ads

,
HomePosts filed under healthcare IT safety
Showing posts with label healthcare IT safety. Show all posts
Showing posts with label healthcare IT safety. Show all posts

Challenging the meme that [yes, there are all these drastic flaws and problems - BUT] ... EHRs improve patient safety

One of the most persistent memes in healthcare IT is that, for all their deficits, bugs, flaws, interferences in care, and so forth, these systems "improve patient safety."

I find the meme remarkable.

37 medical societies can issue a complaint letter about how EHR systems interfere in care and pose patient risk (http://hcrenewal.blogspot.com/2015/01/meaningful-use-not-so-meaningul.html).  The Joint Commission can issue a detailed Sentinel Event Alert outlining the myriad ways that these systems "introduce new kinds of risks into an already complex health care environment where both technical and social factors must be considered" (http://www.jointcommission.org/assets/1/18/SEA_54.pdf).

ECRI Institute can, year-after-year, report health IT as among the top ten technology risks in healthcare (2015 list at https://www.ecri.org/press/Pages/ECRI-Institute-Announces-Top-10-Health-Technology-Hazards-for-2015.aspx).

This writer can casually aggregate quite a few examples of EHR flaws, risks and harms without really trying very hard (http://hcrenewal.blogspot.com/search/label/glitch).  Some of these include incidents where EHR flaws could have or did affect thousands, a feat nearly impossible with paper (http://hcrenewal.blogspot.com/2011/11/lifespan-rhode-island-yet-another.html).

Outages that make all records unavailable can occur with regularity (e.g., http://hcrenewal.blogspot.com/2015/05/another-day-another-ehr-outage-medstar.html).

The ECRI Institute in its "Deep Dive" analysis can gather voluntary reports of 171 IT mishaps in just 9 weeks from 36 hospitals capable of causing harm, with 8 injuries and 3 possible deaths resulting (http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html).

Medical malpractice insurers can reveal an increasing number of medical malpractice cases (and injury) involve EHRs (e.g., http://hcrenewal.blogspot.com/2014/02/patient-safety-quality-healthcare.html, also http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=norcal, also http://www.msms.org/AboutMSMS/News/tabid/178/ID/2595/System-Dangers-How-EHRs-Can-Contribute-to-Medical-Malpractice-Claims.aspx).

Yet, the "BUT" phrase seems to reliably appear in articles about these flaws:

"BUT" EHRs improve safety.

Of course the comparator in such statements is the paper record.

For instance, in the June 11, 2015 Politico report "Why Health Care IT Is Still on Life Support" (http://www.politico.com/magazine/story/2015/06/electronic-medical-records-doctors-118881.html), Arthur Allen sums up the problems very well such as:

  • In surveys, doctors describe the EHR as the biggest cause of job burnout—worse than long hours, billing and other nuisances.  [Burnout is not exactly contributory to patient safety - ed.]
  • One frequent complaint is mental strain.
  • The doctors can’t tell one patient from another in the absence of idiosyncratic impressions. The memorable rash or symptom a patient reported is buried in screen after screen of seemingly trivial data [what I've called "legible gibberish" on this blog - ed.] In an ER or ICU, with time of the essence, this can become a critical safety problem.
  • EHRs are inevitably listed among the 10 top safety concerns for doctors because they introduce new kinds of errors.
  • “All the clicking saps intellectual power and concentration and blocks normal conversation."
  •  “The computerization of medicine will surely be that long-awaited ‘disruptive innovation,’” but “today it’s often just plain disruptive: of the doctor-patient relationship, of clinicians’ professional interactions and work flow, and of the way we measure and try to improve things.”

Yet with all of the above, the following familiar claim is made about these systems:

  • Overall, EHRs are probably improving patient safety—they have replaced illegible medical scrawl with typing, for instance.

At least the word "probably" was used.  Not to single out this article, as the refrain seems commonplace.

I opine in any case that the advantages of occasional handwriting illegibility problem resolved by EHRs are quite thoroughly nullified by critical data being "buried in screen after screen of seemingly trivial data" and other information-clouding issues related to EHR outputs.  See for instance "Two weeks, two reams" at http://hcrenewal.blogspot.com/2011/02/electronic-medical-records-two-weeks.html.

(Missing in this report, like most others on EHR problems such as the May 2015 American College of Physicians report "Frustrations with EHRs rampant as development slows" (http://www.acpinternist.org/archives/2015/05/EHRs.htm) are mentions of patient harm and deaths.  That topic seems verboten.)

In view of all the above, let me state this clearly:

With the increasing amount of knowledge about the flaws of these systems, coupled with the reports of harms in an environment where our top medical organizations and officials admit that the true rate of harms cannot be known due to inadequate reporting infrastructure, policies, and procedures (see http://hcrenewal.blogspot.com/2014/04/fda-on-health-it-risk-reckless-or.html), my belief is that these systems in their present form do not improve patient safety.

My belief is that these systems as they are today decrease patient safety, perhaps markedly, over a reasonably-staffed clinician paper records system. 

To take the enthusiast view is to ignore all of the above.  

For instance, extrapolating the ECRI Deep Dive figures alone is alarming, and to date I have not seen any arguments whatsoever as to why those figures should not be extrapolated.

The situation is only to become worse as more and more hospitals without strong internal expertise increase the complexity of the in-house clinical information systems.

The line that "EHRs increase patient safety" in view of all the problems that are now apparent even to the most hyper-enthusiastic EHR pundit is, I believe, wishful thinking run amok.

Such statements defy common sense.

The need for a very robust reporting mandate on EHR-related close calls and actual harms sorely needed.

It is the only way to know for sure whether we've moved from the occasional paper record-related mishap to a more pervasive EHR-confusion related medical misadventure circus.

