HIMSS Senior Vice President on Medical Ethics: Ignore Health IT Downsides for the Greater Good

The Health Information Management Systems Society (HIMSS) is the large health IT vendor trade group in the U.S.  At a Sept. 21, 2012 HIMSS blog post, John Casillas, Senior Vice President of HIMSS Financial-Centered Systems and HIMSS Medical Banking Project dismisses concerns about health IT with the refrain:

... To argue that the existence of something good for healthcare in many other ways, such as having the right information at the point of care when it’s needed, is actually bad because outliers use it to misrepresent claims activity is deeply flawed.

Through the best use of health IT and management systems, we have the opportunity to improve the quality of care, reduce medical errors and increase patient safety. Don’t let the arguments of some cast a cloud over the critical importance and achievement of digitizing patient health records.

Surely, no one can argue paper records are the path forward. Name one other industry where this is the case. I can’t.

Let’s not let the errors of a few become the enemy of good.

The ethics of these statements from a non-clinician are particularly perverse.

The statement "Don’t let the arguments of some cast a cloud over the critical importance and achievement of digitizing patient health records" is particularly troubling.

When those "some" include organizations such as FDA (see FDA Internal 2010 memo on HIT risks, link) and IOM's Committee on Patient Safety and Health Information Technology (see 2012 report on health IT safety, link) both stating that harms are definite but magnitude unknown due to systematic impediments to collecting the data, and the ECRI Institute having had health IT in its "top ten healthcare technology risks" for several years running, link, the dismissal of "clouds" is unethical on its face.

These reports indicate that nobody knows if today's EHRs improve or worsen outcomes over good paper record systems or not.  The evidence is certainly conflicting (see here).

It also means that the current hyper-enthusiasm to roll out this software nationwide in its present state could very likely be at the expense of the unfortunate patients who find themselves as roadkill on the way to the unregulated health IT utopia.

That's not medicine, that's perverse human subjects experimentation without safeguards or consent.

As a HC Renewal reader noted:

Astounding hubris, although it does seem to be effective.  Such is PC hubris.  Who could ever call for reducing the budget of the NIH that is intended to improve health.  Has health improved?  No.

So why does a group with spotty successes if not outright failure never get cut?  It’s not the results, it’s the mission that deserves the funding.  So it’s not the reality of HIT, it’s the promise, the mission, that gets the support.  Never mind the outcome, it’s bound to improve with the continued support of the mission.

Is this HIMSS VP aware of these reports?  Does he even care?

Does he believe patients harmed or killed as a result of bad health IT (and I know of a number of cases personally through my advocacy work, including, horribly, infants and the elderly) are gladly sacrificing themselves for the greater good of IT progress?

It's difficult to draw any other conclusion from health IT excuses such as proffered, other than he and HIMSS simply don't care about unintended consequences of health IT.

Regarding "Surely, no one can argue paper records are the path forward" - well, yes, I can.  (Not the path 'forward', but the path for now, at least, until health IT is debugged and its adoption and effects better understood).  And I did so argue, at my recent posts "Good Health IT v. Bad Health IT: Paper is Better Than The Latter" and "A Good Reason to Refuse Use of Today's EHR's in Your Health Care, and Demand Paper".  I wrote:

I opine that the elephant in the living room of health IT discussions is that bad health IT is infrequently, if ever, made a major issue in healthcare policy discussions.

I also opine that bad health IT is far worse, in terms of diluting and decreasing the quality and privacy of healthcare, than a very good or even average paper-based record-keeping and ordering system.  

This is a simple concept, but I believe it needs to be stated explicitly. 

A "path forward" that does not take into account these issues is the path forward of the hyper-enthusiastic technophile who either deliberately ignores or is blinded to technology's downsides, ethical issues, and repeated local and mass failures.

If today's health IT is not ready for national rollout, e.g., causes harms of unknown magnitude (e.g., see this query link), results in massive breaches of security as the "Good Reason" post above, and mayhem such as at this link, then:

The best - and most ethical - option is to slow down HIT implementation and allow paper-based organizations and clinicians to continue to resort to paper until these issues are resolved.  Resolution needs to occur in lab or experimental clinical settings without putting patients at risk - and with their informed consent.

Anything else is akin to the medical experimentation abuses of the past that led to current research subjects protections such as the "Ethical Guidelines & Regulations" used by NIH.

-- SS

Ellmers Calls on Sebelius to Address Health IT Safety Concerns: A Responsible Voice in Government on Health IT and HIT Safety

The following press release is very welcome, and speaks for itself.  There is a responsible voice in the government wilderness.  It is perhaps no surprise it comes from a Congresswoman who is also a registered nurse:

Ellmers Calls on Sebelius to Address Health IT Safety Concerns

06/12/12

Safety Risks and Health IT-Related Errors Cited in IOM Recommendations

WASHINGTON – House Small Business Subcommittee on Healthcare and Technology Chairwoman Renee Ellmers (R-NC) today sent a letter to Kathleen Sebelius, Secretary of Health and Human Services (HHS), inquiring about whether the Department has adopted the Institute of Medicine’s (IOM) recommendations for improving the safety of health information technology (IT).

The report, issued in November, recommended several steps to be taken by HHS and called for greater oversight by the public and private sectors. The Secretary was called upon by the IOM to issue a plan within 12 months to minimize patient safety risks associated with health IT and report annually on the progress being made.  The report further recommended that the plan should include a schedule for working with the private sector to assess the impact of health IT on patient safety, and recommended several other steps to help improve the safety of health IT.

Specifically, Chairwoman Ellmers has requested a copy of the Secretary’s plan to minimize patient safety risks, a description of health IT-related errors that have resulted in patient risks, injuries and deaths, and the status of the development of a mechanism for health IT vendors and users to report health IT-related deaths.  She said that because health IT has the promise to improve health care delivery for patients, physicians and other medical professionals, she remains eager to work with the Secretary to ensure that health IT is safe, effective and affordable.

In an August 11, 2011 letter to Secretary Sebelius, Chairwoman Ellmers said that a modern, well-equipped office is critical to the practice of medicine, and asked the Secretary to undertake a study of health IT’s adoption, benefits and cost effectiveness, including medical error rates.

On June 2, 2011, Chairwoman Ellmers’ Subcommittee held a hearing on the barriers to health IT that are encountered by physicians and other health professionals in small and solo practices.   At the hearing, physicians expressed strong concerns about the cost of purchasing and maintaining health IT systems, as well as the staff training and downtime necessary to implement such a system.  Chairwoman Ellmers noted health IT’s great potential to improve health care delivery, decrease medical errors, increase clinical and administrative efficiency and reduce paperwork.

