IT and patient safety – demands for a change in culture

Two studies on information technology and patient safety were released in the US in April 2018.
The first, by ECRI Institute and its Partnership for Health IT Patient Safety stakeholder collaborative, takes a searching look at the hidden risks of healthcare IT (information technology) systems.
The second report, by Pew Charitable Trusts, focuses on electronic health records (EHRs), and is based on its long-standing view that in spite of more than 30 billion dollars (£25 billion) of federal health IT investment over the past decade, the transition from paper to electronic records has yet to reach its potential to enhance healthcare coordination and improve patient safety.
Both studies call for a much greater degree of proactivity to anticipate problems before they run out of control. Interestingly, there also seem to be several parallels in their respective analyses of the challenges.

A broad-based look at patient safety
One of the first priorities for healthcare organizations is to tie health IT into existing patient safety initiatives. The challenges that exist whenever older systems are updated or replaced, or integrated with successor technologies, can ideally become learning opportunities. However, this requires the organization to have a collaborative management culture that makes initiatives such as IT safety and other best practices part of their daily workflow.
Both the ECRI and Pew are emphatic about the need for collaboration. ECRI lays down specific recommendations on obtaining feedback from stakeholders (patients, payers, cybersecurity experts, regulators, providers and others). The Pew report also maintains that collaboratively gathering inputs from across the healthcare stakeholder spectrum is critical to improve patient care and reduce provider burden in the context of EHR use.

Tip of the iceberg
The ECRI Safe Practice Recommendations begin with an ominous warning – that the known universe of IT-related safety problems are likely to be just the tip of the proverbial iceberg. The net risk from such issues is that a variety of bugs are lurking beneath the surface, and, in the ECRI’s view, pose permanent dangers to patients. Such risks, in turn, are compounded by the sharp growth in recent years of ransomware and other cybersecurity threats which seek to exploit loopholes in codes. For ECRI, this is a key reason why both providers and vendors need to make health IT safety an integral part of their overall patient safety program.

The ‘over’-customization quandary
In general, the roots of healthcare IT problems stretch back to the 1980s and 1990s when demands for customization led to ad-hoc rewriting of legacy programs, so as to avoid loss of functionalities. So-called patches, as part of platform updates, also sought to retain some of these functionalities, many of which had been proven – or otherwise become indispensable – over the years.  During this process, poor documentation of code changes was commonplace. In addition, since legacy systems faced many problems communicating with one another across their proverbial silos, layers of integrative middleware were added in sequence until they became cluttered and unmanageable.
Many such concerns are reflected by Pew. Over customization, auto-refresh mix-ups and unclear default settings with EHRs, as well as alert fatigue, can all result in patient harm.
An earlier Pew report in December 2017 had explained that safety problems could be caused by the very design of an EHR system (e.g. complex interfaces and guidance terminology) or by its customization during implementation and adaptation. Like the middleware in an IT system, Pew explains that an EHR “interface that is cluttered may cause confusion or an inability to locate key information, whereas an overly bare display may force the clinician to search for information in multiple places.”
Indeed, some of the reasons for risky over-customization of EHRs directly reflect those made during program rewrites to legacy IT systems in the 1980s and 1990s.
As the Pew study observes, healthcare facilities often work with vendors to customize certain aspects of their EHR system which fit their workflow, for example by displaying data which is critical for specific clinicians at a particular facility. However, it warns, such customizations “may not have undergone rigorous testing and could lead to unintended safety consequences.”

Specific risks with EHRs
The Pew report highlights a range of specific risks. One of the most commonplace may consist of mix-ups in auto-refresh of patient lists when EHRs revert to the default view. In such cases, providers can inadvertently make medical decisions based on another patient, rather than the one being treated, if they do not realize the system has just refreshed a particular list.
Default EHR settings are also seen as a specific danger for medication dosages. Healthcare providers may think they are ordering a fixed dose of a particular drug, while what they enter instead “is multiplied by the patient’s weight, potentially contributing to overdoses,” Pew notes.
Yet another problem consists of incomplete laboratory results, which can result in erroneous medical decisions since a provider lacks complete information on a particular patient. In effect, physicians may fail to realize that not all lab results are displayed on a screen, or that results may have been delayed – among other reasons, because samples might still be undergoing testing.

