Study Explains Errors Caused by EHR Default Values - With Only Four Reports of "Temporary" (By the Grace of God) Patient Harm

From Health Data Management and the Pennsylvania Patient Safety Authority:

Study Explains Errors Caused by EHR Default Value

Joseph Goedert

Sept. 5, 2013

A new study analyzes errors related to “default values” which are standardized medication order sets in electronic health records and computerized physician order entry systems.

The Pennsylvania Patient Safety Authority, an independent state agency, conducted the study. “Default values are often used to add standardization and efficiency to hospital information systems,” says Erin Sparnon, an analyst with the authority and study author. “For example, a healthy patient using a pain medication after surgery would receive a certain medication, dose and delivery of the medication already preset by the health care facility within the EHR system for that type of surgery.”

These presets are the default value, but safety issues can arise if the defaults are not appropriately used. Sparnon studied 324 verified safety reports, noting that 314, or 97 percent, resulted in no harm. Six others were reported as unsafe conditions that caused no harm and four reports caused temporary harm involving some level of intervention.

One might ask:  how many unreported or yet-to-be-reported EHR/CPOE cases involved, or will involve, permanent harm?

Sept. 9, 2012 Addendum:  We learn this from Healthcare IT News (http://www.healthcareitnews.com/news/ehr-adverse-events-data-cause-alarm):  "Sparnon said two of the reports involved temporary harm that required initial or prolonged hospitalization."  I note that hospitalization, especially prolonged hospitalization, exposes the patient to still more risk.

Regarding the "temporary harms", one which includes "default times" as opposed to doses:

The four cases requiring intervention involved accepting a default dose of a muscle relaxant that was higher than the intended dose, giving an extra dose of morphine [keep playing with 'extra doses' of drugs like morphine enough, and you're going to kill someone  - ed.] because of an accepted default administration time that was too soon after the last dose, having a patient’s temperature spike after a default stop time automatically cancelled an antibiotic [do this enough, and you're going to get sepsis and septic shock to deal with - ed.] and rising sodium levels in a patient because confused wording made nurses believe that respiratory therapy was administering an ordered antidiuretic. [Apparently the 'default'- ed.]

More on the errors:

The most common types of errors in the study were wrong time (200), wrong dose (71) and inappropriate use of an automated stopping function (28). 

Any of these, especially the latter two, could have caused harm depending on degree...and to those Risk Management majors out there, eventually will.

 “Many of these reports also showed a source of erroneous data and the three most commonly reported sources were failure to change a default value, user-entered values being overwritten by the system and failure to completely enter information which caused the system to insert information into blank parameters,” Sparnon says. 

Hence my claim that the term "EHR" is anachronistic, and that these systems now are really cybernetic command-and-control mediators and regulators of care (via cybernetic proxy).

“There were also nine reports that showed a default needed to be updated to match current clinical practice.”

The need for a constant, rigorous updating process (which will in the real world likely always be 'behind'), among many others, is a factor that makes the idealistic belief/promise that "health IT will save money and increase safety" (let alone "revolutionize" medicine) unpersuasive.

I note that the "default values" risk is only one of many, many "features" of EHRs and other clinical IT that cause risk and error.  This issue is but one layer of a very, very large and multi-layered onion (cf. AHRQ Health IT Hazards Manager, http://healthit.ahrq.gov/sites/default/files/docs/citation/HealthITHazardManagerFinalReport.pdf, for example).

And this, at the same time that the The HIT Policy Committee, a body of industry stakeholders who advise federal officials, on Sept. 4 adopted final recommendations on health IT risk consistent with an attitude of health IT exceptionalism that included:

"HIT should not be subject to FDA [or any - ed.] premarket requirements" and "Vendors should be required to list products which are considered to represent at least some risk if a non-burdensome approach can be identified."  

If not, no list? ... And what, exactly, is a "non-burdensome" approach, one might ask? 

(See www.healthdatamanagement.com/news/health-information-technology-regulation-fda-onc-fcc-46557-1.html)

 ------------------

Perhaps the penalty for health IT hyperenthusiasts**, short of the Biblical penalty of one of their loved ones suffering the fate of a guinea pig in a medical experiment, should be to be compelled to fly some third rate air carrier with a safety record of "we only had a few near-crashes last month."

-- SS

** [See definition of health IT hyperenthusiast at Doctors and EHRs: Reframing the 'Modernists v. Luddites' Canard to The Accurate 'Ardent Technophiles vs. Pragmatists' Reality' at http://hcrenewal.blogspot.com/2012/03/doctors-and-ehrs-reframing-modernists-v.html]
 

A New ECRI Institute Study On Health Information Technology-Related Events

As I wrote here, I was a reviewer of the report in the PA-based, ECRI Institute-conducted study "The Role of the Electronic Health Record in Patient Safety Events."  ECRI studied the Pennsylvania Patient Safety Reporting System database for HIT-related errors.   

The ECRI Institute is an independent organization renowned for its safety testing of medical technologies and reporting on same, and that "researches the best approaches to improving the safety, quality, and cost-effectiveness of patient care."  I've mentioned it and its bylaws in this blog in the past as a model for independent, unbiased testing and reporting of healthcare technologies.

The full report in PDF is at this link.  In the report, the Pennsylvania Patient Safety Authority analyzed reports of EHR-related events from a state database (the Pennsylvania Patient Safety Reporting System or PA-PSRS, pronounced "PAY-sirs") of reported medical errors and identified several major themes.

