News Stay informed about the latest enterprise technology news and product updates.

EHR safety focus of investigative probe that raises questions

Lack of EHR safety coordination between the ONC and the FDA leaves the job to private entities. Here's what hospitals can do to protect themselves now.

A recent Huffington Post exposé on electronic health records (EHR) safety might have left some patients thinking that it's time to power down hospital computers and go back to paper records and fountain pens.

Pot-stirring aside, the piece brings up some valid considerations for both hospitals and policymakers: Who is keeping track of adverse events, and who should be? What exactly is the Food and Drug Administration's role in regulating EHR safety, and how can the Office of the National Coordinator for Health Information Technology (ONC) integrate FDA vigilance into its EHR standards and regulations?

According to the Huffington Post, Trinity Health System in Novi, Mich., experienced a computer glitch that caused patient information to be posted to the wrong medical records. No patients were harmed due to the glitch, which was quickly fixed. Trinity did not return messages seeking comment for this story.

Technical errors that can lead to patient harm are not new to health care. In addition to the problems some have found with computerized physician-order entry (CPOE) that can cause medication errors, glitches in CT scanners have led to radiation overdoses over the past year for patients at several hospitals in California and Alabama. There have been cases of drug complications from mislabeled barcodes in the past few years, as well.

Hospitals are missing warnings that potentially could harm or kill patients as they process medical orders, according to a report by The Leapfrog Group, a Washington, D.C.-based quality organization formed by large employers that studies safe, cost-effective health care methods.

The group, which advocates the use of CPOE as one of those safe methods, conducts an annual survey of hospitals to rate how well they are using CPOE and other safe practices that the group supports. As part of that survey, Leapfrog released the results of its CPOE evaluation tool used by hospitals to assess their systems. The systems missed warnings on about half of medication orders and one-third of potentially fatal orders, the group said.

The 214 hospitals that used the evaluation tool completed 224 CPOE tests representing 10,447 medication orders processed through those systems. The tests were based on simulated medication orders.

Nearly all the hospitals were able to catch errors the second time through the evaluation, once they adjusted protocols and procedures for the medication orders, said Leah Binder, Leapfrog's CEO. What this demonstrates is that complex technology needs to be monitored after it's installed, and having a technical system does not take the place of normal checks and balances in a hospital. "Don't assume because you have CPOE, you're safe," she said.

Vigilance needs to be part of federal meaningful use regulations, Binder said. While EHR products will be required to go through a certification process before hospitals can use them, there is nothing in the final rule that requires IT systems to be checked for effectiveness after they go live. "You can't think of it as over" after a system is installed, she said.

At issue is safety reporting. Some organizations, such as the FDA and hospital accreditor The Joint Commission, collect and publicize reports of technical errors and potential harm, but there is no standard place where industry stakeholders and patients can turn to learn about technical problems and solutions for fixing them. The FDA has considered regulation that would require EHRs to be monitored like other medical devices, but providers, industry stakeholders and officials from the ONC have expressed concerns, saying such a process would stifle EHR innovation.

ONC believes technology has significant potential to reduce medical errors and harm while improving patient care, but it recognizes there is the risk of unintended consequences when a provider is installing and learning to use new technologies, said Kathy Kenyon, policy analyst for the ONC.

"We do know that when you install an EHR . . . you have the potential of having problems that are new," Kenyon said, speaking during the 2010 Legal EHR Summit hosted by the American Health Information Management Association in Chicago.

To mitigate those problems, ONC has established a panel that will study the unintended consequences of health IT adoption, Kenyon said. That panel is being ramped up now.

Cerner: Industry vigilance for EHR safety

Cerner Corp., whose system is installed in Trinity Health, isn't offering specific comments on the Trinity incident, either. But in response to's request, the Waltham, Mass.-based company pointed to Vice President and Chief Quality Officer Gay Johannes' Feb. 25 testimony before the ONC Health IT Policy Committee's Adoption/Certification Workgroup.  Shelley Looby, Cerner's regulatory affairs director, submitted the testimony on behalf of Johannes, who could not attend the meeting in person.

