By Doriann Geller, ASTRO Communications staff

The COVID-19 pandemic has changed the way business is conducted in many sectors around the world. Medicine, hard hit in operational activities, embraced telemedicine for patient visits, as well as peer-to-peer consultation, to a greater extent than ever before. ASTRO’s APEx - Accreditation Program for Excellence^® curtailed facility site visits in March 2020, when the public health emergency declaration brought travel to a halt and closed many workplaces throughout the United States. In December 2020, after strategic and logistical planning sessions, ASTRO pivoted to offering virtual facility visits, the final step toward APEx accreditation.

“ASTRO decided to offer virtual facility visits when on-site surveys are not possible because of visitor or travel restrictions related to the public health emergency,” said Samantha Dawes, ASTRO director of Quality Improvement. “Baptist MD Anderson staff were willing participants with APEx’s first virtual format, which enabled ASTRO staff to assess the remote processes at both a main site and satellite facility simultaneously.” As a result, Baptist MD Anderson Cancer Center, in Jacksonville, Florida, was the first facility to successfully complete the accreditation process virtually.

Baptist MD Anderson’s Michael Olson, MD, PhD, interim division head of Radiation Oncology, and Ann-Marie Grietens, MSN, RN, NE-BC, director of Radiation/Neuro Oncology and Social Services, discussed their accreditation journey and the virtual facility site visit by video conference earlier this year, in April.

The Baptist MD Anderson mission is to provide “care that surrounds our patient and families with everything they need, physically, spiritually, and emotionally.” Ms. Grietens, who was involved in the process from start to finish, said that the accreditation process directly supports that model. To fulfill their missions, they take all aspects of the patient’s journey into consideration and utilize many patient-centered resources, including chaplain and social work support, both of which are in Ms. Grietens’ area of responsibility, she explained. The accreditation process gave them the opportunity to “go back and explore those resources,” she said. “I didn't realize going through it, but the biggest benefit is just pulling the team together and focusing them around these ideas of quality and safety and reminding them that the patient really is at the center of everything.”

Baptist MD Anderson operates two clinics, a main clinic and the South satellite clinic, both of which went through the accreditation process simultaneously. Ms. Greitens remarked that the surveyors “were gracious enough to split out our medical records [review] on different days and times, and the physics interview on different days and times, as well. Because we share resources at both clinics, that allowed my medical records team to be able to do the medical records review for both areas.” She added, “I feel the virtual aspect really was beneficial ― they could do it in [the] virtual app from either location. And Dr. Olson, with the team interview for South [the satellite clinic], was able to call in to participate. I thoroughly enjoyed the virtual aspect of the survey.”

Dr. Olson concurred: “I'm the physician that did [the survey] downtown. Especially for the policy reviews, because it’s electronic and our information is electronic, the virtual format does facilitate some of that information sharing. Everyone's looking at the same screen. I think this process, at least part of it, really lends itself to the to the virtual environment very well.”

Ms. Dawes remarked that the staff at Baptist MD Anderson were “well prepared and enthusiastic throughout the entire accreditation process, which contributed to how smoothly it went, and provided great feedback for ASTRO to learn from.” That feedback included comments from Ms. Grietens, who suggested that facilities undergoing the virtual visit talk to their IT departments to make sure that they are able to upload contiguous, large documents to the platform to ensure that the videos and documentation stay together.

“When I was at South with our physicist, we walked through and did [the video] with my phone,” Ms. Grietens explained. “And then he and I actually came in and did the same thing on a weekend in our downtown clinic. Making sure that we labeled everything appropriately on the website when we were uploading everything was key.”

“It was made very straightforward,” observed Dr. Olson. “Having a virtual [site visit] allowed us to continue normal operations, to work in the meeting with the rest of our day. It was painless. We sat there, it was a conversation, it felt natural. We worked through all the survey questions together, and then we were done. I honestly couldn't believe, when it was all completed, how efficient and easy it really was.”

Ms. Grietens continued, “This was a very positive experience for my team, and I think that we gained a lot out of the preparation ― as much as the actual survey. I highly encourage anyone to follow in our footsteps and take the same journey because they won't regret it.”

Dr. Olson agreed. “I think this is a fabulous process. I honestly believe every center should seek accreditation. Whether they get it or not is not the point. It’s going through the process, that they think about the right questions, because these are the things that we should be focusing on for taking the best care of patients.”

To learn more about APEx, visit the APEx webpages, where you can also request a virtual information session for your team.

By Robert C. Miller, MD, MBA, FASTRO, and Faustin Laurentiu Roman, MsC

In the weeks leading up to the U.S. national elections in November 2020, while much of our nation’s attention was focused on political issues, there was a series of cyberattacks on U.S. health care institutions. The U.S Department of Health and Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response, along with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Agency (CISA), issued an advisory on October 28, 2020, noting that “CISA, FBI and HHS have credible information of  an increased and imminent cybercrime threat to U.S. hospitals and health care providers.”¹

In a recent letter to the editor in ASTRO’s Advances in Radiation Oncology, Nelson and colleagues detail the challenges they faced when the University of Vermont Health Network was attacked on October 28 in a ransomware incident.² The resulting IT outage lasted more than 40 days and was estimated to have cost more than $63 million to resolve.³ Delivery of radiation therapy was delayed for as many as 13 days for some patients due to the loss of the radiation oncology department’s information management system.