Unfortunately, I don't see such mandatory reporting taking place any time soon.  A "health IT safety center" without regulatory authority and receiving HIT mishap reports on a 'voluntary' basis is favored by the industry and its government sponsors (see http://hcrenewal.blogspot.com/2014/07/new-onc-director-karen-de-salvo-no.html).  A safety center will quite likely be "safely" ignored by the sellers and users of the systems, when it suits their financial interests (which is nearly always).  It is a band-aid solution to a very serious problem.

It seems apparent to me, considering all these problems, that health IT incentives should stop.  Further, new EHR rollouts need to be put on hold until this technology is more thoroughly vetted.  Until then, harms and deaths of patients are in part the fault of those who knew, should have known, or should have made it their business to know of the risks of bad health IT.

-- SS
11:10 AM

ONC on healthcare IT and patient rights: These systems "have to be rolled out to know where the problems lie"

An anonymous commenter to my blog post about the USA Today article on bad health IT (http://hcrenewal.blogspot.com/2015/02/former-onc-director-david-blumenthal.html) noted this, that I myself missed:

Anonymous said...

Gettinger's comment is stunning, especially coming from a director of safety and quality for HHS' Office of the National Commissioner for Health Information Technology:

 "You don't just plunk down EHRs and everyone's happy. You use an incremental kind of approach (and) that takes time, that takes energy and that takes effort," he says, adding that they have to be rolled out to know where the problems lie.

February 1, 2015 at 9:17:00 PM EST Delete

(Writing of ONC's Acting Director Andrew Gettinger MD, Office of Clinical Quality and Safety, http://www.healthit.gov/newsroom/andrew-gettinger-md.)

If quoted accurately, that's likely the end of the line for me regarding ONC and any concerns about patients' rights.  Patients are to be used as live subjects to debug software.

That is advocating human subjects experimentation without informed consent with a technology known to cause increased risk, harm and death, and there's nothing to debate there.  This statement would be perhaps appropriate for someone writing about animal experimentation. 

My own mother's dead, in fact, from that type of attitude.

Gettinger's statement will serve as the cover slide to my upcoming legal presentations to American Association for Justice state chapters and at the AAJ national meeting later this year, as well as to the Association of Health Care Journalists (AHCJ), to which I've been invited to speak.

-- SS
8:28 PM

"Meaningful Use" not so meaningul: Multiple medical specialty societies now go on record about hazards of EHR misdirection, mismanagement and sloppy hospital computing

The "Meaningful Use" program for EHRs is a mismanaged boondoggle causing critical issues of patient safety, EHR usability, etc. to be sidestepped.

This is on top of the unregulated U.S. boondoggle which should probably be called "the National Programme for IT in the HHS" - in recognition of the now-defunct multi-billion-pound debacle known as the National Programme for IT in the NHS (NPfIT), see my Sept. 2011 post "NPfIT Programme goes PfffT" at http://hcrenewal.blogspot.com/2011/09/npfit-programme-going-pffft.html.

The complaints are not just coming from me now.

As of January 21, 2015 in a letter to HHS at: http://mb.cision.com/Public/373/9710840/9053557230dbb768.pdf, they are now coming from the:

American Medical Association
AMDA – The Society for Post-Acute and Long-Term Care Medicine
American Academy of Allergy, Asthma and Immunology
American Academy of Dermatology Association
American Academy of Facial Plastic
American Academy of Family Physicians
American Academy of Home Care Medicine American Academy of Neurology
American Academy of Ophthalmology
American Academy of Otolaryngology—Head and Neck Surgery
American Academy of Physical Medicine and Rehabilitation
American Association of Clinical Endocrinologists
American Association of Neurological Surgeons
American Association of Orthopaedic Surgeons
American College of Allergy, Asthma and Immunology
American College of Emergency Physicians
American College of Osteopathic Surgeons
American College of Physicians
American College of Surgeons
American Congress of Obstetricians and Gynecologists
American Osteopathic Association
American Society for Radiology and Oncology
American Society of Anesthesiologists
American Society of Cataract and Refractive Surgery and Reconstructive Surgery
American Society of Clinical Oncology
American Society of Nephrology
College of Healthcare Information Management Executives
Congress of Neurological Surgeons
Heart Rhythm Society
Joint Council on Allergy, Asthma and Immunology
Medical Group Management Association
National Association of Spine Specialists
Renal Physicians Association
Society for Cardiovascular Angiography and Interventions
Society for Vascular Surgery


In the letter to Karen B. DeSalvo, National Coordinator for Health Information Technology at HHS, these organizations observe:

Dear Dr. DeSalvo:

The undersigned organizations are writing to elevate our concern about the current trajectory of the certification of electronic health records (EHRs). Among physicians there are documented challenges and growing frustration with the way EHRs are performing. Many physicians find these systems cumbersome, do not meet their workflow needs, decrease efficiency, and have limited, if any, interoperability.

Of course, my attitude is that we need basic operability before the wickedly difficult to accomplish and far less useful (to patients) interoperability. 
 
... Most importantly, certified EHR technology (CEHRT) can present safety concerns for patients. We believe there is an urgent need to change the current certification program to better align end-to-end testing to focus on EHR usability, interoperability, and safety.

Let me state what they're saying more clearly:

"This technology in its present state is putting patients at risk, harming them, and even killing them, is making practice of medicine more difficult, is putting clinicians at liability risk, and the 'certification' program is a joke."

... We understand from discussions with the Office of the National Coordinator for Health Information Technology (ONC) that there is an interest in improving the current certification program. For the reasons outlined in detail below, we strongly recommend the following changes to EHR certification:

1. Decouple EHR certification from the Meaningful Use program;
2. Re-consider alternative software testing methods;
3. Establish greater transparency and uniformity on UCD testing and process results;
4. Incorporate exception handling into EHR certification;
5. Develop C-CDA guidance and tests to support exchange;
6. Seek further stakeholder feedback; and
7. Increase education on EHR implementation.

