A nervous American public wasn't reassured by the absence of a crack team of patient safety experts descending upon the Texas hospital to determine the exact cause and sequence of events leading to the death of a patient with Ebola.
As we enter what may turn into the Ebola era of U.S. healthcare, the long-discussed issue of the effect health IT has on patient safety is suddenly moving from the back burner to the front.
Just last week, HHS awarded a contract to Research Triangle Park, NC-based RTI, a research institute, to create a roadmap for the Office of the National Coordinator's health IT safety center. It's a first step, contingent on ONC receiving funding for the center itself, on ONC's path to providing needed oversight for the variety of medical errors attributed to health IT technology and use.
As part of the HHS award, RTI will create a task force of stakeholders to get input on the roadmap and prepare a report summarizing the evidence on health IT safety since the IOM report was issued in 2011. The report will also evaluate any available interventions and tools that would optimize the safety and safe use of health IT such as electronic health records systems.
But the Ebola outbreak may change all this.
With Texas Health Resources' initial blaming of its EHR software for the inappropriate release of Ebola patient Thomas Eric Duncan (he died days after being readmitted)—and its subsequent retraction—a nervous American public wasn't reassured by the absence of a crack team of patient safety experts descending upon the hospital to determine the exact cause and sequence of events leading to the errors.
Another Federal Agency?
Back in 2011, the Institute of Medicine proposed creating just such a mechanism, patterned along the lines of the National Transportation Safety Board, the independent federal agency that descends upon the scenes of transportation accidents to make speedy, impartial assessments after a major transportation calamity.
Why yet another agency? So the argument goes, in Washington, too many agencies, ranging from the Department of Justice to HHS, are too politicized to deliver unbiased assessments of the causes of and remedies for HIT-triggered patient safety misfires.
NTSB, for whatever reason, is run in such a way that it does not become besmirched by politics, and is almost ubiquitously trusted as a source of truth.
Quoting from the IOM report, "Public release of results of investigations could build off the NTSB process, which separates facts discovered by the investigators from opinions and conclusions drawn by the investigators. A feedback loop from the investigatory body back to both the vendors and users is essential to allow groups to rectify any systemic issues that were found to introduce risk into their systems."
The IOM committee that proposed this new agency "envisions an entity that would be similar in structure to the NTSB or the NRC [Nuclear Regulatory Agency), which are both independent federal agencies created by and reporting directly to Congress. Among other responsibilities, these entities conduct investigations, for the purpose of ensuring safety."
Non-regulatory, Non-punitive
"The NTSB is a non-regulatory agency that does not establish fault or liability in the legal sense, but investigates incidents. The NRC is a regulatory body that has the ability to issue fines and fees. The committee considered both agencies and concluded the NTSB to be most similar to the needs of health IT-assisted care."
This entity would not have enforcement power and would be non-punitive. Instead, it would have the authority to conduct investigations and, upon their completion, make recommendations.
"The NTSB makes non-binding recommendations to the Secretary of the Department of Transportation, who then must state within 90 days whether the department intends to perform the recommended procedures in total, carry the recommendations out in part, or refuse to adopt the recommendation," the IOM report stated. "In this case, an entity would make similar recommendations to the Secretary of HHS."
Still A Ways to Go
Although delivering non-binding recommendations could be described by some as a flaw, the IOM committee believed that the flexibility it provides is a strength, allowing for the healthcare organizations, vendors, and external experts to determine the best course forward collectively.
Since 2011, the IOM's idea hasn't gotten very far. Some would say that in part, this is because one of its primary champions has been Charles Denham, MD, a prominent patient safety advocate accused of taking kickbacks from a product manufacturer.
But a good idea championed by a controversial figure can still be a good idea.
One irony is that improving patient safety overall is dependent upon widespread utilization of health IT throughout healthcare to track adverse events. In testimony on July 17, Ashish K. Jha, MD, professor of health policy and management at the Harvard School of Public Health, stated that most EHR vendors have not yet installed tools that track adverse events.
"If we made automated patient safety monitoring a key part of certification for meaningful use, it would have a dramatic effect," Jha told the Senate Committee on Health, Education, Labor and Pensions.
In the wake of recent events in Dallas, I also contacted the HIMSS EHR Association, the trade group for EHR vendors. A spokesperson referred me to the association's code of conduct, but confirmed that this code is silent on the hot topic of so-called "gag orders" which allegedly prevent some EHR customers from publicly reporting safety-impacting bugs.
Gag Orders and NDAs
The EHR spokesperson did note that EHR customers come into possession of a variety of trade secrets and proprietary information when they become customers. For instance, every Epic customer has access to the source code of Epic's EHR.
But customers also sign binding legal agreements not to disclose that source code publicly. So one can imagine that if an Epic customer were to publicly disclose a flaw in the software, it would have to tread carefully so as to not reveal any such source code, or other Epic trade secrets.
Where the public's safety is at issue, we must strike a balance between the vendor's intellectual property rights and the public's right to know. Trying to parse contradictory statements from providers and EHR vendors, or government agencies not representing expert views on health IT, can end up alarming the public, as we have just seen.
I wonder if the ONC can really take this on, given everything on its plate. Far better to consider a comprehensive solution, endorsed by the Institute of Medicine and proven in other industries, which has languished until now.
Scott Mace is the former senior technology editor for HealthLeaders Media. He is now the senior editor, custom content at H3.Group.