the urban right

Showing posts with label ecri institute. Show all posts

Pennsylvania Patient Safety Authority: The Role of the Electronic Health Record in Patient Safety Events

The Pennsylvania Patient Safety Authority has released a report "The Role of the Electronic Health Record in Patient Safety Events." A press release is at this link, and the full report in PDF is at this link. In the report, the Pennsylvania Patient Safety Authority analyzed reports of EHR-related events from a state database of reported medical errors and identified several major themes.

The report was prepared with the assistance of Erin Sparnon, Senior Patient Safety Analyst the ECRI Institute near Philadelphia. The ECRI Institute is an independent organization renowned for its safety testing of medical technologies and reporting on same, and that "researches the best approaches to improving the safety, quality, and cost-effectiveness of patient care." I've mentioned it and its bylaws in this blog in the past as a model for independent, unbiased testing and reporting of healthcare techonlogies.

Regarding the Patient Safety Authority:

The Pennsylvania Patient Safety Authority was established under Act 13 of 2002, the Medical Care Availability and Reduction of Error ("Mcare") Act, as an independent state agency. It operates under an 11-member Board of Directors, six appointed by the Governor and four appointed by the Senate and House leadership. The eleventh member is a physician appointed by the Governor as Board Chair. Current membership includes three physicians, three attorneys, three nurses, a pharmacist and a non-healthcare worker.

The Authority is charged with taking steps to reduce and eliminate medical errors by identifying problems and recommending solutions that promote patient safety in hospitals, ambulatory surgical facilities, birthing centers and certain abortion facilities. Under Act 13 of 2002, these facilities must report what the Act defines as "Serious Events" and "Incidents" to the Authority.

The Authority maintains a database of serious events and incidents:

Consistent with Act 13 of 2002, the Authority developed the Pennsylvania Patient Safety Reporting System (PA-PSRS, pronounced "PAY-sirs"), a confidential web-based system that both receives and analyzes reports of what the Act calls Serious Events (actual occurrences) and Incidents (so-called "near-misses").

Cutting right to the chase, the paper's summary:

As adoption of health information technology solutions like electronic health records (EHRs) has increased across the United States, increasing attention is being paid to the safety and risk profile of these technologies. However, several groups have called out a lack of available safety data as a major challenge to assessing EHR safety, and this study was performed to inform the field about the types of EHR-related errors and problems reported to the Pennsylvania Patient Safety Authority and to serve as a basis for further study. Authority analysts queried the Pennsylvania Patient Safety Reporting System for reports related to EHR technologies and performed an exploratory analysis of 3,099 reports using a previously published classification structure specific to health information technology. The majority of EHR-related reports involved errors in human data entry, such as entry of “wrong” data or the failure to enter data, and a few reports indicated technical failures on the part of the EHR system. This may reflect the clinical mindset of frontline caregivers who report events to the Authority.

Results:

... Reported events were categorized by their reporter-selected harm score (see Table 1). Of the 3,099 EHR-related events, 2,763 (89%) were reported as “event, no harm” (e.g., an error did occur but there was no adverse outcome for the patient) [a risk best avoided to start with, because luck runs out eventually - ed.], and 320 (10%) were reported as “unsafe conditions,” which did not result in a harmful event. Fifteen reports involved temporary harm to the patient due to the following: entering wrong medication data (n = 6), administering the wrong medication (n = 3), ignoring a documented allergy (n = 2), failure to enter lab tests (n = 2), and failure to document (n = 2). Only one event report, related to a failure to properly document an allergy, involved significant harm.

A significant "study limitations" section was included that addressed:

Issues regarding reporting statutes of the PA-PSRS errors database;

lack of awareness of EHRs as a potential contributing factor to an error;

limitations of narrative reporting affecting both the types of reports queried and the tags applied (the study used textual data mining methodolgies);

query design of the study; and

the need for further refinement of the machine learning tool used in creating the working dataset, which may have missed relevant cases.

Some of these impediments to knowing the magnitude of extant HIT issues are also present in the 2008 Joint Commission Sentinel Events Alert on HIT, the 2010 FDA internal memorandum on HIT Safety, and the 2011 IOM report on the same topic.

(The IOM report specifically observed that the "barriers to generating evidence pose unacceptable risks to safety.")

The major obstacle to this study in my view, though, was the nature of the dataset. The database is for general reporting of medical errors, and it contains no specific fields or reminders about EHRs or the known ways in which they can contribute to, or cause, medical mistakes.

The attempt was made, as acknowledged in the study, to glean information about EHR-related events from, in large part, textual analysis of narrative in the hopes that the reporter recognized the role of IT, and reported it using terms that could be detected by the search algorithms. In other words, the data was not "purposed" for this type of study.