Patient Safety
Ensuring patient safety is a joint responsibility between the physician and technology vendor and requires appropriate safety measures at each stage of development and implementation.

I would argue that it's the technologists who have butted into clinical affairs with aid from their government friends, thus the brunt of the ill effects of bad health IT should fall on them.  However, when technology-related medical misadventures occur, it's the physicians who get sued.

... While training is a key factor, the safe use of any tool originates from its inherent design and the iterative testing processes used to identify issues and safety concerns. Ultimately, physicians must have confidence in the devices used in their practices to manage patient care. Developers must also have the resources and necessary time to focus on developing safe, functional, and useable systems.

Right now, those design and testing processes compare to those in other mission-critical sectors employing IT quite poorly.

Considering fundamental stunningly-poor software quality that I've observed personally, such as lack of appropriate confirmation dialogs and notification messages supporting teamwork, lack of date constraint checking (see my report to FDA MAUDE at http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/detail.cfm?mdrfoi__id=1729552 and many others at http://hcrenewal.blogspot.com/2011/01/maude-and-hit-risk-mother-mary-what-in.html), and other fundamentals, I would say grade schoolers could probably have done a better job of safety testing than the vendors and IT amateur-implementers of the major systems I observed did. 

... Unfortunately, we believe the Meaningful Use (MU) certification requirements are contributing to EHR system problems, and we are worried about the downstream effects on patient safety.

In other words, computers and the government thirst for data do not have more rights than patients.  In the current state of affairs, as I have observed prior, computers do seem to have more rights than patients and the clinicians who must increasingly use them.

... Physician informaticists and vendors have reported to us that MU certification has become the priority in health information technology (health IT) design at the expense of meeting physician customers’ needs, patient safety, and product innovation. We are also concerned with the lack of oversight ONC places on authorized testing and certification bodies (ATCB) for ensuring testing procedures and standards are adequate to secure and protect electronic patient information contained in EHRs.

Not just security, but patient safety also.  See for example my Feb. 2012 post "Hospitals and Doctors Use Health IT at Their Own Risk - Even if 'Certified'" at http://hcrenewal.blogspot.com/2012/02/hospitals-and-doctors-use-health-it-at.html.

Read the entire letter at http://mb.cision.com/Public/373/9710840/9053557230dbb768.pdf.

Sadly, while on the right track regarding the problems of bad health IT, the societies take a Milquetoast approach to correction:

... In May 2014, stakeholders representing accredited certification bodies and testing laboratories (ACB & ATL), EHR vendors, physicians, and health care organizations provided feedback to ONC on the complexities of the current certification system. Two main takeaways from these comments were for ONC to host a multi-stakeholder Kaizen event and to prioritize security, quality measures, and interoperability in the EHR certification criteria. We strongly support both of these ideas...

A multi-stakeholder "Kaizen event'?  (http://en.wikipedia.org/wiki/Kaizen)

That's one recommendation I find disappointing.  The industry plays hard politics, and organized medicine wants to play touchy-feely "good change" management mysticism with that industry and their government apparatchiks.  That's how organized medicine wants patients and the integrity of the medical profession to be protected from the dysfunctional health IT ecosystem (see http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=ecosystem)?  

When I originally created my old website called "Medical informatics and leadership of clinical computing" back in 1998, Kaizen events were not exactly what I had in mind.

Finally, the American Medical Informatics Association (http://www.amia.org) was apparently not informed of this letter, nor did it participate in its drafting.  While this is regrettable, as the organization is the best reservoir of true Healthcare Informatics expertise, I opined to that group that this may have been due to the organization's tepid response to bad health IT and to industry control of the narrative, and the problems these issues have caused for physicians and other clinicians. The lack of AMIA leadership regarding bad health IT is an issue I've been pointing out since the late 1990s. AMIA has been largely a non-critical HIT promoter.  That stance has contributed to the need for this multiple-medical specialty society letter in the first place.

Parenthetically, and for a touch of humor about an otherwise drab topic: Here's an example of how management mysticism plays out in pharma.

It's meant to be satirical, but captures reality all too well, in fact scarily so at times:


Management mysticism and muddled thinking.  See https://www.youtube.com/watch?v=kwVjftMMCIE

In pharma, as well as in hospital IT in my days as CMIO, gibberish like this was real.  I imagine it's no different in many hospital management suites these days.

-- SS

1/28/2015  Addendum:

Per a colleague:

FierceHealthIT (1/28) reports, “It’s time for the American Medical Association and more than 30 other organizations urging change in the electronic health record certification process to be part of the solution, former Deputy National Coordinator for Health IT Jacob Reider said in a blog post.” Reider said, “So far, I don’t see much [any?] engagement from the AMA or the others who signed the letter. It’s relatively easy to write a letter saying someone else is responsible for solving problems. Time to step up to the plate and participate in the solutions, folks!"

Regarding the victims of compelled use of bad health IT, this erstwhile health IT leader opines "It's relatively easy to write a letter saying someone else is responsible for solving problems?"

That is simply perverse.

I ask: why are we in the midst of a now-compelled national rollout with Medicare penalties for non-adopters when a former government official once responsible for the technology remarks that it's apparently not the makers' problem and that it's "time to step up to the plate and participate in the solutions, folks [a.k.a. end users]!"

(One wonders if Reider believes those who step up to the plate are entitled to fair compensation for their aid to an industry not exactly known for giving its products away, free.)

It seems to me it's not up to (forced) customers to find solutions to vendor product problems, some deadly.

It's the responsibility of the sellers.

Put more bluntly, Reider's statement is risible and insulting.

I've already opined the following to the AMA contact at the bottom of the letter:

... Relatively milquetoast approaches such as multi-stakeholder Kaizens are not what I had in mind ... A more powerful stance would be to advise society members to begin to avoid conversion, report on bad health IT, and even boycott bad health IT until substantive changes are realized in this industry.

