Why health IT won’t help with medical risk management

by Satish Misra and Iltifat Husain

The march is on across the American healthcare landscape to implement electronic health records that also function as decision-support systems.

These “advanced” electronic health records will both provide centralized records and assist providers in making care decisions such as implementing therapy and utilizing evidence-based practice on the individual patient level. And anyone that has had the opportunity to work with some of the systems out there knows that they can be pretty impressive, doing everything from risk stratification for embolic events to calculating weight-based drug dosages.

While this technology continues to reshape the way medicine is practiced in the United States, it is worth making note of some interesting tactics that corporations are using with regards to risk-management. Because, inevitably, these systems are designed and used by regular people and mistakes will be made. And as often occurs in medicine, the first question will be where the liability for the mistake falls.

Health IT (HIT) companies basically use two principles that protect them when patient harm results from a failure of their IT systems. The first is the principle of the “learned intermediary,” which basically refers to healthcare providers who, because of their specialized training, are making individualized decisions based on risk/benefit profiles. As a Koppel et al (JAMA, 2005) explain:

HIT vendors thereby claim that, because they cannot practice medicine and are merely creating a software tool, clinicians are in much stronger positions to identify those errors resulting from faulty software or hardware.

The second risk-management principle that HIT companies use is non-disclosure clauses, which basically state that healthcare providers are forbidden from sharing software faults with anyone but the vendor. While this may be a norm of the IT industry, it clearly goes against the principles of beneficence that healthcare providers ascribe to.

For example, if a patient were to be harmed due to a faulty dosage calculator embedded in the software, not only is all liability shifted squarely onto the provider but the providers is not allowed to share that information with the medical community.

While these contractual provisions may seem like absolute nonsense to most healthcare providers, it is worth pausing and looking at it from the vendors point of view. Another study published by Koppel et al in JAMA (2005) looked at errors related to computerized physician order entry (CPOE) at a large academic medical center. Errors they identified fell into two major categories – human-machine interface flaws and information errors related to poor multi-system integration. In English, the former boils down to poor functional design (think Windows Mobile) and the latter is a failure to make different systems work together (think roll-out of Vista).

Errors resulting from entering orders on the wrong patient because of a poor display design, accidentally ordering a medication for tomorrow instead of today because of preset dose timings, and so on – these are errors that result from how we use it. No software company is liable for mistakes made while using their software, sort of along the lines of the “buyer beware” that underlies our whole economic system. Integration errors, such as incorrect drug dosages resulting from usage of a hospital’s pharmacy warehousing and purchasing databases instead of clinical guidelines, often result from the customization that occurs when rolling out these systems at a hospital or other venue.

That being said, its hard to see how absolving a HIT vendor from all liability for any error related to its software and then keeping that error a secret is consistent with basic ethical principles of healthcare. And the letter sent by Senator Chuck Grassley (R-Iowa) to Cerner Corporation, who own the popular Eclipsys system among other things, seeking information on these practices suggests that there may be some movement on the regulatory side to reshape the relationship of HIT vendors with the healthcare system in general.

In the meantime, healthcare providers need to leverage our negotiating power with the several HIT vendors out there and push for change that both creates a more open system for managing the inevitable errors that will result from this technology while giving HIT vendors more incentive to protect patients from harm.

Satish Misra is senior editor of iMedicalApps.com and Iltifat Husain is founder and editor of iMedicalApps.com.

Submit a guest post and be heard.

Comments are moderated before they are published. Please read the comment policy.

  • jsmith

    This risk-shift is not the main quality of care issue with IT. The main issue is the fact that the more time we spend fooling around with technology, the less time we (and the nurses) spend actually attending to the sick. This is a huge, if not yet widely discussed, problem in the general forum of ideas, where commercial speech seems to dominate. In the hospital and even in our clinic, the nurses spend way way too much time jockeying the EHR while that patient with an asthma attack languishes in the waiting room or in the hospital room. At bottom, the problem in primary care is too much work for the time to get it done. A lot of IT (not all, epocrates saves me time compared with the old PDR) worsens this problem and therefore will not improve care overall.

  • Jay Notes

    Great article. Allowing HIT companies to make money off these systems without footing any of the liability inherent when you step your foot into the medical domain is allowing them to have their cake and eat it too.

  • R Watkins

    The take home message seems to be that, if we use the EHR to calculate dosages, we should also confirm them with paper and pencil for liability reasons. Love the efficiency!

  • http://www.imedicalapps.com Satish Misra

    Regarding verifying dosage calculations, I’m happy to report that some institutions that I’ve visited recently (particularly those with home-grown systems rather than those from HIT vendors) sync their EHR’s with their pharmacy formulary, so you should be good there.

    As for the implications for patient-provider relationships, I do think that used appropriately, a good EHR can enhance our ability to provide personally for our patients by increasing our efficiency and reducing errors. And being aware of how technology can interfere with the patient-provider relationship will hopefully allow us, as providers, to consciously make an effort to minimize that interference.

  • JMP

    Cerner Corporation (CERN) does not own Eclipsys (ECLP). They are competitors and both are publicly traded companies.