It took an Australian computer scientist at U. Sydney to dissect and perform a detailed analysis of the internals of an American EHR system, the results of which were disturbing to say the least. This was a task the American members of the American Medical Informatics Association (AMIA) should have taken on. It's not as if they're unaware of clinical IT problems.
It also seems to take a group of Australian researchers at the Univ. of New South Wales, the Australian Patient Safety Foundation, and the University of South Australia to perform a forensic analysis on U.S. data in the FDA's Manufacturer and User Facility Device Experience (MAUDE) database, instead of Americans themselves.
At least AMIA allowed the Australians the opportunuty to present their findings.
In "Patient Safety Problems Associated with Heathcare Information Technology: an Analysis of Adverse Events Reported to the US Food and Drug Administration" (free fulltext at this link), AMIA Annual Symposium Proceedings 2011;2011:853-7 the Australian researchers including Medical Informaticist and critical thinker Dr. Enrico Coiera (see here) analyzed healthcare information technology (HIT) events associated with patient harm submitted to the MAUDE database:
We downloaded all 899,768 reports that were submitted to MAUDE from January 2008 to July 2010 and searched for events using a broad definition of HIT as “hardware or software that is used to electronically create, maintain, analyse, store, receive, or otherwise aid in the diagnosis, cure, mitigation, treatment, or prevention of disease, and that is not an integral part of (1) an implantable device or (2) medical equipment.” We retrieved and classified 678 reports describing 436 unique events using a previously published methodology. Of the 436 HIT-related events that we examined, 11% (n=46) were associated with patient harm [this excludes the "near misses" - ed.] ... In this paper we specifically focus on examining the 46 events where HIT problems were associated with patient harm.
These submissions are voluntary, and due to systematic, severe impediments to submissions as below, this data likely represents a very small fraction ("tip of the iceberg" per FDA itself, link) of the true incidence of these events. See the addendum to this post "Systematic impediments to voluntary reporting of health IT risks."
Summarizing the Australian researchers' findings (read the entire paper at the link above):
Medication problems represented 41% of the events of these types:
- Wrong patient
- Wrong dose or overdose
- Missed and delayed doses
Clinical process problems represented 33% of the events:
- Use errors in entering information ("use error" is an error due to poor and confusing design, as opposed to "user errors")
- Poor functionality of CPOE and PACS
Exposure to radiation occurred in 15% of the events
Surgery problems occurred in 11% of the events.
The authors recommended that "strategies to improve the safety of HIT should focus on designing safe user interfaces, integrated checks of key identifiers and decision support, and engineering safer clinical processes."
Unfortunately, that does not appear to be occurring in the U.S. to any significant degree. "Certification" of health IT to meet government criteria for financial incentives is unrelated to such measures and is in my view symptomatic of industry regulatory capture (see here and here). The IOM itself has instituted a "watch and wait" policy, a likely unique special accommodation in current regulation of medical devices (see here).
I reiterate this MAUDE data is voluntary and the impediments to its reporting systematic and severe. See addendum to this post.
In the category of good sense on electronic medical records, I note the following articles:
Victoria aims for more open ICT strategy
02 October 2012
The newly formed Victorian Information and Communications Technology Advisory Committee (VITAC) has released a draft strategy (PDF) describing how the state government should manage and use ICT to better provide government services.
The strategy recommends that the government engage more closely with the ICT sector and move away from customised products in favour of existing market offerings.
... It recommends that the government engage with the ICT market early in the procurement lifecycle. “We will avoid being locked into single suppliers by favouring open standards and will be open to any qualified ICT provider regardless of size. Procurement of ICT services will be made more efficient.”
The strategy should also provide guidance to agencies to move away from customised major ICT developments and use existing market offerings with little or no customisation instead.
What this means is abandoning the approach of large, single-source (monolithic), proprietary clinical information systems from large health IT vendors that try to cover everything, in favor of smaller, open standards-based "best-of-breed" applications (from vendors of all sizes) that can be woven together to meet users' needs:
The subsequent fallout from the Ombudsman's report led to the Victorian government cancelling several programs, including the $323 million HealthSMART program, an ambitious project to roll out common eHealth infrastructure throughout Victoria's public health services.
This included implementing iSOFT's (now CSC) i.PM patient administration system and Cerner's clinical information system in its hospitals, as well as InterSystems' TrakCare platform for community health agencies.
I note that another article in eHealth Insider mentions the same strategy in the UK, "Winchester switches off Cerner in ED":
The Royal Hampshire County Hospital in Winchester has switched off Cerner Millennium in A&E and moved to Patient First. The electronic patient record system will also be switched off for theatres and order communications at the old Winchester and Eastleigh Healthcare NHS Trust ... Basingstoke and North Hampshire was pursuing an alternative IT strategy, built around a 'best of breed' approach to building on its existing systems.
The U.S. has yet to learn these lessons, and will likely repeat the same mistakes at the cost of hundreds of billions of dollars.
Unfortunately, I have no answers. I see no way to avoid it, considering the HITECH momentum that favors the large-vendor monolithic product model.
Addendum. Systematic impediments to voluntary reporting of health IT risks:
From the 2010 FDA internal memo on health IT risks:
Limitations of the MAUDE search and final subset of MDRs include the following:
1. Not all H-IT safety issue MDRs can be captured due to limitations of reporting practices including:
... (a) Vast number of H-IT systems that interface with multiple medical devices currently assigned to multiple procodes making it difficult to identify specific procodes for H-IT safety issues;
... (b) Procode assignments are also affected by the ability of the reporter/contractor to correctly identify the event as a H-IT safety issue;
... (c) Correct identification by the reporter of the suspect device brand name is challenged by difficulties discerning the actual H-IT system versus the device it supports.
2. Due to incomplete information in the MDRs, it is difficult to unduplicate similar reports, potentially resulting in a higher number of reports than actual events.
3. Reported death and injury events may only be associated with the reported device but not necessarily attributed to the device.
4. Correct identification by the reporter of the manufacturer name is convoluted by the inability to discern the manufacturer of the actual H-IT system versus the device it supports.
5. The volume of MDR reporting to MAUDE may be impacted by a lack of understanding the reportability of H-IT safety issues and enforcement of such reporting.
From the 2012 IOM report on health IT safety:
... While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.
Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.
… “For example, the number of patients who receive the correct medication in hospitals increases when these hospitals implement well-planned, robust computerized prescribing mechanisms and use barcoding systems. But even in these instances, the ability to generalize the results across the health care system may be limited. For other products— including electronic health records, which are being employed with more and more frequency— some studies find improvements in patient safety, while other studies find no effect.
More worrisome, some case reports suggest that poorly designed health IT can create new hazards in the already complex delivery of care. Although the magnitude of the risk associated with health IT is not known, some examples illustrate the concerns. Dosing errors, failure to detect life-threatening illnesses, and delaying treatment due to poor human–computer interactions or loss of data have led to serious injury and death.”
Not knowing the magnitude of the risks is an effect of the impediments, and does not represent a good environment for national implementation in my view.
I also add "fear of medical malpractice litigation" to the lists above.