By Daniel R. Matlis and Ellyn McMullin

There is a famous quote: “It depends on what the meaning of the word ‘is’ is.”  The impact of Health Information Technology (HIT) on Patient Safety hinges on what the meaning of the word ‘HIT’ is. (Read: The Inside Scoop on FDA Healthcare IT Regulation )

On November 8, 2011 the Institute of Medicine (IOM) released a report entitled “Health IT and Patient Safety: Building Safer systems for Better Care.”  The Department of Health and Human Services (HHS) had asked the IOM to evaluate health IT safety concerns and to recommend ways that both the government and private sectors can make patient care safer using health IT.

“Just as the potential benefits of health IT are great, so are the possible harms to patient safety if these technologies are not being properly designed and used,” said Gail L. Warden, president emeritus of Henry Ford Health System and chair of the committee that wrote the report. “To protect patients, industry and government have a shared responsibility to ensure greater transparency, accountability, and reporting of health IT-related medical errors.”
One of the obstacles to improved patient safety that must be overcome is the contractual restrictions of sharing safety-related information between technology vendors and health care providers. Another is the realization that products are not used in isolation. Rather, they are part of a larger sociotechnical system includes, people (clinicians & patients), organizations, processes and the external environment. Safety emerges from the interactions of these factors.

One of the immediate concerns after reviewing the IOM report is that the definition of HIT and a medical device is unclear.  In the report IOM recommends that HHS implement a plan to address the following recommendations:

1. The Secretary of HHS should publish an action and surveillance plan within 12 months that includes a schedule for working with the private sector. The plan should specify
a. The Agency for Healthcare Research and Quality (AHRQ) and the National Library of Medicine (NLM) should expand their funding of research, training and education of safe practices related to the design, implementation, usability and safe use of health IT by all users.
b. The Office of the National Coordinator for Health IT (ONC) should expand its funding of processes that promote safety that should be followed in the development of health IT products.
c. ONC and AHRQ should work with health IT vendors and healthcare organizations to promote post deployment safety testing of Electronic Health Records (EHR) for high-prevalence, high impact EHR-related patient safety risks.
d. Health care accrediting organizations should adopt criteria relating to EHR safety.
e. AHRQ should fund the development of new methods for measuring the impact of health IT on safety using data from EHRs.
2. The Secretary of HHS should ensure insofar as possible that Health IT vendors support the free exchange of information about health IT experiences and issues and not prohibit sharing of such information relating to patient safety.
3. ONC should work with the private and public sectors to make comparative user experiences across vendors publicly available.
4. The Secretary of HHS should fund a new Health IT Safety Council to evaluate criteria for assessing and monitoring the safe use of health IT and the use of health IT to enhance safety. This council should operate within an existing voluntary consensus standards organization.
5. All health IT vendors should be required to publicly register and list their products with ONC,
6. The Secretary of HHS should specify the quality and risk management process requirements that health IT vendors must adopt, with a particular focus on human factors, safety culture, and usability.
7. The Secretary of HHS should establish a mechanism for both vendors and users to report health IT-related deaths, serious injuries, or unsafe conditions.
a. Reporting of health IT-related adverse events should be mandatory for vendors.
b. Reporting of health IT-related adverse events by users should be voluntary, confidential and nonpunitive.
c. Efforts to encourage reporting should be developed, such as removing the perceptual, cultural, contractual, legal and logistical barriers to reporting.
8. The Secretary of HHS should recommend that Congress establish an independent federal entity for investigating patient safety deaths, serious injuries, or potentially unsafe conditions associated with health IT. This entity should also monitor and analyze data and publicly report results of these activities.
9. A. The Secretary of HHS should monitor and publicly report on the progress of health IT safety annually beginning in 2012. If progress toward safety and reliability is not sufficient as determined by the Secretary, the Secretary should direct the FDA to exercise all available authorities to regulate EHRs, health information exchanges and personal health records (as opposed to the AHRQ & ONC as originally proposed).
B. The Secretary should immediately direct the FDA to begin developing the necessary framework for regulation. Such a framework should be in place if and when the Secretary decides that the state of IT safety requires FDA regulation as stipulated in Recommendation 9a above.

It is evident that the IOM puts a good deal of thought in responding to HHS’s request and came up with some reasoned recommendations. A key challenge for implementing IOM’s proposed plan is definitions. For example, should Electronic Medical Record systems (EMR) systems, be regulated as medical devices or are they General Purpose IT systems? (See

Testimony by CDRH Director Shuren at the Health Information Technology (HIT) Policy Committee and provides FDA’s perspective on potential approaches to address HIT-related safety concerns. As part of this testimony Dr. Shuren used the following examples of adverse events for HIT under FDA’s Jurisdiction.

• An EMR system was connected to a patient monitoring system to chart vital signs. The system required a hospital staff member to download the vital signs, verify them, and electronically post them in the patient’s chart. Hospital staff reported that, several times, vital signs have been downloaded, viewed, and approved, and have subsequently disappeared from the system.

• Mean pressure values displayed on a patient’s physiological monitors did not match the mean pressures computed by the EMR system after systolic and diastolic values were entered.

• An improper database configuration caused manual patient allergy data entries to be overwritten during automatic updates of patient data from the hospital information system.

According to HIMMS Medical Device Meaningful Use Matrix:
“the Food and Drug Administration (FDA) has asserted that EHRs are Class 2 medical devices over which FDA has regulatory authority. The relationship between the FDA and the ONC is evolving and it is still unclear to what extent EHR systems will be regulated, yet it is important that the user devise a comprehensive program to evaluate and monitor HIT, in particular those HIT systems that integrate medical devices as part of the data collection process. It is important that one can measure the quality of care, not just the delivery.”

The impact of Health Information Technology (HIT) on Patient Safety depends on what the meaning of the word ‘HIT’ is.  Healthcare IT will play a progressively critical role in the delivery of Healthcare. ONC has encouraged the adoption of certified EHRs through its meaningful use criteria and authorized certification organization. As we become increasingly reliant on state of the art medical technology and HIT systems we must be mindful to mitigate the risks they may inject into the Healthcare ecosystem. The primary goal of HIT must be increased patient care safety and improved outcomes.