Skip to main content

Safety-Test Your EHR With This 3-Step Guide

Analysis  |  By Steven Porter  
   August 29, 2018

Here's how providers can make the most of a 57-page report on electronic health record system safety by Pew, the AMA, and Medstar Health.

Imagine for a moment that a patient in his late 20s arrived in your emergency department with severe flank pain. Based on his allergies and medical history, your team determines that he should be given a high dose of opioid pain medication and monitored closely.

If a physician were to order 10 mg of hydromorphone to be administered intravenously, would your electronic health record (EHR) respond with an alert that this dosage falls outside normal limits? If not, then your EHR would fail one of 14 test-case scenarios included in a report released Tuesday by The Pew Charitable Trusts, the American Medical Association, and Medstar Health. (And that's not the only way your EHR could fail the test.)

The scenarios were developed as tools to help EHR vendors and healthcare providers alike safety-test their systems, both in the development stage and in customized implementation. They include basic and advanced scenarios pertaining to seven different usability issues, and they can be put to use right away.

"There are several important things that can come from this for a provider organization specifically," says Raj Ratwani, PhD, center director and scientific director for MedStar Health's National Center for Human Factors in Healthcare.

Ratwani identified three main steps providers can take to make the most out of the 57-page document.

Step 1: Assess the EHR life cycle.

The report outlines six stages or components of the EHR product life cycle, and it outlines best practices for developers and providers to observe during each stage.

"There are some very, very concrete things that provider organizations can do right now without any kind of formal certification program in place," Ratwani tells HealthLeaders.

  • Culture of safety: Providers should, among other things, establish defined methods for personnel to report safety hazards related to health IT and an organizational structure to collect and review the identified hazards in a timely manner, according to the report.
  • Product design and development: Developers should be allowed to observe clinical staff workflows, and clinicians should be permitted to influence an EHR's design and testing, according to the report.
  • Acquisition: Specific needs and requirements from the provider's clinicians should be detailed for prospective EHR vendors, according to the report.
  • Customization and configuration: For any customization, there should be a clear justification and documented use cases, with a plan to mitigate associated risks, according to the report.
  • Implementation and system upgrades: Providers should have a clear governance structure to support the implementation of an EHR system and tackle any safety-related concerns that crop up in the process, taking the lead on testing and software upgrades, according to the report.
  • Training: Best practices around EHR-related training include providing staggered training to all users, tailoring it to trainee needs, and thoroughly documenting the process and costs, according to the report.

The full list, which can serve as a framework for healthcare leaders to organize their efforts, is included in Table 2 of the report.

Step 2: Use the test cases.

Drawing on feedback from EHR developers, clinicians, and others, the researchers pulled together a list of seven key EHR usability and safety challenge categories: data entry, alerting, interoperability, visual display, availability of information, system automation and defaults, and workflow support.

For each category, the report includes one advanced and one basic test-case scenario designed to assess whether an EHR system and its particular configuration are falling into a potential hazard.

Related: How DeKalb Medical Fixed Drug Safety Problems After Fatal Error

"You could take the test cases that we have, and you could take a subset of your clinicians, and you could have them perform those test cases on your very EHR product that's in clinical use or your training product to see how well clinicians are able to interact with a product, given that particular test case scenario," Ratwani says.

Each scenario includes one or more specific ways an EHR system could fail.

Step 3: Develop your own test cases.

The report is designed as a framework to improve clinical safety related to EHR applications. It's not designed as a comprehensive list of potential pitfalls.

Like a regular automobile inspection, any EHR testing should be an ongoing and iterative process, so providers are encouraged to take the test-case scenario framework and modify it to root out other weaknesses, Ratwani says.

"We encourage providers to do that because each of the EHR implementations across the country is different, and each provider organization may have their own recognized safety hazards that they are attempting to address," he says. "One of the best ways to address those is to use the test case criteria to develop unique test cases relevant to your organization and your implementation to test your system."

Steven Porter is an associate content manager and Strategy editor for HealthLeaders, a Simplify Compliance brand.


Do your clinicians have a defined method to report IT-related safety hazards? Are you handling them systematically? There are things to keep in mind at every stage in the EHR life cycle.

Consider testing your EHR setup with 14 scenarios in this report, then branch out and devise tests of your own.

Get the latest on healthcare leadership in your inbox.