Monday, January 20, 2014

Five Years Into Compelled National Adoption of Electronic Medical Records, Which Were Advertised As Capable Of Only Good, ONC Issues Safety "Suggestions"

Ten years after creation of the ONC office, and almost five years into compelled national adoption of health IT under HITECH (financial penalties soon start to accrue for non-users or non-adopters of "certified" systems and in at least one state, denial of medical licensure), the HHS's Office of the National Coordinator for health IT released the cutely-named "SAFER" guides ("Safety Assurance Factors for EHR Resilience").

That's progress.  (A previous ONC leader, for instance, had opined that the FDA’s injury findings related to health IT that appeared in the Internal FDA memorandum on HIT risks were merely “anecdotal and fragmentary”;  see my April 2, 2011 post "Making a Stat Less Significant: Common Sense on 'Side Effects' Lacking in Healthcare IT Sector" at

While these Guides are a welcome first step, I observe:

These Guides are really an admission HHS and the pundits have been pushing a technology, at best, of an unknown safety profile onto medicine and onto the public.  (The harm profile is becoming better understood, e.g., see the ECRI Institute Deep Dive Study on health IT risk at, a study not just remarkable for its results but also for its strange regulator and press invisibility).  I guess that's par for the course in today's world.

I also opine these guides would not have appeared at all, if not for grass-roots efforts in exposing health IT dangers over the years.

That said, more on the guides, and a link to them:

SAFER Guides

The SAFER guides consist of nine guides organized into three broad groups. These guides enable healthcare organizations to address EHR safety in a variety of areas. Most organizations will want to start with the Foundational Guides, and proceed from there to address their areas of greatest interest or concern. The guides identify recommended practices to optimize the safety and safe use of EHRs. The content of the guides can be explored here, at the links below, or interactive PDF versions of the guides can be downloaded and completed locally for self-assessment of an organization’s degree of conformance to the Recommended Practices. The downloaded guides can be filled out, saved, and transmitted between team members.

The overall purpose:

This guide is designed to help safely manage the individual and organizational responsibilities in a complex "sociotechnical" healthcare organization.

(I note that "sociotechnical" is not really a decriptor of an organization; rather, it is a descriptor of inter-related issues in a healthcare organization.  More properly, a healthcare organization is an entity where implementation of health IT requires "consideration of many sociotechnical issues", or, "is an organization that is sociotechnically complex".  I also note a somewhat loose use of the scientific term "Informatics" in the guides, e.g., "Informatics-type department."  But, whatever.  When a word is used in healthcare today, it means, paraphrasing what a character in a Lewis Carroll book said to a woman named Alice, just what the healthcare leadership chooses it to mean - neither more nor less. (The irony is that Medical Informatics is a field that has as one of its major core competencies the defining of precise language and definitions.)

Read the Guides at the above link, but these "guides" are really a set of "Health IT 101", Masters-of-the-Obvious rules of thumb, presented in a "sparse display" format.

For instance:

  • The highest-level decision makers (e.g., boards of directors or owners of physician practices) are committed to promoting a culture of safety that incorporates the safety and safe use of EHRs.
  • An effective decision-making structure exists for managing and optimizing the safety and safe use of the EHR.
  • Staff members are assigned responsibility for the management of clinical decision support (CDS) content.
  • Practicing clinicians are involved in all levels of EHR safety-related decision making that impact clinical use.

I won't display them further.

While this is not an unwelcome development, here are the caveats:

1.  Disclaimer on page 1 of "Organizational Responsibilities" document:

In some instances, Meaningful Use and/or HIPAA Security Rule requirements are identified in connection with recommended practices. The SAFER Guides are not intended to be used for legal compliance purposes, and implementation of a recommended practice does not guarantee compliance with Meaningful Use, HIPAA, or other laws. The SAFER Guides are for informational purposes only and are not intended to be an exhaustive or definitive source. They do not constitute legal advice or offer recommendations based on a healthcare provider’s specific circumstances. Users of the SAFER Guides are encouraged to consult with their own legal counsel with regard to compliance with Meaningful Use, HIPAA, and other laws.

"For informational purposes only?"

Wow.  I feel SAFER already ... (too late for my mother, though).

In effect, these "guidelines" are issued for "self-assessment" in a regulatory vacuum, with no validation of compliance, no reporting requirements, no formal surveillance, etc.  Hiring the right people, doing all these things, and doing them effectively, is not cheap.

Translation: these guidelines are safely ignored, to be put on a shelf somewhere.

2.  The focus of these documents seems to put the responsibility for health IT safety on the customer/user.  Problem is, the ability to compensate for the deficits of fundamentally poorly designed and bad health IT is limited, just as a "safe flying practices" manuals for pilots cannot compensate completely for faulty aircraft design.  Especially if the manuals are for "self assessment" and there is no FAA-mandated oversight, testing and operational surveillance ...

3.  Thus, these guides appear to be a "baby step" in the true sense of the word, and "tension management" in the political sense, a term used by my claimed-Communist sociology professor several decades ago to refer to government actions that made it appear, falsely, that the government was truly "doing something" for the people.  While I am certainly not a Communist, he had a point...

In summary, while welcome, at best a "milk and toast" award needs to be given to HHS and its health IT arm, ONC for these guidelines.

-- SS


Anonymous said...

SAFER Guides need to address safety, actually, rather than paying lip service to it. Its failure to abide by the IOM recommendations is despicable.

Without aftermarket surveillance and a reporting mechanism for the users, this SAFER effort is a failure, except insofar as it attempts to assuage the grass roots movement for EHR safety.

Anonymous said...

The ECRI study should have alarmed the HHS and ONC authors of this weak SAFER Guide. The disparity between the SAFER Guide casualness and the seriousness of the data in the ECRI analysis is striking.