Feature Content

Feature: “Systems are changing all the time”, BridgeHead Software’s John McCann on tackling legacy systems

We sat down with BridgeHead Software’s vice president of global marketing, John McCann, for a chat on legacy systems – from the different kinds of legacy applications to the challenges they pose and BridgeHead’s solution for tackling those challenges.

What are legacy applications and why are they a problem?

John opened the conversation offering his perspective on the prevalence of legacy applications and the impact they are having on NHS healthcare organisations.

“In healthcare, legacy applications are everywhere! But this is not a new phenomenon – they have been around since the evolution of digital systems. However, the burden and challenges associated with legacy systems for the NHS and, indeed, hospitals across the globe, are being felt like never before given the focus on digital transformation.”

John then talked about what constitutes legacy applications, suggesting they’re not always what some may think.

“Legacy applications tend to fall under three categories,” he began. “Firstly, there’s the one that most associate with legacy systems; that’s where trusts have an application sat on a random server where no one knows what it is, where it came from, what it does, or who is responsible for it. Nobody wants to touch it in case it falls over; and there is a perception that the data it contains carries less value. So, it’s often the case that these systems are simply left alone.”

The second tier of legacy applications are common in private health systems (such as those in the US) but, John noted, also occur in the NHS: duplicate applications. “We tend to see a lot of duplicate applications following an NHS merger,” he said. “We’ve been working with University Hospitals of Derby and Burton NHS Foundation Trust – their merger has seen them become the tenth largest trust in the country. Bringing together two large hospitals means you end up with a lot of duplicate systems! No one wants to run multiple applications that are, essentially, doing the same job. Consequently, trusts generally decide to consolidate and standardise their application estate. This means that at least one of the duplicate applications will become the default system, while the other(s) will be taken out of production and ultimately become legacy systems. But imagine this situation when you multiply the number of duplicate applications across the various hospital departments.”

The third type, and the most common in John’s view, is the case where a trust simply purchases a new system to replace an old one. “We’re seeing a lot of this at the moment, especially with funding coming in from the frontline digitisation programme for new EPR solutions,” John noted. “There’s also funding for diagnostic modernisation and cybersecurity where newer, fuller-featured systems are being procured to replace older applications – all of which increase the number of legacy applications trusts then have to manage.”

… and the benefits of tackling them

“In this ever-evolving digital landscape, applications are being sourced all the time,” John pointed out. “Some are high profile systems, like EPRs; but many are departmental and/or clinical systems, such as laboratory information systems (LIMS), picture archiving and communication systems (PACS), and more. But this creates a number of problems.”

John went on to share several key reasons why organisations need to tackle their legacy applications and the challenges they present.

Problems accessing data

John explained that access to data on legacy applications poses a number of issues. “If you have long-term patients, with multiple morbidities, clinicians need access to a rich patient history. When organisations replace a system, it’s often assumed that all the data is simply migrated from the old one to the new. But, in my experience, it is commonplace that only a year or two’s worth of data is migrated over. If your outgoing system has been running for 10 years, what happens to the other eight years of data? And how can trusts make that data available to caregivers as part of the longitudinal patient record?”


John continued, “As a result, we often see trusts keeping their old applications running even after replacing that system. Their motivations are to comply with data retention policies, prevent data loss and, most importantly, provide access to historical patient records. However, the costs associated with keeping two systems running are untenable. Trusts end up with a double count on licensing costs, support and maintenance contracts, as well as server room space, power, cooling, etc. At a time where NHS budgets are stretched, this is one of the reasons we are seeing more trusts looking to take action.”

Unnecessary burden on IT and clinical staff

Maintaining a trust’s legacy application estate is a significant additional burden for IT departments, but also has implications on the workload for clinicians.

As John outlined, “Given the budget and resource constraints across the NHS, IT departments are often asked to ‘do more with less’, with teams constantly searching for ways to improve efficiencies. But the prevalence of legacy applications is definitely not helping the cause. For IT teams, managing these legacy systems takes up a disproportionate amount of time and manpower. This is wasted effort that could be put to better use on other projects.

“And clinicians want to be able to easily search and retrieve all of the patient data they require to make informed care decisions,” John explained. “But this patient data is spread across many systems that generally don’t talk to one other, which is especially the case with legacy applications. As a result, clinicians are expected to log into both the new and old applications in order to access the information they need. Is it reasonable for clinicians to have to hunt down this data instead of spending quality time with their patients? I’m also told that if data isn’t readily accessible, sometimes care decisions are made purely on the information at hand – but this could be an incomplete picture of a patient’s history and, therefore, carries clinical risk. As a health tech vendor, we see it as our duty to try and make things easier for care givers who are already experiencing a high level of ‘burn out’.”


“Cybersecurity is a huge issue for the NHS and the healthcare industry globally. In terms of cyberattacks, it’s generally understood that it’s not a case of ‘if’ but ‘when’, with legacy applications contributing to the serious threat posed by cybercriminals,” John stated. “As legacy applications age, the software and the hardware they sit on become more vulnerable. Invariably, this creates security loopholes, especially if those older systems are no longer supported. As such, these applications become obvious targets for ransomware and malware attacks.

“Increasingly, we are seeing legacy systems that carry the highest risk being placed on a trust’s risk register; as well as being declared as part of the Data Security and Protection Toolkit assessment. It’s clear the potential of these cybersecurity incidents are driving action within trusts to do something about their legacy applications in an attempt to reduce the threat surface.”

