We are staring at a decade of rapid healthcare development and innovation. What risks will these achievements create and how can risk managers mitigate them?


Few societal developments can match progress in healthcare. According to the World Health Organisation, the total global expenditure for health is $6.5 trillion. As health and its perpetuation is seen as an objective good in every society, we can expect this trajectory of investment, development and innovation to continue unabated into the future. Today’s children are expected to reach 100 years old, and it is healthcare technology that will carry them there.

As this ever-expanding circle of healthcare development spreads, the risks will be broad, fast to develop and vital to mitigate. Just as the medical motto goes, prevention is better than cure, the same applies to the risk management implications of healthcare developments. So, what will the provision of healthcare look like in 10 years’ time? And what are the key medical advances that are expected to transform healthcare as we know it today?

The future of healthcare

Mohit Grover, life sciences and health care industry leader, Deloitte Southeast Asia, says there will be five major aspects to the healthcare provision of the future.

“Firstly, patient-centred healthcare: everything from diagnosis, drugs to medical devices will be custom-designed to seamlessly integrate into a patient’s daily life.

“Secondly, wearables will be at the forefront: always on and constantly collecting data, these peripherals are the basis of the medicalised quantified self.”

Next on the list are digitised and decentralised doctors with improved connectivity and miniaturised diagnostic technology.

“Then there is the rise of the machines, including medical robots and artificial intelligence creating more efficient healthcare platforms that are powered by the insights of data analytics,” Grover says.

“Lastly, we will see evolved healthcare services that will be consumed continuously, lending itself to a subscription-based business model that focuses on high productivity and asset-light strategies.”

Ben McLaughlin, head of Baker & McKenzie’s Asia-Pacific Healthcare Group, says many forces are driving the rapid changes, from a rising middle class with money to pay for enhanced services, to government efforts to stem the rising tide of healthcare costs.

He adds: “There will be a focus on the delivery of medical services to people in their homes, rather than in a doctor’s surgery or a hospital. Much of this will be long-distance delivery of services, through tele-medicine, both for diagnosis and for therapy.

“There will be an increase in innovative, technology-driven healthcare solutions looking at prevention rather than just treatment. [Currently] we only tend to receive medical attention if we are ill and usually rely on symptoms to drive us to seek a qualified medical opinion. Technology will be used to prevent us from becoming sick.”

Advances such as wearable technology, genome sequencing, collection, mining and analysis of big data, 3-D printing, nanotechnology, regenerative medicine, bionic technologies, and exoskeleton technology – to name just a few – will bring about this transformation.

Feeling the impact

Of course, these new healthcare developments will have profound implications on hospitals, healthcare providers and patients.

Sheri Wilbanks, head of liabilities risk consulting Asia-Pacific, AIG says: “Healthcare providers will be looking to leverage technology for improving patient outcomes, controlling expenses and ensuring patient safety. Smartphone and tablet-enabled apps are now being used to lead patients at home through physical therapy routines.”

Such apps encourage the patient to comply with the regimen on a daily basis as prescribed, says Wilbanks, and reduces the amount of patient travel, which can be burdensome for elderly people.

Grover points to several major impacts on hospitals, healthcare providers and patients. “Across the world, public healthcare delivery is under pressure and will find difficulty bearing the burden and cost of caring for aging populations,” he says.

“The trend will be towards preventative care, system-level integration, and better defining accountability for overall holistic health of populations, rather than episodic and transaction-based treatments.”

According to Grover, there will also be emerging financial models, a move away from national health management to more regional and local solutions, and strategies to address cost issues and administrative waste.

Major risk areas

These various healthcare developments will produce a wide range of risks, centrally linked to the marriage of technology and treatment.

“Technology creates a new risk exposure, such as the potential for leaks of personal data or the potential for internet-connected devices to be compromised,” Wilbanks says.

“The connectivity of devices is a powerful tool for achieving better patient outcomes in an efficient manner, but that connectivity is a vulnerable point.

“There is the possibility for third parties to enter and disrupt the device functionality through the connectivity point, or in general for the ‘drop’ in connectivity to make the device ineffective.”

Deloitte has identified three major regulatory and compliance risks arising from the future model: cyber security, patient and product safety, and fraud and abuse. Grover says: “On cyber security, when a medical device itself, or the integrity and availability of its data, is compromised due to a security breach, the loss of integrity may lead to faulty data which, in turn, may cause the device to malfunction or result in incorrect care decisions by medical practitioners.”

“On patient and product safety, gaps still exist in terms of responding to unusual risk events and patient safety controls. Regulators must invest in new capabilities, such as assessing information governance and cyber security, to meet new expectations from clinicians and patients.

“On fraud and abuse, regulators are putting emphasis on their scrutiny in their fraud and abuse enforcement efforts. An effective fraud and abuse analytic programme will likely allow enterprises to identify risks in real time, adjust to mitigate them, and avoid the potential burdens of government investigations and enforcement actions.”

Risk manager perspective

In view of the wide range of innovations, how do risk managers go about mitigating the related risks?

Wilbanks says: “Risk managers may need to consult various individuals within their organisation to better understand what role technology plays in their healthcare organisation. Summarising this with a risk register is the first step in managing this exposure.

“Secondly, risk managers should consult with specialists and consultants in the technology risk and cyber risk fields. Lastly, risk managers would benefit from reviewing their risk mitigation techniques, both risk management and risk transfer devices.”

Sam Chee, risk manager, Parkway Pantai, foresees new medical malpractice liabilities and privacy vulnerabilities. “Risk managers need to understand new technologies being employed in a healthcare setting and work with stakeholders to manage the risks,” says Chee. “For example, the use of third-party mobile health applications may require us to either limit the detail of medical records, from a largely operational perspective, or invest in our own applications and storage solution to manage cyber risks, from a largely IT security perspective.”

Northern Health director of risk management Matthew Soo says there are two general risk treatment strategies for the medical advances of the future.

“Firstly, have a nominated governance body, such as a new technologies committee, reporting up to the executive and board, comprised of clinical and quality and safety representatives and OHS representatives to approve new technologies and regularly monitor their implementation,” he says.

“Secondly, have a procedure for screening suitability of new technologies – for example, a strong evidence base, ethical considerations addressed [and] privacy issues addressed.”