Information technology (IT) can improve healthcare in its (1) efficiency in terms of economical achievement of goals, (2) effectiveness by improving the capacity to do so, and (3) efficacy with the capacity to achieve success under ideal, controlled circumstances.
IT can improve the safety of healthcare delivery with continuous quality improvement, sociotechnical approaches in hardware and software, and improved use of personnel.
Electronic health record (EHR) systems need monitoring in eight dimensions for the possibility of harm: human-computer interface, workflow and communication, clinical content, organizational policies, processes, hardware and software problems, external and vendor-related problems, and system management.
A Health IT Safety measurement framework has been developed to follow (1) continuous quality improvement and sociotechnical approaches,(2) use of health IT, and (3) healthcare safety concerns.
EHR alerts provide careful oversight of personnel allocation, errors, adequacy of resources, care quality, and education in various systems.
EHR systems can provide continuous access to and integrity of confidential patient data.
Information technology (IT) is an important tool that can be used to improve productivity in various systems, including healthcare. In addition to improving workflow, IT can help assess interventions for both efficiency (the capacity to achieve a goal in the most economical way) and effectiveness (the capacity to do so given all variables). The eventual goal is to enhance and refine procedures to reach the best possible efficacy (capacity to achieve success under ideal, controlled circumstances).
Health IT aims to provide customized solutions, support clinical decisions, and record alerts ( Fig. 3.1 ). The most important challenges have been in the design and acceptance of interventions and the tracking and evolution of outcomes (the DATE paradigm). The Institute for Healthcare Improvement suggests that reliability of healthcare is a three-part cycle of failure prevention, failure identification, and process redesign and defines reliability as “failure-free operation over time.” Information systems can provide continuous monitoring with real-time or nearly real-time reporting as a means of achieving reliability. As such, it makes sense to think about the role of health IT in reliability as it relates to healthcare quality and patient safety.
As in any other organization, there has been a need for fiscal and human-resource planning and for managing expectations relative to cost, scope, and outcomes. We also need to identify reportable events before these turn into actual impediments in patient care and establish preventive methods. These ideas, described in the Sentinel Event Alert 42 , elaborate on the safe implementation of health information. In many events that have hitherto been perceived as unavoidable, sociotechnical interaction can improve safety. In any system, the goal is to develop and promote a culture of process improvement. We structure all our programs to develop goals that are specific, measurable, achievable, relevant, and time-framed (SMART). We have structured our thinking about health IT in the following sections.
The Need to ACT: A Focus on A ccess, C ommunication, and T racking
Access to Information
Health IT has improved access to medical records and has improved patient safety. Each patient has an interconnected, complex set of documents in his or her electronic health record (EHR), which is frequently created using multiple externally developed software applications. These records originate from diverse stakeholders with specific requirements for documentation, including physicians, nurses, and other auxiliary personnel. They may dictate or use a specialty-specific template and clinical management, and then either they or others may add information codes that inform about real-time clinical decision support, quality reporting, and billing. , Families may also want a comprehensible explanation of the medical problems of their infant. The revenue cycle departments of hospitals typically require a specifically designed note to include the necessary data elements to support the bill. Auxiliary services such as the pharmacy use health IT to execute antimicrobial stewardship and to monitor pharmaceutical use, and the hospital administration may also want an unambiguous track of the patient’s hospital stay. The quality-control surveillance personnel may want to track records for any typing errors, inconsistencies, or redundancies. Scientists may also want information about specific events to determine outcomes based on clinical interventions. Payer-sponsored quality-based incentive programs may seek evidence on key performance metrics. ,
The evaluation of EHRs shows a need to address both technical and nontechnical contextual factors such as care providers and the workflow to improve the quality of care. There are at least eight dimensions where EHRs can possibly cause sentinel events and actual harm ( Fig. 3.2 ). Ensuring EHR safety requires shared responsibility between several entities, including EHR developers and individuals within the local healthcare organization; this can fail , and cause important errors. The 21st Century Cures Act promises to address many of these concerns through the promulgation of new rules and regulations governing EHR interoperability, usability, and security. EHRs introduce new kinds of risks into an already complex healthcare environment where both technical and social factors must be considered. An analysis of sentinel event reports received by The Joint Commission between January 1, 2010, and June 30, 2013, identified 120 sentinel events that were health IT–related. Factors contributing to the 120 events were placed into categories corresponding to eight sociotechnical dimensions necessary to consider for safe and effective health IT, as described by Sittig and Singh. Listed by order of frequency, factors potentially leading to health IT sentinel events involved the following eight dimensions (see Fig. 3.2 ).
