Genesis Burkett was born 16 weeks prematurely but was thriving in the neonatal intensive care unit at Advocate Lutheran General Hospital in Park Ridge, Ill. When he was 40 days old, a pharmacy technician administered a routine IV bag of sodium chloride and calcium. But there was a problem: When the technician entered the prescription information into the electronic system that told an automated machine how much of each solution to include, he punched in the wrong dose of sodium—administering more than 60 times the amount Genesis’s tiny body could handle. Within hours, the infant suffered a heart attack and died.
The incident is one of many that have raised concerns that although electronic medical systems have the potential to streamline health care, they bring with them new dangers that have been largely ignored in the rush to go paperless. Trial lawyers may not realize their client’s adverse event might actually have been caused by a system created to make treatment safer.
“It’s certainly not [readily apparent] to patients and rarely to attorneys,” said Jared Green, a trial lawyer in Manchester, N.H., who has handled many medical negligence cases. “It usually only becomes apparent to attorneys when a doctor or staff member uses it as an excuse in the course of defending him or herself against a malpractice claim.”
Since 2004, when the Department of Health and Human Services (HHS) established the Office of the National Coordinator for Health Information Technology (ONC), the race has been on to transfer from paper medical records to electronic health records (EHRs)—fully integrated computer systems that not only allow health care providers to store patient data but also guide providers’ decisions, alert users to potential dangers, and allow patients to access their information remotely.
The government has poured billions of dollars into programs that promote EHRs, with high hopes that they will increase efficiency, allow better communication between providers and pharmacies, and reduce medical errors. According to a 2011 Institute of Medicine (IOM) report evaluating safety risks of EHR systems, some studies have proved that EHRs, if implemented correctly, can lower infection rates, reduce documentation errors, and decrease adverse drug events.1
Relying on these studies, the ONC’s goal is for all providers to shift to electronic systems by 2014. The Health Information Technology for Economic and Clinical Health Act, enacted in 2009, created an incentive program run by the Centers for Medicare and Medicaid Services (CMS), which will pay providers and hospitals for using EHRs when treating Medicare and Medicaid recipients.2 Participants must show they are “meaningfully using” their systems by meeting certain core objectives, including electronic prescribing, computerizing order entry and patient information, drug interaction checks, and capability to exchange information with other providers. These objectives are phased in over three stages: Stages 1 and 2 are already in effect, and CMS recently issued recommendations for Stage 3 requirements and hopes to issue final rules later this year.
Medical software companies have capitalized on the accelerated pace, manufacturing thousands of “health IT” components and systems. But critics, including health care providers, say neither the vendors nor the government is taking the time to make sure the systems are functional and safe.
“Poorly designed, implemented, or applied, health IT can create new hazards in the already complex delivery of health care, requiring health care professionals to work around brittle software, adding steps needed to accomplish tasks, or presenting data in a nonintuitive format that can introduce risks that may lead to harm,” said the IOM report.3 “As health IT products have become more intimately involved in the delivery of care, the potential for health IT-induced medical error, harm, or death has increased significantly.”
Because there is no mandatory reporting system for adverse events associated with EHRs, and many health IT vendor agreements have confidentiality clauses prohibiting users from disclosing safety concerns, little is known about the prevalence of adverse events. But several recent studies suggest problems.
In only nine weeks, the ECRI Institute, a patient safety organization that works with hospitals and health systems, received 171 EHR-related adverse reports, which it detailed in a report to the American Medical Association (AMA).4 Three patient deaths were linked to EHR errors, and eight patients were harmed. Almost 30 percent of the errors were caused by general system malfunctions, such as a nurse not being able to enter treatment instructions into the system because it allowed only five characters in the comment field. A quarter of the incidents were related to data output problems, including retrieving the wrong patient record because the system didn’t ask the user to validate patient identity. Another 24 percent involved data input mistakes like ordering a test for the wrong patient.
In another study, a review of the Pennsylvania Patient Safety Reporting System found 3,099 EHR-related adverse event reports between June 2004 and May 2012.5 Although 89 percent of those did not result in harm to the patient, 320 were reported as “unsafe conditions” that caused no harm, 15 caused temporary harm, and one caused significant harm. The vast majority of the events involved medication errors, including entering the wrong drug, dose, or patient, and omitting a dose.6
To be sure, most of these errors were caused by human hands. But many might have been avoided if the electronic systems weren’t so difficult to use.
The first concern for hospitals and doctors’ offices with fully computerized systems is making sure they stay up and running. Computers sometimes crash, and when that happens with electronic systems, it can delay treatment for hours or even days, or lead to information that was learned while the system was out being forgotten when the system comes back.