For more than twenty-one years before being elected to Congress, Chairwoman Ellmers served as a registered nurse, focusing on surgical care as Clinical Director of the Trinity Wound Care Center and later helping to manage the family's small medical practice with her husband, Dr. Brent Ellmers, a licensed surgeon. As a registered nurse and the wife of a surgeon, Ellmers understands that a modern, efficient and well-equipped office is critical to the practice of medicine.    

This voice of sanity is quite welcome.  I've spoken with Rep. Ellmers' office, pointing them to my Drexel Univ. writings and materials and recommending Sebelius' reply be gone over with a fine-toothed comb, from the perspective of health IT realities, not merely from the perspective of the Ddulite's good intentions.  (I also introduced her staffer to the concept of the Ddulite, the HIT hyper-enthusiast who ignores all downsides and ethical concerns.)

I also pointed out the ethical lapse in IOM's position of "wait and see" while HIT is pushed nationally under penalty of law, at the cost of hundreds of billions of dollars, when their own report (along with reports from FDA here, JC here and others) admits they don't know the magnitude of benefits, risks and harms:

... While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.

Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.

[IOM (Institute of Medicine). 2012. Health IT and Patient Safety: Building Safer Systems for Better Care (PDF). Washington, DC: The National Academies Press, pg. S-2.]

As I wrote in my Nov. 2011 post "IOM Report - 'Health IT and Patient Safety: Building Safer Systems for Better Care' - Nix the FDA; Create a New Toothless Agency", the IOM's response to their own study was reckless and unethical (at best):

... The panel also recommends that the HHS secretary publicly report on the progress of health IT safety each year, beginning in 2012. If the secretary determines at any time that adequate safety progress has not been made, only then should the FDA take the regulatory lead and be given the resources to do so, the report recommends, adding that the agency should be developing a framework now to be prepared.

In the meantime, during each year of "watching for safety progress", innumerable patients are exposed to HIT's hazards and costs.  Pharma and other medical device industries are afforded no such special accommodation.

-- SS

Doctors and EHRs: Reframing the "Modernists v. Luddites" Canard to The Accurate "Ardent Technophiles vs. Pragmatists" Reality

One manner by which Healthcare's core values are usurped is via distortions and slander about physicians and other clinicians.

At "Health IT: Ddulites and Irrational Exuberance" and related posts (query link) I've described the phenomenon of the:

'Hyper-enthusiastic technophile who either deliberately ignores or is blinded to technology's downsides, ethical issues, and repeated local and mass failures.'

I have called this personality type the "Ddulite", which is "Luddite" with the first four letter reversed. I have also pointed out that the two are not exact opposites, as the Luddites did not endanger anyone in trying to preserve their textile jobs, whereas the Ddulites in healthcare IT do endanger patients.

Yet, in the 20 years I've been professionally involved in health IT, I have frequently heard the refrain, usually from IT personnel and their management, that "Doctors resists EHRs because they are [backwards, technophobic, reactionary, dinosaurs, unable/unwilling to change, think they are Gods, ..... insert other slanderous/libelous comment].

I've heard this at Informatics meetings, at medical meetings, at commercial health IT meetings (e.g., Microsoft's Health Users Group, and at HIMSS), at government meetings (e.g., GS1 healthcare), and others.

The summary catchphrase I've heard and seen (even in the comments on this blog) is that doctors are "Luddites" while IT personnel are forward-thinking, know better than doctors, and are "Modernists."

This slander and libel of physicians and other clinicians needs to stop, and the entire issue needs to be reframed.

Doctors are pragmatists. When a new technology is rigorously shown to be beneficial to patients, and (perhaps more importantly) rigorously shown not to be of little benefit or worse, significantly harmful, doctors will embrace it. There are countless examples of this that I need not go into. They also have responsibilities, obligations, ethical considerations, liabilities, and other factors to consider in their decisions:

Pragmatism (Merriam-Webster):

: a practical approach to problems and affairs

The reality is not:

Luddite doctors <---- are in tension with ----> Modernist IT personnel

but is:

Pragmatist doctors <---- are in tension with ----> Ardent technophiles (Ddulites)

The technophiles' views may be due, on the one hand, to ignorance of medicine's true complexities and "innocent" overconfidence in technology. Unfortunately, it is a gargantuan leap of logic to go from "well, computers work in tracking FedEx packages and allowing me to withdraw money from my U.S. bank when I'm abroad, to "therefore with just a little work they will transform medicine."

Anyone familiar with even the most fundamental issues in Medical Informatics is aware of this. (This is the problem with "generic management" of healthcare IT - healthcare amateurs are unfamiliar with these issues.) Due to the complex, messy social, scientific, informational, ethical, cultural, emotional and other issues relatively unique to medicine, that leap from banking/widget tracking/mercantile computing --> medicine is probably more naive than the leap in logic, for instance, that would have a person believe since a hot air balloon can go high in the sky, it can take a person to the moon, as I observed here.

On the other hand the technophile's expressed views can also be a territorial ploy with full awareness of, and reckless disregard for, the consequences of technology's downsides.

(The CIO where I was a CMIO was well-known to be an aficionado of Sun Tzu's "Art of War" in his corporate politics - the polar opposite of a 'team player.' I might add that the doctors were fully expected to be 'team players'.)

Part of the struggle between the health IT industry and medical professionals has also been control of information flow about HIT.

This has been brought to the fore by my observation of the almost uniformly negative comments on today's HIT at the physician-only site Sermo.com. Sermo is populated, I might add, not by computerphobes but by physicians in a wide variety of specialties using computers for social networking. These comments will hopefully soon be published.

(They are not dissimilar to the many comments I reported in my Jan. 2010 post "An Honest Physician Survey on EHR's", although some might call the sponsor of the latter survey, AAPS, biased. I do not think the same can be said of Sermo.com, an open site for all physicians.)

I have mentioned on this blog the numerous impediments to flow of information about health IT's downsides, and these impediments are well described, for example, in the Joint Commission Sentinel Events Alert on Health IT (link), the FDA Internal Memorandum on H-IT Safety (link) and elsewhere (such as at link, link).

The Institute of Medicine of the National Academies noted this in their late 2011 study on EHR safety:

... While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.

Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.[IOM (Institute of Medicine). 2012. Health IT and Patient Safety: Building Safer Systems for Better Care (PDF). Washington, DC: The National Academies Press, pg. S-2.]

