The Data That Disappears

By Robert Kelly, Founder & CEO, Heart Rhythm International

When cardiac records fragment across hospitals, clinicians make decisions with incomplete information.

A patient attends a routine device follow-up. Their device is interrogated. The report is generated. Everything appears stable.

What the clinician cannot see is that six months earlier, at a different hospital, the same patient received an inappropriate shock. The event was reviewed at the time. The device was checked and reassurance was given. Everyone moved on.

But if that episode history lives only in one local system, and if the device episode log has since been cleared or overwritten, the next clinician may never see it. The decision-making today is built on an incomplete picture, and nobody in the room necessarily knows it.

This is not a technology failure. It is a structural one.

It is what happens when longitudinal care is delivered across multiple sites, but the data is still organised as if the patient belongs to one hospital.

Why remote monitoring alone is not enough

Some will point to remote monitoring as the solution. If the device is transmitting, the data is there.

That is partially true. For patients who are enrolled, connected, and transmitting reliably, remote monitoring captures ongoing events. But enrolment is never universal. Connection issues are common. And the volume of alerts generated across a busy cardiac service, often spanning multiple manufacturer platforms, creates significant operational noise.

There is also a timing problem. If a device episode is cleared before the next transmission is sent, that event will never appear on platforms like Carelink or Latitude. It is gone from the remote monitoring record entirely. Some devices do retain an indication of when the last remote session occurred, which can offer partial context, but this varies by device and is not a reliable substitute for a complete episode history.

There is a further limitation that rarely gets mentioned. If a patient presents to a hospital outside their usual care setting, that institution has no access to the patient's remote monitoring data. The transmissions may be there. The alerts may have been reviewed. But none of it is visible to the team now responsible for that patient's care.

Remote monitoring cannot reconstruct what happened before a patient was enrolled, what occurred at a different institution on a different system, or what was cleared from a device before the patient transferred care. It is a valuable tool. It is not a substitute for a longitudinal record that exists independently of any single device or platform.

Why data fragments in cardiac care

Cardiac rhythm patients move. They move between hospitals, between consultants, between public and private care. They have procedures in one institution and follow-ups in another. They travel. They relocate. Life does not stay within a single hospital's catchment area.

Most hospital systems are designed to manage patients within their own walls. They capture what happens locally and store it locally. For many conditions, that is workable. For patients with implanted cardiac devices, it introduces genuine clinical risk.

Device data, follow-up records, procedure histories, and clinically significant events accumulate across systems that were never designed to reconcile them into one trusted timeline. The longitudinal record exists in fragments, distributed across institutions, often with no mechanism to bring it back together.

A clinician seeing a patient for the first time, or seeing them again in a different setting, is working with whatever that institution holds. A device check will only return data from the current device. It will not show what a previous device recorded, what happened during an earlier implant, or what episodes were logged before a generator replacement. If the patient cannot recall their own history accurately, and if the device memory does not provide the missing context, the clinical picture is incomplete.

This happens more often than the system acknowledges. And it does not always show up as a dramatic error. Often it shows up as slower decisions, more tests, more phone calls, and more uncertainty than is necessary.

The patients who disappear

There is a related problem that receives even less attention.

Patients with implanted devices require ongoing follow-up. Not because something has gone wrong, but because something might. Device batteries deplete. Leads can fracture. Parameters may need adjustment. Remote monitoring generates alerts that require review. Follow-up is not optional.

Yet in every system, a proportion of device patients are lost to follow-up at any given time. Not because they have died. Not because they have moved abroad. Simply because the system has lost track of them.

In a siloed model, a hospital knows its own list. It does not have a reliable view of patients who have migrated to another institution, stopped attending, or quietly fallen off every schedule simultaneously. There is no reconciliation. There is no longitudinal ownership.

The patient who missed their last three follow-ups is invisible unless someone is specifically looking. Usually nobody is, because most services are under pressure just keeping up with the patients who do attend.

When you have national coverage and a unified longitudinal record, these patients become visible. You can identify them, prioritise them, and act. Without that infrastructure, the gap between "on a device list somewhere" and "actively managed" is wider than most people realise.

When a safety notice lands

Field Safety Notices are formal communications from device manufacturers when a safety concern is identified with a specific device or lead model. They are not rare. A busy rhythm service may receive several in a year.

Responding properly requires knowing which patients are affected. That means matching the device model and identifier details flagged in the notice against your patient population, identifying every affected patient, contacting them, and documenting the outcome.

There is a gap here that is rarely discussed. When manufacturers issue a Field Safety Notice, the patient list they provide covers only the patients they implanted directly. It does not account for patients a hospital has since acquired for follow-up from another centre. Those patients are in the system. They carry the affected device. But they do not appear on the manufacturer's list, and without a complete longitudinal registry, they may not appear on the hospital's either.

In a fragmented data environment, this becomes slow and manual work. Spreadsheets are checked. Local databases are queried. Old procedure notes are searched. Coordinators make phone calls. Clinicians are interrupted. Weeks can pass before a service has full confidence it has identified everyone.

The speed and certainty of that response is a patient safety question, not an administrative one.

Automation is possible when the data is structured, centralised, and linked to a unique device identifier for every patient. Without that foundation, manual effort fills the gap, and manual effort has limits. The uncomfortable truth is that the system often realises it has weak visibility only when a safety notice forces the question.

The card in the wallet

Ask most cardiac device patients what device they have. Many can tell you the brand. Some can tell you the model. Few can tell you the specific details that matter when care becomes urgent or when decisions depend on precise traceability.

This matters when a patient presents to an emergency department away from their usual centre, when they need an MRI, when they travel internationally, or when a safety notice is issued and the device needs to be identified precisely. In those moments, the implant card, physical or digital, is the patient's own record. It is the one piece of information that travels with them regardless of which hospital they attend or which system they land in.

If the device details are not consistently captured, not consistently updated, and not easily retrievable, then the system is relying on memory, PDFs, and local workarounds. That is not a criticism of clinicians. It is a reflection of the architecture underneath them.

What this requires

None of the problems described here are unsolvable. But they share a common dependency.

They require data that exists outside a single hospital. Data that is longitudinal, structured, and linked across the full arc of a patient's care. Data that is held somewhere independent of any one institution's local systems, maintained continuously, and accessible when a clinical decision is being made.

That is not a registry in the traditional sense. A traditional registry collects. Infrastructure operates. The distinction matters because collecting data and operating infrastructure are fundamentally different commitments. One produces reports. The other supports care.

The patients who carry incomplete records, who fall off follow-up schedules, or who are affected by safety notices that take weeks to process are not edge cases. They are the predictable consequence of a system built around episodes rather than people.

The data does not have to disappear.

But keeping it requires more than a database. It requires infrastructure designed to follow the patient, not the hospital.