Friday, October 28, 2011

Cybernetik Über Alles: Computers Have More Rights Than Patients?

[Note: this essay contains many hyperlinks. They can be right-clicked and opened in a separate tab or window.]

What medical devices are shielded from liability?

Are there other examples of legislation seeking legal protections for wide-scale use of medical devices that even the device's trade group leadership admits are not ready, and are experimental?

Here we have a proposal from a member of the U.S. Congress to shield health IT software, a medical device (per FDA's Director of CDRH - the Center for Device and Radiological Health and others), and its users from liability through an apparently unique special accommodation.

This from
Thursday, October 27, 2011
On Wednesday, Rep. Tom Marino (R-Penn.) introduced legislation (HR 3239) that would create certain legal protections for Medicare and Medicaid providers who have implemented electronic health record systems, the Wilkes-Barre Times Leader reports.
The bill -- called the Safeguarding Access for Every Medicare Patient Act -- would create a system for reporting potential medical errors that occur when using EHRs, but it would not allow such information to be used as legal admission of wrongdoing.
The bill would cover certain physicians and hospitals that serve Medicare and Medicaid beneficiaries. It also would cover participants and users of health information exchanges.
Marino, who is a member of the House Judiciary Committee, said that offering the new legal protections to health care providers would promote greater use of EHRs and encourage Medicare and Medicaid providers to continue serving beneficiaries. [As if they could not do so without EHR's? - ed.]
He said, "Many providers are reluctant to use [EHRs] because they believe the practice will make them more vulnerable to unnecessary legal action," [unnecessary? How about real and necessary, as per the White Paper Do EHR's Increase Liability? - ed] adding, "This [bill] protects access for seniors in the Medicare and Medicaid programs" (Riskind, Wilkes-Barre Times Leader, 10/27).

From Rep. Marino's website (my comments are in [bracketed red italics]):

Marino Introduces Safeguarding Access For Every Medicare Patient Act
Oct. 26, 2011
WASHINGTON -- U.S. Rep. Tom Marino, PA-10, has introduced legislation that offers limited legal protection to Medicare and Medicaid providers who use electronic records. [Which, I fear, could effectively act as, or mutate into, absolute protection in the environs of the legal system - ed.]
HR3239, the Safeguarding Access For Every Medicare Patient Act, would ensure patient access to Medicare and Medicaid providers; reduce health care costs [really? That's not what Wharton and others write - ed.]; guarantee incentives to providers to remain in the Medicare and Medicaid programs; and promote participation in health information technology.
Providers will eventually be required to participate in electronic recordkeeping or face a reduction in payments.
Marino said the bill offers incentive in the form of legal protection to providers who may be reluctant to remain in the Medicare and Medicaid programs due to low reimbursement rates which are constantly being targeted for further reductions.
[I imagine the known risks of health IT such as these at "MAUDE and HIT Risks: What in God's Name is Going on Here?" are a minor consideration if you receive legal immunity - ed.]
HR3239 would create a system for reporting potential errors that occur when using electronic records without the threat of that information being used as an admission of guilt. [Even if the physician or nurse is guilty of EHR-caused or aggravated, i.e., "use error" per NIST, malpractice - ed.]
It also prevents electronic records from being used as an easy source for “fishing expeditions,’’ [like this case, this case, this case and this case where patients died? - ed.] while making sure that parties responsible for errors are held accountable [how? -ed].
The proposal allows for providers who use electronic records to take remedial measures without having those actions be used to establish guilt [even though remediation may be very relevant to malpractice, patient injury and death prior to the remediation, and the remediation is informed by the error - ed.]; places time limits on the filing of lawsuits; and offers protection against libel and slander lawsuits.
[If this provision were to allow clinicians to speak publicly about HIT flaws without legal retaliation or sham peer review, I'd be all for it - ed.]
“Many providers are reluctant to use electronic records because they believe the practice will make them more vulnerable to unnecessary legal action,” Marino said. [I think it's much more likely they are reluctant to use them due to the aforementioned hair-raising MAUDE reports and literature such as here, here and here - ed.] and “Every time a doctor or hospital chooses not to participate because of these fears, our seniors lose another provider. This protects access for seniors in the Medicare and Medicaid programs.”
Marino said HR3239 is a two-pronged attack against rising health care costs: It provides legal protection to providers while encouraging the use of health information technology which has been shown to reduce costs. [See above links on that issue - ed.]
“Best of all, passage of this bill would require no new spending,” Marino said. [Besides the hundreds of billions to be spent on the IT itself - ed.]

