Healthcare information technology is lacking a strong focus on patient safety, and as a result it's impossible to quantify whether patients are actually safer through the use of healthcare IT software, according to a report issued November 10 by the U.S. Institute of Medicine (IOM).
As a result of an investigation commissioned at the request of the Office of the National Coordinator for Health Information Technology (ONC), the IOM report includes a series of recommendations for oversight and scrutiny of the healthcare IT industry and its products. The recommendations include a call to the U.S. Department of Health and Human Services (HHS) to fund a new health IT safety council, and within the next 12 months to publish a plan to minimize safety risks associated with health IT.
Echoes of 1999?
The IOM made patient safety a priority in 1999 with its widely publicized report "To Err Is Human," which found that 44,000 to 98,000 lives a year in the U.S. were lost due to medical errors. The hope since then has been that healthcare IT would reduce the rate of fatal medical errors, but the IOM found little evidence to support that position in its new report, titled "Health IT and Patient Safety: Building Safer Systems for Better Care."
The report did not investigate software for medical devices, nor did it reference the 20-year track record of RIS, PACS, and other types of imaging informatics software. While the report included computerized physician order-entry and clinical decision-support software in its analysis, the applications it discussed did not relate to diagnostic imaging.
After what it called an extensive literature review, the IOM committee said it found little that quantified the magnitude of the risk associated with health IT problems. "The absence of quantifiable evidence of health IT's harm is not evidence that health IT does not create harm. It is clear [that] harm exists," wrote committee chair Dr. Gail Warden, president emeritus of Henry Ford Health System in Detroit.
The committee attributed barriers to assessing the magnitude of harm and the impact of health IT on patient safety to a number of factors. These included the heterogeneous nature of healthcare IT programs, the diverse effects of different clinical environments and workflow, the impact of customization, legal barriers contained in ironclad vendor contracts that contain "hold harmless" clauses and forbid information-sharing by customers, and fear of litigation by patients and vendors alike.
"These barriers to generating evidence pose unacceptable risks to safety," the report noted.
Recommendations
The committee made nine key recommendations, the first of which was for the secretary of HHS to publish an action and surveillance plan within the year. Key elements of the plan should include healthcare IT-allocated funding for the Agency for Healthcare Research and Quality (AHRQ), the National Library of Medicine (NLM), and the ONC.
Mandatory standardized testing procedures should be developed for both vendors and customers to assess the safety of health IT products. AHRQ and ONC should work together with vendors and users to promote postdeployment safety tests of electronic health records (EHRs) for high-prevalence, high-impact EHR-related patient safety risks.
HHS should also fund a new health IT safety council, which the committee suggested could be housed within existing organizations such as the National Quality Forum. Its purpose would be to evaluate criteria for assessing and monitoring the safe use of health IT and its ability to enhance safety.
HHS should assume the responsibility of specifying the quality and risk management process requirements that vendors must adopt, with specific emphasis on human factors, usability, and safety features. The committee also recommended that all healthcare IT vendors be required to publicly register and list their products with the ONC.
In addition, HHS should establish a mechanism for both vendors and users to report adverse events, specifically health IT-related deaths, serious injuries, or unsafe conditions. This would be mandatory for vendors and voluntary for users.
The committee strongly advocated that free exchange of information should be promoted. This should include removal of all legal barriers preventing the free exchange of information, particularly those imposed by vendors, including the sharing of screen shots and case reports. A repository where adverse events and/or potential patient-compromising safety incidents can be collected, monitored, and analyzed is needed.
During a press conference chaired by Dr. Paul C. Tang, vice president and chief innovation officer of the Palo Alto Medical Foundation, the committee emphasized that a centralized repository would be a good way to assess the prevalence of problems. The members noted that official and unofficial users' groups often shared this type of information unofficially. It was also imperative that such reporting be voluntary, confidential, and nonpunitive for all involved.
The committee also recommended that ONC should work with both private and public sectors to make comparative user experiences across vendors publicly available. One of the key objectives for this would be to make information about specific products much more transparent to potential buyers. The quantity of information provided by individual vendors is inconsistent, not necessarily complete, often shrouded in secrecy, and very difficult to compare. Potential users need to know what they are considering purchasing, what the installation requires, how to do it to achieve safety standards, and how well it will work in their particular situations.
While the tone of the November 10 press conference overwhelmingly conveyed an attitude of "the time is now" to create a patient safety culture in healthcare IT utilization and to quantify healthcare IT's relationship to patient safety, one committee member spoke out with a different opinion.
Dr. Richard Cook, associate professor of anesthesia and critical care at the University of Chicago, issued a dissenting opinion, stating that it was his belief that healthcare IT should be regulated as class III devices, in the same category as high-risk devices such as external cardiac defibrillators. As such, new HIT software would be required to navigate the premarket approval (PMA) process, which is far more rigorous than the 510(k) process used for class II devices.
"It is not surprising that adverse events are being discovered," Cook said in the press conference. "What is surprising is that developers don't seem to have looked for or anticipated them. This borders on recklessness."
In its report, the committee stated that it ultimately decided the determination of which class HIT devices fall into should be the responsibility of the U.S. Food and Drug Administration (FDA).
The report may be downloaded free of charge by clicking here.