To address patient safety needs and regulations, a Health IT Safety measurement framework has been developed that follows both continuous quality improvement and sociotechnical approaches in three areas: (1) technological issues in hardware or software, (2) inappropriate use of health IT, such as deliberate suppression of alerts in EHRs, and (3) potential healthcare safety concerns such as medication errors and care delays before the occurrence of actual harm. The framework seeks to solve identified problems by integrating safety programs with organizational learning, comprehensive 360-degree assessment of safety in high-risk areas such as those with vendor involvement, and other factors that rely heavily on automated measurements. In 2011 an Institute of Medicine (IOM) report on health IT and patient safety emphasized the shared responsibility between key stakeholders including vendors, care providers, healthcare organizations, health IT departments, and public and private agencies. These stakeholders have complementary roles in improving EHR safety.
The EHR safety measures should be synchronized with safety guidelines and quality-management scopes developed by international organizations such as the International Electrotechnical Commission, because the EHR and its subsequent derivations (application, platform, software, and management tools) are considered medical software and should abide by regulatory and directive items.
In 2011 the IOM report Health IT and Patient Safety: Building Safer Systems for Better Care highlighted that building health IT for safer use is a shared responsibility between “vendors [EHR and clinical content developers], care providers, provider organizations and their health IT departments, and public and private agencies.” Another IOM report, Improving Diagnosis in Health Care , again emphasizes “collaboration is needed among the health IT vendors, Office of the National Coordinator for health IT, and users” to ensure that health IT supports patients and healthcare professionals. ,
In the past few years, Health IT has been deployed on a large scale, and thus the consequences of health IT–related safety concerns can rapidly affect not only a single department or institution but possibly an entire healthcare system. As IT-enabled patient care is rapidly becoming the norm, it is essential to (1) refine the science of measuring health IT–related patient safety, (2) make health IT–related patient safety an organizational priority by securing commitment from organizational leadership and refocusing the organization’s clinical governance structure to facilitate measurement and monitoring, and (3) develop an environment that is conducive to detecting, fixing, and learning from system vulnerabilities. , ,
The intersection of health IT and patient safety involves three overlapping domains:
Use of health IT hardware and software
Use of technology by clinicians, staff, and patients and identification and mitigation of unsafe changes in workflows that emerge due to technology use
Identification and monitoring of patient safety events, risks, and hazards
Each domain is supported by principles adapted from the SAFER (safety assurance factors for electronic health record resilience) guides ( Table 3.1) . , Measurement in all three domains typically involves both retrospective and prospective measurements. Good measures should meet certain criteria: being impactful, such as demonstrating the importance of measurement and reporting; scientific acceptance, such as reliability and validity; feasibility, from a clinical, technical, and financial standpoint; usability, or easy extraction from existing EHRs; and transparency, with reviewability by all stakeholders.
|Safety Area||Issues for EHR Developers||Issues for Healthcare Organization|
|EHR Interoperability||Develop and establish formats for transmitting clinical data||Families may choose not to share information about infant or themselves|
|Develop standard technologies needed for specific patient populations||Share information with outside organizations|
|Develop standard formats for exchanging data with external systems||Ensure computer systems and software are compatible|
|EHR Usability||Easy-to-use design and functions||Maintain hardware and software|
|Use unambiguous text and actionable items||Consistent screen configuration|
|Maintain usability principles for building user-customizable screens||Ensure adequate training of operators, appropriate resourcing, customization, and proper use of EHRs|
|Respond to user feedback promptly|
|EHR Security||Systems for adverse event reporting and clinical database management||Ensure clinical data are accurately recorded, stored, and communicated|
|Develop robust procedures to improve EHR usability in clinical settings||Identify areas for usability improvement of EHR end-user interactions|
|Enable complete, incremental, integrated, encrypted backups||Single sign-on to facilitate data access|
|Create read-only downtime access||Software protection for EHR operations|
|Log user actions and provide reporting tools to monitor and investigate suspicious behavior||Conduct periodic security risk assessments of confidentiality, integrity, and availability of protected EHRs|
|Ensure backward-compatible data access for new versions||Develop, follow, and routinely update IT disaster recovery plans consistent with HIPAA Security Rule|
|Provide role-based access to users|
|Enable multifactor authentication|
|Enable data-level access rights|
|If EHRs are cloud-based, developers provide disaster recovery plan to the organization|