Eyes Wide Shut – Catastrophic EHR Dependency, the Dark Side of Health IT’s Highly-Incented Adoption

Hospital National Patient Safety Goals - 2015
What if your hospital couldn’t reliably perform any of the top three Hospital National Patient Safety Goals, as specified by the Joint Commission, above – because their EHR system was down?

Starting at 4 AM on Saturday, December 5, 2015, the EHR system supporting a very large health system went totally dark, due to what’s been communicated to staff members as a “fatal corruption” of its system.  36+ hours later, the EHR is still not back and let’s be honest; this could happen to any health system that’s not prepared.

This health system chose to go “paperless” several years ago, migrating all policies, procedures, and training to maximize the investment in the EHR and related technologies. If there are formal emergency procedures to follow in case of prolonged EHR outage, they have not been communicated to the entire staff, nor are they readily available in printed form anywhere in the affected facilities.

The majority of the clinician support staff members have not worked at the facilities long enough to have worked with paper charts, paper-based ordering procedures, or handwritten progress notes.

New patient medical record numbers cannot be generated. Existing patient medical record numbers cannot be retrieved. New account numbers, which specify an encounter within the health system, cannot be generated.

Existing patient records, including all test results, cannot be accessed. External labs, radiology, and imaging cannot be received electronically, and must be faxed – if possible. Some tests do not have print capability. Medication administration and other critical process details have only been documented in the EHR; for patients involved in an encounter that started prior to the system failure,  there is no way to know for certain what tests were run, vital signs were taken, or medications were administered before the EHR outage began.

Electronic ordering – for labs, radiology, medication – cannot be initiated. Even if it could, order fulfillment is supposed to be linked to the patient account numbers that cannot now be generated. Medication procurement and dispensation is tied to scanning of patient wrist-bands that link to the account number. Manual override of the lock on the medication storage facility is possible, but the procedures to document medication dispensation and disposal do not include provisions for paper-based emergency handling.

Institutional protocols, which specify how a particular complaint is to be tested and treated, have been migrated to the EHR, so that a clinician can order a battery of tests for “X” condition with a single click. Institutional protocols change regularly, with advancements in science, clinical practice, and institutional policies. Staff members are trained to order by protocol; continuing education on the intricacies of each test, level, and sequence of events within these protocols has fallen by the wayside. The most recent print-out for a common protocol – anticoagulation in obese patients using heparin – is dated 2013; the staff has no choice but to follow the known-to-be-outdated information.

Prior authorization, referrals, prior justification, and precertification procedures, in which the insurance company gives the provider “permission” to take certain actions – medication prescription, specialist referral, surgery or procedure, hospital admission – require medical records transmission and excruciatingly specific coding machinations in order to obtain explicit approval, and submit a claim.

Transition-of-care and care coordination activities are severely impacted, as medical records transfer and insurance-related actions (such as referrals and precertification) are required to initiate and support the transition – and most information is wholly unavailable.

Every health system function is negatively impacted. The financial, legal, and reputational cost of this incident will be severe.

The Joint Commission duly notified you of the risks, in March 2015’s Investigation of Health IT-Related Deaths, Serious Injuries, or Unsafe Conditions.

Finding significant risk associated with health IT dependency, the Joint Commission subsequently warned you by issuing a Sentinel Alert over EHR Risks in April 2015.

Patient safety is not just a risk: it is an issue. There is no doubt that multiple adverse events will occur.

You knew this could happen. You were required to have a plan to address when – not if – this happened. As Lisa A. Eramo wrote in her piece, “Prepare for the Worst,” in For the Record magazine, the Joint Commission (not to mention HIPAA/HITECH Omnibus Final Rule section 164.308) requires compliance with its Disaster Preparedness and Response standards of care in order for a facility or system to receive and maintain accreditation. And this large health sysetm has multiple facilities with Joint Commission accreditation which are now scrambling to locate current clinical practice guidelines, institutional protocols, alternative insurance medical review board procedures, and even paper prescription pads because those standards of care were not met in the real world.

