IOM Weighs in on EHR Safety

Recently, the Institute of Medicine (IOM), chartered by the National Academy of Sciences to advise the federal government on issues of medical care, research and education, delivered a publication on Health IT and Patient Safety: Building Safer Systems for Better Care.

The IOM effort was the most thorough review to date on the status of EHR safety, and resulted in a set of 10 recommendations as to how ensure that innovation and technology – by nature fluid and evolving – are encouraged, while at the same time setting up appropriate processes that addresses safety concerns for users (health care professionals) and patients.

The challenge posed by rapid evolution of Health IT
The preface of the document sums up the issue remarkably well. “We are at a unique time in health care. Technology – which has the potential to improve quality and safety of care as well as reduce costs – is rapidly evolving, changing the way we deliver health care. At the same time, health care reform is reshaping the health care landscape. As Sir Cyril Chantler of the Kings Fund said, ‘Medicine used to be simple, ineffective, and relatively safe. Now it is complex, effective, and potentially dangerous.’ More and more cognitive overload requires a symbiotic relationship between human cognition and computer support. It is this very difficult transition we are facing in ensuring safety in health care.

“Caught in the middle are the patients – the ultimate recipients of care. Stories of patient injuries and deaths associated with health information technologies (health IT) frequently appear in the news, juxtaposed with stories of how health professionals are being provided monetary incentives to adopt the very products that may be causing harm. These stories are frightening, but they shed light on a very important problem and a realization that, as a nation, we must do better to keep patients safe.”

The IOM report examined published literature, solicited input from multiple stakeholders, and relied upon its own expert opinions. It defined Health IT as existing within the context of a “sociotechnical system” – the collection of hardware and software that works in concert within an organization that includes people, processes and technology. Much of the safety (or lack thereof) results from the interplay between computer systems and the workflows of the people who use them – bad software design, combined with workflows that assume that “the computer will do the work for me” can result in adverse outcomes.

To this point, the report states: “It is widely believed that health IT, when designed, implemented, and used appropriately, can be a positive enabler to transform the way care is delivered. Designed and applied inappropriately, health IT can add an additional layer of complexity to the already complex delivery of health care, which can lead to unintended adverse consequences, for example dosing errors, failing to detect fatal illnesses, and delaying treatment due to poor human–computer interactions or loss of data.”

Expand safety and surveillance efforts by the ONC
The IOM report asks the Health and Human Services department (HHS) to publish an action and surveillance plan within 12 months, including expanded funding for the Agency for Healthcare Research and Quality (AHRQ) and the Office of the National Coordinator for Health IT (ONC) to develop standardized testing procedures for vendors to assess the safety of health IT products, and to promote pre-deployment safety testing of EHRs for high-prevalence, high-impact EHR-related safety risks.

Certification criteria in the realm of safety should be part of ongoing EHR certification. And the AHRQ should be the organization to develop new methods of measuring health IT safety using data from EHRs.

Openness and transparency
Several of the recommendations made by the IOM address the need for EHR vendors to have an established method where users can report issues, and problems can be addressed systematically. That means an end to the policy that many EHR vendors have of prohibiting the sharing of such information, including details (e.g. screenshots) relating to patient safety.

The ONC needs to work with private and public sectors to make comparative experiences across vendors publicly available. Quality and risk management processes need to be in place to ensure that usability can be maximized.

The ONC has struggled with the question of how to specify “usability” in anticipated upcoming certification efforts. The IOM report suggests that the focus of “usability” should primarily focus on how it relates to safety.

The IOM suggests that HHS create a new Health IT Safety Council to evaluate criteria for assessing and monitoring the safe use of health IT, and the use of health IT to actually enhance safety. This should operate within a currently-existing standards organization, such as the National Quality Forum (NQF).

The role of the public sector in regulating the EHR industry should have these principles: (1) focus on shared learning, (2) maximize transparency, (3) be non-punitive, (4) identify appropriate levels of accountability, and (5) minimize burden.

Why this should not be the FDA
There are those who argue that EHRs should be regulated by the FDA, as Class III medical devices (like medical instruments), and should undergo pre-market FDA approval (like for new drugs or devices). The IOM strongly opposes this view (though there was a single dissenter on the IOM panel who felt that the FDA should be the “safety” gatekeeper of EHR technology) – unlike devices and medications, EHRs are fluid and adapt to the system they are installed in. There is no “out of the box” EHR solution, like there is for a medication or device.

The FDA is not geared for assessing something as fluid as health IT. Its customizability, its rapid evolution, and the interplay between the product-itself and the people and systems who use them are completely outside the scope and skillset built within the FDA. It would require a fundamental re-tooling were the FDA to take on such a task.

Further, if experience with current pre-market testing of devices by the FDA is an indication, the cost and time delay implicit in the FDA approval process would grind innovation in the health IT arena to a virtual halt. The high-cost barriers that have been the primary reason why health IT has such low adoption historically would only be made worse by layering an FDA process onto it.

Our take on all of this
We commend the IOM for conducting a thorough review of the state of health IT as it relates to health-professional and patient safety. The principles of openness and transparency are laudable.

We completely agree that a process of gathering user feedback, and using this feedback to continually improve the EHR product, should be fundamental to all EHRs. We also agree that a focus on usability, basing product design on an understanding of the people who will use them, is key to good systems. Openness and transparency in this realm is very positive for the whole industry.

In addition, we agree with the majority opinion of the IOM that health IT safety regulation should follow the principles stated, and that a Health IT Safety Council can assist an organization like the NQF in coming up with appropriate guidelines that the ONC, in its certification process, can carry out. This is not something that is within the skillset built into the FDA.

The path to better use of health IT, its rapid evolution, and its transformative influence on health care overall is not best served by the FDA, as it is constituted currently (as underscored in great detail in the IOM report). Instead, the ONC, in conjunction with other organizations more suited to measuring quality-of-care (such as the AHRQ) are the appropriate methods for achieving the goal: making health IT effective, safe, and universal. We hope the Secretary of HHS will heed the recommendations in the IOM report – that is the next step in this evolution.