March 2, 2009
Healthcare Technology — It’s Not Foolproof
By Elizabeth S. Roop
For The Record
Vol. 21 No. 5 P. 10
Often viewed as a cure-all for what ails the healthcare industry, HIT still has the potential to create its own set of errors if hospitals are ill prepared.
Health information and converging technologies can play a significant role in improving the nation’s healthcare system, but only if they are properly designed and implemented and appropriate consideration is given to the impact they can have on care processes, workflow, and safety. That was the message sent by The Joint Commission last December with the release of a Sentinel Event Alert about safely implementing HIT and converging technologies.
“Clearly, technologies like these and others can be powerful agents of improvement in healthcare, but we have to recognize that healthcare can’t do what many other industries have done in order to get to higher levels of safety and quality, and that is to perfect a process and then automate it from start to finish, completely eliminating people from that process,” says Joint Commission President Mark R. Chassin, MD, MPP, MPH. “We can’t take people out of the provision of healthcare and replace them completely with automated processes. We need to use technology and other information tools to make healthcare better, but we have to be mindful of the safety risks and preventable errors that technology can create or perpetuate.”
While the alert brought attention to the need to be mindful of technology-related safety risks and preventable errors, it was far from breaking news in the healthcare provider and vendor communities. The industry has historically placed a high priority on improving patient safety and reducing preventable errors. The introduction of technology into the mix has not altered that focus, although it has added new layers of complexity.
“I believe that patient safety and preventable errors are a top priority for providers, and I believe that they recognized the need to manage, if not eliminate, the introduction of new risks into the healthcare delivery process,” says Helen Oscislawski, an attorney with Fox Rothschild LLP practicing corporate and healthcare law. “However, some ‘new risks’ may be inherent to HIT and not capable of being completely eliminated. Thus, there could be a trade-off in certain respects where HIT will eliminate some risks that are inherent to the current paper system but introduce different ones. The goal and hope, however, is that the net patient-safety risk will be, on the whole, an improved aspect of healthcare delivery with the use of HIT.”
The Human Element
In its alert, The Joint Commission warned that HIT’s overall safety and effectiveness is dependent on the individuals who utilize it. Indeed, technology-related adverse events, which are often errors of either commission or omission, typically arise from the interactions between humans and the technology or the design of the system or organization.
Improperly designed, implemented, or misinterpreted HIT can put patients at risk, particularly in instances where clinicians and other staff members are not included in the planning process or when providers do not consider the impact of technology on care processes, workflow, and safety.
“Patient safety can be jeopardized when technology is not carefully planned, integrated, fixed, or updated. Most importantly, a process has to be very carefully examined and almost perfected before one attempts to turn a computer on to automate it,” says Chassin. “Computers don’t make us less stupid. They make us stupid faster, and if we don’t understand that, we can get errors and problems to patients much more quickly.”
Though data on the prevalence of adverse events that can be tied directly to HIT are limited, The Joint Commission highlighted the nearly 180,000 medication error records for 2006 that are included in the U.S. Pharmacopeia MEDMARX database. Of those, approximately 25% involved some aspect of computer technology as at least one cause of the error.
Most of the harmful technology-related errors involved mislabeled bar codes on medications (5%), information management systems (2%), and unclear or confusing computer screen displays (1.5%). The remaining errors were related to dispensing devices, computer software, failure to scan bar codes, computer entry other than computerized physician order entry (CPOE), CPOE itself, and overrides of bar code warnings.
The Joint Commission identified a number of additional factors contributing to technology-related safety risks and preventable errors, including the following:
• inadequate technology planning and failure to include frontline clinicians in the planning process;
• failure to consider best practices, costs, and resources needed for ongoing maintenance or to consult product safety reviews, alerts, or the previous experience of others;
• failure to identify and correct latent problems or flawed processes with existing manual systems;
• an overreliance on vendor advice, without the oversight of an objective third party;
• failure to quickly fix technology when it becomes counterproductive; and
• systems that are not properly integrated or updated consistently.
To reduce the risk of errors related to HIT and converging technologies, The Joint Commission recommended that healthcare organizations take 13 specific steps (see sidebar below), including identifying and resolving risks in how clinicians and others carry out their work, prior to implementing technology.
“It starts with creating and utilizing policies and procedures for which specific individuals are authorized and responsible for overseeing technology strategy, evaluating and implementing technology, providing education about technology, and keeping a focus on safety as it relates to technology,” says Peter B. Angood, MD, vice president and chief patient safety officer for The Joint Commission. “This sounds basic, but it is fundamental to creating the foundation for safety as it relates to technology.”
Other strategies include continually seeking ways to improve safety and discover errors, avoiding distractions for staff using technology, monitoring and reporting errors and near misses to find the causes, and protecting the security of information.
Blurry Lines of Responsibility
The Joint Commission guidelines provide a framework for mitigating the risks that HIT can introduce into the patient care process. But they also raise a common question when discussing IT selection, planning, and implementation: Who is ultimately responsible for ensuring that technology is safe?
There is no clear answer to this question. While in most cases, the vendor is responsible for ensuring that the technology functions safely and as advertised and does not malfunction, the provider is ultimately responsible for ensuring that it is properly and safely used in the patient care process.
“In the end, there has to be a meaningful joint effort by provider and vendors to find the right fit and formulas,” says Oscislawski. “If the HIT vendor is expected to do more than simply deliver and install the purchased software, then this should be negotiated up front and spelled out in the terms of the final agreement.”
