The first electronic health record (EHR) with computerized provider order entry (CPOE) was introduced in 1971, almost five decades ago (Goolsby, 2002). Adoption of these systems in both acute and ambulatory settings was relatively slow, until the signing of the American Reinvestment and Recovery Act (ARRA) in 2009. The ARRA included the authorization of the Health Information Technology for Economic and Clinical Health (HITECH) Act which allocated over $17 billion to stimulate the adoption of quality health information technology (IT) systems or EHRs that demonstrate meaningful and valued use (DHS, ONC, HITECH Act, 2009). While these financial incentives to increase adoption worked, issues from rapid implementation surfaced, including several related to patient safety. As these systems have evolved and increased in sophistication, evidence supporting the view that EHRs reduce medication errors has been documented (Kaushal, Shojania, & Bates, 2003). On the other hand, conflicting studies have provided evidence that these systems can increase errors, attributing them to poor design or implementation (Koppel et al., 2005). Healthcare organizations were focused on rapid implementation of EHRs to achieve incentive payments from the HITECH Act, with less of a focus on patient safety. The health IT industry, the federal government, and other stakeholder agencies have taken notice. This chapter will provide background information in the area of health IT and patient safety as it has evolved. It will also review the government’s response in addressing issues perceived as originating from the use of health IT. Involvement by other professional organizations will be reviewed, followed by an offering of tools and resources that organizations can utilize in their practice settings to assist in ensuring health IT is as safe as possible. Since its publication in 1999, the Institute of Medicine’s To err is human has been a driving force for improvements in patient safety across the nation. The evidence cited clearly indicates the seriousness of the situation in terms of lives lost and money wasted as a result of errors that occur in our healthcare organizations. There have been multiple solutions offered, but a common and resounding theme focused on the use of technology and the application of EHRs with CPOE systems (Kohn, Corrigan, & Donaldson, 2000). Literature supporting the use of electronic records to reduce errors has evolved and includes multiple systematic reviews and stand-alone studies (Ammenwerth, Schnell-Inderst, Machan, & Sievert, 2008; Reckmann, Westbrook, Koh, Lo, & Day, 2009; Franklin, O’Grady, Donyai, Jacklin, & Barber, 2007; Shulman, Singer, Goldstone, & Bellingan, 2005). Evidence has demonstrated that they can reduce errors. This positive outlook has driven healthcare’s key stakeholders to proceed with continued development, adoption, and oversight, including EHR vendors, hospitals, ambulatory practices, home health agencies, longterm care facilities, and the federal government. With the signing of the ARRA in 2009, organizations became increasingly eager to adopt EHRs and receive sizeable incentive payments resulting in a rapid increase in adoption. In 2008, just 17% of physician offices and 9% of hospitals had at least a basic EHR. In 2015, 96% of hospitals and 78% of physician offices had adopted certified EHR technology (ONC, 2016). While published studies support the benefits and enhanced safety features that can be realized with an EHR along with a CPOE system, there have been articles published that indicate a potential negative side, one that points to the EHR as the actual cause of errors. A popular study that was published in the Journal of the American Medical Association by Koppel et al., in 2005, reported that CPOE systems facilitate medication errors. This article ran contrary to what most believed, but identified, using quantitative and qualitative methods, 22 types of medication error risks associated with the use of CPOE (Koppel et al., 2005). In a retrospective study by Walsh et al., researchers attempted to determine the frequency and types of pediatric medication errors attributable to design features in a CPOE system. The rate of identified computer-related errors was 10 errors per 1000 patient days, and the rate of “serious” computerrelated errors was 3.6 errors per 1000 patient days (Walsh et al., 2006). Another study highlights how an EHR perpetuated a deadly IV order of potassium that was left unchecked. In this case study, a patient received a total of 316 mEq of KCl over 42 hours even though all KCl orders during that time period were entered via a CPOE system (Horsky, Kuperman, & Patel, 2005). And in a study by Han et al. (2005), they observed an unexpected increase in mortality in a pediatric ICU that coincided with the implementation of their CPOE system. In a qualitative study by Campbell, Sittig, Ash, Guappone, and Dykstra, researchers