It is axiomatic that one cannot find data that is simply not present, no matter how fancy the search algorithm. Further, passive analysis of clinical IT risk/harms data in an industry where lack of knowledge of causation and misconceptions abound will produce only partial results that suggest further study is needed, and not give an indicator of just how incomplete the results are.

Thus, this cautionary statement was made in the new PA Patient Safety Authority report:

"Although the vast majority of EHR-related reports did not document actual harm to the patient, analysts believe that further study of EHR-related near misses and close calls is warranted as a proactive measure."

My comments:

The report is welcome.

The most important part of the paper, I point out, is the “Limitations” section. FDA, IOM and others have made similar observations – we don’t know the true magnitude of the problem due to systematic limitations of the available data.

Therefore, at best what is available must be deemed as risk management-relevant case reports, a “red flag” that could represent (using the words of FDA CDRH director Jeffrey Shuren regarding HIT safety), the tip of the iceberg.

It is imperative far more work be done in post-market surveillance as this technology is deployed nationally and internationally. This is to ensure that good health IT (GHIT) prevails and bad health IT (BHIT) is either remediated or removed from the marketplace. I had defined those in other writings as follows:

Good Health IT ("GHIT") is defined as IT that provides a good user experience, enhances cognitive function, puts essential information as effortlessly as possible into the physician’s hands, keeps eHealthinformation secure, protects patient privacy and facilitates better practice of medicine and better outcomes.

Bad Health IT ("BHIT") is defined as IT that is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, compromises patient privacy or otherwise demonstrates suboptimal design and/or implementation.

An additional major factor that also contributes to lack of knowledge of EHR-related adverse events is hospital reporting non-compliance. For instance, I know of cases from my own legal consulting work and personal experience that I would have expected to appear in the database, but apparently do not.

But don’t take it from me alone. Here is PA Patient Safety Authority Board Member Cliff Rieders, Esq. on this.

From “Hospitals Are Not Reporting Errors as Required by Law, Phila. Inquirer”, pg. 4,http://articles.philly.com/2008-09-12/news/24991423_1_report-medical-mistakes-new-jersey-hospital-association-medication-safety:

... Hospitals don’t report serious events if patients have been warned of the possibility of them in consent forms, said Clifford Rieders, a trial lawyer and member of the Patient Safety Authority’s board.

He said he thought one reason many hospitals don’t want to report serious events is that the law also requires that patients be informed in writing within a week of such problems. So, if a hospital doesn’t report a problem, it doesn’t have to send the patient that letter. [Thus reducing risk of litigation, and, incidentally, potentially infringing on patients' rights to legal recourse - ed.]

Rieders says the agency has allowed hospitals to determine for themselves what constitutes a serious event and the agency has failed to come up with a solid definition in six years.

Fixing this “is not a priority,” he added.

This coincides with my own personal experience precisely. In a case where my relative was permanently injured as a result of EHR-related medication error, and then died of the injuries, I never received the required report in writing from the hospital. I also do not believe the case was reported to the Safety Authority, at least not as IT-related.

I suspect the true rates of EHR-related close calls, reversible injuries, permanent injuries and deaths is significantly higher than the limited data available suggests. That data is merely a red flag that much more education, stringent reporting requirements, templates of known causes of error, and enforcement are needed. (An April 2010 "thought experiment" on this issue I wrote about at "If The Benefits Of Healthcare IT Can Be Guesstimated, So Can And Should The Dangers" certainly suggested as much.)

Slides where I made those types of recommendations to the Patient Safety Authority, at a presentation I gave in July 2012 at their invitation, are at http://www.ischool.drexel.edu/faculty/ssilverstein/PA_patient_safety_Jul2012.ppt

A major concern I have is that the HIT industry will use this new report in a manner that ignores its limitations.

(Disclosure: I was an invited reviewer of this new PPSA report.)

-- SS

Addendum Dec. 13:

Also worth review is "Patient Safety Problems Associated with Heathcare Information Technology: an Analysis of Adverse Events Reported to the US Food and Drug Administration", Magrabi, Ong, Runciman, and Coiera, AMIA Annu Symp Proc. 2011.

Data here came from FDA's voluntary (i.e., also tip of the iceberg) Manufacturer and User Facility Device Experience (MAUDE) database. Ironically, the study was done in Australia using Australian grant funds.

-- SS

Bad Health IT -Yet Another Health IT 'Glitch' - Potential Image Loss in GE Centricity PACS; ECRI Again Reports Health IT a Top Ten Hospital Risk

From my definition of bad health IT (BHIT) at this link:

Bad Health IT ("BHIT") is defined as IT that is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, compromises patient privacy or otherwise demonstrates suboptimal design and/or implementation.

