Are EHRs Safe?

Writing in the New York Times last week (December 13), Milt Freudenheim reported that errors generated from electronic health records are of sufficient concern that the Institute of Medicine created the Committee on Patient Safety and Health Information to examine the issue. According to the article, the Food and Drug Administration has received over 250 voluntary reports of EHR malfunctions that could be associated with patient harm. Could this be the so-called tip of the iceberg? Should physicians and their clinical teams be concerned about new types of errors that can be introduced through EHR systems? Yes!

There are certainly articles raising concerns about the speed with which systems are being tailored to meet ARRA specifications and the potential limitations of EHR systems to support clinical care. The literature describes new types of mistakes and raises concerns about embedded clinical decision support, dosing calculations, etc. Should we be surprised? No.

Electronic Health Records:

1. Change the way in which information is presented during and between clinical encounters.
2. Affect care processes through clinical decision support, embedded algorithms, and automatic calculations.
3. Alter communication styles within a practice, between practices, and between practices and patients/families.
4. Produce reports/documents/notes that may or may not highlight what clinicians need to know.
5. Introduce opportunities to make different types of mistakes with potentially significant implications (i.e. a physician who might have written an illegible prescription in the past was called by the pharmacist; it is less likely that a perfectly legible electronically prescribed wrong medication would be questioned by the pharmacist).

Some experts argue, as do Ross Koppel and David Kreda in a JAMA  commentary that there could also be negative consequences for physicians and patients from the “hold harmless” provisions in most contracts provided by EHR vendors. Koppel and Kreda raise the concern that, “According to this doctrine and legal language, HIT vendors are not responsible for errors their systems introduce in patient treatment, because physicians, nurses, pharmacists, and health care technicians should be able to identify — and correct — any errors generated by software faults.” This is referred to as the “learned intermediary” doctrine — that risks are minimized because there is a trained human making decisions as part of the process. This concept has its roots in pharmaceutical liability issues — and some believe that the extrapolation to the EHR industry may not be entirely appropriate. The following quote from a paper written by Roxanne M. Wilson, published in the FDCC Quarterly/Spring 2009 issue, explains the essential point of the legal theory: “… a pharmaceutical manufacturer will not be held liable to an injured consumer under a failure-to-warn theory if the manufacturer provides adequate information regarding potential side effects and contraindications to the physician, who serves as the learned intermediary between the pharmaceutical manufacturer and the ultimate consumer.” However, Karsh, Weinger, Abbotte et al, writing in the Journal of the American Medical Informatics Association (JAMIA) point out a paradox. Quoting from their article:

“It is believed that because a human operator monitors and must confirm HIT recommendations or actions, that humans can be depended upon to catch any system-induced hazards. Paradoxically, this fallacy stands a fundamental argument in favor of HIT on its head (i.e. that HIT will help reduce human errors but will rely on the human to catch the HIT errors).”

Of course, we all hope and expect that as EHRs evolve and improve (and perhaps even as they exist now) they will produce greater benefits than harm — but what should be the mechanism(s) to ensure that we understand, recognize and document opportunities for improvement?

In February 2010, JAMA published a commentary by Dean Sittig and David Classen entitled, “Safe Electronic Health Record Use Requires a Comprehensive Monitoring & Evaluation Framework.” This article builds upon an earlier JAMA article by Sittig (and Hardeep Singh), which outlined eight rights of safe EHR use:

1. Right hardware/software
2. Right content
3. Right user interface
4. Right personnel
5. Right workflow and communication
6. Right organizational characteristics
7. Right state and federal rules & regulations, and
8. Right monitoring.

Sittig and Classen argue that the United States needs an EHR monitoring and evaluation function and that, “Without such a comprehensive framework, safe and effective EHR use cannot be ensured.” The article then goes on to describe five essential components of such a monitoring and evaluation program:

“(1) ability for practitioners and organizations to report patient safety events or potential hazards related to EHR use;
(2) enhanced EHR certification that includes specific assurances that good software development procedures have been followed along with evidence that previously reported adverse events and hazards have been addressed;
(3) self-assessment, attestation, testing, and reporting by both clinicians and health care organizations that all 8 dimensions of safe EHR use have been addressed;
(4) local, state, and national oversight in the formof an onsite, in-person accreditation of EHRs as implemented and used by clinicians in the health care setting; and
(5) a national EHR-related adverse event investigation board that reviews incident reports and has the authority to investigate.”

Another relatively recent article provides a somewhat different yet complementary approach. To mitigate risk and “ensure that EHR safety improves even as adoption becomes widespread,” Walker et al, writing in a 2008 JAMIA viewpoint article describe seven steps:

1. Use EHRs as tools for health care process improvement
2. Design & implement safe EHRs
3. Improve EHRs through safety testing & reporting
4. Prevent & manage EHR-related incidents
5. Communicate safety flaws & incidents
6. Develop and communicate EHR safety best practices
7. Convene experts to create consensus on what is known about assuring EHR safety.

This is a big topic and no doubt will be the subject of considerable research and potentially policy changes in the near future. Sittig and Walker provide great outlines for the work that needs to be done. In the meantime, a new Patient Safety Organization (PSO) was created earlier this year by PDR Secure — a subsidiary of PDR Network, LLC (the folks who publish the Physicians’ Desk Reference). EHREvent, in collaboration with medical professional insurance carriers and another entity called iHealthAlliance (chaired by Dr. Nancy W. Dickey, former AMA President). The EHREvent site has a good FAQ page to describe the various relationships and the confidentiality protections of reporting to a PSO. The goal is to collect information about safety-related events. From the site: “EHR event reports will be provided to participating EHR vendors and kept confidential by PDR Secure™. Information from the PDR Secure PSO may be used by medical professional insurance carriers and the FDA to better understand EHR events and to develop education materials that will increase patient safety and benefit physicians and other clinicians in their use of EHR technology.”

Some questions:

Will you use the EHREvent site?
What do you think about new types of errors and safety-related issues from the use of EHRs?
If you are currently using an EHR, do you believe you are providing better/safer care now than before?
If you anticipate the purchase of an EHR, what concerns do you have about safety-related incidents and potential errors?

This post is the personal opinion of the author and does not necessarily reflect the official policy or position of the American College of Physicians (ACP). ACP does not endorse a specific EHR brand or product and ACP makes no representations, warranties, or assurances as to the accuracy or completeness of the information provided herein.



One response to "Are EHRs Safe?"

Leave a Reply

Your email address will not be published. Required fields are marked *