This sounds like a healthcare IT vendor marketing piece, with claims refuted repeatedly here at HC Renewal, usually via the biomedical literature. It's slick, purporting to "protect Medicare access" while actually promoting health IT sales.

Did Rep. Marino get snowed by the health IT lobby? (See "The Machinery Behind Healthcare Reform" in the Washington Post.)

A major question is:

What are the patients and their rights to redress for injuries that occur due to EHR's? Chopped liver?

Isn't this bill really saying that patients are experimental subjects with limited rights? In other words, that improving EHR's should be at the expense of the unfortunate patients treated under its auspices? That the computers have more rights than the patients?

That line of thinking about what in reality is unconsented medical experimentation (i.e., "First, let's experiment" as opposed to "First, do no harm") has led to some very dark places in medicine, and not just in ancient history (e.g., see "Bioethics panel blasts late U. Pittsburgh professor").

See this reading list for more on these issues. Also see the many other posts on this blog about health IT quality, usability, efficacy, risk (and that the levels of that risk are admittedly unknown), lack of informed consent, and other issues via query links such as here, here, here and here - and the hyperlinks within those lists of posts - to more fully understand this perspective.

The text of the proposed legislation is here. While not all bad, it raises a number of concerns.

Excerpts are as follows:

H. R. 3239

To provide certain legal safe harbors to Medicare and Medicaid providers who participate in the EHR meaningful use program or otherwise demonstrate use of certified health information technology.


    In any health care lawsuit against a covered entity that is related to an EHR-related adverse event, with respect to certified EHR technology used or provided by the covered entity, electronic discovery shall be limited to--

      [I'm not sure what "certification" has to do with litigation, since "certification" of health IT has nothing to do with safety or usability; see note below - ed.]

      (1) information that is related to [what does that mean? - ed.] such EHR-related adverse event; and
      (2) information from the period in which such EHR-related adverse event occurred.

      [eDiscovery related to EHR-related adverse events is already difficult, e.g., obtaining complete metadata. What these provisions would do is likely to increase the complications through legal maneuvers on terms such as"related to", "period" etc. - ed.]


    (a) General- For a covered entity described in section 2, the following protections apply:
        (A) GENERAL- A claimant may not commence a health care lawsuit against a covered entity on any date that is 3 years after the date of manifestation of injury or 1 year after the claimant discovers, or through the use of reasonable diligence should have discovered, the injury, whichever occurs first. This limitation shall be tolled to the extent that the claimant is able to prove--
          (i) fraud;
          (ii) intentional concealment; or
          (iii) the presence of a foreign body, which has no therapeutic or diagnostic purpose or effect, in the person of the injured person.
      ... (2) EQUITABLE ASSIGNMENT OF RESPONSIBILITY- In any health care lawsuit against a covered entity--
        (A) each party to the lawsuit other than the claimant that is such a covered entity shall be liable for that party's several share of any damages only and not for the share of any other person and such several share shall be in direct proportion to that party's proportion of responsibility for the injury, as determined under clause (iii);
        (B) whenever a judgment of liability is rendered as to any such party, a separate judgment shall be rendered against each such party for the amount allocated to such party [does that include the IT vendor? - ed.] ; and
        (C) for purposes of this paragraph, the trier of fact shall determine the proportion of responsibility of each such party for the claimant's harm.
      (3) SUBSEQUENT REMEDIAL MEASURES- Evidence of subsequent remedial measures to an EHR-related adverse event with respect to certified EHR technology used or provided by the covered entity (including changes to the certified EHR system, additional training requirements, or changes to standard operating procedures) by a covered entity shall not be admissible in health care lawsuits.

