An Open Letter to David Bates, MD, Chair, ONC FDASIA Health IT Policy Committee on Recommendations Against Premarket Testing and Validation of Health IT

From http://www.healthit.gov/policy-researchers-implementers/federal-advisory-committees-facas/fdasia:

The Food and Drug Administration Safety Innovation Act (FDASIA) Health IT Policy Committee Workgroup is charged with providing expert input on issues and concepts identified by the Food and Drug Administration (FDA), Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) to inform the development of a report on an appropriate, risk-based regulatory framework pertaining to health information technology including mobile medical applications that promotes innovation, protects patient safety, and avoids regulatory duplication.

My Open Letter to the Committee's chair speaks for itself:

From: Scot Silverstein
Date: Mon, Sep 16, 2013 at 9:39 AM
Subject: ONC FDASIA Health IT Policy Committee's recommendations on Premarket Surveillance
To: David Bates

Sept. 16, 2013

David Bates, Chair, ONC FDASIA Health IT Policy Committee
via email
   
Dear David,

I am disappointed (and in fact appalled) at the ONC FDASIA Health IT Policy Committee's recommendations that health IT including typical commercial EHR/CPOE systems not be subjected to a premarket testing and validation process.  I believe this recommendation is, quite frankly, negligent. [1]

As you know, my own mother was injured and then died as a result of EHR deficiencies, and nearly injured or killed again in the recuperation period from her initial injuries by more health IT problems in a second EHR used in her care.  In my legal consulting and from my colleagues, as well as from the literature, I hear about other injuries/deaths and many "near misses" as well.  That your recommendations came in the face of the recent ECRI Deep Dive study is even more appalling, with the latter's finding of 171 health IT-related incidents in 9 weeks from 36 member PSO hospitals, resulting in 8 injuries and 3 possible deaths, all reported voluntarily. [2]

It is my expert opinion the issues that cause these outcomes would never have made it into production systems, had a reasonable, competent, unbiased premarket testing and validation process been in place.

Consequently, I have shared the FDASIA HIT Policy Committee's recommendations with the Plaintiff's Bar, and will use its recommendations in my presentations to various chapters of the American Association for Justice (the trial lawyer's association) - as well as to interested Defense attorneys so they may advise their clients accordingly.

I am also making recommendations that in any torts, individual or class, regarding EHR problems that would likely have been averted with competent premarket testing and validation, that the FDASIA HIT Policy Committee members who agreed with the recommendation be considered possible defendants.

I am sorry it has come to this.

Please note I am also posting this message for public viewing at the Healthcare Renewal weblog of the Foundation for Integrity and Responsibility in Medicine (FIRM).

Sincerely,

Scot Silverstein, MD
Consultant/Independent Expert Witness in Healthcare Informatics
Adjunct Faculty, Drexel University, College of Computing and Informatics

Notes:


[1] FDA Law Blog, Recommendations of FDASIA Health IT Workgroup Accepted, September 11, 2013, available at http://www.fdalawblog.net/fda_law_blog_hyman_phelps/2013/09/recommendations-of-fdasia-health-it-workgroup-accepted.html: "Of particular interest is the recommendation that health IT should generally not be subject to FDA premarket requirements, with a few exceptions:  medical device accessories, high-risk clinical decision support, and higher risk software use cases."

[2] "Peering Underneath the Iceberg's Water Level: AMNews on the New ECRI 'Deep Dive' Study of Health IT Events" , Feb. 28. 2013, available at http://hcrenewal.blogspot.com/2013/02/peering-underneath-icebergs-water-level.html.

