Health IT makes new improvements in health care quality and safety possible, compared to paper records. Yet, if not designed and used correctly, it can also introduce new risks of harm. The Office of the National Coordinator (ONC) is taking actions on health IT and patient safety as described in our Health IT Patient Safety Action and Surveillance Plan by Improving the safe use of health IT, Learning more about the impact of health IT on patient safety, and Leading to create a culture of shared responsibility among all users of health IT.

As clinicians and their patients increasingly rely on electronic health records (EHRs) instead of paper charts, we continue to learn about health IT's positive impact on the quality and safety of patient care, and how developers and users can maximize that impact. Information and actionable resources representing progress under the HealthIT Patient Safety Action and Surveillance Plan are available below.

IMPROVE: ONC offers resources to help improve health IT safety and patient safety

• SAFER Guides: The SAFER Guides are designed to help healthcare organizations conduct self-assessments to optimize the safety and safe use of electronic health records (EHRs). The SAFER Guides were developed based on the best evidence available including a literature review, expert opinion, and field testing at a wide range of healthcare organizations, from small ambulatory practices to large health systems.. Each of the nine SAFER Guides begins with a checklist of “recommended practices.”

  

  Safer Recommendations

  Clinician Communication

  • Clinicians are able to electronically access current patient and clinician contact information (e.g., email address, telephone and fax numbers, etc.) and identify clinicians currently involved in a patient’s care.
  • Both EHR design and organizational policy facilitate clear identification of clinicians who are responsible for action or follow-up in response to a message.

  Contingency Planning

  • Staff are trained and tested on downtime and recovery procedures.
  • Patient data and software application configurations critical to the organization’s operations are backed up.

  CPOE and CDS

  • Evidence-based order sets are available in the EHR for common tasks/conditions and are updated regularly.
  • Corollary (or consequent) orders are automatically suggested when appropriate and the orders are linked together, so that changes are reflected when the original order is rescheduled, renewed, or discontinued.

  High Priority

  • Information required to accurately identify the patient is clearly displayed on screens and printouts.
  • Clinicians are able to override computer-generated clinical interventions when they deem necessary.

  Organizational Responsibility

  • Communication mechanisms ensure that EHR users learn of EHR changes promptly, and users are able to give feedback on related safety concerns.
  • The highest-level decision makers (e.g., boards of directors or owners of physician practices) are committed to promoting a culture of safety that incorporates the safety and safe use of EHRs.

  Patient Identification

  • Users are warned when they attempt to create a new record for a patient (or look up a patient) whose first and last name are the same as another patient.
  • The organization has a process to assign a “temporary” unique patient ID (which is later merged into a permanent ID) in the event that either the patient registration system is unavailable or the patient

  System Configuration

  • The EHR is configured to ensure EHR users work in the “live” production version, and do not confuse it with training, test, and read-only backup versions.
  • The organization has processes and methods in place to monitor the effects of key configuration settings to ensure they are working as intended.

  System Interfaces

  • At the time of any major system change or upgrade that affects an interface, the organization implements procedures to evaluate whether users on both sides of the interface correctly understand and use information that moves over the interface.
  • Security procedures, including role-based access, are established for managing and monitoring key designated aspects of interfaces and data exchange.

  Test Result Review and Followup

  • Written policies specify unambiguous responsibility for test result follow-up with a shared understanding of that responsibility among all involved in providing follow-up care.
  • The EHR has the capability for the clinician to set reminders for future tasks to facilitate test result follow-up.
• How to Identify and Address Unsafe Conditions Associated with Health IT [PDF - 1.4 MB]
• The Role of Health IT Developers in Improving Patient Safety in High Reliability Organizations [PDF - 729 KB]
• Workflow Assessment for Health IT Toolkit: This online toolkit helps small and medium-sized outpatient practices better assess their workflows and determine when and how health IT may be useful.
• Implementation Tools for E-Prescribing: This is a guide for preparing for and launching an e-prescribing system
• Guide to Reducing Unintended Consequences of EHRs: This online resource is designed to help health care organizations anticipate, avoid, and troubleshoot problems that can occur when implementing and using EHRs.

LEARN: health IT safety analyses

• Promoting Patient Safety Through Effective Health Information Technology Risk Management (RAND): a prototype approach for engaging hospitals and ambulatory practices in health IT safety risk identification and mitigation projects.
• ECRI Patient Safety Organization presentation on How to Identify and Address Unsafe Conditions Associated with Health IT
• Sentinel Event Alert 54: Safe use of health information Technology [PDF - 297 KB] (The Joint Commission) provides suggested actions centered on safety culture, process improvement, and leadership.
• Health Information Technology Adverse Event Reporting: Analysis of Two Databases [PDF - 632 KB] (Westat, UHC, and ECRI) completed using events submitted to the two participating PSOs in AHRQ’s Common Formats, the report describes patterns observed in the data as well as findings on the utility and limitations of such event-reporting for capturing safety events with health IT involvment in a way that allows clear identification of the exact role of health IT may have played in some events users reported as associated with health IT.
• Report of the Evidence on Health IT Safety and Interventions [PDF – 268KB] (RTI International) examines evidence in this rapidly expanding field. Written in 2015, this broad survey identifies gaps in research; encourages the development or refinement of existing tools or interventions that could enhance the safety and safe use of health IT; highlights information about the types, frequency and severity of safety events, issues related to usability and interoperability, and tools and interventions that can improve safety.
• Goals and Priorities for Health Care Organizations to Improve Safety Using Health IT [PDF – 461KB] (RTI International) identifies solutions, based on the most recent evidence available in 2015, to potential safety issues. It is a resource that provides practical, actionable steps health care organizations can consider using to help reduce the potential of health IT-related adverse events.

LEAD: Promote a culture of safety related to health IT

• Safety Enhanced Design [PDF - 549 KB]: ONC requires User Centered Design principles for products submitted to ONC’s Certification Program. Usability testing results can be found for the products listed on ONC’s Certified Health IT Product List (CHPL)
• ONC Authorized Certification Bodies: Guidance on the surveillance of EHRs after certification [PDF - 266 KB]
• EHR Developer Code of Conduct: the Electronic Health Record Association (EHRA) developed the code through engagement with public and private-sector stakeholders, and maintain both the code and resources to help developers adopt it. The code is available to all organizations that develop EHR systems, free of charge from EHRA, regardless of organization membership.
• Health IT Patient Safety Action and Surveillance Plan [PDF - 1.4 MB]: speaks to the role of health IT within HHS’s commitment to patient safety, and to the shared responsibility of public- and private-sector stakeholders, such as health IT developers and users, to ensure health IT is both inherently safe and safely used to promote good care and optimize patient outcomes.
• FDASIA Health IT Report [PDF - 455 KB]: Proposed Strategy and Recommendations for a Risk-Based Framework
• 2011 Institute of Medicine (IOM) Report Health IT and Patient Safety: Building Safer Systems for Better Care
• Patient Safety Organization FAQs: PSOs provide a secure environment where clinicians and provider organizations can collect, aggregate, and analyze data in order to identify and reduce risks associated with patient care, including issues related to health IT. Health IT developers can contribute their expertise through working relationships with PSOs. AHRQ has compiled this list of FAQs to assist all stakeholders to learn more about PSOs and ways in which they can work with these organizations to improve patient safety.