Even when the systems are fully functional, health care providers cite several frustrations that hinder their work flow and endanger patients. The IOM refers to usability—the ease with which the system can be used effectively—as “one of the single greatest threats to patient safety.”7 For instance, pull-down menus of drugs might be alphabetized rather than starting with the most commonly prescribed drugs for a particular condition, confusing doctors who accidentally click on “penicillamine” instead of “penicillin.”8
Other usability issues arise from the multiple screens and mouse clicks it takes to input information in just one patient’s file. For example, treatment notes entered into the EHR administration section may not appear in parts of the record that other departments access, resulting in missed treatments and diagnoses. Screens can be fragmented so that only part of a patient’s drug history or half of an electrocardiogram appears at one time. Alerts letting providers know there is a drug-interaction danger or reminding them to consider certain treatments for the patient’s condition can be bothersome and cumbersome, causing “alert fatigue” and higher-than-acceptable rates of overriding the alert without paying attention.
Green said that some usability issues that annoy providers because they interrupt work flow are vital to patients.
“Having to fill in blanks or respond to prompts helps ensure that details are addressed every time and that important information is not inadvertently left out, [and] the type of information that is recorded can be determined by management and is not left to the discretion of each individual provider or staff member,” he said. But he noted that “standardization can lead to mindless repetition of entries rather than thoughtful documentation.”
In fact, that mindless repetition frequently results in what the medical community calls “sloppy and paste,” in which physicians and nurses cut and paste the same information every day rather than recording new information. A recent study found that 82 percent of residents and 74 percent of attending physicians in a hospital intensive care unit cut and pasted more than 20 percent of the information in their patients’ charts.9 It can be as simple as copying the same weight every day of the patient’s stay or as potentially dangerous as repeatedly pasting a note that says “patient needs drainage, may need OR” after an abscess has been drained.10
Chicago lawyer Patrick Salvi, who represented Genesis Burkett’s parents in their suit against Advocate Lutheran,11 said cutting and pasting is common and makes electronic records difficult to decipher when trying a case.
“With paper records, they were forced to enter what was contemporaneous. It is very confusing when electronic records keep repeating the same information all the time,” said Salvi. “Is it just repeated information or is it what’s actually current? You have to be savvy and know how to understand their system.”
Trial lawyer Brooks Cutter of Sacramento, Calif., agreed that usability affects lawyers receiving printed copies of EHRs during discovery.
“It’s a challenge for lawyers because with a paper chart, you know what should be there, and it’s more obvious when something is missing,” he said. “With electronic records, you have to be familiar with their software, and it’s much easier for them to alter the electronic records, especially because a lot of cases are a hybrid—some information is electronic, but a lot is still done manually. It can be hard to find things.”
A lack of interoperability—the ability of different health IT systems to communicate with each other—is also a significant barrier to safe EHR implementation. There are no uniform standards for the systems, and many use different vocabulary, encoding formats, and presentation screens. Pharmacies, hospitals, physicians’ offices, and laboratories in the same complex may all have different systems that are incompatible with each other.
“Physicians are not only concerned about the viability of the EHR product(s) that they have significantly invested in, but are also concerned about potential liabilities from EHR system design and software flaws as well as lack of interoperability among EHR systems that could result in incomplete or missing information, which may lead to errors in patient diagnoses and treatment,” said AMA Executive Vice President and CEO James Madara in a letter to the ONC. The AMA urged the agency to slow down its implementation of Stage 3 of the CMS incentive program to allow the health IT industry to fix “technological, financial, operational, and regulatory challenges.”12
Electronic prescribing, or e-prescribing, systems are a major component of the push for EHR systems and a must-have for providers seeking incentives from CMS, but some studies show they are no safer than paper prescriptions. A 2011 analysis of 3,850 e-prescriptions sent from computerized systems in physicians’ offices to a commercial pharmacy chain found that almost 12 percent contained an error—about the same rate as paper prescriptions—and 4 percent had errors serious enough that they would have harmed the patient had they not been discovered.13 About 60 percent of the errors were omissions of information such as duration, dose, or frequency. The authors suggested that e-prescribing systems be programmed to prohibit missing information, incomplete drug names, and inappropriate abbreviations.
Some smaller hospitals are trying to cut the costs of electronic systems by sending doctors’ dictated notes overseas for transcribing. Sharron Juno died after receiving a fatal dose of insulin shortly after being discharged from a hospital to a rehabilitation center. The Indian company that transcribed her doctor’s discharge instructions incorrectly listed the dosage as 80 units rather than 8 units in the electronic record. The hospital sent the instructions to the rehabilitation center without the doctor reviewing or signing the record, as required by the standard of care. In December, Juno’s family received a $140 million verdict against the hospital and later reached a confidential posttrial settlement.14
“Lots of hospitals are outsourcing transcription work because they can save 2 cents per line,” said her family’s attorney, George “Skip” Finkbohner of Mobile, Ala. In this case, “they failed to follow known standards and policies for transcribing.”
The same features that make electronic records so appealing—easy access by numerous providers, fast transmittal of information, and the ability to store vast amounts of data for each patient—also make them vulnerable to privacy invasions. According to the HHS, in 2012, about 125 large breaches affected about 2.2 million people.15 Most health data breaches result from stolen computers, but hackers caused the largest breach last year, stealing 780,000 patients’ information. Some experts speculate that hacking incidents are even more common than it seems because most organizations don’t realize they have been hacked.16
Cutter represents a class of patients in the Sutter Medical Foundation network of doctors and specialists. In 2011, someone broke a window and stole an unencrypted laptop computer containing personal information, including names, dates of birth, and addresses, for more than 3.3 million patients. For almost 1 million patients, the stolen information also included medical diagnoses and treatments.17
“There is obviously a lot of data now available in electronic format. You can fit a tremendous amount of confidential patient information on a flash drive,” said Cutter. “Most securities experts consider passwords pretty worthless because you can bulldoze your way through them. Information must be encrypted because you need specific software to access encrypted data.”
