Promoting Patient Safety by Managing Health IT Risks

Kathy Kenyon and Amy Helwig | July 10, 2014

Everyone agrees that health IT safety is important.  Promoting Patient Safety Through Effective Health Information Technology Risk Management is a research report that looks into the challenges faced by hospitals and ambulatory practices that implement health IT risk management interventions.  The research was conducted by RAND Corporation and the ECRI Institute under contract to ONC.

The research report finds that health IT safety often competes with other  pressing priorities  for limited resources within health care organizations.  It also tells us that users of electronic health records (EHRs) see EHRs as a solution to patient safety problems, and may not understand new risks that may be introduced by EHRs.

This study involved 11 organizations and six case studies.  Some of the main findings are:


  • Organizations with the highest level of readiness to engage in detecting and mitigating health IT risks have in-house expertise and prior experience in conducting organizational quality improvement and risk management projects.   Organizations without such experience may find it challenging to detect and mitigate health IT risks.

Alignment with other Initiatives

  • “Previously known problems” with the EHR were more likely to be selected as targets of intervention than were problems identified through a diagnostic assessment.
  • Projects appeared more likely to progress if they were aligned with the organization’s other priorities and current initiatives, such as attesting to the requirements of the Medicare and Medicaid EHR Incentive Programs.

Organizational Leadership

  • Organizations whose project teams had close involvement of executive leadership were more likely to make progress in identifying and mitigating safety risks.

Challenges in Identifying Health IT Safety Risks

  • Organizations tended to view health IT as a solution to patient safety problems, while overlooking the potential of health IT to contribute to safety problems or to create new types of safety risks.
  • Ambulatory practices encountered greater challenges than hospitals in identifying and addressing health IT safety risks.

Challenge of Matching Project Scope and Resources to the Demands of the Health IT Safety Project

  • The most frequently cited challenge to successful implementation of projects was the timely and adequate allocation of staff effort and other resources to the project.
  • Mismatch between the selected scope of the project and the available staffing sometimes led to poor project design (even when substantial expertise was available within the organization).

Practical Tools to Identify and Address Health IT Safety Risk

  • Health care organizations, and in particular small ambulatory practices, need tools to help them identify and address safety risks attributable to health IT.
  • Current patient safety reporting tools would benefit from innovations to improve efficiency.

ONC has begun to address some of the challenges identified in the research report.  Most importantly, the SAFER Guides, posted by ONC earlier this year, help EHR implementers learn about risks associated with EHRs and offer “recommended practices” for avoiding those risks and optimizing the use of EHRs to make care safer.   ONC has also published a guide on How to Identify and Address Unsafe Conditions Associated with Health IT.

The Agency for Healthcare Research and Quality (AHRQ), patient safety organizations, and health IT software developers are working to make the reporting of adverse events easier, using the Common Formats.  In addition, ONC is working with The Joint Commission to help health care providers understand, avoid, and mitigate risk factors that may be created by health IT safety events.

We encourage you to review this research report and join a dialogue about how to promote the safety and safe use of EHRs.