One of the most sacred maxims in health care is "first, do no harm." Following this principle, the federal government has taken a number of steps to balance patient safety with its promotion of widespread adoption of health IT to improve care.
As part of this effort, the Office of the National Coordinator for Health IT asked the Institute of Medicine to explore the effect of health IT on patient safety and to define the roles of the public and private sectors in ensuring safe and effective health IT use. On Nov. 8, IOM released its recommendations in a report titled, "Health IT and Patient Safety: Building Safer Systems for Better Care."
How best to protect patients from health IT-related harm is an important policy issue that has been the subject of considerable debate. Unlike pharmaceuticals and medical devices, health IT tools are not currently subject to comprehensive safety review.
Some have suggested that ONC -- which is responsible for coordinating the development of a national health IT infrastructure and promoting use of health IT -- should oversee health IT safety. Others have suggested that FDA is best suited to ensure health IT safety.
As the IOM report acknowledged, the level of safety risk associated with health IT tools is unclear, although case reports suggest that poorly designed health IT tools can create new hazards in the delivery of care, such as the loss or corruption of vital patient data.
However, there is industry concern that FDA regulation could slow health IT innovation. The IOM report noted that the "current FDA framework is oriented toward conventional, out-of-the-box, turnkey devices. However, health IT has multiple different characteristics, suggesting that a more flexible regulatory framework will be needed in this area to achieve the goals of product quality and safety without unduly constraining market innovation."
IOM did not take a definitive position on the question of whether health IT tools should be subject to comprehensive, FDA-type regulation. Instead, IOM recommended that Congress create an independent federal entity to investigate patient safety deaths, serious injuries or potentially unsafe conditions associated with health IT and that FDA exert its regulatory authority only if HHS determines that progress toward safety and reliability is insufficient.
Major Themes From IOM Recommendations
ONC asked IOM to examine a variety of patient safety topics, including how to reduce health IT-related safety concerns, as well as the role of private-sector groups (e.g., accreditation bodies and professional societies) and federal government agencies in ensuring health IT safety. IOM's recommendations apply to electronic health records, patient engagement tools, such as personal health records and patient portals, and health information exchanges.
In general, IOM noted that because health IT is not used in isolation and instead is part of a larger "sociotechnical" system that also includes people, organizations and processes, safety emerges from the interactions of these factors. Thus, safety analyses should not look for a single "root cause" of problems but should consider the system as a whole; health IT vendors, users, government and the private sector all have roles to play.
While IOM made 10 recommendations, four main themes emerge. First, fostering a system-based approach is key. According to IOM, creating safer systems begins with user-centered design principles and includes adequate testing and quality assurance conducted in real or simulated clinical environments. Designers and users of health IT should work together to develop, implement, optimize and maintain health IT tools.
Second, health IT vendors and users must be able to freely share safety information. The ability to generate, develop and share details of safety risks is essential for health care providers to choose health IT tools that best suit their needs. Non-disclosure clauses in health IT vendor contracts can discourage users from sharing information and should be limited. Comparative user experiences with health IT should be publicly available.
Third, standards, measures and criteria for safe use of health IT are necessary. Without them, it is difficult to reliably assess the current state of health IT safety and to monitor improvements.
Finally, transparency and accountability can help turn errors into lessons learned. There should be a government-run mechanism for reporting health IT-related deaths, serious injuries or unsafe conditions. This will help quantify patient safety risk and enable vendors and users to act on the information.
IOM's Specific Recommendations
IOM's specific recommendations are described below.
Recommendation 1: HHS should publish an action and surveillance plan within 12 months that includes a schedule for working with the private sector to assess the effect of health IT on patient safety and to minimize patient safety risk.
Recommendation 2: HHS should ensure, if possible, that health IT vendors support the free exchange of information about users' health IT experiences and that they do not prohibit the sharing of such information, including details (e.g., screenshots) related to patient safety. IOM indicated that ONC should develop model contract language that would enable users to provide more information when reporting an adverse event or unsafe condition.
