ONC's Christmas Confessional on Health IT Safety: "HIT Patient Safety Action & Surveillance Plan for Public Comment"

This time of year is certainly appropriate for a confessional on the health IT industry and hyperenthusiasts' sins.

In the first report I've seen that seems genuinely imbued with a  basic level of recognition of social responsibility incurred by conducting the grand human subjects experiment known as national health IT, ONC has issued a Dec. 21, 2012 report "Health Information Technology Patient Safety Action & Surveillance Plan for Public Comment." It is available at this link in PDF.

Statements are made that have appeared repeatedly since 2004 at this blog, and my health IT difficulties site that went online years before this blog (1998 to be exact); it is possible through my early writing and that of like-minded colleagues that we were the origin of most of these memes.  We wrote them with the result of bringing much scorn upon ourselves. After all, "how could health IT possibly not be a panacea?" was the "you are an apostate" attitude I certainly experienced (e.g., as in my Sept. 2012 post "The Dangers of Critical Thinking in A Politicized, Irrational Culture").

Observations echoed in the new ONC report:

  • "Just as health IT can create new opportunities to improve patient care and safety, it can also create new potentials for harm."
  • Health IT will only fulfill its enormous potential to improve patient safety if the risks associated with its use are identified, if there is a coordinated effort to mitigate those risks, and if it is used to make care safer.
  • Because health IT is so tightly integrated into care delivery today, it is difficult to interpret this initial research [such as the PA Patient Safety Authority study  - ed.], which would seem to suggest that health IT is a modest cause of medical errors. However, it is difficult to say whether a medical error is health IT-related. [Not emphasized, as I wrote here, is the issue of risk when, say, tens of thousands of prescriptions are erroneous due to one software bug, a feat impossible with paper - ed.]
  • The proper steps to improve the safety of health IT can only be taken if there is better information regarding health IT’s risks, harms, and impact on patient safety.

Suggested steps to be taken include:

  • Make it easier for clinicians to report patient safety events and risks using EHR technology.
  • Engage health IT developers to embrace their shared responsibility for patient safety and promote reporting of patient safety events and risks. [I am frankly amazed to see this admission.  In the past, that sector excused itself entirely on the basis of the "learned intermediary" doctrine and "hold harmless" clauses; where the clinician is an all-knowing Deity between computer and patient.  I've been writing for years, however, that the computer is now the intermediary between clinician and patient since all care 'transactions' have to traverse what is now an enterprise clinical resource and clinician control system - ed.]
  • Provide support to Patient Safety Organizations (PSOs) to identify, aggregate, and analyze health IT safety event and hazard reports.
  • Incorporate health IT safety in post-market surveillance of certified EHR technology
  • Align CMS health and safety standards with the safety of health IT, and train surveyors.
  • Collect data on health IT safety events through the Quality & Safety Review System (QSRS).
  • Monitor health IT adverse event reports to the Manufacturer and User Facility Device Experience (MAUDE) database. [I've been promoting the use of MAUDE for just that purpose, and much more regarding documenting and reporting on mission-hostile health IT; see this post - ed.]

These steps are to be taken in order to "Inspire Confidence and Trust in Health IT and Health Information Exchange."

The title of my keynote address to the Health Informatics Society of Australia this summer was, in fact, "Critical Thinking on Building Trusted, Transformative Medical Information:  Improving Health IT as the First Step".

My thoughts on this report:

  • It is at least two decades overdue.
  • It was produced largely if not solely due to the pressure of the "HIT apostates", finally overcoming industry memes and control of information flows through great perseverance.
  • It is indeed a confessional of the sins committed by the health IT industry over those decades.  Creating, implementing and maintaining mission critical software in a safety-cognizant way is not, and was not, a mystery.  It's been done in numerous industries for decades.
  • It is still a bit weak in acknowledging the likely magnitude of under-reporting of medical errors, including HIT-related, in the available data, and the issue of risk vs. 'confirmed body counts' as I wrote at my recent post "A Significant Additional Observation on the PA Patient Safety Authority Report -- Risk".
  • It is unfortunate that this report did not come from the informatics academic community in the United States, i.e., the American Medical Informatics Association (AMIA).  AMIA's academics have done well in advancing the theoretical aspects of the technologies, and how to create "good health IT" and not "bad health IT."  However, they have largely abrogated their social responsibilities and obligations, including but not limited to those of physicians, in ensuring the theories were followed in practice by an industry all too eager to ignore academic research (which, in order to follow, utilizes money and resources and reduces margins).
(On the latter point, just last week did the American College of Medical Informatics [ACMI] refuse to permit me to be a speaker at their early 2013 annual retreat despite support from some of its members.)

And this:

  • If the industry and the academics had been doing their job responsibly, I might be spending this Christmas and New Years's holiday with my mother, rather than visiting her in the cemetery.

All that said, the report is welcome.

Finally, it is hoped - and expected - that public comments will indeed be "public", and that any irregularities in such comments (such as appeared in the public comments period for MU2 due to industry ghostwriting as in my Aug. 2012 post "Health IT Vendor EPIC Caught Red-Handed: Ghostwriting And Using Customers as Stealth Lobbyists - Did ONC Ignore This?" and Sept. 2012 post "Was EPIC successful in watering down the Meaningful Use Stage 2 Final Rule?") will be reported and acted upon in an aggressive manner.

And finally, from the Healthcare Renewal blog, Merry Christmas.

-- SS