That's "stepping up to the plate" to protect patients, in a very powerful way.

-- SS
6:02 AM

InformaticsMD in Podcast by Neil Versel

Neil Versel is a journalist specializing in health IT, mobile health, patient safety, quality of care and the business of healthcare.  He is a prolific writer of the web site Meaningful HIT News and others (http://www.informationweek.com/author-bio.asp?author_id=690).

He interviewed me recently for a podcast on health IT safety.

The podcast can be accessed here:  http://www.meaningfulhitnews.com/2014/10/20/podcast-scot-silverstein-talks-health-it-safety-risks/

Readers of this blog will recognize many familiar themes.


1:10 How this interest came about
3:05 His blogging
3:45 His 11 points demonstrating why he believes the FDA should be concerned about health IT risks
5:00 IOM, FDA and ECRI Institute statements on health IT safety
5:50 Comparing EHRs to medical devices and pharmaceuticals
8:35 Lack of safety testing in health IT
9:25 Issues with EHR certification
10:00 Safety validation of software
10:35 EHR’s role in Texas Health Presbyterian Hospital’s initial discharge of Ebola patient
11:50 EHR failure causing medical harm to a close relative
13:10 Poor design vs. poor implementation
14:35 Who should regulate?
15:55 Billions already spent on EHRs
16:45 Threat of litigation
17:40 “Postmarket surveillance” of “medical meta-devices”
18:50 EHRs now more like “command and control” systems
19:30 Movement to slow down Meaningful Use
20:17 Safety issues with interoperability
21:40 Importance of usability
22:30 His role at Drexel
24:18 “Critical thinking always, or your patient’s dead”
25:05 Lack of health/medical experience among “disruptors”
29:30 Training informatics professionals and leaders
31:15 Concept vs. reality of “experimental” technology
32:50 Advice for evaluating health IT
33:55 Guardians of the status quo
35:10 Health IT “bubble”
36:10 Good health IT vs. bad health IT

-- SS
11:37 AM

EHR safety, a false sense of security, and epistemological problems in the Medical Informatics community

Neil Versel is an author of many articles about healthcare information technology.  He recently published "Patient safety in the balance: Questions mount about EHRs and a wide range of patient safety concerns" (http://www.healthcareitnews.com/news/patient-safety-balance) in Healthcare IT News, August 27, 2014, also appearing in the Sept. 2014 print edition.

His article contained a sidebar on my views "A 'false sense of security'" (http://www.healthcareitnews.com/news/false-sense-security).

I thought my feedback back to him would be of interest, centering on a published comment of the typical hyper-enthusiast variety made by a prominent member of my Medical Informatics professional community.  The view exemplifies a widely-held but erroneous (and decidedly non-scientific) viewpoint in my professional community - and many others, including government -  regarding drawing conclusions in the face of significant evidentiary gaps and impediments regarding harms.

Here are my emails to Mr. Versel.  They speak for themselves, especially the short second supplementary email seen at the bottom of this blog post

-- SS

-------------------------------------------------------------

EMAIL #1:

From: Silverstein,Scot
Sent: Friday, September 05, 2014 10:05 AM
To: Neil Versel
Subject: Re:" A 'false sense of security'"

Neil,

Thanks for citing me in your article at http://www.healthcareitnews.com/news/patient-safety-balance, http://www.healthcareitnews.com/news/false-sense-security etc.

Want to call your attention to one of my largest disappointments and frustrations in health IT that evolved over the past decade or two, namely, cheerleading for the technology in the face of commonly understood Western science and epistemology ("the theory of knowledge, especially with regard to its methods, validity, and scope. Epistemology is the investigation of what distinguishes justified belief from opinion").

My concerns are best exemplified by the comment posted at the article site by a prominent member of my Medical Informatics professional community:

"The question is not whether EHRs are safe or not; sometimes they are, and sometimes they are not. The real question is whether they are safer than paper records, and the weight of scientific evidence is that they are."

The actual truth, considering the explicit statements with explicit reasons given by IOM, FDA, ECRI, and others as to why what we know about electronic harms is incomplete ("tip of the iceberg", see below), is that "while the potential for electronic systems to be safer than paper exists, the scientific evidence is inadequate to make any statement about comparative safety on the ground."

The data inadequacy is made far worse by the known and stated systematic impediments to discovery and diffusion of the harms, and a lack of robust studies on ACTUAL harms due to paper-based record keeping, especially and critically regarding optimal and well-staffed paper systems.  (Try a Medline search on that topic!)

The hyper-enthusiasts who favor the theoretical over reality on the ground and who push for speedy national rollout without proper safeguards, surveillance and regulation, are, in fact, killing people. [I.e, whose injuries and deaths at the hands of bad health IT were otherwise preventable had appropriate industry safeguards been in place - ed.]

There is actually nothing to argue, nothing to debate on this issue.

Some material backing up these assertions is below, mostly already covered in my blog-based 11 points.  [As at http://hcrenewal.blogspot.com/2014/04/fda-on-health-it-risk-reckless-or.html - ed.]

Cheers,

Scot

------------------------------


Examples: 

1)  IOM report on HIT safety, 2012 (as I report at http://hcrenewal.blogspot.com/2012/03/doctors-and-ehrs-reframing-modernists-v.html , midway down):


.. While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.
Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.[IOM (Institute of Medicine). 2012. Health IT and Patient Safety: Building Safer Systems for Better Care (PDF). Washington, DC: The National Academies Press, pg. S-2.]

Also in the IOM report:


… “For example, the number of patients who receive the correct medication in hospitals increases when these hospitals implement well-planned, robust computerized prescribing mechanisms and use barcoding systems. But even in these instances, the ability to generalize the results across the health care system may be limited. For other products— including electronic health records, which are being employed with more and more frequency— some studies find improvements in patient safety, while other studies find no effect.
More worrisome, some case reports suggest that poorly designed health IT can create new hazards in the already complex delivery of care. Although the magnitude of the risk associated with health IT is not known, some examples illustrate the concerns. Dosing errors, failure to detect life-threatening illnesses, and delaying treatment due to poor human–computer interactions or loss of data have led to serious injury and death.”