Also in the IOM report:

… “For example, the number of patients who receive the correct medication in hospitals increases when these hospitals implement well-planned, robust computerized prescribing mechanisms and use barcoding systems. But even in these instances, the ability to generalize the results across the health care system may be limited. For other products— including electronic health records, which are being employed with more and more frequency— some studies find improvements in patient safety, while other studies find no effect.

More worrisome, some case reports suggest that poorly designed health IT can create new hazards in the already complex delivery of care. Although the magnitude of the risk associated with health IT is not known, some examples illustrate the concerns. Dosing errors, failure to detect life-threatening illnesses, and delaying treatment due to poor human–computer interactions or loss of data have led to serious injury and death.”

I note that the 'impediments to generating evidence' effectively rise to the level of legalized censorship, as observed by Koppel and Kreda regarding gag and hold-harmless clauses in their JAMA article "Health Care Information Technology Vendors' Hold Harmless Clause: Implications for Patients and Clinicians", JAMA 2009;301(12):1276-1278. doi: 10.1001/jama.2009.398.

Pragmatist physicians are quite rightly very wary of the technology as it now exists.

Ultimately, even when information on HIT risks or defects does surface, it is highly inappropriately labeled as "anecdotal" (see this post on anecdotes for why this behavior is inappropriate).

This "anecdotalist" phenomenon occurs right up to the HHS Office of the National Coordinator for Health IT (ONC), as I described in my post "Making a Stat Less Significant: Common Sense on 'Side Effects' Lacking in Healthcare IT Sector" and elsewhere.

Therefore, another part of reframing the pragmatism vs. technophilia issue is for clinicians to put an end to censorship of HIT adverse experiences.

I have the following practical suggestions, used myself, to start to accomplish the latter goal.

These suggestions are in the interest of protecting public health and safety:

When a physician or other clinician observes health IT problems, defects, malfunctions, mission hostility (e.g., poor user interfaces), significant downtimes, lost data, erroneous data, misidentified data, and so forth ... and most certainly, patient 'close calls' or actual injuries ... they should (anonymously if necessary if in a hostile management setting):

(DISCLAIMER:  I am not responsible for any adverse outcomes if any organizational policies or existing laws are broken in doing any of the following.)

• Inform their facility's senior management, if deemed safe and not likely to result in retaliation such as being slandered as a "disruptive physician" and/or or being subjected to sham peer review (link).

• Inform their personal and organizational insurance carriers, in writing. Insurance carriers do not enjoy paying out for preventable IT-related medical mistakes. They have begun to become aware of HIT risks. See, for example, the essay on Norcal Mutual Insurance Company's newsletter on HIT risks at this link. (Note - many medical malpractice insurance policies can be interpreted as requiring this reporting, observed occasional guest blogger Dr. Scott Monteith in a comment to me about this post.)

• Inform the Joint Commission (or similar national accreditor of hospital safety if not in the U.S.) via their complaint site at http://www.jointcommission.org/report_a_complaint.aspx . Also consider writing the JC senior officers (link to officer's list), whose awareness of HIT issues I can personally attest to via our correspondences.

• Inform the FDA (or similar healthcare regulator if not in the U.S.) via the FDA Medwatch Form 3500 reporting site at https://www.accessdata.fda.gov/scripts/medwatch/medwatch-online.htm. An example of such an adverse event report I filed myself (when the involved hospital refused) is at this link in the FDA MAUDE (Manufacturer and User Facility Device Experience) database.

• Inform the State Medical Society and local Medical Society of your locale.

• Inform the appropriate Board of Health for your locale.

• If applicable (and it often is), inform the Medicare Quality Improvement Organization (QIO) of your state or region. Example: in Pennsylvania, the QIO is "Quality Insights of PA."

• Inform a personal attorney.

• Inform local, state and national representatives such as congressional representatives. Sen. Grassley of Iowa is aware of these issues, for example.

• As clinicians are often forced to use health IT, at their own risk even when "certified" (link), if a healthcare organization or HIT seller is sluggish or resistant in taking corrective actions, consider taking another risk (perhaps this is for the very daring or those near the end of their clinical career). Present your organization's management with a statement for them to sign to the effect of:

"We, the undersigned, do hereby acknowledge the concerns of [Dr. Jones] about care quality issues at [Mount St. Elsewhere Hospital] regarding EHR difficulties that were reported, namely [event A, event B, event C ... etc.]

We hereby indemnify [Dr. Jones] for malpractice liability regarding patient care errors that occur due to EHR issues beyond his/her control, but within the control of hospital management, including but not limited to: [system downtimes, lost orders, missing or erroneous data, etc.] that are known to pose risk to patients. We assume responsibility for any such malpractice.

With regard to health IT and its potential negative effects on care, Dr. Jones has provided us with the Joint Commission Sentinel Events Alert on Health IT at http://www.jointcommission.org/assets/1/18/SEA_42.PDF, the IOM report on HIT safety at http://www.modernhealthcare.com/Assets/pdf/CH76254118.PDF, and the FDA Internal Memorandum on H-IT Safety Issues at http://www.scribd.com/huffpostfund/d/33754943-Internal-FDA-Report-on-Adverse-Events-Involving-Health-Information-Technology.

CMO __________ (date, time)
CIO ___________ (date, time)
CMIO _________ (date, time)
General Counsel ___________ (date, time)
etc."

• If the hospital or organizational management refuses to sign such a waiver (and they likely will!), note the refusal, with date and time of refusal, and file away with your attorney. It could come in handy if EHR-related med mal does occur.

• As EHRs remain experimental, I note that indemnifications such as the above probably belong in medical staff contracts and bylaws when EHR use is coerced.

These measures can help "light a fire" under the decision makers, and "get the lead out" of efforts to improve this technology to the point where it is usable, efficacious and safe.

-- SS

IOM Report - "Health IT and Patient Safety: Building Safer Systems for Better Care" - Nix the FDA; Create a New Toothless Agency

[Authors' note: This major part of this post was written before I had the actual IOM report itself. Having now read that report, available here in PDF, my opinions are unchanged.]

The Center for Public Integrity has published a story ahead of the Thursday release of the Institute of Medicine's report on health IT safety. This was a panel, by the way, that rejected my testifying, live, about my own relative's IT- related harm, despite my Medical Informatics credentials and explicit requests [see note below].

The IOM report apparently recommends that an extraordinary special accommodation be afforded to the healthcare IT industry regarding regulation of health IT software devices.

