HHS health IT safety plan hopefully is a work in progress

I enjoyed reading The U.S. Department of Health & Human Services' 50-page final health IT safety plan, released last week, which aims to eliminate medical errors related to technology and to better protect patients.

The plan is comprehensive and impressive. It calls for a "coordinated effort" to mitigate risks, requiring multiple stakeholders to be involved in the effort. It also "leverages existing authorities to strengthen patient safety efforts", which I take to mean that HHS is attempting to use current resources to accomplish its goals, rather than reinvent the wheel, which makes a lot of sense in today's economic climate. The plan also will incorporate safety into health IT and the Meaningful Use program, collect and analyze data on adverse events related to health IT, and spearhead other activities.

I am also encouraged by the fact that the final plan seems to build on the Institute of Medicine's report on health IT and patient safety, more so than the draft plan. For instance, the IOM had called for the creation of an independent federal entity to investigate adverse patient events related to health IT. ONC dismissed this idea in the draft plan, but creates a compromise by enlisting the services of the Joint Commission to help identify unsafe conditions related to health IT, develop processes to prevent adverse events and provide education in the final plan.

Still, I'm concerned that the final plan appears to leave vendors off easy at the expense of providers.

For starters, let's take a look at accountability. Of course, physicians and other users should be accountable for patient harm stemming from their negligent or sloppy use of EHRs, such as communication or input errors. But what about errors that stem from faulty EHR design, software glitches, and other problems not caused by the provider? Most EHR vendor contracts still contain "learned intermediary doctrine" clauses, which places the burden of a patient safety error solely on the provider. According to the safety plan, the most serious repercussion a vendor might suffer is scrutiny from an ONC-ACB.  

Or look at reporting. There's still no requirement that vendors report health IT-related adverse events, as recommended by the IOM. Instead, HHS defers to the new HIMSS EHRA vendor Code of Conduct to allow vendors to police themselves. The code of conduct doesn't require reporting of events. It doesn't even allow clinicians to report them to each other. Moreover, the government will only know which EHR products are the most problematic after sifting through the providers' reports. But providers--whose purchasing might be influenced by this information--are still kept in the dark, leaving them and the patients more vulnerable than necessary.

Overall, this plan is a positive development and should improve patient safety. Still, I hope that it is a work in progress, and that HHS will modify and update it as needed. - Marla - Marla (@MarlaHirsch)