2)  FDA Internal memo on HIT risk, 2010 (as i report at http://hcrenewal.blogspot.com/2010/08/smoking-gun-internal-fda-memorandum-of.html):


... In summary, the results of this data review suggest significant clinical implications and public safety issues surrounding Health Information Technology. The most commonly reported H-IT safety issues included wrong patient/wrong data, medication administration issues, clinical data loss/miscalculation, and unforeseen software design issues; all of which have varying impact on the patient’s clinical care and outcome, which included 6 death and 43 injuries. The absence of mandatory reporting enforcement of H-IT safety issues limits the number of relevant MDRs and impedes a more comprehensive understanding of the actual problems and implications.


 This is especially true considering the FDA's own noted limitations of their information sources:




Limitations of the MAUDE search and final subset of MDRs include the following:

1. Not all H-IT safety issue MDRs can be captured due to limitations of reporting practices including
... (a) Vast number of H-IT systems that interface with multiple medical devices currently assigned to multiple procodes making it difficult to identify specific procodes for H-IT safety issues;
... (b) Procode assignments are also affected by the ability of the reporter/contractor to correctly identify the event as a H-IT safety issue;
... (c) Correct identification by the reporter of the suspect device brand name is challenged by difficulties discerning the actual H-IT system versus the device it supports.
2. Due to incomplete information in the MDRs, it is difficult to unduplicate similar reports, potentially resulting in a higher number of reports than actual events.
3. Reported death and injury events may only be associated with the reported device but not necessarily attributed to the device.
Memo: H-IT Safety Issues
4 Correct identification by the reporter of the manufacturer name is convoluted by the inability to discern the manufacturer of the actual H-IT system versus the device it supports.
5 The volume of MDR reporting to MAUDE may be impacted by a lack of understanding the reportability of H-IT safety issues and enforcement of such reporting.


3)  Jeff Shuren MD JD, head of FDA CDRH (as I report at http://hcrenewal.blogspot.com/2010/02/fda-on-health-it-adverse-consequences.html):


The Office of the National Coordinator for Health IT held a meeting of the HIT Policy Committee, Adoption/Certification Workgroup on February 25, 2010. The topic was "HIT safety." The agenda, presenters and presentations are available at this link.

At this meeting FDA testimony was given by Jeffrey Shuren, Director of FDA’s Center for Devices and Radiological Health. Dr. Shuren noted several categories of health IT-induced adverse consequences known by FDA. This information was striking:

He wrote:


... In the past two years, we have received 260 reports of HIT-related malfunctions with the potential for patient harm – including 44 reported injuries and 6 reported deaths. Because these reports are purely voluntary, they may represent only the tip of the iceberg in terms of the HIT-related problems that exist.

Even within this limited sample, several serious safety concerns have come to light. The reported adverse events have largely fallen into four major categories: (1) errors of commission, such as accessing the wrong patient’s record or overwriting one patient’s information with another’s; (2) errors of omission or transmission, such as the loss or corruption of vital patient data; (3) errors in data analysis, including medication dosing errors of several orders of magnitude; and (4) incompatibility between multi-vendor software applications and systems, which can lead to any of the above.

4)  ECRI Institute Deep Dive study of health IT safety (as I report at http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html):

Participating facilities submitted health IT related events during the nine-week period starting April 16, 2012, and ending June 19, 2012. ECRI Institute PSO pulled additional health IT events that were submitted by facilities during the same nine-week period as part of their routine process of submitting event reports to ECRI Institute PSO’s reporting program. The PSO Deep Dive analysis consisted of 171 health IT-related events submitted by 36 healthcare facilities, primarily hospitals

(There were 8 injuries and 3 possible deaths associated with these 171 IT-related events over just 9 weeks, suggesting a damn serious problem way ahead of paper errors.)

5)  Statement by Medical Director of ECRI, same link as above:

Karen Zimmer, MD, medical director of the institute, says the reports of so many types of errors and harm got the staff's attention in part because the program captured so many serious errors within just a nine-week project last spring.  The volume of errors in the voluntary reports was she says, "an awareness raiser."

"If we're seeing this much under a voluntary reporting program, we know this is just the tip of the iceberg; we know these events are very much underreported."

6)  ECRI's continuing concerns based on continuous data submitted by their PSO member hospitals that health IT systems are "one of the top ten (and in fact in 2014, risk #1) technology risks in healthcare" (as I report at http://hcrenewal.blogspot.com/2014/04/in-ecri-institutes-new-2014-top-10.html)


This is a short list, but you get the idea about making any statements about comparative risks of paper v. electronic.

-----------------------------------------------------------------------------------------
 
EMAIL #2: 

 From: Silverstein,Scot 
Sent: Friday, September 05, 2014 10:08 AM
To: Neil Versel
Subject: RE: Re:" A 'false sense of security'"

Not to mention that the "real" question isNOT "whether they [electronic systems] are safer than paper records."

The real question is:  is it ethical, based on the current clinical reality and incomplete state of knowledge, to push this technology on patients?

I also could add to that question:  "...especially without informed consent?"