My review input led to a discrete "limitations" section.  Also, my invited July 2012 presentation to the PA Patient Safety Authority "Asking the Right Questions: Using Known HIT Safety Issues to Improve Risk Reporting and Analysis" with ECRI in attendance (link to PPT here) on the danger of limited datasets due to systematic impediments to information diffusion was apparently taken seriously. 

ECRI decided to do something about the knowledge gap, and they asked the right questions.

They've just released this summary of a new study they conducted.  I have a few comments which follow:
  

ECRI Institute PSO Uncovers Health Information Technology-Related Events in Deep Dive Analysis

Data transfer, data entry, system configurations, and more identified as serious problem areas
 
PLYMOUTH MEETING, Pa., Feb. 6, 2013 /PRNewswire-USNewswire/ -- The federal government is spending about $19 billion to encourage hospitals, physician practices, and other healthcare organizations to invest in their health information technology (HIT) infrastructure with the goal of improving patient safety and quality through the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Concerned about the unintended consequences of HIT and the potential for errors to cause patient harm, ECRI Institute Patient Safety Organization (PSO) recently conducted a PSO Deep Dive™ analysis on HIT-related safety events. Their just-released 48-page report identified five potential problem areas, which can be assessed with the accompanying toolkit. The report and toolkit are available for purchase [appx. $350 U.S. - ed.] without membership in ECRI Institute PSO.

"Minimizing the unintended consequences of HIT systems and maximizing the potential of HIT to improve patient safety should be an ongoing focus of every healthcare organization," says Karen P. Zimmer , MD, MPH, FAAP, medical director, ECRI Institute PSO.

Based on [voluntary - ed.] reports submitted to the PSO from participating organizations, ECRI Institute PSO experts identified the following key HIT-related problems:

• inadequate data transfer from one HIT system to another
• data entry in the wrong patient record
• incorrect data entry in the patient record
• failure of the HIT system to function as intended
• configuration of the system in a way that can lead to mistakes

To collect enough reports for meaningful evaluation, ECRI Institute PSO asked participating organizations to submit standardized data about HIT events during a nine-week period. This enabled ECRI Institute PSO to identify patterns and trends from the aggregated data and share the findings, as well as its recommendations. The data in the PSO Deep Dive represents only that collected using the Agency for Healthcare Research and Quality (AHRQ) HIT Common Formats.  [Not the improved formats developed by AHRQ in their IT Hazards Manager project, still in development - ed.]  ECRI Institute PSO data encompasses over 800 HIT-related events.

According to the report, HIT must be considered in the context of the environment in which it operates during the three phases of any HIT project: planning for new or replacement systems, system implementation, and ongoing use and evaluation of the system. "Shortsighted approaches to HIT can lead to adverse consequences," caution the authors.

"Healthcare organizations should consider the findings and recommendations in the PSO Deep Dive as part of their effort to achieve those goals," adds Zimmer.

The HIT PSO Deep Dive findings were published in a 48-page report and toolkit with self-assessment questionnaire and action plan form available to all ECRI Institute PSO Members and its partner PSO members. The table of contents of the report is available for free viewing/download. Additional information will be presented in ECRI Institute PSO's Monthly Brief free e-newsletter March edition; go to www.ecri.org/psobrief to sign up. The full report and toolkit are also available for purchase.

For questions about this topic, or for information about purchasing the report, please contact ECRI Institute PSO by telephone at (610) 825-6000, ext. 5558; by e-mail at pso@ecri.org; by fax at (610) 834-1275, or by mail at 5200 Butler Pike, Plymouth Meeting, PA 19462-1298, USA.

From the free linked TOC document:

Key Recommendations

• Enlist leaders’ commitment and support for the organization’s health IT projects.

• Involve health IT users in system planning, design, and selection.

• Conduct a review of workflow and processes to determine how they must be modified.

• Evaluate the ability of existing IT systems within the organization to reliably exchange data with any health IT system under consideration.

• Conduct extensive tests before full implementation to ensure that the health IT system operates as expected.

• Provide user training and ongoing support; educate users about the capabilities and limitations of the system.

• Closely monitor the system’s ease of use and promptly address problems encountered by users.

• Introduce alterations to a health IT system in a controlled manner.

• Monitor the system’s effectiveness with metrics established by the organization.

• Require reporting of health IT-related events and near misses.

• Conduct thorough event analysis and investigation to identify corrective measures.

My comments are these:

• The ECRI study, report and recommendations are quite welcome.

• The case reports received were apparently voluntary and probably "conservative" and understated as hospitals are not happy to release data on problems and harms that can lead to, or support, litigation.  

• The study was just 9 weeks long, and with a limited set of healthcare organizations participating.  800 HIT-related events were identified. 

•  The relevant issues discovered in the events, as summarized in the bullet points above, are capable of causing clinician distraction, incorrect decisions, "use error" (as opposed to "user error", see here), patient harm, and death.  (I am aware of such issues in the press including harms and deaths, as readers here have read at links such as these and these and these and these, and others about which I am providing expert-witness consultation and cannot share.)
  

• I believe ECRI has now begun to peer below the water level, through the muck of industry control of the narrative, of what FDA CDRH leader Jeffrey Shuren MD JD referred to as "the tip of the iceberg" - i.e., the current level of knowledge of health IT difficulties, defects and harms. 

• The report is yet another red flag for a far more robust (and mandatory, in my view) post-marketing surveillance of health IT.  

• Those who claim these findings are "anecdotes" (as here) are looking increasingly foolish and cavalier.

Finally, readers of this blog have been reading about these issues for years.  You heard it here first.

-- SS