AI and future tech

John noted the rising interest in artificial intelligence and machine learning within healthcare. “AI requires large datasets to work to best effect,” he said. “Yet, there is an enormous amount of untapped historical data trapped in siloed legacy systems that could and should be put to work. In order for AI and other technologies to benefit from this data, it must be freed – one of the things we are trying to help our customers with – to break down these silos and leverage their data as a strategic asset.”

How is BridgeHead helping trusts with their legacy applications?

We asked John how BridgeHead Software is helping trusts to tackle their challenges regarding legacy applications.

John said: “BridgeHead has developed a solution called HealthStore®. HealthStore is an enterprise-wide, FHIR-enabled, interoperable Clinical Data Repository (CDR), which is being adopted by the NHS and across the world to consolidate and retire legacy, duplicate, or replaced applications while preserving access and leveraging the value of the data they contain.

“HealthStore ingests a wide array of data and data types from an array of legacy and live systems,” explained John. “This can be documents, medical images (DICOM and non-DICOM), and even discreet data values, such as blood results. For example, we can take in each individual numerical value from a lab report into HealthStore and associate it directly with the appropriate patient identifiers. And this last point is really important – we ensure all of the data we ingest into HealthStore is correctly aligned to the right patient.

“Once the data has been extracted from your legacy system and ingested into HealthStore, that legacy application can be decommissioned, eliminating the problems we highlighted earlier, whilst providing a future-proof, interoperable platform for centralising patient data living outside of your EPR. But, most importantly, your full patient’s history is readily available and accessible to clinicians, as and where needed, to support care decisions.”

John explained that once patient data is held in HealthStore, it is stored efficiently and intelligently; fully protected so it can be quickly recovered in the event of an outage, corruption, or cyberattack; and it can be securely accessed by clinicians and support staff directly (via a web browser) or integrated with an EPR or other primary systems, displaying results in ‘patient context’.

HealthStore in action

University Hospitals of Derby and Burton NHS Foundation Trust (UHDB) is BridgeHead’s ‘flagship’ customer in the UK in terms of using HealthStore to retire its legacy applications. BridgeHead has supported the Trust in migrating historical data from a range of legacy systems into HealthStore, with estimated annual cost savings of £250,000 so far.

“UHDB really bought into the HealthStore vision and have ambitious plans for the solution,” John shared. “The trust began its HealthStore journey focusing on applications with identified hardware problems that were classified as a risk due to the possibility of unrecoverable system failure, when data was still being regularly accessed – hence being handpicked as the starting point for the HealthStore project.” The aftermath of the merger of Derby and Burton hospitals has led to further plans for application consolidation, with HealthStore at the heart. John noted that a trust’s return on investment for HealthStore increases as you retire more applications and consolidate data within the solution.

John also shared that Bradford Teaching Hospitals NHS Foundation Trust, a long-standing HealthStore customer (initially utilising the solution to manage its radiology images since the end of the National Program for IT), had recently migrated data from its legacy cardiology vendor-neutral archive into HealthStore, enabling the trust to decommission the application.

“We’re also working with a number of other healthcare organisations,” John said, citing The Robert Jones and Agnes Hunt Orthopaedic Hospital and the Government of Jersey as examples, “all of whom share similar issues regarding their legacy application estate.”

Priorities for the year ahead

Looking to the year ahead, John commented on the upcoming general election.

“With any change in the political landscape, healthcare is impacted,” he noted. “It’s both an opportunity and a threat, as the prioritisation and level of investment for the NHS is often dependent on election results. Leading up to elections can also be difficult with projects coming to a standstill or funding placed on hold. Hopefully, when we emerge on the other side, we’ll see the much-needed investment in technology and infrastructure for the NHS.”

He added that the pandemic brought with it a lesson: initiatives can move very quickly under the right conditions. “I was amazed at the speed of innovation and delivery during COVID – it shows what can be done in a time of crisis,” he said. “Innovation is critical to future success. And it’s often a partnership between the vendor community and the NHS where innovation really takes off. Together, we can seek out angles for streamlining processes and improving efficiencies, especially in how we empower frontline staff.”

John also predicted a “massive focus on cybersecurity”, based on the premise that hackers are becoming more sophisticated by the day. “Cybersecurity will be a key topic for the coming year. With healthcare a key target, the NHS is having to constantly stay abreast of the latest cyber threats. It’s also about having the correct processes and tools in place not only to prevent attacks, but to bounce back quickly and reduce the impact following a cyber incident.”

BridgeHead is currently developing an initiative which John described as ‘cyberattack mitigation’, largely leveraging solutions the company already has in place but in a different way, which he believes will provide hospitals something quite unique. “We have developed a three-point plan to help mitigate the effects of a cyberattack,” he said. “These are: 1) reduce the cyberattack threat surface; 2) ensure clinical continuity during an attack (by avoiding or reducing the initiation of manual workloads); and 3) the ability to recover compromised systems quickly and efficiently, so as to resume hospital operations as soon as possible. With this solution, we hope to address questions such as ‘how do you carry on your daily operations and feed information to clinicians, when they need it, during a cyberattack?’. We are pretty excited about it, so watch this space.”

Many thanks to John for joining us and for sharing his thoughts.