Johannes didn't go as far as calling for regulators to step in and monitor EHR safety, but she did say that software with "HIT functionality that collects, records, stores and reports health information poses very little risk and, thus, warrants little regulation. As HIT systems evolve from primarily administrative record-keeping functions to partnering in care delivery, delivering evidenced-based medical information and providing support for clinical decisions, the complexity and risk to the public will increase such that more aggressive prevention and mitigation activities are warranted and expected."

Cerner, which claims a base of 2.5 million patients, voluntarily reports issues "that might impact public safety" via the FDA's MedWatch program, Johannes said. Since 2008, the company has filed 25 such incident reports, none of which "resulted in serious injury." Incidents included data retrieval problems, incorrect updates or EHRs not saving correctly, "record overlay or merging issues" leading to incomplete or incorrect information contained in the EHR, and slow or unresponsive systems.

"Cerner is not required to do this," Johannes testified to the workgroup. "We believe it's the right thing to do. Such disclosures provide much-needed transparency into the success and challenges of these systems. This transparency is especially important at a time when the federal government -- and the American public -- is investing heavily in HIT."

The company also maintains its own database of incidents and customer complaints, and tracks them for quality improvement purposes, Johannes said.

EHR safety reporting still a work in progress

There's no formal, all-vendor central repository for EHR problems, the ECRI Institute's Health Devices Group engineering director Chris Lavanchy and senior project engineer Barbara Majchrowski said. The FDA does not regulate EHRs as medical devices. If it did, hospital safety incidents involving EHRs would have to be listed in the FDA’s public, mandatory Adverse Event Report database or in a formal equivalent. Other hospital information systems are FDA-regulated: For example, lab information systems -- more commonly known by their LIS abbreviation -- are designated Class I devices by the FDA, meaning they require minimal oversight. Picture archiving and communication systems (PACS) are designated Class II because they carry a higher patient safety risk.

"When you take a look at those two information systems and then look at what an EMR does, that is where I think people are starting to [say that] maybe an EMR does have some level of risk on patient care, and what level does it have?" Majchrowski said.

The FDA collects voluntary reports, and private organizations, such as the ECRI Institute, also get reports from hospitals. The Joint Commission could get involved too, issuing what it calls Sentinel Event Alerts on potential hospital safety issues.

Whoever takes on the task, it should be happening, Lavanchy said. "Reporting is one mechanism that can help ensure patient safety," he said. "If no one's reporting, then no one learns anything."

Making your hospital's EHR system safer

Tales like Trinity Health's show that hospitals will have to endure bumps in the road while rolling out EHR systems, Majchrowski said. Despite such anecdotes, however, she believes that EHR systems will "undoubtedly" improve patient care and quality of service in the long run.

"Like any technology, we need to understand it, implement it and manage it correctly," Majchrowski said.

If no one's reporting, then no one learns anything.

Chris Lavanchy, engineering director, ECRI Institute Health Devices Group

Lavanchy and Majchrowski recommend that hospital IT leaders prepare for possible glitches and outages with their IT systems, and concentrate their EHR safety efforts in the implementation phase. All software -- including updates and patches after the EHR system goes live -- should be tested before it's rolled out facility-wide. That includes anything that may interact with the EHR system, too.  The IT staff should make sure that any companion utility or application they're introducing won't bring down the EHR app.

Beyond that, hospitals should have contingency plans in case the system goes down, so practitioners can safely continue to administer patient care while IT staffers work to bring it back online.

There's growing awareness of the need for more safety monitoring, according to Paul Schyve, a physician who is senior vice president for The Joint Commission. The group released a Sentinel Event Alert on IT and converging technologies in 2008, warning of the need to monitor systems and all types of technology in a hospital.

The focus is broader than just plugging in an EHR, Schyve said. Things like advanced diagnostic imaging and robotics in the operating room rely heavily on IT that is embedded in technology. "Complexity has outstripped knowledge of the people using the technology," he said.

The commission is considering how to release more alerts and advisories about technology safety. It wants hospitals to consider systems prospectively and think about what might go wrong, and look for risk potentials and warning, in addition to monitoring technology after it's been installed.

In addition to adopting a culture of safety, developing techniques that rigorously study risk will help hospitals become high-reliability organizations, Schyve said. "Hospitals are at different points in that journey."

Let us know what you think about the story; email Don Fluckinger, Features Writer.

Dig Deeper on Patient safety and quality improvement

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.