Sunday, December 23, 2012

ONC's Christmas Confessional on Health IT Safety: "HIT Patient Safety Action & Surveillance Plan for Public Comment"

This time of year is certainly appropriate for a confessional on the health IT industry and hyperenthusiasts' sins.

In the first report I've seen that seems genuinely imbued with a  basic level of recognition of social responsibility incurred by conducting the grand human subjects experiment known as national health IT, ONC has issued a Dec. 21, 2012 report "Health Information Technology Patient Safety Action & Surveillance Plan for Public Comment." It is available at this link in PDF.

Statements are made that have appeared repeatedly since 2004 at this blog, and my health IT difficulties site that went online years before this blog (1998 to be exact); it is possible through my early writing and that of like-minded colleagues that we were the origin of most of these memes.  We wrote them with the result of bringing much scorn upon ourselves. After all, "how could health IT possibly not be a panacea?" was the "you are an apostate" attitude I certainly experienced (e.g., as in my Sept. 2012 post "The Dangers of Critical Thinking in A Politicized, Irrational Culture").

Observations echoed in the new ONC report:

  • "Just as health IT can create new opportunities to improve patient care and safety, it can also create new potentials for harm."
  • Health IT will only fulfill its enormous potential to improve patient safety if the risks associated with its use are identified, if there is a coordinated effort to mitigate those risks, and if it is used to make care safer.
  • Because health IT is so tightly integrated into care delivery today, it is difficult to interpret this initial research [such as the PA Patient Safety Authority study  - ed.], which would seem to suggest that health IT is a modest cause of medical errors. However, it is difficult to say whether a medical error is health IT-related. [Not emphasized, as I wrote here, is the issue of risk when, say, tens of thousands of prescriptions are erroneous due to one software bug, a feat impossible with paper - ed.]
  • The proper steps to improve the safety of health IT can only be taken if there is better information regarding health IT’s risks, harms, and impact on patient safety.

Suggested steps to be taken include:

  • Make it easier for clinicians to report patient safety events and risks using EHR technology.
  • Engage health IT developers to embrace their shared responsibility for patient safety and promote reporting of patient safety events and risks. [I am frankly amazed to see this admission.  In the past, that sector excused itself entirely on the basis of the "learned intermediary" doctrine and "hold harmless" clauses; where the clinician is an all-knowing Deity between computer and patient.  I've been writing for years, however, that the computer is now the intermediary between clinician and patient since all care 'transactions' have to traverse what is now an enterprise clinical resource and clinician control system - ed.]
  • Provide support to Patient Safety Organizations (PSOs) to identify, aggregate, and analyze health IT safety event and hazard reports.
  • Incorporate health IT safety in post-market surveillance of certified EHR technology
  • Align CMS health and safety standards with the safety of health IT, and train surveyors.
  • Collect data on health IT safety events through the Quality & Safety Review System (QSRS).
  • Monitor health IT adverse event reports to the Manufacturer and User Facility Device Experience (MAUDE) database. [I've been promoting the use of MAUDE for just that purpose, and much more regarding documenting and reporting on mission-hostile health IT; see this post - ed.]

These steps are to be taken in order to "Inspire Confidence and Trust in Health IT and Health Information Exchange."

The title of my keynote address to the Health Informatics Society of Australia this summer was, in fact, "Critical Thinking on Building Trusted, Transformative Medical Information:  Improving Health IT as the First Step".