Someone, somewhere, had a plan. But, ironically enough, it existed only on paper.

Have we forgotten that business continuity planning for a healthcare system should include how health care continues, with or without electronic assistance?

Have we forgotten how to practice medicine beyond the EHR?


The information below constitutes excerpts from the Joint Commissions Investigation and Sentinel Alert referenced above.

Joint Commissions Investigation of Health IT-Related Deaths, Serious Injuries, or Unsafe Conditions

As published March 30, 2015, which led to Sentinel Event Alert for EHR issuance in April, 2015.
Health IT Related Sentinel Events - EHR Risks
Joint Commission Sentinel Alert over EHR Risks – abstract by The Advisory Board Company:

It stated that EHRs “introduce new kinds of risks into an already complex health care environment where both technical and social factors must be considered.”

The alert cited an analysis of event reports received by the Joint Commission showing that between Jan. 1, 2010, and June 30, 2013, hospitals reported 120 health IT-related adverse events. Of those errors:

  • About 33% stemmed from human-computer interface usability problems;
  • 24% stemmed from health IT support communication issues; and
  • 23% stemmed from clinical content-related design or data issues.

The alert added, “As health IT adoption spreads and becomes a critical component of organizational infrastructure, the potential for health IT-related harm will likely increase unless risk-reducing measures are put into place.”

About the author

Mandi Bishop

Mandi Bishop is a hardcore health data geek with a Master's in English and a passion for big data analytics, which she brings to her role as Dell Health’s Analytics Solutions Lead. She fell in love with her PCjr at 9 when she learned to program in BASIC. Individual accountability zealot, patient engagement advocate, innovation lover and ceaseless dreamer. Relentless in pursuit of answers to the question: "How do we GET there from here?" More byte-sized commentary on Twitter: @MandiBPro.

6 Comments

  • OK, today it’s the EHR, tomorrow it could be a natural disaster, the result is the same i.e. partial or total shutdown.

    Risk analysis and the development of contingency plans is the job of top management and they cannot simply knock on the door of IT and ask them to go out and buy a “risk analysis application”.

    How about hiring some ex-military/intelligence planners and include these folks in the hospital strategic planning process?

    I suppose the hospital mirrored its data to a different computing center but if the data is compromised, you end up mirroring the problem to the 2nd site.

    A better solution is to export all data in real time to a data exchanger and from there to n offsite data warehouse. Plain text searches would allow some continuity of services to take place.

  • Karl,
    Great addition to the discussion. Any sort of natural disaster could cause this to occur as well. For some reason we understand and plan better for that than we do something that’s more likely (depending on your region), EHR down time. Either way, it’s definitely a leadership issue that needs to be dealt with and planned for.

  • Whether there’s a technology plan for DR and BCP is almost irrelevant. What was so shocking to me to consider was the absence of a plan to continue delivering healthcare, without interruption. When we have become so dependent upon technology that we have forgotten how to process paper lab orders, read paper charts, document clinical findings in longhand, set our own medication reminders (rather than having an alarm beep on the screen), or even write out a paper prescription (perhaps because the prescription pads have been all but banned), we have become a tremendous liability, endangering the safety of everyone in our care.

    I shudder to think about the insurance and patient payment implications of such a scenario. Billing is confusing enough without a lack of sufficient documentation about what was done, when, to and by whom.

  • I’d laugh, John, but there are definitely those who would consider those types of numbers before counting the adverse event data. But, wait, adverse event reporting also typically comes from the EHR, at least in part, so if it wasn’t recorded, it didn’t happen. Right?

    🙂

    It’s all theoretical. Who knows what would actually happen!

  • Yes, collection of the adverse event data is an issue. However, there’s the issue of where do you report the adverse event? There’s no EHR adverse event reporting place (or at least not one that matters).

Click here to post a comment
   

Categories