IOM Issues Report on Patient Safety and Health IT

Nov. 8, 2011, Washington, DC—To protect Americans from potential medical errors associated with the use of information technology in patient care, a new report by the Institute of Medicine calls for greater oversight by the public and private sectors.  The report examines a broad range of health information technologies, including electronic health records, secure patient portals, and health information exchanges, but not software for medical devices.

The secretary of the U.S. Department of Health and Human Services should publish a plan within 12 months to minimize patient safety risks associated with health IT and report annually on the progress being made, the report says.  The plan should include a schedule for working with the private sector to assess the impact of health IT on patient safety.  However, if the secretary determines that progress toward improving safety is insufficient within a year, the U.S. Food and Drug Administration should exercise its authority to regulate these technologies.  Concurrently, FDA should begin planning the framework needed for potential regulation so that the agency is ready to act if necessary.

“Just as the potential benefits of health IT are great, so are the possible harms to patient safety if these technologies are not being properly designed and used,” said Gail L. Warden, president emeritus of Henry Ford Health System and chair of the committee that wrote the report.  “To protect patients, industry and government have a shared responsibility to ensure greater transparency, accountability, and reporting of health IT-related medical errors.”

The federal government is investing billions of dollars to encourage hospitals and health care providers to adopt health IT so that all Americans can benefit from the use of electronic health records by 2014, but demonstrated improvements in care and safety are not yet established, the report says.  Some of these technologies have significantly improved the quality of health care and reduced medical errors.  However, concerns about potential harm are emerging as health care providers increasingly rely on health IT to deliver care.

Little published evidence exists that quantifies the magnitude of the risk associated with health IT problems, partly because many technology vendors discourage the free exchange of safety-related information in their contracts with health care providers.  But serious errors involving these technologies — including medication dosing errors, failure to detect fatal illnesses, and treatment delays due to poor human-computer interactions or loss of data — have led to several reported patient deaths and injuries.

HHS should establish a mechanism for both technology vendors and users to report health IT-related deaths, injuries, or unsafe conditions, the report says.  Reporting events related to patient safety should be mandatory for vendors and voluntary, confidential, and nonpunitive for care providers.  In addition, Congress should establish an independent federal entity to investigate patient deaths, injuries, or potential unsafe conditions associated with health IT.  Based on those investigations, the entity could make nonbinding recommendations, allowing flexibility for HHS, health care organizations, vendors, and other experts to determine the best course forward.

A new Health IT Safety Council should be funded by HHS to evaluate criteria and develop methods for assessing and monitoring safety and measuring impacts of health IT on safety, the report says.  The agency should also ensure that health IT vendors support the free exchange of information and not discourage health care providers from sharing patient safety concerns, including screen shots.  Nondisclosure agreements in contracts between vendors and health care providers and “hold harmless” clauses that shift the liability of unsafe health IT features to care providers greatly discourage information sharing.

HHS should establish quality management principles and risk management processes in designing and implementing health IT products, which can be complex and difficult for doctors and nurses to use.  Alerts in technology systems should be designed to have lower false-alarm rates and computer interfaces need to be more intuitive for users.

The study was sponsored by the U.S. Department of Health and Human Services.  Established in 1970 under the charter of the National Academy of Sciences, the Institute of Medicine provides independent, objective, evidence-based advice to policymakers, health professionals, the private sector, and the public.  The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies.  For more information, visit http://national-academies.org.