attempted to identify the types of unintended consequences seen with the implementation of EHR systems with CPOE. This study involved an expert panel using an iterative process that took a list of adverse consequences of CPOE and sorted them into categories. One category labeled “Generation of New Kinds of Errors” indicated that new kinds of errors appear when CPOE is implemented. Examples of items in this category include juxtaposition errors when users select an item next to the intended choice; a wrong patient being selected; desensitization to alerts (alert overload or fatigue); confusing order option presentations; and system design issues with poor data organization and display. Users get frustrated trying to find the right spot to enter a particular data element and end up entering orders on generic screens or in free-text comment sections, bypassing any rules and alerts configured; all potentially leading to medication errors (Campbell, Sittig, Ash, Guappone, & Dykstra, 2006). While all of these studies, both positive and negative, provide valuable insight into how EHRs are configured, each one of them report limitations with the studies and admit that it would be difficult to generalize the findings. In 2009, recognizing the need to increase focus on implementing EHRs safely, the Office of the National Coordinator for Health Information Technology (ONC) requested that the Institute of Medicine (IOM—now the National Academy of Medicine) form a team of experts to assess the current state of EHRs and their ability to improve patient safety. In November 2011, the IOM published “Health IT and patient safety: Building safer systems for better care.” This 235-page document provided a comprehensive description of the state of EHRs and their ability to improve safety with a goal of making health IT-assisted care safer, putting our nation in the best position to realize the potential benefits of health IT (Committee on Patient Safety and Health Information Technology: Institute of Medicine, 2011). It provided the ten recommendations listed in Table 34.1. TABLE 34.1. IOM—Health IT and Patient Safety Recommendations After their review and analysis, the IOM panel of experts found little published evidence to quantify the magnitude of the risk, but believe that if designed and implemented inappropriately, EHRs could lead to unintended adverse consequences. They reported that literature on the topic was limited and lacked what was needed to truly define and assess the current status of health IT safety. They recognized the dissatisfaction with poor user interface design, poor workflow support, and complex data interfaces as being threats to patient safety. Also identified as a contributing factor to unsafe conditions was the lack of system interoperability and the need for clinicians to review data from multiple systems (Committee on Patient Safety and Health Information Technology: Institute of Medicine, 2011). It is clear in this report that there is need to develop strategies that standardize the reporting of health IT-related errors. The depth and breadth of the problem cannot be measured or analyzed when error reporting structures are heterogeneous, not mandated, and often swept under the carpet. There is also an emphasis on increasing the transparency in reporting from both vendors and system users as the industry learns and improves. It points out the need for a multifaceted approach and calls for vendor participation, IT user involvement, and governmental support and oversight. Safer implementation and use of health IT is a complex, dynamic process that requires a shared responsibility between vendors and healthcare organizations. The importance of this work was evident in one of the IOM recommendations, which requested the development of an action plan by the ONC within 12 months to ensure that improvements proceed in a strategic way. In July of 2013, ONC published a response to the IOM report in the form of the Health Information Technology Patient Safety and Action & Surveillance Plan (ONC, 2013a). They iterate the challenge of discerning if health IT is the true cause of a medical error given the limitations on the research. There are many unknowns and the need to clearly define health ITrelated errors of both omission and commission is still needed. For example, if allergy alerting in an EHR has not been configured or turned on, and a patient experiences an adverse allergy event, is that a health IT-related error? What about a scenario where a system user opens a patient list for an inpatient unit and the patient at the top of the list is already preselected by default? If orders are accidently placed on this patient, is that a health IT-related error? Many errors such as these have been identified, while many others are still lurking, yet to be recognized when a near miss or adverse event occurs. ONC’s action and surveillance plan addresses the need