Spring 2014Is Health Information Technology Safe?

by Tess Settergren, MHAMA, RN-BC 
This article conveys opinions of the author, and does not reflect perspectives of the author’s employer or other affiliates.

Perhaps it is more appropriate to ask: How can we work together to make health information technology (HIT) safer? The Institute of Medicine commissioned a group of industry experts to research and summarize known effects of HIT on patient safety, and make recommendations to the Department of Health & Human Services (HHS) and to other interested parties regarding how to maximize the safety of HIT-assisted care1. Key findings of the 2012 report included identification of a significant dearth of knowledge about HIT effects on patient safety, of the need to view HIT within the larger socio-technical system, and of an imperative for stakeholder collaboration to improve patient safety.  Diversity of vendor HIT systems and end-user workflow impacts, inadequate evidence in the literature, and deficient safety reporting mechanisms were identified as factors contributing to the knowledge gap. The report emphasized the wide variance in HIT-related patient harm reporting mechanisms, and recommended a reporting and investigating system for HIT-related deaths, serious injuries, and unsafe conditions.  Among the specific recommendations were several calls to action:

  • Agency for Healthcare Research & Quality (AHRQ) and the National Library of Medicine (NLM):  Expand funding for HIT-related patient safety research
  • Office of the National Coordinator for HIT (ONC): Promote safety testing processes for HIT
  • Healthcare accrediting organizations: Develop criteria relating to patient safety and HIT
  • DHHS:  Initiate a HIT Safety Council and a reporting mechanism for HIT-related patient safety issues
A number of studies have documented the potential for both reducing and increasing medical errors…this paradox can be influenced by a complex array of factors, including but not limited to: human-machine interface, design decisions, installation and/or maintenance mistakes, failure to account for complex human behavioral change and workflow changes required to use the systems, user-designed ‘workarounds’, and others2. The term e-iatrogenesis3 was coined in 2007 to describe errors of commission and omission that are associated with the use of electronic health records, physician/provider order entry, and/or clinical decision support, though most of the literature uses the term ‘unintended consequences’. CPOE, CDS, and BCMA safety issues can be categorized into the people, process, technology, environment, and organization domains2 to enable more effective planning, design, implementation, and use of HIT. HIT-related patient safety issues are not US-centric. Reports of technology-induced errors are rising internationally4, prompting endorsements for a framework and strategy to manage these errors using a three-pronged quality approach to organizational structures, processes, and outcomes.          
Patient Safety Organizations (PSO) formally acknowledge HIT potential safety risks. ECRI Institute, one of the more prominent HHS-listed patient safety organizations5, published their 2014 annual report on the top ten health technology hazards6. Alarm hazards, infusion pump medication errors, and data integrity failures in EMR and other HIT systems were among the top five hazards. Why lump alarm hazards and infusion pump errors with HIT safety?  Because the increasing integration of patient care systems is blurring traditional boundaries--medical devices can no longer be considered distinct from electronic health record systems. ECRI further identified the top five HIT safety issues as system interface issues, wrong input, system configuration issues, wrong record retrieved, and software functionality issues. In response to the limitations regarding HIT safety issue reporting, AHRQ created a Common Format for PSOs to collect HIT event data in a standardized way, to enable better analyses that may help to identify prevention and mitigation strategies7
The ONC published a white paper outlining evaluation of HIT safety concerns8 in the framework of the socio-technical model.  The model is comprised of eight HIT domains, each of which must be considered in the context of whole, as well as individually: 
  • Hardware and software
  • Clinical content
  • Human-computer interface
  • People
  • Workflow and communication
  • Internal organizational policies, procedures, culture, and environment
  • External rules, regulations, and pressures; and
  • System measurement and monitoring 

Building on the foundational HIT evaluation white paper, the ONC most recently published a set of SAFER Guides9 to enable organizations to conduct HIT safety self-assessments. The guides are categorized into three functional areas, with the recommendation that organizations start with the Foundational Guides: 
tess fig1

