An Open Letter to David Bates, MD, Chair, ONC FDASIA Health IT Policy Committee on Recommendations Against Premarket Testing and Validation of Health IT

From http://www.healthit.gov/policy-researchers-implementers/federal-advisory-committees-facas/fdasia:

The Food and Drug Administration Safety Innovation Act (FDASIA) Health IT Policy Committee Workgroup is charged with providing expert input on issues and concepts identified by the Food and Drug Administration (FDA), Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) to inform the development of a report on an appropriate, risk-based regulatory framework pertaining to health information technology including mobile medical applications that promotes innovation, protects patient safety, and avoids regulatory duplication.

My Open Letter to the Committee's chair speaks for itself:

From: Scot Silverstein
Date: Mon, Sep 16, 2013 at 9:39 AM
Subject: ONC FDASIA Health IT Policy Committee's recommendations on Premarket Surveillance
To: David Bates

Sept. 16, 2013

David Bates, Chair, ONC FDASIA Health IT Policy Committee
via email
   
Dear David,

I am disappointed (and in fact appalled) at the ONC FDASIA Health IT Policy Committee's recommendations that health IT including typical commercial EHR/CPOE systems not be subjected to a premarket testing and validation process.  I believe this recommendation is, quite frankly, negligent. [1]

As you know, my own mother was injured and then died as a result of EHR deficiencies, and nearly injured or killed again in the recuperation period from her initial injuries by more health IT problems in a second EHR used in her care.  In my legal consulting and from my colleagues, as well as from the literature, I hear about other injuries/deaths and many "near misses" as well.  That your recommendations came in the face of the recent ECRI Deep Dive study is even more appalling, with the latter's finding of 171 health IT-related incidents in 9 weeks from 36 member PSO hospitals, resulting in 8 injuries and 3 possible deaths, all reported voluntarily. [2]

It is my expert opinion the issues that cause these outcomes would never have made it into production systems, had a reasonable, competent, unbiased premarket testing and validation process been in place.

Consequently, I have shared the FDASIA HIT Policy Committee's recommendations with the Plaintiff's Bar, and will use its recommendations in my presentations to various chapters of the American Association for Justice (the trial lawyer's association) - as well as to interested Defense attorneys so they may advise their clients accordingly.

I am also making recommendations that in any torts, individual or class, regarding EHR problems that would likely have been averted with competent premarket testing and validation, that the FDASIA HIT Policy Committee members who agreed with the recommendation be considered possible defendants.

I am sorry it has come to this.

Please note I am also posting this message for public viewing at the Healthcare Renewal weblog of the Foundation for Integrity and Responsibility in Medicine (FIRM).

Sincerely,

Scot Silverstein, MD
Consultant/Independent Expert Witness in Healthcare Informatics
Adjunct Faculty, Drexel University, College of Computing and Informatics

Notes:


[1] FDA Law Blog, Recommendations of FDASIA Health IT Workgroup Accepted, September 11, 2013, available at http://www.fdalawblog.net/fda_law_blog_hyman_phelps/2013/09/recommendations-of-fdasia-health-it-workgroup-accepted.html: "Of particular interest is the recommendation that health IT should generally not be subject to FDA premarket requirements, with a few exceptions:  medical device accessories, high-risk clinical decision support, and higher risk software use cases."

[2] "Peering Underneath the Iceberg's Water Level: AMNews on the New ECRI 'Deep Dive' Study of Health IT Events" , Feb. 28. 2013, available at http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html.