This incident was unique in the severity of the impact of the attack but hardly a unique occurrence. It does illustrate the trend away from broad-based attacks and toward persistent attempts to compromise high-value targets that have a high financial yield. The following challenges in cybersecurity and cybercrime will rise in importance throughout 2021⁴:

• Social engineering attacks, such as email phishing and business email compromise.
• Increased attempts to exploit internet-facing vulnerabilities of organizations. 
• Exploitation of system administration tools.
• Ineffective monitoring of critical IT systems.
• Human-operated ransomware risks.

The very technical and complex nature of radiation oncology⁵, combined with the escalation of cyber-attacks and changes of tactics from malicious actors, may influence the risk profile of service providers,⁶ especially when the delay in receiving treatments may prove to be fatal.⁷

Radiation oncology, reliant on connected technology, is particularly vulnerable.⁸ The inherent top threats to health care⁹, (e.g., communication errors, lost and stolen devices, insider threats), or more sophisticated cyber espionage threats,¹⁰ add up to a wide range of threat actors and risks that demands better collaboration, (e.g. threat intelligence sharing),¹¹ meaningful action beyond compliance “tick-box” exercises, and appropriate funding to respond adequately and become resilient to the rising cybersecurity risks.

ASTRO’s Advances welcomes the submissions of scientific manuscripts, commentary and firsthand accounts of how providers and institutions are meeting these challenges. Our deadline for manuscript submission is October 31, 2021. To submit, send papers through the journal’s submission system and select “Cybersecurity” as the article type. Please reach out to the editorial office with any questions at advances@astro.org.

References

1. Cybersecurity and Infrastructure Security Agency. “Alert (AA20-302A) Ransomware Activity Targeting the Healthcare and Public Health Sector.”  Accessed online February 1, 2021: https://us-cert.cisa.gov/ncas/alerts/aa20-302a.
2. Nelson, C. J., Lester-Coll, N. H., Li, P. C., Gagne, H., Anker, C. J., Deeley, M. A., & Wallace, H. J. (2020). Development of Rapid Response Plan for Radiation Oncology in Response to Cyberattack. Advances in radiation oncology, 6(1), 100613. https://doi.org/10.1016/j.adro.2020.11.001
3. Becker’s Healthcare, “The 5 most significant cyberattacks in healthcare for 2020.”  Accessed online February 1, 2021: https://www.beckershospitalreview.com/cybersecurity/the-5-most-significant-cyberattacks-in-healthcare-for-2020.html
4. Thibodeaux, B.  Five cyber threats to watch in 2021.  Security.  January 2021.  Accessed online February 1, 2021: https://www.securitymagazine.com/articles/94343-five-cyber-threats-to-watch-in-2021
5. The impact of cybersecurity in radiation oncology: Logistics and challenges (appliedradiationoncology.com)
6. CISA Launches Campaign to Reduce the Risk of Ransomware | CISA
7. Ralston, W.  Wired magazine, Accessed online February 4, 2021 at:  The untold story of a cyberattack, a hospital and a dying woman | WIRED UK
8. Impact of Ripple20 Vulnerabilities on Healthcare IoT, Connected Devices (healthitsecurity.com)
9. Healthcare Data Breaches & Security | Verizon Enterprise Solutions
10. Beyond Compliance: Cyber Threats and Healthcare (fireeye.com)
11. H-ISAC Information Sharing Best Practices - (h-isac.org)

By John Christodouleas, MD, University of Pennsylvania; Mary Feng, MD, University of California San Francisco; Charles S. Mayo, PhD, University of Michigan; and Kristy Brock, PhD, MD Anderson Cancer Center

In 2018, ASTRO published Minimum Data Elements for Radiation Oncology: An ASTRO Consensus Paper (MDE) in response to requests for required radiation therapy (RT) data. During the development process, ASTRO learned that a parallel exercise was occurring at ASCO, which resulted in the mCODE (minimum Common Oncology Data Elements) standard. In June 2019, ASTRO joined the Executive Council of mCODE and, later that year,CodeX (Common Oncology Data Elements eXtension), an initiative focused on creating new oncology data standards.

Prior to ASTRO’s involvement in these initiatives, limited standards existed, aside from DICOM, that could transfer data outside of radiation oncology (RO) systems. ASTRO utilized MDE to create a CodeX use case focused on standardizing the data elements required for an end of treatment (EOT) summary. ASTRO’s role has been that of a convener and, currently, the RO CodeX use case includes four specialty societies, three academic institutions, three electronic health record (EHR) vendors, three data transfer groups and representatives from the National Cancer Institute (NCI).