William Hudson, CISA, a solutions director with the international IT solutions and services company CTG HealthCare Solutions, believes that vendors are responsible for making sure patient safety issues are adequately managed within the boundaries of their software. However, providers are responsible for managing safety issues that arise from the interactions between the disparate technologies implemented within their organization.
“This doesn’t, however, let vendors off the hook in terms of tracking safety interactions issues between their technology and other vendor technologies across their install base. Their broad exposure to a greater array of system interactions puts them in a position to educate and, in some cases, warn their clients,” he says. “However, ultimately, the provider has responsibility to ensure the effectiveness and safety of the care they provide, and that includes testing, validating, and continual monitoring of the interactions between the systems that they implement.”
Hudson notes that while vendors should take the lead when helping their client organization plan, test, and implement HIT safely, eradicating technology-related risks and preventable errors has implications that go beyond individual facilities and applications.
He suggests that the industry will benefit from the establishment of protocols for determining which issues are specific to an individual facility’s use of an application or when it is a situation that has the potential to impact a much broader segment of the industry.
For example, vendors frequently provide software updates to fix bugs, add new features, and increase functionality. But those updates can create interactions that weren’t identified during routine testing, thus creating a situation that may have an impact on other organizations that are utilizing the same application in a similar manner.
“Vendors need to provide multiple communication channels to keep their clients updated on issues and interactions as they arise, and providers need to train their clinicians on how to identify harmful technology variances when they occur,” says Hudson. “Provider organizations need to be responsible to track the alerts from their technology providers and from their clinicians and evaluate each of them to determine how they impact their deployed solutions and how to address them if they do.
“This is a complex issue by its very nature,” he adds. “We need a process to collect and report adverse technical interactions across the industry, so we can measure how broadly this issue impacts different provider types and determine if a more formal, industrywide mandated approach is necessary to ensure patient safety.”
— Elizabeth S. Roop is a Tampa, Fla.-based freelance writer specializing in healthcare and HIT.
The Joint Commission’s 13 Suggested Actions
Listed below are the 13 suggested actions spelled out in The Joint Commission’s Sentinel Event Alert to help prevent patient harm related to the implementation and use of HIT and converging technologies.
1. Examine workflow processes and procedures for risks and inefficiencies and resolve these issues prior to any technology implementation. Involving representatives of all disciplines—whether they be clinical, clerical, or technical—will help in the examination and resolution of these issues.
2. Actively involve clinicians and staff who will ultimately use or be affected by the technology, along with IT staff with strong clinical experience, in the planning, selection, design, reassessment, and ongoing quality improvement of technology solutions, including the system selection process. Involve a pharmacist in the planning and implementation of any technology that involves medication.
3. Assess your organization’s technology needs beforehand (eg, supporting infrastructure, communication of admissions, discharges, transfers). Investigate how best to meet those needs by requiring IT staff to interact with users outside their own facility to learn about real-world capabilities of potential systems, including those of various vendors; conduct field trips; and look at integrated systems (to minimize reliance on interfaces between various vendor systems).
4. During the introduction of new technology, continuously monitor for problems and address any issues as quickly as possible, particularly problems obscured by workarounds or incomplete error reporting. During the early postlive phase, consider implementing an emergent issues desk staffed with project experts and champions to help rapidly resolve critical problems. Use interdisciplinary brainstorming methods for improving system quality and giving feedback to vendors.
5. Establish a training program for all types of clinicians and operations staff who will be using the technology and provide frequent refresher courses. Training should be appropriately designed for the local staff. Focus training on how the technology will benefit patients and staff (ie, less inefficiency, fewer delays, and less repeated work). Do not allow long delays between orientation and system implementation.
6. Develop and communicate policies delineating staff authorized and responsible for technology implementation, use, oversight, and safety review.
7. Prior to taking a technology live, ensure that all standardized order sets and guidelines are developed, tested on paper, and approved by the Pharmacy and Therapeutics Committee (or institutional equivalent).
8. Develop a graduated system of safety alerts in the new technology that helps clinicians determine urgency and relevancy. Carefully review skipped or rejected alerts as important insight into clinical practice. Decide which alerts need to be hard stops when using the technology and provide appropriate supporting documentation.
9. Develop a system that mitigates potential harmful computerized physician order entry drug orders by requiring departmental or pharmacy review and sign off on orders that are created outside the usual parameters. Use the Pharmacy and Therapeutics Committee (or institutional equivalent) for oversight and approval of all electronic order sets and clinical decision support alerts. Ensure proper nomenclature and printed label design, eliminate dangerous abbreviations and dose designations, and ensure medication administration record acceptance by nurses.
10. To improve safety, provide an environment that protects staff involved in data entry from undue distractions when using the technology.
11. After implementation, continually reassess and enhance safety effectiveness and error-detection capability, including the use of error tracking tools and the evaluation of near-miss events. Maximize the potential of the technology in order to maximize the safety benefits.
12. After implementation, continually monitor and report errors and near misses or close calls caused by technology through manual or automated surveillance techniques. Pursue system errors and multiple causations through the root-cause analysis process or other forms of failure-mode analysis. Consider reporting significant issues to well-recognized external reporting systems.
13. Reevaluate the applicability of security and confidentiality protocols as more medical devices interface with the IT network. Reassess HIPAA compliance on a periodic basis to ensure that the addition of medical devices to your IT network and the growing responsibilities of the IT department haven’t introduced new security and compliance risks.