm. Among these, emergency physicians were surveyed for their experiences on 202 radiographs. Overall, 86% either strongly agreed or somewhat agreed that the intervention was easy to use in their workflow. Of the respondents, 20% reported that the algorithm impacted clinical decisionmaking. CONCLUSIONS: To our knowledge, this is the first published literature evaluating the impact of medical imaging AI on clinical decisionmaking in the emergency department setting. Urgent deployment of a previously validated AI algorithm clinically was easy to use and was found to have an impact on clinical decision making during the predicted surge period of a global pandemic.
ABSTRACT
9-1-1 call centers are a critical component of prehospital care: they accept emergency calls, dispatch field responders such as emergency medical services, and provide callers with emergency medical instructions before their arrival. The aim of this study was to describe the technical structure of the 9-1-1 call-taking system and to describe its vulnerabilities that could lead to compromised patient care. 9-1-1 calls answered from mobile phones and landlines use a variety of technologies to provide information about caller location and other information. These interconnected technologies create potential cyber vulnerabilities. A variety of attacks could be carried out on 9-1-1 infrastructure to various ends. Attackers could target individuals, groups, or entire municipalities. These attacks could result in anything from a nuisance to increased loss of life in a physical attack to worse overall outcomes owing to delays in care for time-sensitive conditions. Evolving 9-1-1 systems are increasingly connected and dependent on network technology. As implications of cybersecurity vulnerabilities loom large, future research should examine methods of hardening the 9-1-1 system against attack.
