If you haven't read the March 27 JAMA commentary from Ross Koppel and David Kreda, you should track it down. In summary, they point out very appropriately, that there are patient safety issues associated with the use of EHRs, and that HIT vendors should not be allowed to contractually walk away from their safety obligations in the design and implementation of their products. I agree with the commentary and add that the obligations for patient safety don't end with the vendors; we HIT customers are obligated, too.
There is ample precedence for regulated safety among us--e.g., the Federal 510(k) process for medical devices includes a safety analysis. Laboratory information systems safety is regulated by CLIA. The software systems in the utility and transportation industries are regulated for software safety. Military command and control and information systems are regulated for software safety.
There are several layers of software safety risks associated with today's EHRs, from point-of-care decision support to the back end spaghetti of interfaces that populate a typical EHR. I'm not a fan of Federal overkill on regulations, but you have to admit that HIPAA finally drove our industry towards much better practices in patient data security and privacy protection. Without HIPAA's influence, I bet we'd still be piecemealing HIT information security and privacy. We need the equivalent of HIPAA for HIT’s impact on patient safety. Today's EHRs play a major role in the safe (or not) treatment of patients, every bit as important as medical devices. Now is the time to start planning for this as a culture. We can do it in parallel with the push for an EHR in very office.
With all these concerns in mind, it’s important to remember that the benefits of a properly implemented EHR to patient care still far outweigh the risks to patient safety. Driving a car safely is a complex process and prone to many errors, but we haven’t stopped buying and driving cars. We just keep making the car-driving process safer.