Scot

-----------------------------------------------------------------------------------------

-- SS  
7:33 AM

Ellmers Calls on Sebelius to Address Health IT Safety Concerns: A Responsible Voice in Government on Health IT and HIT Safety

The following press release is very welcome, and speaks for itself.  There is a responsible voice in the government wilderness.  It is perhaps no surprise it comes from a Congresswoman who is also a registered nurse:

Ellmers Calls on Sebelius to Address Health IT Safety Concerns

06/12/12

Safety Risks and Health IT-Related Errors Cited in IOM Recommendations

WASHINGTON – House Small Business Subcommittee on Healthcare and Technology Chairwoman Renee Ellmers (R-NC) today sent a letter to Kathleen Sebelius, Secretary of Health and Human Services (HHS), inquiring about whether the Department has adopted the Institute of Medicine’s (IOM) recommendations for improving the safety of health information technology (IT).
The report, issued in November, recommended several steps to be taken by HHS and called for greater oversight by the public and private sectors. The Secretary was called upon by the IOM to issue a plan within 12 months to minimize patient safety risks associated with health IT and report annually on the progress being made.  The report further recommended that the plan should include a schedule for working with the private sector to assess the impact of health IT on patient safety, and recommended several other steps to help improve the safety of health IT.

Specifically, Chairwoman Ellmers has requested a copy of the Secretary’s plan to minimize patient safety risks, a description of health IT-related errors that have resulted in patient risks, injuries and deaths, and the status of the development of a mechanism for health IT vendors and users to report health IT-related deaths.  She said that because health IT has the promise to improve health care delivery for patients, physicians and other medical professionals, she remains eager to work with the Secretary to ensure that health IT is safe, effective and affordable.

In an August 11, 2011 letter to Secretary Sebelius, Chairwoman Ellmers said that a modern, well-equipped office is critical to the practice of medicine, and asked the Secretary to undertake a study of health IT’s adoption, benefits and cost effectiveness, including medical error rates.

On June 2, 2011, Chairwoman Ellmers’ Subcommittee held a hearing on the barriers to health IT that are encountered by physicians and other health professionals in small and solo practices.   At the hearing, physicians expressed strong concerns about the cost of purchasing and maintaining health IT systems, as well as the staff training and downtime necessary to implement such a system.  Chairwoman Ellmers noted health IT’s great potential to improve health care delivery, decrease medical errors, increase clinical and administrative efficiency and reduce paperwork.

For more than twenty-one years before being elected to Congress, Chairwoman Ellmers served as a registered nurse, focusing on surgical care as Clinical Director of the Trinity Wound Care Center and later helping to manage the family's small medical practice with her husband, Dr. Brent Ellmers, a licensed surgeon. As a registered nurse and the wife of a surgeon, Ellmers understands that a modern, efficient and well-equipped office is critical to the practice of medicine.    

This voice of sanity is quite welcome.  I've spoken with Rep. Ellmers' office, pointing them to my Drexel Univ. writings and materials and recommending Sebelius' reply be gone over with a fine-toothed comb, from the perspective of health IT realities, not merely from the perspective of the Ddulite's good intentions.  (I also introduced her staffer to the concept of the Ddulite, the HIT hyper-enthusiast who ignores all downsides and ethical concerns.)

I also pointed out the ethical lapse in IOM's position of "wait and see" while HIT is pushed nationally under penalty of law, at the cost of hundreds of billions of dollars, when their own report (along with reports from FDA here, JC here and others) admits they don't know the magnitude of benefits, risks and harms:

... While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.

Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.
[IOM (Institute of Medicine). 2012. Health IT and Patient Safety: Building Safer Systems for Better Care (PDF). Washington, DC: The National Academies Press, pg. S-2.]

As I wrote in my Nov. 2011 post "IOM Report - 'Health IT and Patient Safety: Building Safer Systems for Better Care' - Nix the FDA; Create a New Toothless Agency", the IOM's response to their own study was reckless and unethical (at best):

... The panel also recommends that the HHS secretary publicly report on the progress of health IT safety each year, beginning in 2012. If the secretary determines at any time that adequate safety progress has not been made, only then should the FDA take the regulatory lead and be given the resources to do so, the report recommends, adding that the agency should be developing a framework now to be prepared.

In the meantime, during each year of "watching for safety progress", innumerable patients are exposed to HIT's hazards and costs.  Pharma and other medical device industries are afforded no such special accommodation.

-- SS
7:06 AM

WSJ "There's a Medical App for That—Or Not" - Misinformation on Health IT Safety Regulation?

There's a health IT meme that just won't die (patients may, but not the meme).

It's the meme that health IT "certification" is a certification of safety.

I expressed concern about the term "certification" being misunderstood even before the meme formally appeared, when the term was adopted by HHS with regard to evaluation of health IT for adherence to the "meaningful use" pre-flight features checklist.  See my mid-2009 post "CCHIT Has Company" where I observed:

HIT "certification." ... is a term I put in quotes since it really is "features qualification" at this point, not certification such as a physician receives after passing Specialty Boards.

The "features qualification" is an assurance that the EHR functions in way that could enable an eligible provider or eligible hospital to meet the Center for Medicare & Medicaid Services' (CMS) requirements of "Meaningful Use."  No rigorous safety testing in any meaningful sense is done, and no testing under real-world conditions is done at all.

I've seen the meme in various publications and venues.  I've even seen it in legal documents in medical malpractice cases where EHR's were involved, as an attempted defense.

Now the WSJ has fallen for the health IT Certification meme.

An article "There's a Medical App for That—Or Not" was published on May 29, 2012.  Its theme is special regulatory accommodation for health IT in the form of opposition to FDA regulation of devices such as "portable health records and programs that let doctors and patients keep track of data on iPads."

In the article, this assertion about health IT "certification" is made:

... The FDA's approach to health-information technology risks snuffing out activity at a critical frontier of health care. Poor, slow regulation would encourage programmers to move on, leaving health care to roil away for yet another generation, fragmented, disconnected and choking on paperwork.

The process already exists for safeguarding the public for computers in health care. It's not FDA premarket review but the health information technology certification program, established under President George W. Bush and still working fine under the Obama Health and Human Services Department. The government sets the standards and an independent nonprofit [ATCB, i.e., ONC Authorized Testing and Certification Bodies - ed.] ensures that apps meet those standards. It's a regulatory process as nimble as the breakout industry it's meant to monitor. That is where and how these apps should be regulated.

