President Obama’s stimulus plan includes $19 billion to promote the adoption of electronic health record (EHR) systems and to enhance privacy protection for health information. These are much-needed first steps. However, they are first steps only. Like pacemakers and other medical devices, EHR systems should be subject to federal safety regulations–their complex software may have bugs or “usability” problems that endanger patients.
Electronic health record systems are much more than record keeping devices. They include numerous features that have the potential to vastly improve health care outcomes. For example, they can provide physicians with preventive care reminders, allergy alerts, suggestions for diagnostic or treatment options, links to medical literature, computerized physician order entry, and data analysis tools. They can allow physicians in different practices or locations to exchange information about patients who seek a second opinion, move to a new location, or are brought to an emergency room.
EHR systems can reduce errors and improve patient safety. To illustrate, in one case reported in the Washington Post in 2005, a physician prescribed 10 times the appropriate dosage of a drug, and the EHR system caught and corrected this mistake. According to some estimates, these systems may ultimately save over $77 billion a year as a result of lower administrative costs, fewer medical errors, and less duplication of tests, because the results of tests conducted by one physician would be electronically available to all treating physicians.
At the same time, there are significant risks and challenges, which go far beyond the often-addressed privacy and security concerns. EHR systems require caregivers to type information directly into computers during or after their patient visits. Some find this to be time-consuming and unproductive, and efforts to create shortcuts or circumvent the systems’ demands can create new problems.
For example, cut-and-paste mechanisms can make old information about a patient’s condition appear to be a recent update. Poorly designed data displays or prompts and alerts that are confusing, excessive, or inappropriately timed can hinder care. In addition, patient welfare can be endangered by software bugs, unexpected computer shut-downs, and other system problems. In 2008, bugs in the Veterans Administration’s EHR system exposed veterans to incorrect drug doses, such as excessive heparin infusions.
In light of these risks to patient care, federal regulations must establish rigorous quality control mechanisms. Currently, initial approval of EHR systems is conducted by a certification program operated by the Certification Commission for Health Information Technology, a private, industry-based organization. Our review of the certification criteria revealed that they are inadequate to ensure the safety and efficacy of EHR systems. For example, testing is conducted in just one eight-hour period, and the criteria do not explicitly address important issues such as safety and usability.
We believe that EHR systems should be scrutinized through a careful premarket approval process, including field testing at several facilities for at least six months. We also recommend local system oversight committees, based on the IRB model, that would oversee field testing and conduct postmarketing monitoring throughout the life of the product. Adverse event reporting would be mandated under this system to ensure that problems are detected and addressed swiftly and that the government intervenes when necessary to safeguard patient welfare.
Federal regulations should also require that all EHR systems meet specific quality standards. Audit trails and capture-replay capabilities should be required to facilitate discovery of both system and user errors, much as black boxes allow the reconstruction of conditions that led to aviation incidents. Equally important, different systems should be able to exchange and incorporate data so that patients’ care can be coordinated no matter where their records were originally housed.
Because EHR systems will manage patient care to a significant degree, they must be subject to government oversight akin to the highest level of scrutiny required, in principle, by the Food and Drug Administration for complex medical devices. The American Recovery and Reinvestment Act of 2009 codifies the Office of National Coordinator for Health Information Technology within the Department of Health and Human Services and establishes policy and standards committees that will be responsible for the quality of health information technology. However, the act does not provide detailed guidance for the formulation of federal regulations to govern the technology.
Federal regulations should establish appropriate oversight and quality control through EHR system standards, approval processes, and ongoing monitoring requirements. It is only with careful oversight that providers can be assured of investing in high quality EHR products. And it is only with appropriate safeguards that the benefits of this very promising technology will be maximized–that health outcomes will improve and risks as well as costs will decline.
Sharona Hoffman is a professor of law and bioethics and codirector of the Law-Medicine Center at Case Western Reserve University School of Law. Andy Podgurski is an associate professor of electrical engineering and computersScience at Case Western Reserve University.