The federal Office of the National Coordinator for Health IT released its Health IT Patient Safety Action & Surveillance Plan for Public Comment, a document synthesizing recommendations from an ONC-commissioned Institute of Medicine report for promoting patient safety within health IT. The document does not create new reporting initiatives, though it details how investigations and corrective actions may be taken when EHR safety problems emerge -- as well as those in the greater universe of health IT systems.
Instead, the plan relies on present groups, such as the Agency for Healthcare Research and Quality (AHRQ), state Centers for Medicare and Medicaid Services (CMS) and private accreditation surveyors, patient safety organizations (PSOs) and others to catalog health IT-related adverse events, develop guidance for safer IT environments, and potentially intervene when necessary. Furthermore, the plan details potential Food and Drug Administration (FDA) and Federal Communications Commission (FCC) involvement in health IT safety matters, as directed by Congress.
Seth Pazinski, Office of the National Coordinator for Health IT (ONC) division director for planning and operations, offered SearchHealthIT background on this plan and the complex issue of tracking health IT systems safety.
For starters, give us some background on the patient safety plan. Is it a goals document, a regulation, or where does it fit in with ONC policy?
Seth Pazinski: Health IT, as far back as the Institute of Medicine's [1999 report], To Err is Human, has been a potential solution to improve overall patient safety within the health care system. But with any new technology that gets introduced, there's the potential for patient safety events. So ONC commissioned the IOM [Institute of Medicine] to conduct a study and issue a report around patient safety and health IT, which they put out in November 2011, with recommendations on the roles of the federal government and private sector in ensuring [it]. This plan is ONC's reponse to that report.
We didn't go the route of creating something completely new just to address health IT safety; we leveraged the existing systems and programs in place that focus on patient safety.
division director for planning and operations, ONC
What HHS [U.S. Department of Health and Human Services] has done is built health IT safety within the commitment to patient safety that already exists in the department. We didn't go the route of creating something completely new just to address health IT safety; we leveraged the existing systems and programs in place that focus on patient safety.
But down the line, could it turn into regulations such as mandatory reporting for vendors or providers or something like it?
Pazinski: The plan operates within existing statutory and regulatory authorities; it doesn't call out new statutory or regulatory requirements. It's building off things that are already in place. It provides direction on what ONC is thinking and how we're planning to use those programs to build into health IT safety. So programs that focus on patient safety, such as the PSO program that AHRQ runs and the health safety standards that are part of CMS's responsibilities, have health IT safety built into them, as well as ONC's [EHR technology] certification programs.
Comments directed to ONC.Policy@hhs.govare open until 11:59pm EST, February 4. What are you looking for feedback on, or is there any part of the plan that you think might generate the most comments?
Pazinski: [As] with anything you put [up] for public comment, [we are looking] to get feedback on the direction we're headed here.
Some of the key parts we call out in the plan are:
- Working with [software] developers on a code of conduct around how they can support a culture of patient safety; working with PSOs and supporting providers [on the] reporting of patient safety events. [Editor's note: ONC head Farzad Mostashari, M.D. has challenged vendors to give this code teeth, or face "more classic regulatory approaches."]
- How health IT can be used as a tool to improve safety overall. How can we leverage EHRs to make it easier for providers to report safety events as part of their workflow?
The safety plan references using the FDA's Manufacturer and User Facility Device Experience (MAUDE) database to catalog health IT safety incident reports. Do you envision someday being able to look up reports by, for example, EHR brand names, as you can with medical device manufacturer names today?
Pazinski: The MAUDE system is an existing system that is up and available now. It's a searchable database that exists publicly. We are looking at the data reported there as a potential source to do analysis and identify potential trends [in health IT safety].
We're not, at this point, looking to change the database. It's just one of the sources of information that we'll be monitoring.
The plan also mentions an FDA framework for regulating EHR safety to be discussed in 2014. Can you give some detail on that?
Pazinski: That was a statutory requirement that came out of the FDA Patient Safety and Innovation Act; one of the requirements there was for FDA, in collaboration with ONC and the Federal Communications Commission, to produce a report that proposes a strategy and recommendations around a risk-based regulatory framework for health IT. So what that's looking at is a potential strategy to set up a regulatory framework for health IT. That process will include some public feedback over the course of 2013. The requirement is that FDA would put out a report within 18 months, in 2014.
What's the FCC's connection?
Pazinski: FCC has regulatory authority over telecommunications devices -- so to the degree that they coordinate or overlap with FDA relates to health IT in telecommunications devices.