Excerpts from the Center for Public Integrity's article:

Panel recommends new agency to investigate safety of health information technology

Health information technology has been touted as crucial to better health care, but a new report says an entirely new regulatory agency is needed to oversee this largely unregulated sector, which can also injure or kill patients if it’s not operating properly.

We would never have known that if not for the efforts of a small group of specialists with a conscience writing on this issue over the past decade; the industry long emphasized only the beneficence of the technology.

In pushing for a new oversight body, the respected Institute of Medicine, an independent research and advisory organization, is explicitly advising that the Food and Drug Administration (FDA) not be tasked with the job — a recommendation that is bound to be controversial. [Indeed - ed.]  The eagerly anticipated report, titled “Health IT and Patient Safety: Building Safer Systems for Better Care,” will be publicly released Thursday. A copy was obtained by iWatch News. The study details nine other recommendations for how to ensure patient safety when doctors and other health care providers use health information technology, or health IT. The findings from the report were presented October 28 to the Department of Health and Human Services (HHS) and its agencies.

I do not consider the IOM's rationale for excluding the FDA to be reasonable...more below.

... the push [by the Administration] is occurring so far without any agency really ‘watch dogging’ the safety of health IT — the software, hardware and systems that record and manage patients’ health information. These expensive devices by and large have not gone through any regulatory checks for safety in the way that food, drugs and other medical technology must; most of that oversight is handled by the FDA. But at the moment, no one is required to report instances of harm caused by health information devices and no government agency currently monitors their safety.

This is a scandal of major proportions, considering the government has taken the approach "ready, shoot, aim" in putting in place penalties for non-adopters on a fantastically rushed timeline, via the HITECH Act within ARRA, while ignoring the risks.

“With all of that money, marketing and public outreach, most simply affirm the value of health IT as an article of faith, rather than investigate it via careful evaluation,” said Ross Koppel, adjunct professor of sociology at the University of Pennsylvania and its School of Medicine, and investigator for RAND Corporation. He is listed as one of the reviewers of the report.

"Faith" (e.g., irrational exuberance) in a technology has no place in science or medicine.

Addendum:  from the report itself:

... While some studies suggest improvements in patient safety can be made, others have found no effect. Instances of health IT–associated harm have been reported. However, little published evidence could be found quantifying the magnitude of the risk.

Several reasons health IT–related safety data are lacking include the absence of measures and a central repository (or linkages among decentralized repositories) to collect, analyze, and act on information related to safety of this technology. Another impediment to gathering safety data is contractual barriers (e.g., nondisclosure, confidentiality clauses) that can prevent users from sharing information about health IT–related adverse events. These barriers limit users’ abilities to share knowledge of risk-prone user interfaces, for instance through screenshots and descriptions of potentially unsafe processes. In addition, some vendors include language in their sales contracts and escape responsibility for errors or defects in their software (i.e., “hold harmless clauses”). The committee believes these types of contractual restrictions limit transparency, which significantly contributes to the gaps in knowledge of health IT–related patient safety risks. These barriers to generating evidence pose unacceptable risks to safety.

[IOM (Institute of Medicine). 2012. Health IT and Patient Safety: Building Safer Systems for Better Care (PDF). Washington, DC: The National Academies Press, pg. S-2.]

Also in the IOM report:

… “For example, the number of patients who receive the correct medication in hospitals increases when these hospitals implement well-planned, robust computerized prescribing mechanisms and use barcoding systems. But even in these instances, the ability to generalize the results across the health care system may be limited. For other products— including electronic health records, which are being employed with more and more frequency— some studies find improvements in patient safety, while other studies find no effect.

More worrisome, some case reports suggest that poorly designed health IT can create new hazards in the already complex delivery of care. Although the magnitude of the risk associated with health IT is not known, some examples illustrate the concerns. Dosing errors, failure to detect life-threatening illnesses, and delaying treatment due to poor human–computer interactions or loss of data have led to serious injury and death.”

In other words, nobody has any real idea of the magnitude of harms, which also implies nobody knows if the magnitude of harms exceeds the magnitude of benefits.  National rollout under these conditions is a horribly unethical situation on first principles.

Though a variety of studies have concluded that the use of health IT may improve patient safety, mistakes made in the systems or difficulty using the technology can lead to serious injury or death, according to the report.

Other studies actually show little or no benefit or cost savings. See this reading list for examples. So, it has been article of faith that the technology in its present form is of benefit, and is not a risk.

An allergy might be omitted from a computer record, for example, or an incorrect medication dosage might be recorded. In Rhode Island, a Lifespan computer glitch [5] caused about 2,000 patients to receive the wrong types of medications. In another instance [6] in March 2009, an unattended patient suffered multiple seizures for hours after a computer failed to alert doctors the patient was moved from the intensive care into their ward.

And people die needlessly (a few examples are at link, link, link).

As reports of patient harm began to emerge, the federal Office of the National Coordinator (ONC) for health IT asked the Institute of Medicine (IOM) a year ago to establish a Committee on Patient Safety and Health Information Technology to make recommendations to the government about how to maximize health IT safety.

I would rephrase that to: as reports on patient harm were no longer able to be suppressed by the industry...

In its report, the IOM committee says the FDA would likely restrict market innovation in health IT, which could also jeopardize patient safety.

There has been little to no real "innovation" in health IT in well over a decade; if anything, the usability and quality has deteriorated. Further, there is no data supporting the contention that FDA regulation of IT harms innovation. Pharma IT (regulated) is far more innovative than the IT in healthcare delivery (unregulated).

Stringent regulations “can negatively impact the development of new technology by limiting implementation choices and restricting manufacturers’ flexibility to address complex issues,” the report says.

Bull. It will keep the companies honest and "encourage" them to adhere to good software engineering and usability principles (unlike here), which will save lives. It's unfortunate such "encouragement" is needed, I note.

The FDA currently receives voluntary reports [7] of health IT-related incidents, but has no resources or protocols through which to take action; the agency has long fought a losing battle [8] with health IT vendors over trying to monitor the technology. The report also notes the agency does not have the investigative capabilities, funding or manpower to regulate devices such as electronic health records, personal health records or health information exchanges.

Then give them the resources, not develop an entire new agency. The FDA has the talent and experience. [Note: I have no connections to FDA whatsoever - ed.]

... To adequately oversee health IT safety, the committee recommends that the secretary of health and human services create and fund a new independent watchdog agency, along the lines of the National Transportation Safety Board. Like NTSB, the new agency would conduct investigations and make recommendations for all stakeholders, including the secretary of the health and human services, vendors and health care organizations. Vendors of the technology would be required to report adverse events, while reporting would be voluntary for clinicians. Like NTSB, though, the new agency would also have no enforcement power.

