Written by: Hall Render

In November 2014, the ECRI Institute¹ issued a report discussing issues of patient safety and adverse events linked to health information technology (“IT”) products.  The report comes in the form of an annual list of top ten health technology safety hazards.

According to the ECRI Institute, although many facets of health IT have a positive impact on patient outcomes, such as automated reminders that improve medication adherence, technologies can also have an adverse effect on patient safety. The top 10 list addresses all health technologies and not just health IT. However, the ECRI Institute pointed out that health IT is a prominent component in many of the technologies that are experiencing safety issues.  The health IT-related technologies making the list in ranked order are:

#1. Alarm hazards, including inadequate alarm configuration policies and practices (e.g., failure to reset medical device to default alarm limits when a new patient is connected);

#2. Data integrity, including incorrect or missing data in electronic health records and other health IT systems (e.g., appearance of one patient’s data in another patient’s record because the clinician entering data has two health records simultaneously open and misdirects the entry);

#5. Ventilator disconnections not caught because of mis-set or missed alarms (e.g., alarm volume is too low relative to competing ambient noise);

#7. Unnoticed variations in diagnostic radiation exposures (e.g., “dose creep” where radiographic technologists may increase the exposure parameters to get a better quality image notwithstanding the dose is higher than industry-recommended exposure levels);

#8. Robotic surgery complications from insufficient training (e.g., surgeons located at a control console several feet away from the patient must be able to proficiently manipulate hand and foot controls to position and operate robotic arms while viewing real-time 3D video of the surgical site);

#9. Cybersecurity, including insufficient protections for medical devices and IT systems (e.g., devices that became infected with malware caused a hospital to have to temporarily shut down its catheterization lab); and

#10. Overwhelmed recall and safety alert management programs where due to the significant increase in volume of “safety alerts,” the hospital may not be keeping up with identification/remediation of affected devices.

As the purpose of the report is to help hospitals recognize and prioritize patient safety issues, it also includes detailed recommendations for how hospitals can mitigate safety issues. In creating its report, the ECRI Institute drew from its experience providing services to health care providers, specifically including health technology-related problem reports received through its Problem Reporting Network and its patient safety organization (“PSO”). The ECRI Institute PSO’s website contains additional details about its experience with health IT safety matters.

In November 2014, the Office of the National Coordinator for Health Information Technology (“ONC”) coordinated with the ECRI Institute PSO and United Healthcare’s (“UHC’s”) PSO to publish a report entitled, Health Information Technology Adverse Event Reporting: Analysis of Two Databases. The report studied the role of health IT in hundreds of thousands of reported adverse events in order to identify the most common incidences implicating health IT.  Although the analysis determined that incidents involving health IT were overall less likely to result in harm when compared to those events that were not health IT-related, significant issues were identified, including the following:

  • The most common contributing factors to health IT-related events were communication among staff and team members (40-42%), staff inattention (33-34%), accuracy of the data (21-23%) and availability of data (10-12%).
  • Medication-related events were the most common health IT-related event type, accounting for about one-third of these events.
  • More than half of the health IT-related events were categorized in the Common Formats “other” report category making it difficult to determine the clinical problem involved in these events from these data.
  • About 60% of the events involving health IT were categorized as an incident (i.e., they reached a patient although they may not have resulted in harm to the patient), 14% as near miss event and 26% as an unsafe condition.
  • The UHC data showed that clinical documentation systems, computerized provider order entry and laboratory information systems are among the types of IT most commonly involved in adverse events. Health IT-related issues were common in the interfaces among different software components that make up health IT systems.

The ONC is the agency tasked with implementing a plan issued in 2013 by the Department of Health and Human Services to address the role of health IT in ensuring patient safety. The ONC is working with The Joint Commission to implement the plan, which is entitled the Health IT Patient Safety Action and Surveillance Plan and is built on recommendations from the 2011 Institute of Medicine report entitled Health IT and Patient Safety: Building Safer Systems for Better Care.

It was also proposed in the Food and Drug Administration Safety and Innovation Act (“FDASIA”) Health IT report from 2014 that ONC should run a Health IT Safety Center in collaboration with the FDA, the FCC and the Agency for Healthcare Research and Quality, along with other federal agencies and private stakeholders.  The center, for which funding is proposed in the White House’s Fiscal Year 2016 budget, would initially focus on data collection and analysis of health IT-related adverse events, including those tied to the use of electronic health records.  Thereafter, it is intended that the center would assist in identifying and implementing a framework for oversight of medium-risk health IT products.