-----------------------------------------------

Note: the following are listed on the linked site above as members of the committee:

Member List

• David Bates, Chair, Brigham and Women’s Hospital
• Patricia Brennan, University of Wisconsin-Madison
• Geoff Clapp, Better
• Todd Cooper, Breakthrough Solutions Foundry, Inc.
• Meghan Dierks, Harvard Medical Faculty, Division of Clinical Informatics
• Esther Dyson, EDventure Holdings
• Richard Eaton, Medical Imaging & Technology Alliance
• Anura Fernando, Underwriters Laboratories
• Lauren Fifield, Practice Fusion, Inc.
• Michael Flis, Roche Diagnostics
• Elisabeth George, Philips Healthcare
• Julian Goldman, Massachusetts General Hospital/ Partners Healthcare
• T. Drew Hickerson, Happtique, Inc.
• Jeffrey Jacques, Aetna
• Robert Jarrin, Qualcomm Incorporated
• Mo Kaushal, Aberdare Ventures/National Venture Capital Association
• Keith Larsen, Intermountain Health
• Mary Anne Leach, Children’s Hospital Colorado
• Meg Marshall, Cerner Corporation
• Mary Mastenbrook, Consumer
• Jackie McCarthy, CTIA - The Wireless Association
• Anna McCollister-Slipp, Galileo Analytics
• Jonathan Potter, Application Developers Alliance
• Jared Quoyeser, Intel Corporation
• Martin Sepulveda, IBM
• Joseph Smith, West Health
• Paul Tang, Palo Alto Medical Foundation
• Bradley Thompson, Epstein Becker Green, P.C
• Michael Swiernik, MobileHealthRx, Inc.

Federal Ex Officios

• Jodi Daniel, ONC
• Bakul Patel, FDA
• Matthew Quinn, FCC

 -- SS

A Good Way to Cybernetically Harm or Kill Emergency Department Patients ... Via An ED EHR "Glitch" That Mangles Prescriptions

Yet another healthcare IT "glitch" - that banal little word used for potentially life-threatening software defects.  (See the query link http://hcrenewal.blogspot.com/search/label/glitch for more examples.)

An EHR/command and control system (including ordering, results reporting, etc.)  for hospital Emergency Departments, Picis Pulsecheck, was recalled by FDA.

Reason?  "Notes associated with prescriptions are not printed to the prescription or to the patient chart."  The data apparently is not being sent to the printer or being stored for future visits.  Instead, data input by clinical personnel, in one of the most risk-prone medical settings, the Emergency Department, is simply going away.

This is reminiscent of the truncation of prescription drug "long acting" suffixes, apparently by a Siemens system, that led to thousands of prescription errors (perhaps tens of thousands) over more than a year's time.  I wrote about that matter, as reported by the news media, at "Lifespan (Rhode Island): Yet another health IT "glitch" affecting thousands - that, of course, caused no patient harm that they know of - yet" at http://hcrenewal.blogspot.com/2011/11/lifespan-rhode-island-yet-another.html. 

Regarding the current Picis recall, notes connected with prescriptions can be crucial to the pharmacist or the patient.  Loss of those notes - apparently due to a computer glitch and most likely in this case without the prescribing clinician knowing about it - likely have been going on for some time now, since two software versions (5.2 and 5.3) are affected.

The solution for now?

"Consignees were provided with recommended actions until they receive the necessary update."

In other words, a workaround adding more work to clinicians who now not only have to take care of patients, but in the unregulated health IT market need to (as if they don't already have enough work to do in the ED where chaos often occurs) babysit computer glitches as well - and pray they catch potential computer errors 100% of the time.

Below is the FDA MAUDE recall notice at "Medical & Radiation Emitting Device Recalls", from http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfRes/res.cfm?ID=119832.

At this additional link we find that this FDA recall was "Voluntary: Firm Initiated."  They apparently informed the FDA of the "glitch."

My question is - how did the company become aware of this "glitch"?  Also, were any patients put in harm's way, or injured, as a result of the prescription data loss?

FDA Device Recall Notice.  Click to enlarge; text below.