My thoughts on this report:

  • It is at least two decades overdue.
  • It was produced largely if not solely due to the pressure of the "HIT apostates", finally overcoming industry memes and control of information flows through great perseverance.
  • It is indeed a confessional of the sins committed by the health IT industry over those decades.  Creating, implementing and maintaining mission critical software in a safety-cognizant way is not, and was not, a mystery.  It's been done in numerous industries for decades.
  • It is still a bit weak in acknowledging the likely magnitude of under-reporting of medical errors, including HIT-related, in the available data, and the issue of risk vs. 'confirmed body counts' as I wrote at my recent post "A Significant Additional Observation on the PA Patient Safety Authority Report -- Risk".
  • It is unfortunate that this report did not come from the informatics academic community in the United States, i.e., the American Medical Informatics Association (AMIA).  AMIA's academics have done well in advancing the theoretical aspects of the technologies, and how to create "good health IT" and not "bad health IT."  However, they have largely abrogated their social responsibilities and obligations, including but not limited to those of physicians, in ensuring the theories were followed in practice by an industry all too eager to ignore academic research (which, in order to follow, utilizes money and resources and reduces margins).
(On the latter point, just last week did the American College of Medical Informatics [ACMI] refuse to permit me to be a speaker at their early 2013 annual retreat despite support from some of its members.)

And this:

  • If the industry and the academics had been doing their job responsibly, I might be spending this Christmas and New Years's holiday with my mother, rather than visiting her in the cemetery.

All that said, the report is welcome.

Finally, it is hoped - and expected - that public comments will indeed be "public", and that any irregularities in such comments (such as appeared in the public comments period for MU2 due to industry ghostwriting as in my Aug. 2012 post "Health IT Vendor EPIC Caught Red-Handed: Ghostwriting And Using Customers as Stealth Lobbyists - Did ONC Ignore This?" and Sept. 2012 post "Was EPIC successful in watering down the Meaningful Use Stage 2 Final Rule?") will be reported and acted upon in an aggressive manner.

And finally, from the Healthcare Renewal blog, Merry Christmas.

-- SS


Anonymous said...

I like the part about the "code of conduct" for vendors. Does that mean they will stop ignoring the complaints of the users? Does that mean they will stop filling the coffers of the Congress with greenbacks?

And, how about a code of conduct for the ONC? Will it stop being a cheerleader for HIT devices that have no proven safety and efficacy? Will it stop pontificating on the "enormous potential" of the HIT experiments? Where are the improve outcomes, actually?

Overall, this report is too little and too late. It is a dilute attempt to make amends for the years it blew off the research and opinions of Drs. Ross Koppel, Richard Cook, Al Borges, Scott Monteith, and Scot Silverstein, to name a few.

The influence of the EHRA and HIMSS is obvious in the ONC's ongoing pandering to the industry.

The FDA has the machinery in place to properly vet the devices and to provide after market surveillance. Why is this important safety body merely paid lip service?

Just wondering.

Trevor3130 said...

Thanks for this, Scot. I have scanned the document, and find that 'trust' appears once, only. Yet, as you say, when the trust relationship between clinician & patient-client is broken by interposition of a data-collection machine, who knows what happens to 'trust'?
The document notes But just as paper records can be incomplete, inaccurate, and inaccessible, so can electronic records, compromising their safe use.
Does this mean that any health record can be complete? My medical education taught me to enquire into social & family details. Yet, within the niche where I consult with client-patients at the fag end of a fractured career, I do not ask questions unless there is a specific need to do so. That's all part of 'trust', in my case, that I do not probe into awkward, painful, even criminal, scenarios.
That quote also belies a critical element of trust within health care, that patient-clients trust the individual practitioner, or the System, to keep their records for them. That is, individuals who keep their own records are rare creatures.
However, I do wonder about the thrust of the communication. Does it suggest that software is able to accomplish all that's needed to satisfy everyone's expectations? Yes, that may be possible, but what happens in the code-cutting room? It soon becomes apparent that some auditing & cross-checking creates a prohibitive overburden of computer power. Who, then, decides to "economise" and leave out some bits? I fear that is the point when the game may be lost, by being given over to those who are farthest removed from that implicit "trust" relationship in clinical practice.

Anonymous said...

ONC will monitor MAUDE of the FDA. Since when has the ONC become another FDA? What does ONC know about safety, exactly? It was never concerned about the flaws, defects, and crashes of the devices it cheers and promotes.