That is to say, it will be toothless and ignored, leaving a cavalier industry that should have gotten its act together twenty years ago to continue on with its nihilistic ways.

The panel also recommends that the HHS secretary publicly report on the progress of health IT safety each year, beginning in 2012. If the secretary determines at any time that adequate safety progress has not been made, only then should the FDA take the regulatory lead and be given the resources to do so, the report recommends, adding that the agency should be developing a framework now to be prepared.

This makes little sense. In fact, it's an extraordinary special accommodation to the health IT industry (or should I say lobby) relative to other healthcare medicine/device sectors, and is bizarre. It continues health IT as a human subjects research experiment without informed consent and opt-out.
With catastrophe-inviting events like this one becoming more commonplace, just how many patients will have been maimed or died in the meantime while the HHS Secretary's 'determination of adequate safety progress' is being made? (What, exactly, will be deemed 'adequate', I also ask?)

Creating a new independent agency would, of course, require resources; the current budget for NTSB is set at $559 million over the 2010 to 2014 period. In the current climate of fiscal restraint, convincing Congress to appropriate that sort of cash for a new government body might be a tall order.

I note that it's a waste of taxpayer money to create a new agency to maintain/increase health IT industry profits at the expense of patients - not a wise choice IMO.

... Republican Sen. Chuck Grassley [11] of Iowa, senior member of the Senate Finance Committee, said the new report “adds more to the list of unresolved questions, including which government agency, if any, should regulate health care information technology.” Grassley, who wrote [12] HHS and health IT vendors two years ago asking what was being done to ensure the safety of the devices, said “the approach seemed to be, write checks first, solve the problems later, instead of the other way around.”

Having spoken extensively with Sen. Grassley's staff on these issues, I agree - except for the "seemed to be" disclaimer. Replace "seemed to be" with "was."

The Institute of Medicine committee does have one dissenter. Dr. Richard Cook [13] from the University of Chicago feels the FDA is indeed the proper agency to oversee health IT safety. Cook writes that health IT is considered a “Class III medical device,” that is to say, a device that performs integral medical functions, which the FDA already has the jurisdiction to regulate.

Dr. Cook is a co-author of the short 2005 paper "Hiding in plain sight: What Koppel et al. tell us about healthcare IT" which I consider seminal in understanding why health IT as it exists today is so poorly done.

In its report, the IOM panel also recommended that another study be done to quantify health IT-related deaths, serious injuries or unsafe conditions so that the safety concerns can be properly addressed. “You can only improve what you measure,” says the report.

As I wrote in Oct. 2010, that is putting the cart before the horse again. We study these issues while a national rollout under threat of penalty is underway? That's simply crazy.

Other recommendations in the report: establishing and enforcing criteria for the safety of electronic health records, funding a new Health IT Safety Council to set standards for safety, and requiring all health IT vendors to publicly register and list their products with the Office of the National Coordinator.

No issues there, except these efforts should have occurred over a decade ago, at the latest.

Finally, while I disagree with the action agenda, I do thank the IOM for bringing the issues of health IT risks out into the sunlight. Perhaps now these issues will start to be addressed, and ultimately patient safety and human rights safeguarded.

From the report's introduction:

... Caught in the middle are the patients—the ultimate recipients of care. Stories of patient injuries and deaths associated with health information technologies (health IT) frequently appear in the news, juxtaposed with stories of how health professionals are being provided monetary incentives to adopt the very products that may be causing harm. These stories are frightening, but they shed light on a very important problem and a realization that, as a nation, we must do better to keep patients safe ... the entire committee believes the current state of safety of health IT must not be permitted to continue.

I've been writing words like that for over a decade.

-- SS

Addendum Nov. 8, 2011:

The IOM has issued this press release:

From: National Academies News <InternetMailforONPI@nas.edu>
Date: November 8, 2011 8:25:43 AM PST
To: National Academies News <InternetMailforONPI@nas.edu>
Subject: Health Information Technology and Patient Safety - For Immediate Release

Health Information Technology and Patient Safety – For Immediate Release

Health IT and Patient Safety: Building Safer Systems for Better Care, a new report from the Institute of Medicine, is available for IMMEDIATE RELEASE. The report examines a broad range of health information technologies and recommends actions that the government, health care providers, and technology vendors should take to improve patient safety. Contrary to some early news accounts, the report does not recommend that a new agency be established to regulate these technologies. Reporters can obtain a copy of the report by contacting the National Academies' Office of News and Public Information; tel. 202-334-2138 or e-mail news@nas.edu. In addition, members from the committee that wrote the report will discuss their recommendations and take questions at a one-hour public briefing starting at 10:30 a.m. EST Thursday, Nov. 10, in Room 100 of the National Academies’ Keck Center, 500 Fifth St. N.W., Washington, D.C. Those who cannot attend may participate through a live audio webcast accessible at http://www.nationalacademies.org.

I am not sure why they state "Contrary to some early news accounts, the report does not recommend that a new agency be established to regulate these technologies."

From the report prepub, page 6-28 to 6-29:

... To truly improve patient safety, a new approach is needed. The committee believed that the experiences of other industries such as transportation and nuclear energy in creating the NTSB and the NRC were instructive, and concluded that the development of an independent, federal entity was best suited to performing the needed above-described analytic and investigative functions for health IT–related adverse events in a transparent, nonpunitive manner. The committee envisions an entity that would be similar in structure to the NTSB or the NRC, which are both independent federal agencies created by and reporting directly to Congress.

Among other responsibilities, these entities conduct investigations, for the purpose of ensuring safety. NTSB is a nonregulatory agency that does not establish fault or liability in the legal sense but investigates incidents. The NRC is a regulatory body that has the ability to issue fines and fees. The committee considered both agencies and concluded the NTSB to be most similar to the needs of health IT–assisted care.
An independent, federal entity analogous in form and function to the NTSB is needed. This entity would not have enforcement power and would be nonpunitive. Instead, it would have the authority to conduct investigations and, upon their completion, make recommendations.

This recommendation followed:

... Recommendation 8: The Secretary of HHS should recommend that Congress establish an independent federal entity for investigating patient safety deaths, serious injuries, or potentially unsafe conditions associated with health IT. This entity should also monitor and analyze data and publicly report results of these activities.

Hopefully this issue will we clarified when the final report is generally available and the public briefing occurs.

I hope it's not an issue over the word "entity" vs. "agency", a difference that in practice would probably make no difference, economically speaking.