Considering the problem of lost data (lost x-rays) that affects not one, but two versions ("versions 3.x and 4.x and higher") of a common GE PACS (radiology image management) system, as in the attached memo to hospital radiology and IT executives, one might ask:

How long has this been going on before this 'glitch' was discovered?

What validation and safety testing does GE use before releasing its health IT to production?

Why was it discovered in several successive versions of PACS systems being used on live patients, instead of in laboratory testing?

How many delayed diagnoses, injuries and/or deaths might have occurred as a result of this "disappearing image" bug?

What is the likelihood this "workaround" will be uniformly adopted in short order?

What levels of hypervigilance, stress and increased likelihood of error will this temporary "workaround" engender?

When will it be fixed in all implementations worldwide?

Beware disappearing x-rays. Make sure every system user performs this workaround, too (click to enlarge).

Page 2 (click to enlarge)

It's not as if missing x-rays are a trivial matter. One routine x-ray lost to followup resulted in the needless and rather horrible death of an infant, and a $1.5 million settlement, as at the June 2011 link "Babies' deaths spotlight safety risks linked to computerized systems" (case #2).

Patient safety is being compromised.

Lack of regulation of health IT, and lack of reporting and accountability, needless to say, are major contributors to the prevalence of BHIT.

I also note for several years running, including in the latest report of 2013, the ECRI Institute (an independent tester of healthcare technology) reports health IT-related problems as among the top ten technology problems in hospitals (link to report):

...Five of the top 10 hazards explained in ECRI Institute’s [2013] report are:

    1. Alarm hazards
    2. Medication administration errors using infusion pumps
    3. Unnecessary radiation exposures and radiation burns during diagnostic radiology
         procedures
    4. Patient/data mismatches in EHRs and other health IT (HIT) systems
    5. Interoperability failures with medical devices and health IT systems

Three of the ten topics on the 2013 list are directly associated with the still-maturing [i.e., experimental - ed.] health IT field where the interplay between complexity and effectiveness and potential harm is most evident; several of the other topics are peripherally related to HIT issues.

“The inherent complexity of HIT-related medical technologies, their potential to introduce new failure modes, and the possibility that such failures will affect many patients before being noticed—combined with federal incentives to meet Meaningful Use requirements—leads us to encourage healthcare facilities to pay particular attention to health IT when prioritizing their safety initiatives for 2013,” says James P. Keller, Jr., vice president, health technology evaluation and safety, ECRI Institute.

The hazards included in the 2013 list, published in the November 2012 issue of ECRI Institute’s Health Devices journal, met one or all of the following criteria: it has resulted in injury or death; it has occurred frequently; it can affect a large number of individuals; it is difficult to recognize; it’s had high-profile, widespread news coverage.

-- SS

ECRI Institute's Top Health Technology Hazards for 2012

In my Dec. 2010 post "ECRI: Healthcare IT In Top Ten Health Technology Threats to Patient Safety", I wrote that:

The ECRI Institute is an independent, unbiased, evidence-based healthcare research, information, and advice provider. They have been in operation for more than 40 years and are one of only a handful of organizations designated as both a Collaborating Center of the World Health Organization and an Evidence-Based Practice Center by the U.S. Agency for Healthcare Research and Quality.

... (from WSJ) For the fourth year running, the nonprofit ECRI Institute has put together a list of what it judges to be the top ten health technology hazards on which health-care facilities should focus their efforts.

... #5 Data loss, system incompatibilities and other health IT complications: Problems with electronic-health records and other health IT systems can lead to problems including lost data, the need for repeat testing and even patient injury or death.

From Medscape (account required), here is ECRI's #6 on the list of top technology threats for 2012:

Failing to Pay Sufficient Attention to New Device Connectivity

Medical technology and information technology (IT) can create risks. Hazards can arise from software problems, interoperability between systems, and poor network performance. Problems could create a domino effect, in which changes to one component of the system affect the operation of another.

Potential problems also include issues about wireless networks, cybersecurity, and software upgrades. "Hospitals must stay on top of routine updates," says Keller.
ECRI's recommendations: Make sure that hardware and software changes, security changes, and planned maintenance are approved and implemented in a controlled manner. Because IT help desks are usually the first point of contact for problems with health IT, provide the help desk team with education, training, and clear escalation procedures.

I would add "Failing to Pay Sufficient Attention to New Health IT Defects" to the list.

-- SS

ECRI: Healthcare IT In Top Ten Health Technology Threats to Patient Safety

Number 5, that is.

The ECRI Institute is an independent, unbiased, evidence-based healthcare research, information, and advice provider. They have been in operation for more than 40 years and are one of only a handful of organizations designated as both a Collaborating Center of the World Health Organization and an Evidence-Based Practice Center by the U.S. Agency for Healthcare Research and Quality.

