Home » Blogs

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Regulating EHR Safety (I): The Certification Phase

March 01, 2010 | Glenn Laffel

Last Friday, we argued that the Feds are obligated to assure the safety and effectiveness of electronic health records, since they are using taxpayer dollars to accelerate their dissemination (via HITECH).

We also argued that pre-market approval--the regulatory strategy used by the <a href="/directory/food-and-drug-administration-fda" target="_blank" class="directory-item-link">FDA to assure safety and effectiveness of medical devices--is not a viable strategy to use in the case of EHRs, since it would interfere with the HITECH-mandated goal of rapidly deploying EHRs throughout our health system.

Finally, we argued that the Office of the National Coordinator for Health Information Technology (ONC) should be responsible for assuring that EHRs are indeed safe and effective.

So how can ONC assure EHR safety while meeting its primary mission to foster rapid dissemination of EHRs?
We recommend that ONC deploy a two-part regulatory strategy. The first part involves bolstering EHR certification criteria to address safety more fully than they do now (addressed below). The second part is to institute a post-market surveillance program that detects, reports on and reacts to EHR safety problems as they develop in the field (addressed in the next post).

Enhanced EHR Certification

Current EHR certification criteria are outlined in ONC's Interim Final Rule, a document that is now just 2 weeks from finalization. The IFR, which we believe to a visionary tour-de-force that will reshape the entire HIT industry, is nevertheless relatively light on patient safety concerns.

Arguably, the only IFR criterion that directly addresses patient safety is the one requiring that medication reconciliations be undertaken when patients transfer from one locus of care (e.g. a hospital) to another (e.g. her PCP).

As ONC considers how to beef-up patient safety in its IFR, we recommend that it should consider suggestions made by Dean Sittig and David Classen in a recent JAMA article titled, "Safe Electronic Health Record Use Requires a Comprehensive Monitoring and Evaluation Framework."

Sittig and Classen’s paper contains a section titled, "Enhanced EHR Certification." The recommendations contained herein can be added to existing IFR criteria with ease, and would go a long way towards assuring the safety and effectiveness of EHRs.

Sittig and Classen's recommendations are that:

-- All EHR vendors should have demonstrated that they follow good software engineering practices, including performing hazard analyses of their products, designing for safety, documenting these designs, and verifying that their systems work as designed.


-- All vendors should be prepared to demonstrate that they have successfully addressed all critical software issues identified within (their proposed) national hazard reporting and investigation system within the previous year.

-- All EHRs should be "load tested" to simulate its response time when multiple users are accessing the system simultaneously.

-- All EHR vendors should be required to present data collected from multiple implementations describing their system's reliability and response time as implemented.

-- All systems should have their user interfaces tested for usability.
“In summary,” the authors conclude, ”EHR vendors must demonstrate that their applications have been designed for safety, developed correctly, work as designed, and had all their defects fixed.”

We think this is an excellent list and encourage others to weigh-in on it.

The one criterion we’re conflicted about is usability testing. In many circumstances, it is best to let the market decide for itself about usability—regulatory oversight isn’t needed and not advisable.

The problem here is that very bad things can happen when EHRs haven’t been configured to meet local workflows (customizability being a dimension of usability, after all). So, at the end of the day, since the Feds are obligated to assure quality and efficacy of EHRs, it seems to us that usability should indeed be subject to regulatory scrutiny.

Glenn Laffel, MD, PhD
, Sr. VP Clinical Affairs, Practice Fusion

Glenn Laffel blogs regularly at EHR bloggers.

Related Topics:

Reader Comments (1)Login to Post a Comment

chanbk says: Load testing and usability testing
December 12, 2010 | 11:10AM GMT

I couldn't agree more with the need of load testing as a requirement for EHR certification. Our hospital has just implemented a new HCIS system and we have a hard time fine tuning the performance issue for multiple applications LAB, PHARMACY were a big hit for system slowness.

Also, although usability testing is indeed difficult for certification agencies to evaluate and should be left for the market to decide, I believe there should be some sort of guidelines/requirements provided by the ONC and the two certification bodies. For instance, the number of clicks to complete an order, the ability to complete order mouse-free are quite important. I think many EHR system these days does put usability as their priority in their development phase. After they push our their product, the programmers are resilient to change some important usability issue. The end-users at this point are pretty much stuck.

Ben