Addendum #2, Nov. 8, 2011:

After re-reading all of this, it seems the issue at question in the National Academies press release above is "regulation" vs. "investigating and monitoring."

That apparently being the case, let me state again that I have problems with the fact that the recommendations seem to preclude true regulation that should start ASAP, not at the whim of the Secretary of HHS when he/she decides that "adequate safety progress has not been made."

That represents, in my opinion, a special accommodation to the healthcare IT industry as previously mentioned.

In fact, Dr. Cook had a dissenting recommendation in Appendix E of the report that I agree with:

Recommendation 9: The Secretary of Health and Human Services should direct the FDA to exercise its authority to regulate health IT, including all EHRs and associated components, and health information exchanges, as Class III medical devices. [Under the 1976 Medical Device Amendments to the Federal Food, Drug, and Cosmetic Act - ed.]

-- SS

[Note] Regarding the IOM, my presenting in person the events that led to my relative's travails was rejected on the basis of 'protocol.' Despite the remarkable aspect of a physician/Medical Informatics specialist's relative (in fact, a specialist writing on health IT risks for over a decade) being gravely injured as a result of health IT-related disruption of care continuity, despite support for my personal attestation by internal members of the study group, my live testimony was rejected. Considering the issues were not just relevant to the IOM study, but at its heart, the rejection on procedural grounds brings to mind the simian adage "see no evil, hear no evil, speak no evil." The Institute of Medicine, on matters of life and death, acted more as an "Institute of Protocol" (or perhaps "Institute of Politics") in my opinion than an institute of science. I believe this lessens the credibility of their action agenda.

IOM Committee on Patient Safety and Health IT, Meeting Two: Institute of Medicine, or of Mediocrity?

In my Jan. 2011 post "Institute of Medicine Committee on Patient Safety and Health Information Technology, and Thoughts on Social Aspects of Health IT Evaluation" I wrote that:

The U.S. National Research Council of the National Academy of Sciences issued a report in early 2009 on the state of health IT. That study's report, led in part by pioneers in Medical Informatics G. Octo Barnett and William Stead, was entitled "Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions" (pre-publication PDF available free at this link). The report was announced under the following header:

CURRENT APPROACHES TO U.S. HEALTH CARE INFORMATION TECHNOLOGY ARE INSUFFICIENT

The insufficiencies were largely in the areas of difficulties with data sharing and integration, deployment of new IT capabilities, large-scale data management, and lack of cognitive support by health IT for busy clinicians.

One might reasonably conclude such deficits could affect patient safety.

Recently the Institute of Medicine (the health arm of the National Academy of Sciences) formed a Committee to study health IT safety. It held its first meeting on Dec. 14, 2010 (quite a few years late in my opinion, and only after tens of billions of dollars have been earmarked for health IT, but better late than never):

The Institute of Medicine Committee on Patient Safety and Health Information Technology is holding its first meeting on December 14-15, 2010. The first day, December 14, 2010 beginning at 10:30 am, is open to the public to observe the committee proceedings. The committee will hear presentations by the Office of the National Coordinator and other invited guests. There will also be an opportunity for members of the public and representatives of interested organizations to make a brief statement before the committee. Prior registration is requested for attendees and required for those wishing to make a statement.

Here are links to the PPT presentations from Meeting 2 of the Committee on Patient Safety and Health IT that took place Feb. 24, 2011:

http://www.iom.edu/~/media/Files/Activity%20Files/Quality/Patient%20Safety%20and%20HIT/Meeting%202/Dwork.pdf

http://www.iom.edu/~/media/Files/Activity%20Files/Quality/Patient%20Safety%20and%20HIT/Meeting%202/WoodsNormanFeb2011.pdf

http://www.iom.edu/~/media/Files/Activity%20Files/Quality/Patient%20Safety%20and%20HIT/Meeting%202/Harper%20IOM%20HIT%20Patient%20Safety.pdf

http://www.iom.edu/~/media/Files/Activity%20Files/Quality/Patient%20Safety%20and%20HIT/Meeting%202/Chrisman-.pdf

http://www.iom.edu/~/media/Files/Activity%20Files/Quality/Patient%20Safety%20and%20HIT/Meeting%202/Palmer.pdf

The PPT's can be downloaded directly from these links.

I note several observations:

• The overall quality of these presentations appears mediocre;

• Issues of healthcare IT risks - as they exist on the ground in 2011 - are addressed poorly if at all;
  

• Proposed "solutions" are really nothing novel or new compared to existing literature or recommendations made in earlier studies, including that of the US NRC;

• That these presentations come from the highest scientific body in the United States is, in my opinion, a disappointment and, indeed, an embarrassment.

The IOM's rules of engagement, according to the Study Director, preclude my testifying, as a Medical Informatics specialist and former CMIO, about a relative's nearly being killed by poorly designed and implemented health IT. Instead, the linked presentations above are presented.

Here's an example of what I consider a somewhat rigorous and critical thinking-based presentation on health IT risks:

http://www.ischool.drexel.edu/faculty/ssilverstein/Clinical_IT_benefits_risks.ppt

I think the IOM should be able to do better than a mere small-university medical informatics adjunct professor.

-- SS

Institute of Medicine Committee on Patient Safety and Health Information Technology, and Thoughts on Social Aspects of Health IT Evaluation

March 2011 addendum: also see my thoughts on Meeting two of the Committee on Patient Safety and Health Information Technology at this link.

The U.S. National Research Council of the National Academy of Sciences issued a report in early 2009 on the state of health IT.

That study's report, led in part by pioneers in Medical Informatics G. Octo Barnett and William Stead, was entitled "Computational Technology for Effective Health Care: Immediate Steps and Strategic Directions" (pre-publication PDF available free at this link). The report was announced under the following header:

CURRENT APPROACHES TO U.S. HEALTH CARE INFORMATION TECHNOLOGY ARE INSUFFICIENT

The insufficiencies were largely in the areas of difficulties with data sharing and integration, deployment of new IT capabilities, large-scale data management, and lack of cognitive support by health IT for busy clinicians.

One might reasonably conclude such deficits could affect patient safety.

Recently the Institute of Medicine (the health arm of the National Academy of Sciences) formed a Committee to study health IT safety. It held its first meeting on Dec. 14, 2010 (quite a few years late in my opinion, and only after tens of billions of dollars have been earmarked for health IT, but better late than never):

The Institute of Medicine Committee on Patient Safety and Health Information Technology is holding its first meeting on December 14-15, 2010. The first day, December 14, 2010 beginning at 10:30 am, is open to the public to observe the committee proceedings. The committee will hear presentations by the Office of the National Coordinator and other invited guests. There will also be an opportunity for members of the public and representatives of interested organizations to make a brief statement before the committee. Prior registration is requested for attendees and required for those wishing to make a statement.