      [This in and of itself seems to give special accommodation to health IT, since remediation helps make the case for the presence of problems to begin with - ed.]
      (4) INCREASED BURDEN OF PROOF PROTECTION FOR COVERED ENTITIES- Punitive damages may, if otherwise permitted by applicable State or Federal law, be awarded against any covered entity in a health care lawsuit only if it is proven by clear and convincing evidence that such entity acted with reckless disregard for the health or safety of the claimant. In any such health care lawsuit where no judgment for compensatory damages is rendered against such entity, no punitive damages may be awarded with respect to the claim in such lawsuit.

      [Would that apply to a case such as this? Does it apply to the health IT vendors and their often cavalier software development and quality practices
      , if patients become injured, such as here, "A Study of an Enterprise Health Information System?" How about to this case, "A Lawsuit Over Healthcare IT Whistleblowing?" - ed.]

      (5) PROTECTION FROM LIBEL OR SLANDER- Covered entities and employees, agents and representatives of covered entities are immune from civil action for libel or slander arising from information or entries made in certified EHR technology and for the transfer of such information to another eligible provider, hospital or health information exchange, if the information, transfer of information, or entries were made in good faith and without malice.

      [Does that include defects reports? - ed.]

    From an ethical perspective, when you know a technology can be unsafe, but you don't know the levels of risk it creates, and the literature is conflicting on the benefits (prima facie evidence the technology is still experimental), you do not promote its wide-scale use in medicine and offer special accommodations to the technology's producers and users. Period. This is especially true without explicit patient informed consent and opportunity for opt-out. To promote such technology is not ethical.

    Note: I believe the misunderstanding of "certification" of health IT contributes to the problems with such proposals. "Certification" of HIT has little if anything to do with safety, reliability, usability, etc. (e.g,, see

    "Certification" of health IT is not validation of safety, usability, efficacy, etc., but a pre-flight checklist of features, interoperability, security and the like. The certifiers admit this explicitly. See the CCHIT web pages for example. ("CCHIT Certified®, an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security.")

    Health IT "certification" is not like Underwriters Laboratories (UL) certification of appliances. ("Independent, not-for-profit product safety testing and certification organization ... With more than a 116-year proven track record, UL has been defining safety from the public adoption of electricity to new breakthroughs that help protect our future. UL employees are committed to safeguarding people, places and products in new and innovative ways for today’s borderless world.")

    -- SS

    10/28/11 Addendum:

    This Representative seems to represent districts in Pennsylvania served by the Geisinger healthcare system, including Danville, PA where their main campus is located. His legislative assistant on healthcare represented Geisinger to me in a conversation today in glowing terms. However, I suggest that Geisinger does not have a perfect track record, e.g., see the post "A 'safe' technology? Factors contributing to an increase in duplicate medication order errors after CPOE implementation" and its reader comments and links.

    10/30/11 Addendum:

    It occurred to me that in the post "Is Healthcare IT a Solution to the Wrong Problem?" referencing a study published in the Nov. 25, 2010 New England Journal of Medicine entitled "Temporal Trends in Rates of Patient Harm Resulting from Medical Care" [Landrigan N Engl J Med 363;22] I pointed out that the abilities of health IT to "reduce medical error" may be significantly less than imagined.

    This is because most medical errors have little to do with record keeping, but instead with human factors. See the post at
    -- SS


    Anonymous said...

    Funny that a Republican is so worried about Medicare patients. There must be a catch.

    Yes, here it is. He is actually worried about the HIT vendors who have sold flawed and defective EHRs that have not come close to living up to their hype.

    Even at Geisinger, in his Pa. district, the CPOE devices endanger patients. It was from that medical center that there was recently a report indicating a remarkable increase in a particularly pervasive error (duplicate medications ordered for the same patient) due to these hyped CPOE devices.

    Anonymous said...

    "The bill -- called the Safeguarding Access for Every Medicare Patient Act -- would create a system for reporting potential medical errors that occur when using EHRs,.."

    To whom will the errors be reported, may I ask?

    Anonymous said...