Each of the nine SAFER Guides contains a checklist of best practices, based on current evidence, with worksheets intended for comprehensive assessments by multidisciplinary teams. Organizations should use the guides within the context of changes in technology, clinical practice standards, regulations and policy, and associated industry practices to target areas of potential patient safety risk, approaching HIT safety systematically…and continuously.  Health IT safety requires a perpetual, closed loop methodology of identifying and analyzing risks, considering mitigation strategies, implementing best practices, and monitoring effectiveness.  HIT evaluation is approached in three phases, with corresponding principles, in eight of the nine Guides:

Phase 1 | Safe Health IT — Address Safety Concerns Unique to EHR Technology
Principle: Data Availability
  • EHRs and the data or information contained within them are accessible and usable upon demand by authorized individuals.
Principle: Data Quality and Integrity
  • Data or information in EHRs is accurate and created appropriately and have not been altered or destroyed in an unauthorized manner.
Principle: Data Confidentiality
  • Data or information in EHRs is only available or disclosed to authorized persons or processes.
Phase 2 | Using Health IT Safely — Optimize the Safe Use of EHRs
Principle: Complete/Correct EHR Use
  • EHR features and functionality are implemented and used as intended.
Principle: EHR System Usability
  • EHR features and functionality are designed and implemented so that they can be used effectively, efficiently, and to the satisfaction of the intended users to minimize the potential for harm. For information in the EHR to be usable, it should be easily accessible, clearly visible, understandable, and organized by relevance to the specific use and type of user.
Phase 3 | Monitoring Safety — Use EHRs to Monitor and Improve Patient Safety
Principle: Safety Surveillance, Optimization, and Reporting
  • As part of ongoing quality assurance and performance improvement, mechanisms are in place to monitor, detect, and report on the safety and safe use of EHRs, and to optimize the use of EHRs to improve quality and safety.
The Organizational Responsibilities Guide uses a set of principles correlated with end-user adoption of HIT.  All of the guides can be downloaded and used “out of the box”—the tools are well-designed and very clear, with excellent examples and best-evidence practices provided.  As previously noted, reporting of HIT safety issues is a key component to improving the patient safety—improvement requires data.  The following quote is often attributed to W. E. Deming, the creator of the Plan-Do-Check-Act Cycle: “In God we trust—all others must bring data”, though, in reality, no ‘data’ can be found that confirm he made the statement.  Still, it is a powerful message that virtually compels participation in reporting of HIT safety issues.  We have the tools necessary to work together on making HIT safer—we only need choose to use them.    
Additional resources for HIT-related patient safety include (not an exhaustive list):
  1. IOM. (2012).  Health IT and patient safety: Building safer systems for better care.  National Academies Press: http://www.nap.edu/openbook.php?record_id=13269
  2. Harrington, L, Kennerly, D, & Johnson, C.  (2011).  Safety issues related to the electronic medical record (EMR): Synthesis of the literature from the last decade, 2000-2009.  Journal of Healthcare Management, 56 (1), 31-43.
  3. Weiner, JP, Kfuri, R, Chan, K, & Fowles, JB.  (2007).  ‘e-iatrogenesis’: The most critical unintended consequence of CPOE and other HIT.  Journal of the American Medical Informatics Association, 14 (3), 387-388.
  4. Borycki, EM.  (2013).  Technology-induced errors: Where do they come from and what can we do about them?  Retrieved from http://cshi2013.org/files/Elizabeth%20Borycki.pdf
  5. AHRQ Listed PSOs:  http://www.pso.ahrq.gov/listing/alphalist.htm
  6. ECRI Institute.  (2013).  Top 10 health technology hazards for 2014: Executive summary.  Retrieved from www.ecri.org/2014hazards
  7. AHRQ Common Formats. https://www.psoppc.org/psoppc_web/publicpages/commonFormatsOverview
  8. Office of the National Coordinator for Health IT.  (2013).  How to identify and address unsafe conditions associated with health IT.  Retrieved from http://www.healthit.gov/sites/default/files/how_to_identify_and_address_unsafe_conditions_associated_with_health_it_2013.pdf
  9. Office of the National Coordinator for Health IT.  (2014).  SAFER Self Assessment Guides.  Retrieved from http://www.healthit.gov/policy-researchers-implementers/safer

Back to Spring 2014 Newsletter