A workgroup of the Healthcare IT Policy Committee, a federal advisory body, will hear testimony on the safety of health information technology during a public hearing tomorrow (Feb. 25, 2010) in Washington.
On the eve of that hearing, an article "FDA Considers Regulating Safety of Electronic Health Systems" was published Feb. 23, 2010 by the Huffington Post Investigative Fund, authored by Fred Schulte and Emma Schwartz.
The article is bylined with "Reports of Patient Harm Include Six Deaths in Two Years."
FDA Considers Regulating Safety of Electronic Health Systems
Reports of Patient Harm Include Six Deaths in Two Years
By Fred Schulte and Emma Schwartz
Huffington Post Investigative Fund
23 Feb 2010
Concerned about potential safety risks in health information technology, the U.S. Food and Drug Administration may be moving closer to regulating the systems for the first time.
In the past two years, the agency has received reports of six patient deaths and several dozen injuries linked to malfunctions in the systems, Jeffrey Shuren, director of the FDA’s Center for Devices and Radiological Health, said in testimony prepared for a government hearing on Thursday.
“Because these reports are purely voluntary, they may represent only the tip of the iceberg,” Shuren said.
In an environment of HIT "hold harmless" provisions and defects gag clauses causing executives to violate their fiduciary and Joint Commission safety standard obligations, sham peer review for "disruptive" or "non-team player" physicians, suppression of HIT research that could cast it in a negative light, conflicts of interest, whistleblower retaliation, and other dysfunctions in the health IT industry, I think "tip of the iceberg" may be a gross understatement.
... Many health policy experts believe that fostering greater use of health information technology, which officials refer to as HIT, will significantly improve the quality of medical care, cut costs and reduce medical errors and waste. The government hopes to have an electronic medical record for every American by 2014.
These beliefs about HIT -- as it is designed, implemented and managed today -- are being contradicted by a growing body of literature, such as in a recent review article here broadly reviewing the literature, a new book here and a collection of 2009 releases here that is largely ignored by policy makers. This literature is largely ignored and unknown to policy makers while the relatively sparse literature "proving" the case for HIT is overemphasized, perhaps due to intense lobbying from the very wealthy HIT trade organizations as in the Washington Post here.
But digital medical systems are not risk-free. Over the past two years, the FDA’s voluntary notification system logged a total of 260 reports of “malfunctions with the potential for patient harm,” including 44 injuries and the six deaths. Among other things the systems have mixed up patients, put test results in the wrong person’s file and lost vital medical information.
That "260 reports" is also likely highly understated; there is no regulations nor accepted national reporting system for HIT problems as there is for drugs and other medical devices. Consequently most clinicians have no idea where to even report such problems and mishaps.
Further, I have probably heard more than that number of "malfunctions with potential for harm" from just a few of my former students and other contacts now in the trenches in the past year or two, who report secretive "defects lists" numbering in the hundreds and even thousands in some organizations. A percentage of items on those lists fall into the "likely to cause harm if uncorrected" category.
In one example cited in the FDA testimony, an operating room management system frequently “locked up” during surgery. Lost data had to be re-entered manually “in some cases from a nurse’s recollection.” Another system failed to display a patient’s allergies properly because of software errors. In another case, results from lab testing done in a hospital emergency room were returned for the wrong patient. None of the patients, hospitals or clinics are identified in the reports.
I noted such a "computer crash/data loss" malfunction in HIT systems for ICU's and for Invasive Cardiology labs a decade ago. Nothing seems to have been learned by this industry about appropriate software engineering for healthcare.
“The FDA recognizes the tremendous importance of HIT and its potential to improve patient care. However, in light of the safety issues that have been reported to us, we believe that a framework of federal oversight of HIT needs to assure patient safety,” Shuren said. He said that to date the agency has “largely refrained” from regulating the industry. Through an FDA spokesman, Shuren declined a request for an interview.
The FDA official outlined three possible approaches for tighter scrutiny. The agency could require makers of the devices to register them with the government and to submit reports on safety issues and correct problems that surface. The FDA could track this information “to help improve the design of future products.”
In a second scenario, the agency could require manufacturers to report safety concerns and set minimum guidelines to assure the quality of products on the market. In a third approach, the systems could be subject to the broader regulatory actions that new medical products must face before they ever reach the market.
Though the FDA didn’t specify which approach it favors, Shuren said that at a minimum the agency could “play an important role in preventing or addressing HIT-related safety issues, thereby helping to foster confidence in these devices.”
I think plan #3 is the most consistent with regulation in other healthcare industries (pharma and medical devices), and is most ethical with regard to patient rights. I cannot think of any good reason why the HIT industry should be given special dispensation and accommodated with respect to regulation.