It's a wonderful meme.  Unfortunately, it's wrong.  Dead wrong.

Certification by an ATCB does not "safeguard the public."   Two ONC Authorized Testing and Certification Bodies (ATCB's) admitted this in email, as in my Feb. 2012 post "Hospitals and Doctors Use Health IT at Their Own Risk - Even if Certified".  I had asked them, point-blank:

"Is EHR certification by an ATCB a certification of EHR safety, effectiveness, and a legal indemnification, i.e., certifying freedom from liability for EHR use of clinical users or organizations? Or does it signify less than that?"

I received two replies from major ONC ATCB's indicating that "certification" is merely assurance that HIT meets a minimal set of "meaningful use" guidelines, not that it's been vetted for safety.  For instance:

From: Joani Hughes (Drummond Group)
Sent: Monday, March 05, 2012 1:06 PM
To: Scot Silverstein
Subject: RE: EHR certification question

Per our testing team:

It is less than that. It does not address indemnification although a certification could be used as a conditional part of some other form of indemnification function, such as a waiver or TOA, but that is ultimately out of the scope of the certification itself. Certification in this sense is an assurance that the EHR functions in way that could enable an eligible provider or eligible hospital to meet the CMS requirements of Meaningful Use Stage 1. Or to restate it more directly, CMS is expecting eligible providers or eligible hospitals to use their EHR in “meaningful way” quantified by various quantitative measure metrics and eligible providers or eligible hospitals can only be assured they can do this if they obtain a certified EHR technology.

Please let me know if you have any questions.

Thank you,
Joani.

Joani Hughes
Client Services Coordinator
Drummond Group Inc.

The other ATCB, ICSA Labs, stated that:

... Certification by an ATCB signifies that the product or system tested has the capabilities to meet specific criteria published by NIST and approved by the Office of the National Coordinator. In this case the criteria are designed to support providers and hospitals achieve "Meaningful Use." A subset of the criteria deal with the security and patient privacy capabilities of the system.

Here is a list of the specific criteria involved in our testing:
http://healthcare.nist.gov/use_testing/effective_requirements.html

In a nutshell, ONC-ATCB Certification deals with testing the capabilities of a system, some of them relate to patient safety, privacy and security functions (audit logging, encryption, emergency access, etc.).

What was suggested in the email below (freedom from liability for users of the system, etc.) would be out of scope for ONC-ATCB testing based on the given criteria. [I.e., certification criteria - ed.] I hope that helps to answer your question.

I had noted that:

... My question was certainly answered [by the ATCB responses]. ONC certification is not a safety validation, such as in a document from NASA on aerospace software safety certification, "Certification Processes for Safety-Critical and Mission-Critical Aerospace Software" (PDF) which specifies at pg. 6-7:
In order to meet most regulatory guidelines, developers must build a safety case as a means of documenting the safety justification of a system. The safety case is a record of all safety activities associated with a system throughout its life. Items contained in a safety case include the following:

• Description of the system/software
• Evidence of competence of personnel involved in development of safety-critical software and any
safety activity
• Specification of safety requirements
• Results of hazard and risk analysis
• Details of risk reduction techniques employed
• Results of design analysis showing that the system design meets all required safety targets
Verification and validation strategy
• Results of all verification and validation activities
• Records of safety reviews
• Records of any incidents which occur throughout the life of the system
• Records of all changes to the system and justification of its continued safety

A CCHIT ATCB juror, a physician informatics specialist, has also done a guest post in Jan. 2012 on HC Renewal about the certification process, reproducing his testimony to HHS on the issue.  That post is "Interesting HIT Testimony to HHS Standards Committee, Jan. 11, 2011, by Dr. Monteith."  Dr. Monteith testified (emphases mine):

... I’m “pro-HIT.” For all intents and purposes, I haven’t handwritten a prescription since 1999.

That said and with all due respect to the capable people who have worked hard to try to improve health care through HIT, here’s my frank message:

ONC’s strategy has put the cart before the horse. HIT is not ready for widespread implementation. 

... ONC has promoted HIT as if there are clear evidence-based products and processes supporting widespread HIT implementation.

But what’s clear is that we are experimenting…with lives, privacy and careers.

... I have documented scores of error types with our certified EHR, and literally hundreds of EHR-generated errors, including consistently incorrect diagnoses, ambiguous eRxs, etc.

As a CCHIT Juror, I’ve seen an inadequate process. Don’t get me wrong, the problem is not CCHIT. The problem stems from MU.

EHRs are being certified even though they take 20 minutes to do a simple task that should take about 20 seconds to do in the field.  [Which can contribute to mistakes and "use error" - ed.] Certification is an “open book” test. How can so many do so poorly?

For example, our EHR is certified, even though it cannot generate eRxs from within the EHR, as required by MU.

To CCHIT’s credit, our EHR vendor did not pass certification. Sadly, our vendor went to another certification body, and now they’re certified.

MU does not address many important issues. Usability has received little more than lip-service. What about safety problems and reporting safety problems? What about computer generated alerts, almost all of which are known to be ignored or overridden (usually for good reason)?
 
The concept of “unintended consequences” comes to mind.

All that said, the problem really isn’t MU and its gross shortcomings, it is ONC trying to do the impossible:

ONC is trying to artificially force a cure for cancer, basically trying to promote one into being, when in fact we need to let one evolve through an evidence-based, disciplined process of scientific discovery and the marketplace.

Needless to say, as was learned at great cost in past decades, a "disciplined process" in medicine includes meaningful safety regulation by objective outside experts.