In its recommendation to integrate health IT safety into a broader safety program, the ECRI report also pointed explicitly to the rise in duplicate medication errors after a new EHR implementation. Contributing factors include the design of the EHR as well as the occurrence of task-related changes (such as multiple persons entering orders for the same patient at the same time).
Other EHR-related problems mentioned as cases by ECRI included data entry of a pediatric patient’s weight in pounds rather than kilograms – followed by erroneous medication dose, incorrect alert responses due to the simultaneous opening of multiple patient charts, the inability to account for problems such as a pending swallow evaluation before a dietary order, or an allergy to eggs which contraindicate propofol.
Some of the most frequent EHR problems concerned mix-ups of patients, in one instance due to two having the same name !

New safety approaches: collaboration and workflow integration
Beyond EHRs, as the hitherto-unknown problems in the health IT iceberg become more apparent with time, users are advised by the ECRI to collaborate in order to integrate and embed new safety practices into their daily workflow. Suggestions include the provision of inc entives for actively working together on safety-related efforts, and to learn and share analysis of near-misses and other hazards, as well as workaround strategies.

Pew too had stressed the importance of collaboration for improved EHR use, in its December 2017 report.  One way towards this is to bring stakeholders together to share data on patient safety incidents and do this in a “nonpunitive environment.” After this, stakeholders can be encouraged to “develop solutions for common and significant usability issues.”
Pew also suggests that safety tests on functionality and usability are conducted by entities throughout the entire EHR life-cycle – from development and after implementation. Such a process should bring together developers, IT professionals, clinicians, nurses and pharmacists – in essence, every one using the EHR system.
Pew cautions that one specific area for attention is alert fatigue (due to too many unnecessary or false alerts). This can result in genuine life-saving warnings being missed. One concrete means to avoid such conundrums is by designing EHR systems to specifically verify and red flag certain potential problems (e.g. dangerous drug interactions with different medications).

The need for encouraging a collaborative culture to enhance healthcare IT safety has also been identified in Europe. In 2015, a team led by Solvejg Kristensen at Denmark’s Aalborg University studied the association of quality management systems with teamwork and safety from seven European countries. Although they found different approaches to quality management systems and to perceptions of teamwork and safety climate, they noted the importance of organizations investing in leadership, time, capital and technical expertise to attain continuous quality improvement and enhance patient safety.
Indeed, at whichever facet of the healthcare technology spectrum one looks at, proactive, meaningfully structured collaboration may be the only way to achieve a unified vision of safe health IT and a wider culture of safety in the health enterprise.
As healthcare IT becomes increasingly pervasive, such concerns are bound to demand increasing attention.
The National Patient Safety Foundation and IHI
Many of these issues – in terms of both challenge and response – were the subject of a set of eight recommendations made in 2015 in a report from the National Patient Safety Foundation (NPSF) in the US to ensure “that technology is safe and optimized to improve patient safety”. The recommendations are as follows:

  1. Ensure that leaders establish and sustain a safety culture
  2. Create centralized and coordinated oversight of patient safety
  3. Create a common set of safety metrics that reflect meaningful outcomes
  4. Increase funding for research in patient safety and implementation science
  5. Address safety across the entire care continuum
  6. Support the healthcare workforce
  7. Partner with patients and families for the safest care
  8. Ensure that technology is safe and optimized to improve patient safety

European initiatives
In 2016, the NPSF added that it was also important  to make health IT-related patient safety an organizational priority by securing management commitment, and to develop an environment which was “conducive to  detecting, fixing and learning from system vulnerabilities.”
The NPSF was merged with the Institute for Healthcare Improvement (IHI) last year, and some of its initiatives are likely to be transferred to Europe via the IHI Health Improvement Alliance Europe (HIAE), which aims to improve work processes and create new delivery models relevant to European health systems. The HIAE has already established connections with professional societies in several countries, including Britain, Denmark and Belgium.
One good example of HIAE efforts is the The Platform for Continuous Improvement of Quality of Care and Patient Safety (PAQS), a Belgium-based initiative which aims to consolidate relationships between various stakeholders in healthcare in order to work together, in a consistent and cohesive manner.
Other facets of IHI which are expected to make a mark in Europe include the so-called Open School Online Courses. Several of these are directly concerned with IT-focused elements of patient safety and the need to build a culture of safety in a health organization.