The manufacturers of the systems generally have opposed regulation by the FDA, arguing in part that imposing strict controls would slow down the government’s campaign to spur widespread adoption of the technology. Regulation will not necessarily create a “safer” electronic medical record “and might actually limit innovation and responsiveness when it is needed most,” Carl Dvorak, executive vice president of Epic Systems Corporation, a Wisconsin-based company that builds the systems mainly for hospitals and large medical practices, said in his prepared testimony for Thursday’s hearing. The hearing is being held by an advisory group created by the stimulus law.
One thing is certain: lack of regulation will NOT create a safer HIT environment.
Further, when the FDA has received reports of patient deaths and injuries linked to HIT malfunctions, but the actual number of death and injury cases is truly unknown; and when the number of "near misses" related to IT but averted by luck or by some human in the work chain, that might have easily gone the other way, is also unknown (but likely with a high degree of probability to be much, much larger than "260 per year", the conclusions that:
Regulation will not necessarily create a “safer” electronic medical record “and might actually limit innovation and responsiveness when it is needed most...
"imposing strict controls would slow down the government’s campaign to spur widespread adoption of the technology..."
... are simply perverse.
They do not reflect any ethical medical values of which I am familiar.
Yet some inside the industry favor stepped-up scrutiny. One major vendor, Cerner Corporation, which has voluntarily reported safety incidents to the FDA in recent years, signaled its support for a rule that would make those reports mandatory. Cerner has reported potential safety concerns because it is the “right thing to do,” a company official said.
Others inside the industry have argued for approaches that don’t involve FDA oversight. James Walker, chief medical information officer at Pennsylvania’s Geisinger Health System, said in prepared testimony for Thursday's hearing that a “patient safety organization” should be created to collect “automatic, anonymous reporting of potential hazards” in electronic health systems.
Such an organization already exists, known as the "FDA." Apparently Walker lacks experience in industries that are regulated by FDA such as the pharmaceutical and medical device industries.
IT systems in those industries are regulated and in fact validated, by FDA - e.g., see "General Principles of Software Validation; Final Guidance for Industry and FDA Staff", PDF, introduced with the statement that "this guidance outlines general validation principles that the Food and Drug Administration (FDA) considers to be applicable to the validation of medical device software or the validation of software used to design, develop, or manufacture medical devices."
Creating yet another new organization for validating HIT would be once again accommodating that industry, and calling for one is not explicable on any reasonable logic that I can surmise.
The federal government’s Office of the National Coordinator for health information technology also has recognized the need for better surveillance. In January, the office issued a contract to address “undesirable and potentially harmful unintended consequences” of the systems.
What took them so long, I ask?
One industry critic said Tuesday that she hoped the FDA would follow through on its concerns. “We need monitoring and reporting systems for problems,” said Sharona Hoffman, a professor at Case Western Reserve University School of Law. “It has to go through the highest level of oversight and regulation. Every American who goes to a doctor will be affected.”
I could not agree more. Hoffman co-authored several articles on HIT risks (links can be found here). The oversight cannot be done by a rubber-stamp organization; it cannot be performed by those with conflicts of interest; it should not be performed by those who for years have minimized the problems.
Even those who advocate tighter oversight agree that the technology has the potential to revolutionize health care.
No, HIT will not "revolutionize" healthcare. Facilitate incremental improvements, possibly - but only if the IT itself is "done well." I believe the "R" word must be removed from our cultural lexicon about IT. It is an expression of a disease, the irrational overconfidence in computing in fields depending on human cognition and judgment. If the largest single flaw in healthcare provision were lack of information availability and retrieval capabilities, it would be a (somewhat) less risible, less hysterical assertion.
Though officials in some other countries have tightened oversight of the systems, U.S. manufacturers have managed to stave off formal regulation, telling the FDA in May 2008 that their products should be excluded from review partly as a means to speed up their adoption.
The EU's evolving stance on HIT regulation is here.
But critics argue that tighter scrutiny is needed to protect the public. “Oversight and quality control may slow things down, but it’s absolutely critical,” said Hoffman, the law professor. “Patients' lives are at stake.”
Hoffman seems one of the few writing about this industry who understands what the issues are all about. I will repeat the bottom line in bold for all to see:
“Patients' lives are at stake.”
It's ironic that this observation comes from a non-physician (she is a professor of law), while too many HIT industry-connected physicians are chattering about regulation "stifling innovation." Blood for computers? Perhaps they'd like to return to the era when medical experiments such as this were permissible.
Seeking regulatory acquiescence to special accommodations for a technology (HIT) already being pushed by government, which could potentially result in a government-corporatist alliance at the expense of the common person and of medical ethics, is quite troubling.