Further, the certifiers have no authority to do important things such as forcibly remove dangerous software from the market.  An example is the forced Class 1 recall of a defective system as I wrote about in my Dec. 2011 post "FDA Recalls Draeger Health IT Device Because This Product May Cause Serious Adverse Health Consequences, Including Death".   Class 1 recalls are the most serious type of recall and involve situations in which there is a reasonable probability that use of these products will cause serious adverse health consequences or death.

In that situation, the producer had been simply advising users (in critical care environments, no less) to "work around the defects" that could indicate incorrect recommended dosage values of critical meds, including a drug dosage up to ten times the indicated dosage, as well as corrupt critical cardiovascular monitoring data.  As I observed:

... I find a software company advising clinicians to make sure to "work around" blatant IT defects in "acute care environments" the height of arrogance and contempt for patient safety.

Without formal regulatory authority to take actions such as this FDA recall, "safeguarding the public" is a meaningless platitude.

It's also likely the ATCB's, which are private businesses, would not want the responsibility of "safeguarding the public."  That responsibility would open them up to litigation when patient injuries or death were caused, or were contributed to, by "certified" health IT.

I have in the past also noted that the use of the term "certification" might have been deliberate, to mislead potential buyers exactly into thinking that "certification" is akin to a UL certification of an electrical appliance for safety, or an FAA approval of a new aircraft's flight-worthiness.

The WSJ needs to clarify and/or retract its statement, as the statement is misinformation.

At my Feb. 2012 post "Health IT Ddulites and Disregard for the Rights of Others" I observed:

Ddulites [HIT hyper-enthusiasts - ed.] ... ignore the downsides (patient harms) of health IT.

This is despite being already aware of, or informed of patient harms, even by reputable sources such as FDA (Internal FDA memo on H-IT risks), The Joint Commission (Sentinel Events Alert on health IT), the NHS (Examples of potential harm presented by health software - Annex A starting at p. 38), and the ECRI Institute (Top ten healthcare technology risks), to name just a few.

In fact, the hyper-enthusiastic health IT technophiles will go out of their way to incorrectly dismiss risk management-valuable case reports as "anecdotes" not worthy of consideration (see "Anecdotes and medicine" essay at this link).

They will also make unsubstantiated, often hysterical-sounding claims that health IT systems are necessary to, or simply will "transform" (into what, exactly, is usually left a mystery) or even "revolutionize" medicine (whatever that means).

Health IT is a potentially dangerous technology.   It requires meaningful regulation to "safeguard the public."  How many incidents like this and this will it take before that is understood by the hyper-enthusiasts?

I've emailed the ATCB's that had responded to my aforementioned query for clarification on the WSJ assertion about their role, being that the statement is in contradiction to their earlier replies to me.  I also advised them of the potential liability issues.

However, if it turns out to be true that the ONC-ATCB's do intend themselves as the ultimate watchdog and assurer of public safety related to EHR's, that needs to be known by the public and their representatives.

-- SS

1:27 PM

Upcoming Keynote Presentation to Health Informatics Society of Australia: Health IT Must First Do No Harm

Pulse+IT Magazine (http://www.pulseitmagazine.com.au/) is Australasia's first, and they claim only, eHealth and Health IT periodical.

In a May 30, 2012 article entitled "Patient and safety advocates a highlight at HIC2012" at this link, writer Kate McDonald describes my upcoming panel participation and Keynote Presentation at the annual Health Informatics Conference (HIC) of the Health Informatics Society of Australia (HISA) in Sydney.

The focus of the HIC2012 meeting is "Building a Healthcare Future through Trusted Information."

Ms. McDonald had called me from Down Under to discuss my upcoming talk.  She writes:

 ... Also on the panel [one of the conference's annual Q&A panels - ed.] will be NEHTA CEO Peter Fleming, HISA board director and well-known consultant David Rowlands, and Scot Silverstein, an adjunct professor of health informatics at Drexel University in the US.

Dr Silverstein also has a personal story to tell that brings home the importance of what exactly is 'trusted' information. A qualified medical doctor and medical informatics researcher, Dr Silverstein is a strong advocate for safety in health IT systems, having been personally involved in what he believes was a case of medical misadventure caused by an electronic health record that resulted in harm to a close relative.

He will also deliver a keynote speech on the topic of improving health IT systems as a first step towards evidence-based medicine and better clinical outcomes.

Dr Silverstein told Pulse+IT that there is a “syndrome of over-confidence” in computer output that he finds puzzling.

“In other fields people, when they start getting incorrect bills or they keep coming and they can't stop them, it is always blamed on a computer system,” he said. “And yet in medicine, it seems to have evolved a culture around computing that machines in healthcare must deterministically create improvement and are purely beneficent and can't be capable of creating harm.

“It is a strange philosophy because in the same breath, people say healthcare information technology is capable of great benefit, that is a very powerful technology and when it is done well, it is. [As I've written before, "doing HIT well" is a challenge of 'wicked' complexity - ed.]  But anything that is a potential source for great good can also have a downside. There seems to be a cognitive gap in connecting computing in healthcare to its possible risk.”

She summarizes the views expressed in our phone conversation well.  My theme will be that health IT and the information it generates cannot be trusted until the technology itself is trustworthy, and earns our trust, through better engineering and implementation practices.

Ironically, I was invited to 2011's meeting.  I would have attended, but was tending to the injuries of my relative caused by the aforementioned medical misadventure. That relative is no longer with us and is hopefully resting in peace.

HISA was kind enough to re-invite me for 2012, for which I am grateful.

I will also be spending some time with several Medical Informatics professors in Australian universities, which should provide an excellent opportunity for sharing of views.


Sydney, Australia

I look forward to being in Sydney, never having been physically present in Australia, although being a ham radio operator, my single sideband (voice) and Morse code shortwave signals have been there on many occasions over the years.  This is a mere ~ 10,000-mile path.  No Internet or phone lines needed!  (I hope I get the opportunity to operate an Amateur radio station from "Down Under.")

More here after my presentation.

-- SS

11:10 AM