Participant lists and materials from that first meeting are available at this link.

This brings to mind some thoughts on the social aspects of health IT evaluation.

At a website by Dr. David Healy (link) on mass over-promotion and clinical trial data irregularities regarding SSRI's, academic abuses towards critical thinkers, and related affairs, I note an interesting observation in the preface. The author states:

"On the face of it, the investigation of possible hazards posed by SSRIs does not seem to have followed the conventional dynamics of science, where anomalies in the data are supposed to spur further investigation. In this case, debate has been closed down rather than opened up. Journals that might have been thought to be independent of pharmaceutical company influence have “managed” not to publish articles and the appropriate scientific forums have “managed” not to debate the issues."

This sounds eerily familiar with regard to another domain in biomedicine - health IT.

Allow me to substitute a few words:

"On the face of it, the investigation of possible hazards posed by clinical information technology does not seem to have followed the conventional dynamics of science, where anomalies in the data are supposed to spur further investigation. In this case, debate has been closed down rather than opened up. Journals that might have been thought to be independent of information technology company influence have “managed” not to publish articles and the appropriate scientific forums have “managed” not to debate the issues."

Only recently do I note this phenomenon starting to lift. I've aggregated a number of reports and articles of recent years that take a critical-thinking attitude about health IT safety, efficacy, and sociopolitical matters such as here and here. I intend to broaden and deepen this aggregation to make it more comprehensive in the coming months.

This is a somewhat personal exercise as my relative was severely injured in 2010 by health IT interference with clinician communications.

However, it's also a professional endeavor. I will be presenting at a regional health care attorney's meeting in a few months on health IT risks. In my talk I will undoubtedly recommend aggressive litigation when HIT is implicated in patient injury, and investigations of potential contributions of health IT to medical malpractice when not readily apparent. I am not alone in this stance.

Several weeks ago I also asked the IOM Committee on Patient Safety and Health Information Technology to be allowed to present my mother's case at some point, a tragic and ironic example of a family member of a physician and Medical Informatics specialist (not just a layperson) injured as a result of health IT. I have not yet received a reply.

Evaluation of health IT will likely become more than an academic endeavor in the next few years. Those engaged in it might find themselves called as expert witnesses - or as defendants.

I see a legal storm approaching in health IT. This is a domain I am somewhat familiar with, as pre-informatics I was a medical officer in public transit making safety-related medical decisions on transit authority/DOT-related matters, at a time when nationally-mandated random drug testing in the industry had recently begun. The legal implications of such work can be quite unexpected - and profound, especially when interfered with by outside sources with conflict of interest (e.g., labor unions). Train wrecks - literally, accompanied by litigation through the roof.

To those involved in health IT, this is not a scientific opinion, and thus feel free to ignore it.

At your own peril IMO.

-- SS

New York Times: Panel Set to Study Safety of Electronic Patient Data

New York Times author Milt Freudenheim has published an interesting article on health IT:

"Panel Set to Study Safety of Electronic Patient Data" (Dec. 13, 2010, link)

In the article Mr. Freudenheim presents various viewpoints on health IT safety and usability, and reports on an upcoming Institute of Medicine (IOM) Committee on Healthcare IT safety.

In general, the expressed viewpoints reported upon are consistent with the position in the Healthcare IT Ecosystem of those quoted. I wish to add some commentary to a number of those stated positions.

Mr. Freudenheim observes:

Taking a fresh look at such concerns, the Institute of Medicine created the Committee on Patient Safety and Health Information Technology to run a yearlong study and issue recommendations. The 16-member panel is meeting for the first time on Tuesday in Washington.

(This new IOM Committee is in addition to a 2009 study by the National Academies/National Research Council that concluded that "Current Approaches to U.S. Health Care Information Technology are Insufficient", which has largely been invisible. The IOM is the health arm of the National Academies.)

I would add that this Committee is at least a decade late. That it is occurring at all seems to be at the behest of a multitude of complaints and "blows of the whistle" from clinicians who increasingly depend (either voluntarily or by coercion) on this technology to provide safe care.

I would also add that it is my hope the IOM committee with not be overly politicized, considering the stated unconditional exuberance of the past two administrations towards health IT, and that a wide variety of stakeholders will be heard. (For instance, as a medical informatics specialist whose relative was injured as a result of HIT interference with care continuity, will I be allowed to testify?)

Mr. Freudenheim then relates the points of view of stakeholders.

In February, the F.D.A. said it had received 260 reports of malfunctions related to health information technology “with the potential for patient harm,” including 44 reported injuries and six reported deaths in 2008 and 2009. The malfunctions were reported voluntarily to the agency, mainly by hospitals.

“Because these reports are purely voluntary, they may represent only the tip of the iceberg,” said Dr. Jeffrey Shuren, a senior F.D.A. policy and enforcement official.

I'd written about this at "FDA on Health IT Adverse Consequences: 44 Reported Injuries and 6 Deaths, Probably Just Tip of Iceberg" where I noted:

This is a technology almost universally touted as inherently beneficial, right up to our most senior elected leaders, who are now pushing this unproven technology under threat of penalty for non-adopters.

Healthcare IT irrational exuberance can perhaps be illustrated in statements such as this:

“We have the capacity to transform health with one thunderous click of a mouse after another,” said (former) HHS Secretary Michael Leavitt - 2005 HIMSS Summit

I also opined at "If The Benefits Of Healthcare IT Can Be Guesstimated, So Can And Should The Dangers" that one could, as a type of thought experiment, extrapolate from these numbers to guesstimate the effects of universal health IT in the US. The results were startling, even if just an experiment:

[We might have] 880,000 injuries per year, 120,000 deaths when universal HIT use is achieved ... While this is a mere thought experiment, the result certainly suggests we need to know the actual rates of HIT-related patient harm, and act to understand and minimize these events.

In setting national healthcare policy, we should not rely on thought experiments - but even more importantly, we should not be relying on guesswork and wishful thinking as we are currently.

Unfortunately, national policy has been set up to now on wishful thinking. As I stated, the IOM meeting is coming none too soon.

The NYT article then reports on a statement made by ONC Chair David Blumenthal:

“All options for assuring safety are on the table,” said Dr. David Blumenthal, the Obama administration’s national coordinator for health information technology.