    How pathetic. I laugh at the actions of this Rep in writing this House Bill. He obviously does not know that EMR cause errors and neglect like this:

    Sarasota Memorial facing federal review following ER mishap


    …The woman came to the emergency room around 9:45 a.m. on July 1, reporting pelvic pain and vaginal bleeding. The report refers to her as Patient #5; it does not identify the patient or any staff by name.
    Over the next eight hours, the woman lost both fetuses. Meanwhile, medical staff failed to promptly perform some necessary tests, including a six-hour delay in measuring the patient’s blood-sugar level, according to inspectors from the state Agency for Health Care Administration. They reviewed the case when they visited Sarasota Memorial on Aug. 8 and 10.

    InformaticsMD said...

    Anonymous October 29, 2011 2:53:00 PM EDT writes:

    He obviously does not know that EMR cause errors and neglect like this:

    From that article:

    ...During their visit, state inspectors reviewed that case and 10 others that involved patients admitted with vaginal bleeding. They found problems in eight cases, largely in nurses failing to document the patients’ blood loss and failing to record vital signs and other case information."

    This sounds like the effects of the types of distractions EHR's can cause, especially in very busy clinical environments, but the article does not specifically state EHR's were a cause of the problems.

    I do note the Sarasota Memorial wasn't interested in a formally-trained Medical Informatics specialist (me) ca. 1998, even though I was promoted by a relative of mine on staff there.

    Also, its non-medical CIO, Denis Baker, had this to say regarding physician leadership of HIT in an interview on the HIStalk blog here:

    ... "I think that physicians bring a certain aspect to the job, but I don’t think they necessarily know how a hospital works. I think they know how their practice works and how they interact with the hospital, but I don’t think they absolutely know what nursing does, or any of the ancillary departments, and what they do." - Denis Baker

    He seemingly doesn't know physicians spent a truly gargantuan amount of time in hospitals as 3rd and 4th year med students, interns, residents, and fellows, and get very used to how a hospital works.

    I have empirically observed that such paternalistic attitudes in IT leadership are a strong predictive factor for low quality, poorly usable HIT due to lack of clinician involvement or serious attention to their concerns.

    -- SS

    InformaticsMD said...

    Anonymous October 29, 2011 12:52:00 AM EDT writes:

    "The bill -- called the Safeguarding Access for Every Medicare Patient Act -- would create a system for reporting potential medical errors that occur when using EHRs,.."

    To whom will the errors be reported, may I ask?

    To /dev/null.

    Actually there already is a Federal agency that accepts reports of potential medical errors that occur when using EHRs.

    It's called "FDA."

    For Halloween, here's a sample of some hair-raising reports, which are merely the "tip of the iceberg" according to the head of FDA's CDRH, especially since they're voluntary and few know of the resource, the MAUDE database:

    MAUDE and HIT Risks: What in God's Name is Going on Here?

    -- SS

    InformaticsMD said...

    Re: Anonymous October 29, 2011 2:53:00 PM EDT and my comment of October 30, 2011 9:39:00 AM EDT:

    This passage about the ED problems at Sarasota Memorial Hospital are indeed consistent with the toxic effects of clinical IT, especially when designed or implemented poorly:

    From :

    “…In an interview with the Medical Director of the ECC ("Emergency Room")on August 10, 2011 at 11:50 am, it was shared that the clinical record had many ultrasound tests cancelled and then reordered an hour later thereby delaying any crucial test results. He reported that the irregularity for ultrasound testing was because the wrong tests were ordered (eg Transvaginal versus Obstetric) and the Radiology Department automatically cancelled the wrong test for ECC reorder. He did not offer any explanation as to why the ECC staff were ordering the inappropriate tests and were not updated on the correct tests to be ordered…”

    There were other problems as well.

    The CMS investigation report is no longer online.

    I've cached a copy of individual pages 1-18 at through

    Live IT or live with IT said...

    Hush up Scot, you are rockin the boat. I like grape koolaid best, I'm old school.

    InformaticsMD said...

    Live IT or live with IT said...

    Hush up Scot, you are rockin the boat. I like grape koolaid best, I'm old school.

    So did Jim Jones and his disciples...

    -- SS