-----------------------------------------------

Note: the following are listed on the linked site above as members of the committee:

Member List

• David Bates, Chair, Brigham and Women’s Hospital
• Patricia Brennan, University of Wisconsin-Madison
• Geoff Clapp, Better
• Todd Cooper, Breakthrough Solutions Foundry, Inc.
• Meghan Dierks, Harvard Medical Faculty, Division of Clinical Informatics
• Esther Dyson, EDventure Holdings
• Richard Eaton, Medical Imaging & Technology Alliance
• Anura Fernando, Underwriters Laboratories
• Lauren Fifield, Practice Fusion, Inc.
• Michael Flis, Roche Diagnostics
• Elisabeth George, Philips Healthcare
• Julian Goldman, Massachusetts General Hospital/ Partners Healthcare
• T. Drew Hickerson, Happtique, Inc.
• Jeffrey Jacques, Aetna
• Robert Jarrin, Qualcomm Incorporated
• Mo Kaushal, Aberdare Ventures/National Venture Capital Association
• Keith Larsen, Intermountain Health
• Mary Anne Leach, Children’s Hospital Colorado
• Meg Marshall, Cerner Corporation
• Mary Mastenbrook, Consumer
• Jackie McCarthy, CTIA - The Wireless Association
• Anna McCollister-Slipp, Galileo Analytics
• Jonathan Potter, Application Developers Alliance
• Jared Quoyeser, Intel Corporation
• Martin Sepulveda, IBM
• Joseph Smith, West Health
• Paul Tang, Palo Alto Medical Foundation
• Bradley Thompson, Epstein Becker Green, P.C
• Michael Swiernik, MobileHealthRx, Inc.

Federal Ex Officios

• Jodi Daniel, ONC
• Bakul Patel, FDA
• Matthew Quinn, FCC

 -- SS

Today's Bad Health IT Systems: More Dangerous Than Paper?

I believe in 2013 that they are.

(Definition of bad health IT is here:  http://www.ischool.drexel.edu/faculty/ssilverstein/cases/)

I recently posted about two "glitches" in a major EHR seller's clinical systems, Siemens Healthcare, affecting safety-critical functions of medication reconciliation and medication ordering.

• Another Health IT "Glitch" - Can Digital Disappearing Ink Kill Patients?

• Can Digital Disappearing Ink (An EHR "Glitch") Kill Patients? Part 2

Considering these, plus the many "glitches" reported by the only EHR seller who does so via FDA's MAUDE database (see here: http://hcrenewal.blogspot.com/2011/01/maude-and-hit-risk-mother-mary-what-in.html), and the others posted at this blog at query link: http://hcrenewal.blogspot.com/search/label/glitch, the following issue needs serious consideration by policymakers.

Namely, the issue that enterprise electronic medical command-and-control systems, which today's "EHRs" in reality are, are on their face more risk-prone than the paper systems they are replacing.

The "glitches" reported above are clearly the tip of the iceberg due to industry norms of secrecy, the absence of most of the industry in reporting to FDA MAUDE or anywhere, and my limited sources of information.  It is likely the true level of "glitches" in live EHR/clinical IT installations is far, far higher  - conservatively, I believe, at least two orders of magnitude.

Workarounds to IT "glitches" such as recommended in the Siemens bulletins at the aforementioned posts cause hospital officials to have to  reliably get the notices to all users of the systems, including medical students, nurses, physicians and allied health professionals.

The workarounds also cause users to:

1)  have to deviate from habits of use acquired in training and active use of the systems in question;
2) remember, without fail, to deviate from habits of use acquired in training and active use of the systems in question, in effect giving them the responsibility of caring for sick patients and for "sick" information technology;
3) keep in mind any other extant workarounds that exist waiting for "fixes"; and
4) be constantly on guard for information storage failures.

In fact, the recent Siemens "glitches" and workarounds represent a clear danger to patient safety.  If these were more conventional medical devices, they'd be recalled.

See my Dec. 14, 2011 post "FDA Recalls Draeger Health IT Device Because This Product May Cause Serious Adverse Health Consequences, Including Death" (http://hcrenewal.blogspot.com/2011/12/fda-recalls-health-it-software-because.html) and July 23, 2012 post "Health IT FDA Recall: Philips Xcelera Connect - Incomplete Information Arriving From Other Systems"(http://hcrenewal.blogspot.com/2012/07/health-it-fda-recall-philips-xcelera.html) for examples where health IT defects similar to the Siemens issues were, in fact, recalled.

Further, with paper records or tangible images, a page or image can be lost, or it can be illegible.  In the case of lost, in any quality paper record keeping system the information stewards or others using the paper (e.g., office staff or ward clerks) will generally note the absence and act accordingly.  Further, illegible notes or orders will most often be recognized as illegible and result in attempted clarification or other corrective actions.

