Research is inconclusive about how safe health IT is for patients overall — and poorly designed software can cause errors in an already complex national system of health care delivery — making government oversight of HIT safety and serious adverse events (death serious injury and unsafe conditions) essential. So says the report from the Institute of Medicine, “Health IT and Patient Safety: Building Safer Systems for Better Care,” funded by a $989,000 ONC grant. It calls for mandatory HIT vendor adverse event reporting.
While reports and academic research on health IT and informatics course through the electronic ether like so much water over Niagara Falls, this one bears watching, as some experts think it could ultimately chart the FDA’s regulatory path for EHR safety in much the same way that its landmark 1999 report “To Err is Human: Building A Safer Health System” still significantly influences health care safety standards and regulations.
As experts endlessly hash the report — and vendors paste snippets into their sales materials to somehow validate their products — here are 10 points from the report we think you should ponder about the safety implications of your wired and wireless health IT implementations:
- How do you collect adverse event reports? Do things causing unsafe conditions count as an adverse event? They should after today, the report states: “Analyses of unsafe conditions would produce important information that could have a great impact on improving patient safety and enable adoption of corrective actions that could prevent death or serious injury.”
- User reports of adverse events should be confidential and non-punitive, the IOM recommends, but mandatory for vendors.
- The federal entity to oversee HIT safety, the IOM said, should be new (what the authors termed an HHS-funded Health IT Safety Council) and not part of the FDA, ONC, AHRQ, and the private sector, because investigating patient safety incidents does not match the internal expertise of any existing entity, as the needed functions are under the jurisdiction of multiple federal agencies and efforts are generally uncoordinated and not comprehensive.
- The FDA, however, should immediately begin designing a regulatory framework for regulation of EHRs, PHRs and HIE software and have it in place should HHS deem their efforts “not sufficient.”
- While meaningful use and HIPAA both call for HIT risk assessments, there’s not a lot of specific guidance. The report recommends, “The Secretary of HHS should specify the quality and risk management process requirements that health IT vendors must adopt, with a particular focus on human factors, safety culture, and usability.”
- How tech-savvy are your frontline caregivers? For health IT use to be safest, the IOM says it will require training of not only clinicians, but also those administering the health systems as well as the IT infrastructure.
- Safety happens before, during and after implementation: “Vendor attestation that they have addressed specific safety issues in the design and development of their products can be important. Best practices for acquisition and implementation of health IT need to be developed. Development of post implementation tests would help users monitor whether their systems meet certain safety benchmarks.”
- Along the same lines, health IT products can almost never be safely installed “out of the box” on to a health care provider’s network. Implementation testing is needed to optimize value and mitigate safety risks.
- Future research needs to be done on interoperability matters, such as “Can systems be designed so that clinician profiles developed in one system can be used in another?” to aid physicians who move from facility to facility, or between departments in one hospital.
- The report recommends HHS publish a plan within 12 months that outlines how to accomplish the above recommendations, and publicly report on the progress of health IT safety efforts annually, starting in 2012. Keep your eyes peeled for that one.