Promoting Patient Safety by Managing Health IT Risks

Everyone agrees that health IT safety is important.  Promoting Patient Safety Through Effective Health Information Technology Risk Management is a research report that looks into the challenges faced by hospitals and ambulatory practices that implement health IT risk management interventions.  The research was conducted by RAND Corporation and the ECRI Institute under contract to ONC.

The research report finds that health IT safety often competes with other  pressing priorities  for limited resources within health care organizations.  It also tells us that users of electronic health records (EHRs) see EHRs as a solution to patient safety problems, and may not understand new risks that may be introduced by EHRs.

This study involved 11 organizations and six case studies.  Some of the main findings are:

Readiness

  • Organizations with the highest level of readiness to engage in detecting and mitigating health IT risks have in-house expertise and prior experience in conducting organizational quality improvement and risk management projects.   Organizations without such experience may find it challenging to detect and mitigate health IT risks.

Alignment with other Initiatives

  • “Previously known problems” with the EHR were more likely to be selected as targets of intervention than were problems identified through a diagnostic assessment.
  • Projects appeared more likely to progress if they were aligned with the organization’s other priorities and current initiatives, such as attesting to the requirements of the Medicare and Medicaid EHR Incentive Programs.

Organizational Leadership

  • Organizations whose project teams had close involvement of executive leadership were more likely to make progress in identifying and mitigating safety risks.

Challenges in Identifying Health IT Safety Risks

  • Organizations tended to view health IT as a solution to patient safety problems, while overlooking the potential of health IT to contribute to safety problems or to create new types of safety risks.
  • Ambulatory practices encountered greater challenges than hospitals in identifying and addressing health IT safety risks.

Challenge of Matching Project Scope and Resources to the Demands of the Health IT Safety Project

  • The most frequently cited challenge to successful implementation of projects was the timely and adequate allocation of staff effort and other resources to the project.
  • Mismatch between the selected scope of the project and the available staffing sometimes led to poor project design (even when substantial expertise was available within the organization).

Practical Tools to Identify and Address Health IT Safety Risk

  • Health care organizations, and in particular small ambulatory practices, need tools to help them identify and address safety risks attributable to health IT.
  • Current patient safety reporting tools would benefit from innovations to improve efficiency.

ONC has begun to address some of the challenges identified in the research report.  Most importantly, the SAFER Guides, posted by ONC earlier this year, help EHR implementers learn about risks associated with EHRs and offer “recommended practices” for avoiding those risks and optimizing the use of EHRs to make care safer.   ONC has also published a guide on How to Identify and Address Unsafe Conditions Associated with Health IT.

The Agency for Healthcare Research and Quality (AHRQ), patient safety organizations, and health IT software developers are working to make the reporting of adverse events easier, using the Common Formats.  In addition, ONC is working with The Joint Commission to help health care providers understand, avoid, and mitigate risk factors that may be created by health IT safety events.

We encourage you to review this research report and join a dialogue about how to promote the safety and safe use of EHRs.

4 Comments

  1. James Keuning says:

    …”users of electronic health records (EHRs) see EHRs as a solution to patient safety problems, and may not understand new risks that may be introduced by EHRs.”

    Most users know full well that EHRs create patient safety problems. In fact, I would bet (I really would make this bet) that any doctor or nurse who uses an EHR will tell you about a patient safety problem but will then tell you that their hands are tied – they need to use the EHR in this specific unsafe manner because of a regulatory mandate, something related to CMS payment, or unknown bureaucratic rule. So please be realistic and honest – users do not see EHRs and the solution, they see EHRs as the problem and they understand the risks but they do what they can to take care of patients despite misguided leadership.

    “The research report finds that health IT safety often competes with other pressing priorities for limited resources within health care organizations.”

    These “priorities” are not chosen by the “users of electronic health records” i.e. the doctors, nurses, staff, and care-givers who are caring for patients. The priorities are chosen by the institutions that employ the people, government agencies that set requirements for EHR certification, and agencies which set requirements for EHR-use in order to GET PAID.

    • Ruth says:

      “Organizations with the highest level of readiness to engage in detecting and mitigating health IT risks have in-house expertise and prior experience in conducting organizational quality improvement and risk management projects. Organizations without such experience may find it challenging to detect and mitigate health IT risks.” – I totally agree. This should serve as one of the best basis in choosing the right vendor by focusing on expertise and experience. If the said aspect is said to be met, then surely safety is probably one of the workflow highlights on HIT implementation. If implemented appropriately, health IT can help improve health care providers’ performance, better communication between patients and providers, and enhance patient safety, which ultimately may lead to better care. Data breach should be one of the main concerns because lapses on security takes toll on health providers and EMR vendors, it is quite costly. Ever heard of Edward Snowden? The man behind the NSA data leak?( more on this at http://www.mpaagroup.com/document-management/leaks-call-for-electronic-police/ )

  2. Ruth says:

    “Organizations with the highest level of readiness to engage in detecting and mitigating health IT risks have in-house expertise and prior experience in conducting organizational quality improvement and risk management projects. Organizations without such experience may find it challenging to detect and mitigate health IT risks.” – I totally agree. This should serve as one of the best basis in choosing the right vendor by focusing on expertise and experience. If the said aspect is said to be met, then surely safety is probably one of the workflow highlights on HIT implementation. If implemented appropriately, health IT can help improve health care providers’ performance, better communication between patients and providers, and enhance patient safety, which ultimately may lead to better care. Data breach should be one of the main concerns because lapses on security takes toll on health providers and EMR vendors, it is quite costly. Ever heard of Edward Snowden? The man behind the NSA data leak?( more on this at http://www.mpaagroup.com/document-management/leaks-call-for-electronic-police/ )

  3. Jessica Parker says:

    Nice article, the numbers of providers in need of EHR replacement is growing in 2014. They are not sure if their current health IT system is capable of handling healthcare changes including, stage 2 Meaningful Use and ICD-10 compliance. You would like to read article(5 Things Patients Expect in their Doctors Office)
    http://www.medicalbillersandcoders.com/pressrelease_articles.aspx?ArticleId=668

Leave a ReplyComment Policy


*