to focus on learning and assessing the current state prior to developing solutions. It calls for strong leadership at all levels to continue to take on the task of realizing the potential of these systems that can improve patient safety to inspire confidence and trust in health IT. The ONC plan revolves around three key areas: learning, improving, and leading. Recognizing the fact that there is much to learn in this area, the ONC aims to increase the quantity and quality of data and knowledge about health IT safety. While organizations may internally discover, report, and correct health IT-related errors, there lacks a standard methodology for reporting that will benefit patients at large. The establishment of processes and mechanisms that facilitate reporting among users and vendors of health IT is recommended, along with strengthening the use of state and national patient safety organizations (PSOs) to help collect and report on these issues. In addition, it is recognized that not only do we need standard terminologies to report health IT-related errors, but we need processes to report them centrally and a method to aggregate and analyze the data. The goal is to make it easy for clinicians to report patient safety events to PSOs using standard terminologies such as the Agency for Healthcare Research and Quality’s (AHRQ) Common Formats, discussed later in this chapter (AHRQ, 2017). The ONC proposes to support PSOs in their work to collect, aggregate, and analyze the data related to health IT safety. Other improvement efforts considered important and included in the plan address the need to incorporate safety into certification criteria for health IT software as well as into education and training on the safe use of health IT for all healthcare professionals. The need to support health IT research and the development of tools is also emphasized. ONC has begun work in this area by contracting with research teams to develop tools that can be implemented by organizations that use these systems as well as vendors who produce them. Some of these tools will be described later in this chapter. On a broader scale, ONC continues their health IT patient safety efforts via the Centers for Medicare & Medicaid Services’ (CMS) new payment model as part of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). With the introduction of MACRA, the Medicare EHR adoption incentive program, commonly referred to as “Meaningful Use,” was transitioned to become a component of the new Merit-based Incentive Payment System (MIPS). Clinicians no longer participate in the meaningful use program where substantial proof and cumbersome reporting of safety features of an EHR were required. In CMS’s new Quality Payment Program (QPP), performance categories, including Advancing Care Information and Quality Measures Reporting in MIPS, provide incentives to clinicians to use certified EHR technology (Office of the National Coordinator for Health Information Technology, 2010). In addition, ONC continues to establish priorities in health IT safety through alignment with CMS’s Partnership for Patients and Patient’s Over Paperwork initiatives (CMS, 2019a, 2019b). To provide the best available evidence and practices related to the safe use of health IT, ONC and other organizations have developed many resources and tools that can be employed to identify and mitigate safety risks. The following sections will provide information about these safety organizations and share several resources and tools for healthcare organizations and informatics leaders to embed into their safety programs as they address the safe use of health IT. With the Office of the National Coordinator for Health IT being our premier organization to address the safe use of health IT, it comes as no surprise that they offer several resources. The Guide to reducing unintended consequences of electronic health records is an online resource designed to help organizations anticipate, avoid, and address problems that can occur when implementing and using an EHR (Jones et al., 2011). The purpose of developing the guide was to provide practical knowledge and troubleshooting tools. The guide provides multiple resources and addresses both current and future EHR users. It includes information on how to survive a system downtime along with tools to conduct surveys. Tutorials for conducting a failure modes and effects analysis (FMEA) and a root cause analysis (RCA) are also available from this site. Real-world case examples are provided on safety-related topics along with potential remediation solutions to several challenges in health IT (Jones et al., 2011). ONC hopes that this guide will provide a solid foundation for ongoing improvement and safety in the use of health IT. It is available to the public at https://www.healthit.gov/unintended-consequences/ The Safety Assurance Factors for EHR Resilience or “SAFER” guides are another resource through