Earlier this year, the HHS updated the Health Insurance Portability and Accountability Act to expand security protections required of health care providers that contract or subcontract with business associates to handle medical information.18 Providers can be penalized up to $1.5 million if the business associates do not comply.
In its report, the IOM urged the HHS to establish a safety council to develop methods for assessing and monitoring health IT safety and require vendors and users to report EHR-related deaths, injuries, and unsafe conditions.19 Earlier this year, the HHS responded with a plan that would create a code of conduct requiring health IT vendors to ensure usability and safety features are in place, report incidents, and work with other vendors and users to ensure the safest system possible.20 The government would also evaluate safety in its postmarket surveillance of certified EHR technology, collect data on safety events, develop usability testing tools, incorporate health IT training into medical education, and take corrective action to address unsafe conditions involving EHR technology.21 The HHS is expected to release a finalized plan later this year.
Government agencies, health care providers, and safety advocates agree that EHRs will one day be the safest, most efficient system for managing patient information. But patients will continue suffering harm until vendors fix inherent flaws in most health IT systems and users learn how to take full advantage of their safety features. Trial lawyers should be aware of the dangers and carefully pore over their clients’ electronic medical records to ensure there were no EHR-related errors.
Courtney L. Davenport is senior editor of AAJ’s Law Reporters and a contributing editor for Trial. She can be reached at firstname.lastname@example.org.
- Inst. of Med., Natl. Acad. of Sci., Health IT and Patient Safety: Building Safer Systems for Better Care 41, 45 (Nov. 2011), www.iom.edu/HITsafety.
- Pub. L. No. 111-5, 123 Stat. 226 (2009) (codified at 42 U.S.C. §201n.); see Ctrs. for Medicare & Medicaid Servs., EHR Incentive Programs, www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html.
- Inst. of Med., supra n. 1, at 22.
- Kevin B. O’Reilly, Ways EHRs Can Lead to Unintended Safety Problems, Am. Med. News (Feb. 25, 2013), http://www.ama-assn.org/amednews/2013/02/25/prsa0225.htm?utm_source=nwltr&utm_medium=hedshtm&utm_campaign=20130225.
- Erin Sparnon & William M. Marella, The Role of the Electronic Health Record in Patient Safety Events, 9 Pa. Patient Safety Advisory 113 (Dec. 2012), www.patientsafetyauthority.org/ADVISORIES/AdvisoryLibrary/2012/Dec;9(4)/Pages/113.aspx.
- Inst. of Med., supra n. 1, at 81.
- Id. at 125.
- J. Daryl Thornton et al., Prevalence of Copied Information by Attendings and Residents in Critical Care Progress Notes, 41 Critical Care Med. 382 (Feb. 2013).
- Kevin B. O’Reilly, EHRs: “Sloppy and Paste” Endures Despite Patient Safety Risk, Am. Med. News (Feb. 4, 2013), www.ama-assn.org/amednews/2013/02/04/prl20204.htm.
- Burkett v. Advocate Health & Hosps. Corp., No. 2011-L-003535 (Ill., Cook Co. Cir. settled Apr. 5, 2012). The case settled for $8.25 million.
- Ltr. from James L. Madara, Exec. Vice Pres. CEO, Am. Med. Assn., to Farzad Mostashari, Natl. Coord., Health Info. Tech., U.S. Dept. Health & Human Servs., at 7 (Jan. 14, 2013), www.ama-assn.org/resources/doc/washington/stage-3-meaningful-use-electronic-health-records-comment-letter-14jan2013.pdf.
- Karen C. Nanji et al., Errors Associated With Outpatient Computerized Prescribing Systems, 18 J. Am. Med. Informatics Assn. 767, 768 (Nov. 2011).
- Juno v. Amare, No. 05-CV-2008-901100 (Ala., Baldwin Co. Cir. Dec. 13, 2012).
- U.S. Dept. Health & Human Servs., Breaches Affecting 500 or More Individuals, www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html.
- Marianne Kolbasuk McGee, Analyzing Health Data Breach Trends, Data Breach Today (Feb. 22, 2013).
- Sutter Med. Info. Cases v. Sutter Med. Found., No. JCCP 4698 (Cal., Sacramento Co. Super. filed May 4, 2012).
- Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule, 78 Fed. Reg. 5566 (Jan. 25, 2013).
- Inst. of Med., supra n. 1, at 153–61.
- See generally U.S. Dept. Health & Human Servs., Health Information Technology Patient Safety Action and Surveillance Plan for Public Comment (Dec. 21, 2012), www.healthit.gov/sites/default/files/safetyplanhhspubliccomment.pdf.
- Id. at 16–19.