What medical devices are shielded from liability?
Are there other examples of legislation seeking legal protections for wide-scale use of medical devices that even the device's trade group leadership admits are not ready, and are experimental?
Here we have a proposal from a member of the U.S. Congress to shield health IT software, a medical device (per FDA's Director of CDRH - the Center for Device and Radiological Health and others), and its users from liability through an apparently unique special accommodation.
This from iHealthBeat.org:
Thursday, October 27, 2011HR 3239) that would create certain legal protections for Medicare and Medicaid providers who have implemented electronic health record systems, the Wilkes-Barre Times Leader reports.
The bill -- called the Safeguarding Access for Every Medicare Patient Act -- would create a system for reporting potential medical errors that occur when using EHRs, but it would not allow such information to be used as legal admission of wrongdoing.
The bill would cover certain physicians and hospitals that serve Medicare and Medicaid beneficiaries. It also would cover participants and users of health information exchanges.
Marino, who is a member of the House Judiciary Committee, said that offering the new legal protections to health care providers would promote greater use of EHRs and encourage Medicare and Medicaid providers to continue serving beneficiaries. [As if they could not do so without EHR's? - ed.]
He said, "Many providers are reluctant to use [EHRs] because they believe the practice will make them more vulnerable to unnecessary legal action," [unnecessary? How about real and necessary, as per the White Paper Do EHR's Increase Liability? - ed] adding, "This [bill] protects access for seniors in the Medicare and Medicaid programs" (Riskind, Wilkes-Barre Times Leader, 10/27).
From Rep. Marino's website (my comments are in [bracketed red italics]):
Marino Introduces Safeguarding Access For Every Medicare Patient ActFOR IMMEDIATE RELEASEWASHINGTON -- U.S. Rep. Tom Marino, PA-10, has introduced legislation that offers limited legal protection to Medicare and Medicaid providers who use electronic records. [Which, I fear, could effectively act as, or mutate into, absolute protection in the environs of the legal system - ed.]
Oct. 26, 2011
HR3239, the Safeguarding Access For Every Medicare Patient Act, would ensure patient access to Medicare and Medicaid providers; reduce health care costs [really? That's not what Wharton and others write - ed.]; guarantee incentives to providers to remain in the Medicare and Medicaid programs; and promote participation in health information technology.
Providers will eventually be required to participate in electronic recordkeeping or face a reduction in payments.
Marino said the bill offers incentive in the form of legal protection to providers who may be reluctant to remain in the Medicare and Medicaid programs due to low reimbursement rates which are constantly being targeted for further reductions.
[I imagine the known risks of health IT such as these at "MAUDE and HIT Risks: What in God's Name is Going on Here?" are a minor consideration if you receive legal immunity - ed.]
HR3239 would create a system for reporting potential errors that occur when using electronic records without the threat of that information being used as an admission of guilt. [Even if the physician or nurse is guilty of EHR-caused or aggravated, i.e., "use error" per NIST, malpractice - ed.]
It also prevents electronic records from being used as an easy source for “fishing expeditions,’’ [like this case, this case, this case and this case where patients died? - ed.] while making sure that parties responsible for errors are held accountable [how? -ed].
The proposal allows for providers who use electronic records to take remedial measures without having those actions be used to establish guilt [even though remediation may be very relevant to malpractice, patient injury and death prior to the remediation, and the remediation is informed by the error - ed.]; places time limits on the filing of lawsuits; and offers protection against libel and slander lawsuits.
[If this provision were to allow clinicians to speak publicly about HIT flaws without legal retaliation or sham peer review, I'd be all for it - ed.]
“Many providers are reluctant to use electronic records because they believe the practice will make them more vulnerable to unnecessary legal action,” Marino said. [I think it's much more likely they are reluctant to use them due to the aforementioned hair-raising MAUDE reports and literature such as here, here and here - ed.] and “Every time a doctor or hospital chooses not to participate because of these fears, our seniors lose another provider. This protects access for seniors in the Medicare and Medicaid programs.”
Marino said HR3239 is a two-pronged attack against rising health care costs: It provides legal protection to providers while encouraging the use of health information technology which has been shown to reduce costs. [See above links on that issue - ed.]
“Best of all, passage of this bill would require no new spending,” Marino said. [Besides the hundreds of billions to be spent on the IT itself - ed.]
This sounds like a healthcare IT vendor marketing piece, with claims refuted repeatedly here at HC Renewal, usually via the biomedical literature. It's slick, purporting to "protect Medicare access" while actually promoting health IT sales.
Did Rep. Marino get snowed by the health IT lobby? (See "The Machinery Behind Healthcare Reform" in the Washington Post.)
A major question is:
What are the patients and their rights to redress for injuries that occur due to EHR's? Chopped liver?
Isn't this bill really saying that patients are experimental subjects with limited rights? In other words, that improving EHR's should be at the expense of the unfortunate patients treated under its auspices? That the computers have more rights than the patients?
That line of thinking about what in reality is unconsented medical experimentation (i.e., "First, let's experiment" as opposed to "First, do no harm") has led to some very dark places in medicine, and not just in ancient history (e.g., see "Bioethics panel blasts late U. Pittsburgh professor").
See this reading list for more on these issues. Also see the many other posts on this blog about health IT quality, usability, efficacy, risk (and that the levels of that risk are admittedly unknown), lack of informed consent, and other issues via query links such as here, here, here and here - and the hyperlinks within those lists of posts - to more fully understand this perspective.
The text of the proposed legislation is here. While not all bad, it raises a number of concerns.
Excerpts are as follows:
H. R. 3239
To provide certain legal safe harbors to Medicare and Medicaid providers who participate in the EHR meaningful use program or otherwise demonstrate use of certified health information technology.