the ONC (ONC, 2013b). There are nine SAFER guides organized into three categories. These guides enable healthcare organizations to conduct self-assessments of their EHR safety in a variety of areas. The guides identify recommended practices to optimize the safety and safe use of EHRs. Each guideline contains a listing of recommended practices. See Table 34.2 for the categories and high-level descriptions of the nine guides. These recommended practices are broken down in each guide and include associated rationale with any available evidence, suggested sources of input for reviewing the practice, and examples of potentially useful practices or scenarios. An emphasis is placed on the need to review and analyze these recommendations with all key stakeholders at the table. A multidisciplinary approach with IT staff, clinicians, risk managers, administrators, and other appropriate team members all at the table is believed to be ideal for the success of working through these guides (ONC, 2013c). These are also available to the public and can be found at https://www.healthit.gov/topic/safety/safer-guides TABLE 34.2. SAFER Guides In addition to the many areas of healthcare that AHRQ participates in, they have taken a significant interest in the area of health IT over the past several years in partnership with the ONC. One area of focus has been the development of what are called “Common Formats” for reporting patient safety events. Their vision, along with the ONC, is that the reporting of health IT safety issues will occur not just at the organizational level, but at the national level as well. In using the Common Formats for reporting, it is hoped that standardized aggregate data will provide valuable analysis and trending that can lead to more focused efforts and significant improvements in patient safety. To assist in this effort, many states have now formed PSOs that have emerged as part of the Patient Safety and Quality Improvement Act of 2005. At present, there are over 80 PSOs listed by AHRQ with many of these serving at the national level. It is these organizations that will help in the collection of data on patient safety and submit nonidentified data to AHRQ’s Network of Patient Safety Databases (NPSD) (AHRQ, 2019). In addition to the PSOs, providers and other entities can voluntarily contribute nonidentified patient safety events to the NPSD. The Common Formats for standardized reporting of health IT-related errors are not found on AHRQ’s Web site, but on the PSO Privacy Protection Center’s Web site, and are a bit challenging to find (AHRQ, 2019). Descriptions with code numbers that are identified as contributing factors to health IT safety issues are listed and can be used when reporting incidents, near misses, and unsafe conditions. For example, a “Near Miss (1.1.2)” related to a “Device or Medical/Surgical Supply (1.2.3)” that occurred in an “Inpatient general care area (2.2.1)” with a contributing factor of “Health Information Technology (2.3.9)” related to an “Automated dispensing system (2.3.9.2)” could be captured, coded, and reported for aggregate analysis across multiple organizations to look for prevalence, trends, and effectiveness of improvement efforts. As software evolves to more efficiently capture health IT safety events, it is hoped that Common Formats will be utilized as the norm to aid in our learning as we continue to improve our clinical systems. In 2011, after extensive beta testing, AHRQ announced the completion of another tool called the Health IT Hazard Manager. It was envisioned as a tool to give healthcare organizations a method of capturing and managing hazard data in software that includes near miss errors and actual errors (AHRQ Hazard Manager, 2012). The AHRQ tool, funded with a $750,000 grant led by Abt Associates with the ECRI Institute and Geisinger Health System’s Patient Safety Institute, was not created to allow health care organizations to share data collected with the tool nationally, but to see only their reports. Vendors, however, would receive safety reports relevant to their products. According to AHRQ, health care organizations, vendors, policymakers, and researchers would be able to request access to view de-identified, collective reports of hazard attributes (AHRQ, 2012). The terms used in the Hazard Manager are mapped to those in the Common Formats so that data can be aggregated and analyzed. While the Hazard Manager tool itself has not been released due to a lack of ongoing funding, the research surrounding its development is available for those interested in health IT safety and its reporting. The terms used in this tool can be embedded in an organization’s health IT safety program for a more detailed and granular understanding of the cause of health IT-related errors. While the U.S. Food and Drug Administration (FDA) has been concerned with patient safety since its inception, they have only recently explored