To date, the CodeX project has created more than 300 new RO-specific data elements. These concepts have been added into the mCODE standard, which is being adopted by health care institutions and vendors nationwide and have been approved for new SNOMED codes. These standards and relationships have been developed in conjunction with vendors who are currently working to develop a framework for data transfer that aligns to federal interoperability mandates.

CodeX Radiation Therapy Treatment Data for Cancer conceptual map.

Improved data collection for a variety of quality and research programs

While the EOT focus is useful to alleviate a common pain point in practices, the work can easily translate to other domains, including data collection for the upcoming RO Model, clinical trial data and improving the data collection for a variety of cancer programs.

National cancer registry programs in the U.S., like the NCI’s Surveillance, Epidemiology, and End Results (SEER) Program and the Commission on Cancer’s National Cancer Database (NCDB), collect data by leveraging the infrastructure of the national cancer surveillance system, which mandates the reporting of information on cancer diagnoses and treatments to state and federal surveillance programs. Such registries form the basis for programs that track patterns of care and create clinical research repositories. These have been very fruitful for the community, producing over 2,000 RO papers in the last five years using data from SEER or the NCDB despite both registries containing only limited RT data. The NCDB, which has more RT data elements than SEER, historically only collected that a treatment occurred: a single field for body site and a single field for radiation dose. There is interest in capturing more treatment details, but this currently requires manual abstraction of data from the EOT summary. Registries will benefit from the CodeX effort because it will drive standardization in the format and vocabulary of the EOT summary that is captured in the patient’s medical record.

Standards are also vital to research. The importance of precision medicine using advanced computing, machine learning and artificial intelligence (AI) was highlighted at an NCI and Department of Energy virtual workshop in March 2021. The engagement of the attendees, and extensive lists of identified priorities, clearly indicate that big data, the development of standard nomenclature and the ability to share data between cancer centers is critical to the further development of AI to advance the precision of RO. The mCODE standard is already being utilized in oncology clinical trials. Data standards will improve the collection of high-quality data in the EHR that is complete, accurate and computable, to support transformative goals employing statistical and machine learning methods to point the way to better clinical insights.

The initial CodeX goal is to connect vendor information systems; however, the proposed interface will also eventually serve as a connection between RO information systems and other cancer data repositories. Such a connection will create a pipeline of more accurate and comprehensive data summarizing a patient’s radiation treatment, increasing the power and value of these repositories.

The importance of leveraging partnerships

Constructing large, comprehensive data sets from “real world” data holds the promise to enable learning from each patient and how to better care for future patients. A substantial barrier to creating multi-institutional databases is the lack of RO standards, which impedes our ability to coalesce technical efforts in constructing interoperable systems to aggregate this data.

The development and success of the CodeX use case has been due, in part, to the tremendous collaboration between ASTRO and the American Association of Physicists in Medicine (AAPM), who joined CodeX in 2020. Many of the new standards, specifically in modality, technique and treatment site, were based on this joint effort. This began with the 2017 Red Journal publication of the Task Group 263 (TG-263) report on standardized nomenclatures, developed to support treatment planning. TG-263, led by AAPM, combined the multi-disciplinary efforts of members of multiple professional societies into the development of consensus-based standardizations. This marked a shift from standards being imposed by others outside of RO toward standards that fit into routine practice because they were developed with the expertise of our members.

Following in the footsteps of these efforts, the operational ontology for radiation oncology (OORO) is being constructed to address additional gaps in data standards. While operating under AAPM, it is carried out in partnership with ASTRO and utilizes the insights and skills of physicians, physicists and other professionals. This collaboration of professional societies has paid dividends, with consensus-based development of value sets and standards that support the needs of radiation oncology. The OORO will be the inevitable pipeline for further standards development using the CodeX infrastructure.

Radiation oncology relies on complex hardware and software systems to provide and coordinate the best possible care for patients. At the system boundaries, information is exchanged and if these are not clearly defined, the safety and efficiency of clinical care may be compromised. Integrating the Healthcare Enterprise – Radiation Oncology (IHE-RO), from AAPM in collaboration with ASTRO and other organizations, comprises physicists, physicians, software engineers and others from clinical practice and industry working to identify and solve connectivity issues to ensure safe, efficient radiation treatments by improving system-to-system connections.

Utilizing its strong collaboration with industry partners, IHE-RO is acting on the standards created in CodeX to build the infrastructure necessary to exchange these data between the RO systems and broader EHRs to bolster care coordination. End-to-end testing will be conducted during Connect-a-Thons to test the success of product development and their integration. This is crucial to ensure that the development of standards becomes a reality for end users.

The growing, and successful, body of work emerging from our professional societies acting in concert clearly demonstrates the success of working together, serving the interests of all members.

Future vision

While RO standards development is focused on the EOT summary now, there is the potential to create many secondary gains for the global RO community. One can envision how CodeX and the mCODE initiative could enable international comparisons of patterns of care, clinical guideline adherence or the creation of large and international research repositories. In this way, the work ASTRO and AAPM are doing now could create benefits far beyond the primary mission.

For any questions regarding these initiatives, please email ASTRO’s Senior Quality Improvement Manager Randi Kudner.