FDA Considers Regulating Safety of Electronic Health Systems
Here are some quotes from this article - with my thoughts in parentheses:
But digital medical systems are not risk-free. Over the past two years, the FDA's voluntary notification system logged a total of 260 reports of "malfunctions with the potential for patient harm," including 44 injuries and the six deaths. Among other things the systems have mixed up patients, put test results in the wrong person's file and lost vital medical information.
(Hmmmm... let me add some more: how about crashes, slowness, broken decision support tools, awkward workflows that result in both errors of omission and commission.)
The FDA official outlined three possible approaches for tighter scrutiny. The agency could require makers of the devices to register them with the government and to submit reports on safety issues and correct problems that surface. The FDA could track this information "to help improve the design of future products."
(I wonder if the government would have any better luck than the rest of us in asking our vendors to fix technical and design problems that cause safety issues!)
In a second scenario, the agency could require manufacturers to report safety concerns and set minimum guidelines to assure the quality of products on the market. In a third approach, the systems could be subject to the broader regulatory actions that new medical products must face before they ever reach the market.
(I have a feeling the government has no idea how poorly designed most EMRs are... they would never allow clunky, erratic software to be put into pacemakers, IV pumps, etc...I also wonder if they truly understand the difference between inpatient and outpatient systems.)
The manufacturers of the systems generally have opposed regulation by the FDA, arguing in part that imposing strict controls would slow down the government's campaign to spur widespread adoption of the technology.
(Sure- let's put cars on the road that have hard-to-turn steering wheels, and which only go 10 mph - because we need to stimulate buying of cars!)
Regulation will not necessarily create a "safer" electronic medical record "and might actually limit innovation and responsiveness when it is needed most," Carl Dvorak, executive vice president of Epic Systems Corporation....
(Well, that is true - but I'm still waiting for any significant innovation and responsiveness from the EMR vendors... the systems we use today are honestly just slight variations of the same paper-paradigm based EMR systems originally developed in the 19060's - except those were actually more consistent and reliable to use.)
Yet some inside the industry favor stepped-up scrutiny. One major vendor, Cerner Corporation, which has voluntarily reported safety incidents to the FDA in recent years, signaled its support for a rule that would make those reports mandatory. Cerner has reported potential safety concerns because it is the "right thing to do," a company official said.
(Really, that's great- I've got to find out from Cerner who is collecting those incidents... I wonder if they fully understand the volume they might face if they really wanted to hear it all. Did my sarcasm come through? I can't believe any EMR vendor wants to REALLY hear how screwy their systems can act in ALL its different forms and types of implementations.)
The federal government's Office of the National Coordinator for health information technology also has recognized the need for better surveillance. In January, the office issued a contract to address "undesirable and potentially harmful unintended consequences" of the systems.
(Tricky part here is clarifying the difference between an error, a safety issue, and unintended consequence. There is some overlap but also some parts that are clearly separate issues.)
Though officials in some other countries have tightened oversight of the systems, U.S. manufacturers have managed to stave off formal regulation, telling the FDA in May 2008 that their products should be excluded from review partly as a means to speed up their adoption.
But critics argue that tighter scrutiny is needed to protect the public. "Oversight and quality control may slow things down, but it's absolutely critical," said Hoffman, the law professor. "Patients' lives are at stake."
In all honesty, it's a tough call - one on hand it seems insane that these important systems have no regulation as to how crappy they might be - they directly impact care! On the other hand, over-regulation may increase costs, stifle innovation and create new problems we can't fully predict...and finally, who is the final decision maker on what is truly a safety issue vs. just an unintended consequence?
Addendum (3/13/10)...things could start getting more interesting...
FDA Asks Hospitals to Report Safety Glitches in Digital Health Systems
And another perfect Dilbert reflects the confusion in understanding the difference between a true error and a poorly designed system...
Lyle,
ReplyDeleteThanks for picking up this topic and offering the links, as well as your validation of the issues.
Seven Proposed EHR Safety Steps:
For those interested in more than sound bites, Jim Walker et al's 2008 article, "EHR Safety: The Way Forward to Safe and Effective Systems" is thoughtful and prescriptive. (J Am Med Inform Assoc. 2008;15:272–277. DOI 10.1197/jamia.M2618.) Their approach is highly informed and outlined in 7 steps, elaborated in the paper.
Ross Koppel's work has been important. Perhaps more informative for me was his (Koppel's) recent presentation at Harold Lehmann's Informatics Grand Rounds series from the Bloomberg School of Public Health at Johns Hopkins in December of 2009. The video is freely available here:
http://real.welch.jhu.edu/ramgen/DHSI/Dec182009.rm
I've done both formal and informal root-cause analyses on EHR safety issues across several vendors; my results validate parts of Jim Walker's articulated model in his Hazard Manager. From my experience, there are almost always 1) product design/architectural design contributors, 2) poorly-implemented (client-side) of products that have been proven to work more safely at other clients, 3) contributing business issues in provider organization with some component of the "New" problem, 4) contributing business issues from the structure of the vendor, be they corporate, home-grown, or federal parent of the software, and 5) technology platform reliability challenges.
Root-cause and FMEA is the only way to mitigate these risks. Most experiences authors say, either publicly or privately, that FDA or related government regulation alone produce responses that tend to be anti-quality. Despite the intent of creating transparency, they more often lead to "bad apple" approaches, driving quality problems further underground. This phenomena is well understood by all of us who have worked in Quality Improvement.