I've cited their code of ethics at HC Renewal as a model of commendable healthcare conduct before:

Conflict of Interest - The Integrity of Independence
Remaining unbiased is difficult, if not impossible, when conflicts of interest are present. That is why we strictly enforce our conflict-of-interest rules and have carefully developed an environment that maximizes objectivity, productivity, and integrity of process.

We accept no grants, gifts, finder’s fees, or consulting projects from, and our employees are not permitted to own stock shares in, medical device or pharmaceutical firms. To make sure that is the case, we examine each employee’s federal income tax return after it is filed.
And, we accept no advertising revenues from any source.

(Full disclosure: I was a contributor on health IT issues to their 2008 book "Physician Office Fundamentals in Risk Management and Patient Safety.")

ECRI's most recent report is "The Top Ten Health Technology Threats to Patient Safety" for 2011 available at this link. Their Dec. 7 press announcement is here.

I'd mentioned an earlier edition of the report at my Sept 2010 post "Health IT: Danger" as was spoken about by Dr. Ross Koppel at Univ. of PA, but will present more detail here now that the 2011 report is available to the public.

I am citing the WSJ health blog on this report, as ECRI requests linking to their registration and downloading page for the full report, rather than direct dissemination, posting, or republishing of this work, without prior written permission:

December 8, 2010, 6:15 PM ET
The Top Ten Health Technology Threats to Patient Safety
WSJ Health Blog

By Katherine Hobson

For the fourth year running, the nonprofit ECRI Institute has put together a list of what it judges to be the top ten health technology hazards on which health-care facilities should focus their efforts.

The list in descending order of importance, doesn’t necessarily reflect the devices or problems with the most reported errors. That’s a factor, but so is “the severity of the problem, whether or not there’s a way to fix or mitigate the problem, and the high-profile” nature of the problem, Jim Keller, vice president for health technology evaluation and safety at ECRI, tells the Health Blog.

Among risks such as radiation therapy overdose and other dosing errors (#1), alarm hazards (#2), cross-contamination from flexible endoscopes (#3), high radiation dose of CT scans (#4), and luer misconnections (#6, misconnections of various infusion tubes), there's this:

#5 Data loss, system incompatibilities and other health IT complications: Problems with electronic-health records and other health IT systems can lead to problems including lost data, the need for repeat testing and even patient injury or death.

Then another obvious concern is raised:

While Keller says both he and ECRI support the push for digitized systems, the rush for federal incentives raises “concern that some of the kind of problems we are describing will be overlooked.”

It's not a "concern" to me, it's a fact.

So, here we have it:

An independent, nonprofit organization that for more than 40 years has been dedicated to bringing the discipline of applied scientific research to discover which medical procedures, devices, drugs, and processes are best, with unique ability to marry practical experience and uncompromising independence with the thoroughness and objectivity of evidence-based research, reports:

"Problems with electronic-health records and other health IT systems can lead to problems including lost data, the need for repeat testing and even patient injury or death."

The degree of risk is unknown (cf.: Joint Commission 2009 Sentinel Event Alert on Health IT Safety, PDF):

"There is a dearth of data on the incidence of adverse events directly caused by HIT overall."

This does not seem the best environment for the ethical, rapid diffusion of this technology nationwide, under penalty of loss of income and loss of Board Certification and even licensure for non-adopters.

For those of different ethics than ECRI, health IT is a literal cornucopia.

Addendum:

I note this comment from a nurse at the WSJ health blog story's comment section:

8:50 am December 9, 2010

The list was predictable, emanating from my observations as a registered nurse. It has become impossible to give patients care that they need. Corners are cut. It is easier for doctors to order scans than it is to examine patients. I would rather examine patients but the hospital requires that I click everything in to the electronic record, and [t]hat takes a long time. The reference to the CPOE is true. It is a nightmare because of the mistakes it promotes and it intereferes with communication disrupting my team’s care of the patient.

This must be one of those "anecdotal" reports that constitute a growing corpus of irrelevant "anecdotes", to be safely ignored because they were not obtained as part of a scientific experiment.

-- SS

Addendum Dec. 10, 2010:

From an earlier post of mine (of which I was reminded via a viewing from IP 150.148.0.#, FDA.gov, on a Google search on "health IT safety" this morning), we don't need to worry about HIT risks. ONC chair David Blumenthal said so:

... [Blumenthal's] department is confident that its mission remains unchanged in trying to push all healthcare establishments to adopt EMRs as a standard practice. "The [ONC] committee [investigating FDA reports of HIT endangement] said that nothing it had found would give them any pause that a policy of introducing EMR's could impede patient safety," he said.