Class 2 Recall ED PulseCheck

Date Posted	July 29, 2013
Recall Number	Z-1814-2013
Product	Picis ED Pulsecheck - EMR Software Application - 2125, Software Versions: 5.2 and 5.3. The application stores patient information in a database, and it may analyze and/or display the data in different formats for evaluation by healthcare professionals for informational purposes.
Code Information	Software Versions 5.2 and 5.3
Recalling Firm/ Manufacturer	Picis Inc. 100 Quannapowitt Parkway Suite 405 Wakefield, Massachusetts 01880
For Additional Information Contact	Support Representative 781-557-3000
Reason for Recall	Notes associated with prescription are not printed to the prescription or to the patient chart.
Action	Initial customer notifications were sent via email on June 21, 2013 informing consignees of the recall and providing further instruction regarding the software solution. Consignees were provided with recommended actions until they receive the necessary update.
Quantity in Commerce	35
Distribution	Nationwide Distribution, including the states of: AK, AR, AZ, CA, CO, DC, DE, FL, GA, ID, IN, MA, MD, MO, NH, NJ, OH, OR, SC, TN, WA, and WV.

Finally, I ask - how did this "glitch" escape the notice of the company before the software was put into production not in just one, but through two sequential versions?

I propose that the lack of health IT regulatory controls due to special accommodation makes thorough software testing less "desirable" by a company (largely due to costs).

Compare that to, say, software regulation in the Federal Aviation Administration:

FAA Aircraft Software Approval Guidelines - available at http://www.faa.gov/documentLibrary/media/Order/8110.49%20Chg%201.pdf.  Click to access.

The FAA document begins:

"This order establishes procedures for evaluating and approving aircraft software and changes to appropriate approved aircraft software procedures."

Software regulation in other mission critical industries like aviation and pharma make the health IT industry and its lack of regulation look pathetic.


-- SS

Today's Bad Health IT Systems: More Dangerous Than Paper?

I believe in 2013 that they are.

(Definition of bad health IT is here:  http://www.ischool.drexel.edu/faculty/ssilverstein/cases/)

I recently posted about two "glitches" in a major EHR seller's clinical systems, Siemens Healthcare, affecting safety-critical functions of medication reconciliation and medication ordering.

• Another Health IT "Glitch" - Can Digital Disappearing Ink Kill Patients?

• Can Digital Disappearing Ink (An EHR "Glitch") Kill Patients? Part 2

Considering these, plus the many "glitches" reported by the only EHR seller who does so via FDA's MAUDE database (see here: http://hcrenewal.blogspot.com/2011/01/maude-and-hit-risk-mother-mary-what-in.html), and the others posted at this blog at query link: http://hcrenewal.blogspot.com/search/label/glitch, the following issue needs serious consideration by policymakers.

Namely, the issue that enterprise electronic medical command-and-control systems, which today's "EHRs" in reality are, are on their face more risk-prone than the paper systems they are replacing.

The "glitches" reported above are clearly the tip of the iceberg due to industry norms of secrecy, the absence of most of the industry in reporting to FDA MAUDE or anywhere, and my limited sources of information.  It is likely the true level of "glitches" in live EHR/clinical IT installations is far, far higher  - conservatively, I believe, at least two orders of magnitude.

Workarounds to IT "glitches" such as recommended in the Siemens bulletins at the aforementioned posts cause hospital officials to have to  reliably get the notices to all users of the systems, including medical students, nurses, physicians and allied health professionals.

The workarounds also cause users to:

1)  have to deviate from habits of use acquired in training and active use of the systems in question;
2) remember, without fail, to deviate from habits of use acquired in training and active use of the systems in question, in effect giving them the responsibility of caring for sick patients and for "sick" information technology;
3) keep in mind any other extant workarounds that exist waiting for "fixes"; and
4) be constantly on guard for information storage failures.

In fact, the recent Siemens "glitches" and workarounds represent a clear danger to patient safety.  If these were more conventional medical devices, they'd be recalled.