... SEC. 4. RULES RELATING TO E-DISCOVERY.
In any health care lawsuit against a covered entity that is related to an EHR-related adverse event, with respect to certified EHR technology used or provided by the covered entity, electronic discovery shall be limited to--
[I'm not sure what "certification" has to do with litigation, since "certification" of health IT has nothing to do with safety or usability; see note below - ed.]
(1) information that is related to [what does that mean? - ed.] such EHR-related adverse event; and
(2) information from the period in which such EHR-related adverse event occurred.
[eDiscovery related to EHR-related adverse events is already difficult, e.g., obtaining complete metadata. What these provisions would do is likely to increase the complications through legal maneuvers on terms such as"related to", "period" etc. - ed.]
SEC. 5. LEGAL PROTECTIONS FOR COVERED ENTITIES.
(a) General- For a covered entity described in section 2, the following protections apply:
(1) ENCOURAGING SPEEDY RESOLUTION OF CLAIMS-
(A) GENERAL- A claimant may not commence a health care lawsuit against a covered entity on any date that is 3 years after the date of manifestation of injury or 1 year after the claimant discovers, or through the use of reasonable diligence should have discovered, the injury, whichever occurs first. This limitation shall be tolled to the extent that the claimant is able to prove--
(ii) intentional concealment; or
(iii) the presence of a foreign body, which has no therapeutic or diagnostic purpose or effect, in the person of the injured person.
... (2) EQUITABLE ASSIGNMENT OF RESPONSIBILITY- In any health care lawsuit against a covered entity--
(A) each party to the lawsuit other than the claimant that is such a covered entity shall be liable for that party's several share of any damages only and not for the share of any other person and such several share shall be in direct proportion to that party's proportion of responsibility for the injury, as determined under clause (iii);
(B) whenever a judgment of liability is rendered as to any such party, a separate judgment shall be rendered against each such party for the amount allocated to such party [does that include the IT vendor? - ed.] ; and
(C) for purposes of this paragraph, the trier of fact shall determine the proportion of responsibility of each such party for the claimant's harm.
(3) SUBSEQUENT REMEDIAL MEASURES- Evidence of subsequent remedial measures to an EHR-related adverse event with respect to certified EHR technology used or provided by the covered entity (including changes to the certified EHR system, additional training requirements, or changes to standard operating procedures) by a covered entity shall not be admissible in health care lawsuits.
[This in and of itself seems to give special accommodation to health IT, since remediation helps make the case for the presence of problems to begin with - ed.]
(4) INCREASED BURDEN OF PROOF PROTECTION FOR COVERED ENTITIES- Punitive damages may, if otherwise permitted by applicable State or Federal law, be awarded against any covered entity in a health care lawsuit only if it is proven by clear and convincing evidence that such entity acted with reckless disregard for the health or safety of the claimant. In any such health care lawsuit where no judgment for compensatory damages is rendered against such entity, no punitive damages may be awarded with respect to the claim in such lawsuit.
[Would that apply to a case such as this? Does it apply to the health IT vendors and their often cavalier software development and quality practices, if patients become injured, such as here, "A Study of an Enterprise Health Information System?" How about to this case, "A Lawsuit Over Healthcare IT Whistleblowing?" - ed.]
(5) PROTECTION FROM LIBEL OR SLANDER- Covered entities and employees, agents and representatives of covered entities are immune from civil action for libel or slander arising from information or entries made in certified EHR technology and for the transfer of such information to another eligible provider, hospital or health information exchange, if the information, transfer of information, or entries were made in good faith and without malice.
[Does that include defects reports? - ed.]
From an ethical perspective, when you know a technology can be unsafe, but you don't know the levels of risk it creates, and the literature is conflicting on the benefits (prima facie evidence the technology is still experimental), you do not promote its wide-scale use in medicine and offer special accommodations to the technology's producers and users. Period. This is especially true without explicit patient informed consent and opportunity for opt-out. To promote such technology is not ethical.
Note: I believe the misunderstanding of "certification" of health IT contributes to the problems with such proposals. "Certification" of HIT has little if anything to do with safety, reliability, usability, etc. (e.g,, see http://hcrenewal.blogspot.com/2010/03/on-oncs-proposed-establishment-of.html).
"Certification" of health IT is not validation of safety, usability, efficacy, etc., but a pre-flight checklist of features, interoperability, security and the like. The certifiers admit this explicitly. See the CCHIT web pages for example. ("CCHIT Certified®, an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security.")
Health IT "certification" is not like Underwriters Laboratories (UL) certification of appliances. ("Independent, not-for-profit product safety testing and certification organization ... With more than a 116-year proven track record, UL has been defining safety from the public adoption of electricity to new breakthroughs that help protect our future. UL employees are committed to safeguarding people, places and products in new and innovative ways for today’s borderless world.")
This Representative seems to represent districts in Pennsylvania served by the Geisinger healthcare system, including Danville, PA where their main campus is located. His legislative assistant on healthcare represented Geisinger to me in a conversation today in glowing terms. However, I suggest that Geisinger does not have a perfect track record, e.g., see the post "A 'safe' technology? Factors contributing to an increase in duplicate medication order errors after CPOE implementation" and its reader comments and links.
It occurred to me that in the post "Is Healthcare IT a Solution to the Wrong Problem?" referencing a study published in the Nov. 25, 2010 New England Journal of Medicine entitled "Temporal Trends in Rates of Patient Harm Resulting from Medical Care" [Landrigan N Engl J Med 363;22] I pointed out that the abilities of health IT to "reduce medical error" may be significantly less than imagined.
This is because most medical errors have little to do with record keeping, but instead with human factors. See the post at http://hcrenewal.blogspot.com/2010/12/is-healthcare-it-solution-to-wrong.html.