the area of EHRs. For decades, the FDA has received several hundred thousand medical device reports (MDRs) of suspected device-associated deaths, injuries, or system malfunctioning. These MDRs have been entered into the Manufacturer and User Facility Device Experience or MAUDE database for centralized housing, analysis, and reporting since 1991 (Food and Drug Administration, 2019). MAUDE can be accessed by the public and is used for reporting and analysis of medical device problems. A limitation of this database is its age. Due to its legacy status, its capabilities to conduct real-time reporting and analysis are limited, hindering attempts to discover unknown adverse events. The limitations of the database, in turn, affect its ability to generate and evaluate evidence. There have been discussions about replacing this system with a newer, more robust database, but currently, MAUDE is still in use. In July 2012, Congress enacted the Food and Drug Administration Safety and Innovation Act (FDASIA). Section 618 of FDASIA instructs the Secretary of HHS, acting through the FDA Commissioner and in collaboration with ONC and the Federal Communications Commission (FCC) to issue a report (by January 2014) on a proposed strategy that includes recommendations on an appropriate risk-based regulatory framework for health IT. The proposed strategy was published in April 2014 and identified three categories of health IT: (1) administrative health IT functions, (2) health management health IT functions, and (3) medical device health IT functions (Food and Drug Administration, 2014). Recommendations in the report focus primarily on a risk-based framework within the category of health management health IT functionalities such as data capture, data management, clinical decision support, medication management, provider order entry, and patient identification and matching. The framework identifies four top priority areas of focus, along with recommended steps to continue to realize the safety benefits of health IT. These four areas are (1) promote the use of quality management principles, (2) identify, develop, and adopt standards and best practices, (3) leverage conformity assessment tools, and (4) create an environment of learning and continual improvement. The intent is for the framework to promote innovation, protect patient safety, and avoid regulatory duplication. To oversee and advance the work proposed in these strategies, the FDA and collaborating agencies have identified an additional key component of the health management health IT framework: the creation of a Health IT Safety Center. The Health IT Safety Center would be a public–private entity created by ONC, in collaboration with FDA, FCC, and the AHRQ, with the involvement of other federal agencies, and other health IT stakeholders. The Health IT Safety Center would be responsible for convening stakeholders to focus on the recommended activities in the framework that promote health IT as an integral part of patient safety and support a learning system (Food and Drug Administration, 2014). While the Health IT Safety Center has yet to be funded, ONC has consolidated much of the federal government’s resources on their Health IT Safety Web page that is available to the public at https://www.healthit.gov/topic/health-it-safety. The Institute for Safe Medication Practices (ISMP) is devoted entirely to medication error prevention and safe medication use. They have been in existence for over 30 years, helping healthcare practitioners keep patients safe. Their mission is to lead efforts to improve the medication use process. They have published multiple guidelines and tips for the designers of EHRs as they configure medication orders and order sets. One such resource, the Guidelines for standard order sets, provides a five-page checklist that allows organizations to configure and to evaluate the safety of their CPOE systems (Institute for Safe Medication Practices, 2010). This guide includes recommendations in several categories including format, content, approval, and maintenance specific criteria for IV/Epidural solutions and medications. See Table 34.3 for just a few of the guidelines published in this comprehensive document. System builders implementing these guidelines can position their organization to take advantage of the safety benefits that an electronic record provides. TABLE 34.3. ISMP Guidelines for Standard Order Sets (Examples)
34
Health Information Technology: Striving to Improve Patient Safety
INTRODUCTION
BACKGROUND—HEALTH IT SAFETY
NATIONAL HEALTH IT SAFETY INITIATIVES
Institute of Medicine—Health IT and Patient Safety Report
Office of the National Coordinator for Health Information Technology—Safety Plan
HEALTH IT SAFETY ORGANIZATIONS AND RESOURCES
Office of the National Coordinator for Health IT
Agency for Healthcare Research and Quality
Food and Drug Administration
The Institute for Safe Medication Practices