Where is the protection for the users who blow the whistle? Will they be subject to sham peer review by a hospital that has contracts with the vendor to provide R and D for the device?

How did Blumenthal depreciate those who tried to put the dangers of HIT devices under consideration? He wrote that he and his policy wonks had investigated FDA reports and found nothing of concern, just anecdotes.

This report is awfully weak, ignoring the key points made by the IOM. By directing many organizations to be involved, no one will be accountable.

I have seen the slipshod work of DOH nurses performing CMS investigations. They have not the foggiest idea as to how to find the errors from CPOE systems that kill patients.

He and Tavenner wrote in the NEJM of the thousands of doctors who found benefit from EHRs.

Anonymous said...

The report ignores how to remedy the code defects in the devices that ONC describes. None of the organizations that ONC declares to have responsibility have the capability or jurisdiction to recall the defective device.

Mistakes are a way of life in the wired medical world. Hospital admin blames the users, always. The amateur IT teams are never wrong nor is the device defective.

Then, there are the other daily screw-ups. Printers will not print, pacs images do not appear on the screen, crashes of the entire hospitals' EHR devices, idiosyncratic descriptions suc that key therapies can not be ordered, etc.

The program described is a euphemism for safety.

Anonymous said...

The safety of HIT devices has been questioned for many years. The same devices failed in the UK.

Outcomes from care run by EHRs have not improved in the USA despite $ billions being spent and diverted from real patient care, like medications.

This report deceives. It comingles patient safety in general with the lack of safety of the devices that ONC and the US Government are forcing hospitals, doctors, and nurses to use.

Is that any way to run an experiment?

HHS and ONC also fail to provide a central clearinghouse for complaints, which basically implies that nothing has changed. The wealthy HIT vendors and their trade group HIM$$ rules.

Who wrote this report, anyway? Is that a secret?

Live IT or live with IT said...

lol @ code of conduct for vendors. I am sure they'd find a way to make money on pledging themselves to something to eliminate the vendors who don't. My bet is those that make the pledge are even fouler than the ones who don't.

Anonymous said...

The plan is a vindication of your work.

Too bad it is inferior and insufficient by design and will not move the safety needle considering the risks of these systems.

Anonymous said...

Who is in charge and what authority is vested there to protect the patients from harm? Could it be the same folks who have been the HIT cheerleaders since the Bush Executive Order of 2004? Other than the confession that you are right, and have been for years, this plan is lipstick on a pig.

Anonymous said...

What do I do? Is this safe?
Medicare has already cut my fees for providing care. I am working Christmas day. The system wastes my time, depriving patients of timely care. A patient's condition has detriorated with respiratory failure. It is urgent that treatment be altered. It took 1.5 minutes just to log on to the EMR computer. Subsequent to reviewing and evaluating blud lab test results and medications, I clicked to see the chest radiograph.

First, the image of another patient appeared on the screen and then disappeared. That radiograph showed pulmonary edema. Alas, it was not the critically ill patient in question.

Finally, after much shucking, jiving, and shimmering, the screen lit up with today's radiograph of the critically ill patient. I wanted to compare it to the prior radiograph. The system froze. No matter what I clicked, that image was locked in place, partially covered by a menu of prior studies.

The circumstances required that I log on to another EMR tdrminal, but, because of HIPAA and my need to keep others from accessing data from my sign on, I had to wait more than 2 minutes for the first EMR computer to shut down, after clicking the appropriate icon.

Dear @Farzad_onc (Mostashavy), to whom do I complain to about this ongoing putrid care environment,exactly?

Anonymous said...

It is mind blowingly negligent that there was no plan in place to assess (and take action to address) the unintended consequences of health IT before the launch of HITECH.

And here we are years down the road and all that ONC can muster is this pile of gibberish and hand-waving.

Live IT or live with IT said...

Talk to the hand, talk to the hand.