See my Dec. 14, 2011 post "FDA Recalls Draeger Health IT Device Because This Product May Cause Serious Adverse Health Consequences, Including Death" (http://hcrenewal.blogspot.com/2011/12/fda-recalls-health-it-software-because.html) and July 23, 2012 post "Health IT FDA Recall: Philips Xcelera Connect - Incomplete Information Arriving From Other Systems"(http://hcrenewal.blogspot.com/2012/07/health-it-fda-recall-philips-xcelera.html) for examples where health IT defects similar to the Siemens issues were, in fact, recalled.

Further, with paper records or tangible images, a page or image can be lost, or it can be illegible.  In the case of lost, in any quality paper record keeping system the information stewards or others using the paper (e.g., office staff or ward clerks) will generally note the absence and act accordingly.  Further, illegible notes or orders will most often be recognized as illegible and result in attempted clarification or other corrective actions.

On the other hand, when electronic systems:

1)  lose modified information en masse as in the Siemens examples but keep the old, or
2)  when outright errors such as en masse truncation occur (as in the thousands of prescriptions whose long-acting suffixes were cut off at Lifespan in Rhode Island, see "Yet another health IT "glitch" affecting thousands" here: http://hcrenewal.blogspot.com/2011/11/lifespan-rhode-island-yet-another.html), or
3)  images are lost (see "Potential Image Loss in GE Centricity PACS" here:  http://hcrenewal.blogspot.com/2012/11/potential-image-loss-in-ge-centricity.html) without warning-

- There are no "flags" that the obsolete, truncated or missing information is erroneous.

What remains is perfectly legible, perfectly convincing and perfectly deceiving.

Electronic healthcare information systems on their face create more risk than paper record systems.  Further, the problem with "bugs" and "glitches" will not go away with today's industry models of "hiring down" and lack of regulation.  Every new upgrade or patch is suspect for introducing new bugs.

Paper does not suffer these issues, unless disappearing ink is used to cross out the old and add new information ...

Not that I am advocating for a return to 100% paper, but certain critical functions probably are best left to paper.  Further, hundreds of billions of dollars can certainly buy:

1)  a lot of Health Information Management professionals to perform continuous QA of paper,
2)  a lot of document imaging systems to make the paper records available anywhere, anytime they are needed, and
3)  a lot of data entry personnel to relieve clinicians of clerical burdens so they may use their valuable experience more productively, as guest poster Howard Brody points out at http://hcrenewal.blogspot.com/2013/07/guest-post-incompetent-management.html.
4)  a lot of sensible regulation of this industry's product quality.

-- SS

Medscape re: Class Action suit: "Doctors Who Sued EHR Company Win First Round"

Interesting article about a Class-Action lawsuit against a health IT seller, Allscripts, see Medscape link below (the story is copyrighted so I cannot repost it here).

Relevant excerpts:

On Monday, March 4, a group of doctors who are suing their electronic health record (EHR) manufacturer for selling them a "buggy" product and then discontinuing it learned that the defendant's motion to block the lawsuit and compel them to accept binding arbitration was overruled by a judge in Miami, the first step in getting a court date in what is believed to be a first-of-its-kind case.

... In December 2012, 4 physician practices -- 2 pain clinics in Florida, 1 in Missouri, and a family medicine practice in Alabama -- became plaintiffs in a class-action suit filed against Allscripts, "an action arising from an expensive, but defective electronic health records software product," according to the complaint. The bottom line: The EHR was "buggy."

Says one of the doctors plaintiffs:

Anesthesiologist Robert J. Joseph, MD, of the Pain Clinic of Northwest Florida in Panama City, a plaintiff in the suit, makes no bones about it. "Our EHR is a piece of crap," he states.

-----

Link to full article:
http://www.medscape.com/viewarticle/779721

(It seems to come up fulltext without Medscape login, but I cannot guarantee this will persist.)

-- SS