Recommendation 3: ONC should work with the private and public sectors to make comparative user experiences across vendors publicly available.
Recommendation 4: HHS should fund a new Health IT Safety Council to evaluate criteria for assessing and monitoring the safe use of health IT and the use of health IT to enhance safety. IOM indicated that the council should operate within an existing voluntary consensus standards organization, such as the National Quality Forum.
Recommendation 5: All health IT vendors should be required to publicly register and list their products with ONC, beginning with EHRs certified under the EHR Incentive Program.
Recommendation 6: HHS should specify the quality and risk management process requirements that health IT vendors must adopt, with a particular focus on human factors, safety culture and usability.
Recommendation 7: HHS should establish a mechanism for both vendors and users to report health IT-related deaths, serious injuries or unsafe conditions.
Recommendation 8: HHS should recommend that Congress establish an independent federal entity to investigate health IT-related patient safety deaths, serious injuries or potentially unsafe conditions. This entity also should monitor and analyze the data it receives and publicly report results.
Recommendation 9a: HHS should monitor and publicly report on the progress of health IT safety annually beginning in 2012. If progress toward safety and reliability is not sufficient, HHS should direct FDA to exercise all available authority to regulate EHRs, HIEs and PHRs.
Recommendation 9b: HHS immediately should direct FDA to begin developing the necessary framework for regulation, which should be in place if and when HHS decides FDA regulation is necessary.
Recommendation 10: HHS, in collaboration with other research groups, should support cross-disciplinary research toward the use of health IT as part of a learning health care system. The research should be used to inform the design, testing and use of health IT. Specific areas of research should include but not be limited to user-centered design and the impact of policy decisions on health IT in clinical practice.
Existing and Future Patient Safety Activities
Commissioning the IOM report is just one of a number of steps HHS has taken to ensure patient safety while encouraging widespread health IT adoption. In June 2011, the Health IT Policy Committee issued several recommendations for ensuring health IT safety. These included developing a transparent oversight process for reporting and investigating patient safety events, as well as creating and disseminating to users a set of best safety practices for selecting, installing, using and maintaining health IT.
ONC also appointed an Unintended Consequences Technical Expert Panel to identify and develop solutions for potential "unintended consequences" of health IT adoption. The panel -- which includes members who also participated in the development of the IOM report -- advises ONC on patient safety issues.
ONC also has emphasized safety in its HITECH-authorized Health IT Workforce Development Program. Under the program, ONC awarded $10 million to support the development of an educational curriculum that community colleges can incorporate into their health IT training programs. The curriculum strongly emphasizes safety and usability.
Finally, ONC included improving the "safety and effectiveness of health IT" as one of its objectives in the Federal Health IT Strategic Plan 2011-2015.
Meanwhile, HHS' Agency for Healthcare Research and Quality supports health services research grants, contracts and cooperative agreements related to patient safety and health IT usability and workflow. AHRQ also has developed, in collaboration with FDA and ONC, a new Common Format, titled "Device or Medical/Surgical Supply Including HIT Device," for voluntary health IT-related safety reporting.
"Common Formats" are common definitions and reporting formats that allow health care providers to collect and submit standardized information about patient safety events to Patient Safety Organizations under the Patient Safety and Quality Improvement Act. AHRQ, FDA and ONC intend for health care providers to eventually be able to report adverse events once and have the information go to PSOs, state reporting systems, accrediting bodies, FDA and others as appropriate.
HHS commissioned the IOM report because it wanted a thorough basis upon which to craft a comprehensive health IT safety policy.
After receiving the IOM report, National Coordinator for Health IT Farzad Mostashari stated that ONC, FDA, AHRQ, NIH and CMS now will work together to craft a strategy to protect patient safety while promoting innovation in health IT and that ONC will lead development of a comprehensive EHR safety action and surveillance plan within the next 12 months.