Skip to content Skip to navigation

"Doctor, your EHR is killing me."

March 27, 2009
by Dale Sanders
| Reprints
HIT vendors should not be allowed to contractually walk away from their safety obligations in the design and implementation of their products

If you haven't read the March 27 JAMA commentary from Ross Koppel and David Kreda, you should track it down. In summary, they point out very appropriately, that there are patient safety issues associated with the use of EHRs, and that HIT vendors should not be allowed to contractually walk away from their safety obligations in the design and implementation of their products. I agree with the commentary and add that the obligations for patient safety don't end with the vendors; we HIT customers are obligated, too.

There is ample precedence for regulated safety among us--e.g., the Federal 510(k) process for medical devices includes a safety analysis. Laboratory information systems safety is regulated by CLIA. The software systems in the utility and transportation industries are regulated for software safety. Military command and control and information systems are regulated for software safety.

There are several layers of software safety risks associated with today's EHRs, from point-of-care decision support to the back end spaghetti of interfaces that populate a typical EHR. I'm not a fan of Federal overkill on regulations, but you have to admit that HIPAA finally drove our industry towards much better practices in patient data security and privacy protection. Without HIPAA's influence, I bet we'd still be piecemealing HIT information security and privacy. We need the equivalent of HIPAA for HIT’s impact on patient safety. Today's EHRs play a major role in the safe (or not) treatment of patients, every bit as important as medical devices. Now is the time to start planning for this as a culture. We can do it in parallel with the push for an EHR in very office.

With all these concerns in mind, it’s important to remember that the benefits of a properly implemented EHR to patient care still far outweigh the risks to patient safety. Driving a car safely is a complex process and prone to many errors, but we haven’t stopped buying and driving cars. We just keep making the car-driving process safer.

Topics

Comments

Dale,
Amen. I concur with your call for an investment in HIT safety.  As a physician, I'd probably change the title from:

"Doctor, your EHR is killing me."
     to
"CEO, your EHR is killing patients."

     In my experience, when there is an avoidable death in the hospital related to IT, it's rarely the doctors who are blamed for the HCIT.   ... but, I digress.

An observation to share:

Maybe 5 years ago, the Institute for Healthcare Improvement noted that there was industrial science that healthcare was missing (and not just HCIT.) It was captured in Weick & Sutcliffe's book and translated to healthcare by many, including me. Here's the HIMSS education presentation I created and delivered:




Here's the net.  Each of the five bullets above are well-known to health system executives.  They are the stuff of FMEA, Root-Cause Analysis and good, old-fashion planning.

After I did this presentation dozens of times, in board rooms and at executive retreats, the private, one-on-one feedback from the C-suite folks was: 

"Joe, we understand the message, it's not new, and we've done some of that for the financial systems in our organizations (i.e. not the clinical ones).  It costs between a million and five million dollars to document processes, identify failure-modes, and build in adequate buffering and safe-guards.

That's all they said.  With the penetration of comprehensive EMR's below the 2% level, that might have been very appropriate.

I'm only partially protected by peer-review laws, so I can't outline the common failures I've seen that have reached patients.  I can say, Dale, that there are objective sources that have elaborated EHR failures.  We all know why Medication Reconciliation and Bar-code Med administration is so important; we've seen the disasters when they're not in place.  Often avoidable deaths.

My post on Evaluation was addressing much your same point.  See:  Big Decisions - Certification and Evaluation? Do meaningful use, qualified provider, and certification hit the mark?  Like you, Dale, I see this ARRA as much of a defining moment as HIPAA.

HealthCare IT Safety Issue and the Broader ContextFor those of you who love books-on-tape (now mp3), I'd highly recommend listening to Malcolm Gladwell's Outliers.  In fact, just go to CD number 5 of seven and listen (from the begining of that CD) to a few minutes of the details of airline crashes.  It's great listening.  There's an eerie similarity to hospital safety issues as reported by the Joint Commission in their Sentinel Events factors.  Keywords:  Communication failures, "Swiss Cheese" multiple failure factor confluence, etc.  Then look at Dale's call for looking at the value of standardization of practices brought about by HIPAA.)  There's strong precident in other industries that weren't safe and have become so.


High Reliability science exists; I join your call to bring it forward now.  A car traveling at 60 MPH is not safe without the wrap-around infrastructure and policies.  Neither is HCIT.

Dale Sanders

Chief Information Officer, Cayman Islands Health Services Authority

Dale Sanders was a past VP and CIO of the Northwestern Medical Faculty Foundation at...