Yet Dr. Blumenthal is clearly an adherent to unbridled exuberance about health IT. At "Science or Politics? The New England Journal and the 'Meaningful Use' Regulation for Electronic Health Records" I wrote:

... In the NEJM article "The 'Meaningful Use' Regulation for Electronic Health Records", David Blumenthal, M.D., M.P.P. (ONC Chair) and Marilyn Tavenner, R.N., M.H.A. (10.1056/NEJMp1006114, July 13, 2010) available at this link, the opening statement is (emphases mine):

The widespread use of electronic health records (EHRs) in the United States is inevitable. EHRs will improve caregivers’ decisions and patients’ outcomes. Once patients experience the benefits of this technology, they will demand nothing less from their providers. Hundreds of thousands of physicians have already seen these benefits in their clinical practice.

I think it fair to say those are grandiose statements and predictions presented with a tone of utmost certainty in one of the world's most respected scientific medical journals.

Even though it is a "perspectives" article, I once long ago learned that in writing in esteemed scientific journals of worldwide impact, statements of certainty were at best avoided, or if made should be exceptionally well referenced.

I note the lack of footnotes showing the source(s) of these statements.

I also note the lack of mention of literature refuting or potentially refuting these statements of certainty. [Followed by a list of such literature just off the top of my head - ed.]

Dr. Blumenthal then appeals to authority:

Dr. Blumenthal said health information experts like Dr. Donald M. Berwick, the Medicare and Medicaid administrator, and Dr. Brent James, of Intermountain Healthcare, based in Salt Lake City, “agree that electronic health records will improve the safety of care.”

I am unaware of the expertise of Dr. Berwick and Dr. James in this domain, and the peer reviewed literature they've written that supports such a statement while soundly refuting literature written by other experts that indicates otherwise.

(Perhaps at Intermountain, custom systems that took decades to develop utilizing their Medical Informatics expertise do show safety gains, but such systems and the lessons learned building them are not easily portable to a country's worth of organizations and practitioners, especially under HITECH timeframes.)

Freudenheim then quotes Blumenthal as stating:

“At the same time, any time you change the world you create risks,” Dr. Blumenthal said in a telephone interview last weekend.

This sounds typical of utopian ideology. Yes, any time you change the world you create risks, but you should not attempt to change the world cavalierly and blindly to those risks. (That's the path the National Program for Health IT in the United States has been on, until the IOM meeting was called.) Idealists tend to believe the collateral damage that is caused by utopian experiments (e.g., communism) are a necessary sacrifice to achieve the utopia. Such values are both abhorrent and alien to medicine.

“We want to make sure that implementation is as safe as it can be and all safety benefits are realized.”

Blumenthal's been painted into a corner by tons of complaints on HIT safety; ONC must act, even if just putting on a show about safety considerations. If there were true concern for safety he'd recommend slowing down HITECH timelines until the industry gets its act together and our understanding of HIT usability, safety, and other issues is resolved; cf.: statements of HIMSS leaders on 'needing to be patient' for the industry to get healthcare IT right:

As I'd written about HIMSS admissions of health IT unsuitability to task at "NIST Provides Healthcare IT Industry with Remedial Undergraduate Computer Science Education":

... What have been their product design and development practices, such that leaders of their own trade group HIMSS (as I pointed out in other posts) opine we should be "patient" for them to figure it all out about how to do health IT better and they need more time, and that the technology does not support its users properly due to lack of efficiency and usability of EMRs currently available? (As at my July 2010 post "The National Program for Healthcare IT in the U.S., and the Elephant in the Living Room".)

Further, from the NYT article:

He [Blumenthal] said that if the Institute of Medicine “concludes that regulation is an important part of this fabric of assuring safety, we will want to balance regulation and innovation as we do in every marketplace.”

That he even needs to make such a statement is likely revealing of biases on regulation, which seem aligned to the industry. To wit:

“The policing of design by a third party or agency, however well intended, will likely stifle innovation and inhibit the growth and development of electronic health records in the future,” said Carl Dvorak, executive vice president of Epic Systems, which has built electronic records systems for Kaiser Permanente and other large health care and hospital groups.

There is a lack of evidence supporting such a statement (e.g., pharma has been regulated for decades, as is its clinical IT). The fact that NIST has just delivered Computer Science 101-level usability guidelines to the HIT industry in its recent report “NIST Guide to the Processes Approach for Improving the Usability of Electronic Health Records” to help solve the HIT unusability crisis also suggests that 30+ years of un-regulation did not facilitate ‘innovation.’

In fact 'unregulation' appears to have led to prima facie innovation failure and paralysis as far as usability is concerned.

Unusable health IT might as well not exist as far as clinicians are concerned. It is a menace to the safe practice of medicine. This is a first principle.

Per the NYT, the industry trade group HIMSS has gone mum:

The industry has recently avoided speaking out on a role for the F.D.A. In a statement for this article, the Healthcare Information and Management Systems Society, a Washington-based industry group, said only that it “supports the administration’s decision to ask the Institute of Medicine to study this complex issue and report back over the next 12 months.”

They are certainly not taking a leadership role on this issue. In my humble opinion they will allow regulation, only kicking and screaming and being dragged into it by force. Patients come second to profits - the only factor that will be "stifled" as vendors are coerced to make better products.

The NYT article goes on:

Last month, in protest of one common industry practice, the American Medical Informatics Association said “hold harmless” clauses in many purchasing contracts were unethical. The clauses typically absolve manufacturers of responsibility for any errors or misuse.

“We said we value innovation, but we don’t value it more than safety,” said Kenneth W. Goodman, a University of Miami bioethicist who headed an association advisory group on patient safety.

It took a lot of writing and politicking to get AMIA to this point as well, at least to express it openly (cf.: my efforts here).

Finally, with regard to the IOM meetings on HIT safety, there will be industry stakeholders in attendance such as CCHIT and EPIC.

I believe they should be held to scientific standards of delivery. If they deliver marketing-based spin, they should be called to present scientific evidence for their stance – and not just “positive” evidence. They should be made to refute “negative” evidence as well, not ignore it.

In summary, I welcome the New York Times bringing these issues to the public.

I also welcome IOM's entry into studying HIT safety. While a "Committee on Patient Safety and Health Information Technology" should have been convened years ago, it's better late than never. (Except for patients already injured or killed, of course.)

The results may remain as invisible as the aforementioned National Research Council study. I also doubt the Committee's findings will change hearts and minds. Idealism, profit motive, and irrational exuberance are hard to rectify.

But their effects on people's behaviors can - and should - be regulated.

-- SS