While electronic health records are considered key to improving the quality of healthcare they can also be a risk to patient safety, and government and industry officials are calling for better use practices and possible closer oversight of EHRs by regulatory agencies.
The Food & Drug Administration has received 260 reports of health IT-related malfunctions with the potential for patient harm in the past two years, including 44 reported injuries and six reported deaths, said Dr. Jeffrey Shuren, director of FDA's Center of Devices and Radiological Health.
Vendors, patients, clinicians and facilities voluntarily reported the problems but, because of that, "they may represent only the tip of the iceberg in terms of the HIT-related problems that exist," he said at a Feb. 25 hearing of the Health IT Policy Committee's adoption and certification work group, a Health and Human Services Department advisory panel.
The hearing was called specifically to examine HIT safety concerns and how to handle them.
Health IT software does not typically operate in stand-alone devices, so its potential to affect patient safety is far-reaching, Shuren said. "These products are interconnected with one another into networks of varying degrees of complexity," he said.
He suggested a range of ideas in which FDA could oversee health IT, from requiring vendors to register their technology products, adhere to minimum quality guidelines, or have HIT products regulated as FDA does medical devices.
The day before the hearing, Sen. Chuck Grassley (R-Iowa) sent a letter to HHS Secretary Kathleen Sebelius asking what the department was doing to review and monitor health IT for patient safety, and the role FDA might play.
"I have also been surprised by the lack of discussion about patient safety concerns when, for example, HIT products are not functioning properly or when they are being used incorrectly," he said.
In October, he sought feedback from 10 major health IT vendors about his concerns and, in January, from 31 hospitals. He has not published his findings.
For health IT, patient safety risks can occur as a result of errors in organizing patient data, physicians entering orders in their computer systems, documenting notes, clinical decision support and integrating IT systems in practice workflow, said Dr. Gil Kuperman, Columbia University professor of biomedical informatics.
"The identification of health IT-related errors and adverse events does not mean that care is safer without information technology, only that information technology should continue to be improved," he said at the meeting.
Improvements should concentrate on how the electronic health record is deployed, that it is configured correctly and fits the workflow of the organization, Kuperman said.
The Veterans Affairs Department has had an IT Patient Safety program for several years, said Jean Scott, director of the Veterans Health Administration's Information Technology Patient Safety Office.
In 2008, a defect in an updated version of its Computerized Patient Record System allowed the data of the previous patient to be displayed when a physician accessed the record of another patient. VA issued a patient safety advisory and encouraged immediate reporting of other instances.
"Reporting of concerns, such as errors and close calls, must be a continuous process, not only during initial implementation, but throughout use of the product," she said. And healthcare organizations must be able to openly report safety concerns.
Dr. James Walker, chief healthcare information officer at Geisinger Health system, recommended a focus on "hazard control" to prevent the possibility of adverse events and "near misses" through a systematic examination of the characteristics of health IT and care systems and their users that could indicate the various risks involved.
Walker also suggested that the government
-- Fund annual systematic reviews of significant health IT hazards and fixes, such as the difficulty of computerized physician order entry systems to interface with pharmacies.
-- Provide software to help healthcare organizations manage potential hazards.
--Enable automatic, anonymous reporting of potential hazards.
-- Require vendors and healthcare organizations to document prospective risk management plans.