On the other hand, when electronic systems:

1)  lose modified information en masse as in the Siemens examples but keep the old, or
2)  when outright errors such as en masse truncation occur (as in the thousands of prescriptions whose long-acting suffixes were cut off at Lifespan in Rhode Island, see "Yet another health IT "glitch" affecting thousands" here: http://hcrenewal.blogspot.com/2011/11/lifespan-rhode-island-yet-another.html), or
3)  images are lost (see "Potential Image Loss in GE Centricity PACS" here:  http://hcrenewal.blogspot.com/2012/11/potential-image-loss-in-ge-centricity.html) without warning-

- There are no "flags" that the obsolete, truncated or missing information is erroneous.

What remains is perfectly legible, perfectly convincing and perfectly deceiving.

Electronic healthcare information systems on their face create more risk than paper record systems.  Further, the problem with "bugs" and "glitches" will not go away with today's industry models of "hiring down" and lack of regulation.  Every new upgrade or patch is suspect for introducing new bugs.

Paper does not suffer these issues, unless disappearing ink is used to cross out the old and add new information ...

Not that I am advocating for a return to 100% paper, but certain critical functions probably are best left to paper.  Further, hundreds of billions of dollars can certainly buy:

1)  a lot of Health Information Management professionals to perform continuous QA of paper,
2)  a lot of document imaging systems to make the paper records available anywhere, anytime they are needed, and
3)  a lot of data entry personnel to relieve clinicians of clerical burdens so they may use their valuable experience more productively, as guest poster Howard Brody points out at http://hcrenewal.blogspot.com/2013/07/guest-post-incompetent-management.html.
4)  a lot of sensible regulation of this industry's product quality.

-- SS

IT Specialist and the job he wouldn't take: hospital management's health IT "plan" is a checklist for failure

Received unsolicited on June 14, 2013 from a computer professional whose identity I am redacting.  Posted with his permission:

Dr. Silverstein,

Thank you very much for the many insights and helpful references provided on your "Contemporary Issues in Medical Informatics" (http://www.ischool.drexel.edu/faculty/ssilverstein/cases/) web site! In performing my due diligence for a position as an IT Director at a small rural hospital, I have come across your writings. 

I originally applied for this position in the hopes of leveraging my IT, project management, compliance and security experience to gain new expertise in healthcare IT. After my initial phone interview with the "CIO" and HR Director, at which I discovered that I would have the responsibility to implement a poorly conceived new EMR project, without the authority or resources to make it successful, additional red flags were raised which required further research. This led me to you.  

I cannot help but chuckle at the organizational, social and project management dysfunctions in medical IT, as described in your "Ten Critical Rules for Applied Informatics..."  (http://www.ischool.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=tenrules).   I have encountered similar dysfunctions in the world of military and commercial IT.  With a little tweaking, your lessons learned are applicable across a wide range of IT disciplines and a good reminder of how to avoid IT project and career failures and achieve successes.

Yet, I understand and have come to appreciate your thesis that medical IT is fundamentally different from business IT. Even though I am convinced that I could do better than most, I have concluded that it is probably wiser for a competent healthcare informaticist to lead HIT implementation projects. I wonder how many such competent informaticists there can be! Unfortunately, since I have no background in medicine, it is probably a little late for me to become one. 

I certainly will not engage in this particular opportunity. What I know of the hospital management's "plan" at this point is a checklist for failure. The reality of this rural hospital, and apparently thousands of similar situations, is unnecessarily and depressingly tragic for patients and clinical professionals. I appreciate your crusade to raise the bar for healthcare IT, and therefore IT in general. Thank you for saving me from jumping in to an untenable situation.

Ironically, and sadly, this letter is similar to others I have received dating to 1999.  Little has changed in nearly 15 years, except that with the rush to implement this unregulated, experimental technology thanks to the HITECH Act, there's likely going to be a lot more patient harm, especially at smaller hospitals new to this endeavor.

-- SS