The silence of evidence

The reality of nationalized electronic medical records is recognized among most medical professionals, who know that the claims of saving money and lives are not supported by the preponderance of credible evidence and that improving health care isn’t about having everyone’s medical records in a federal database for governmental oversight. But the general public has largely been kept in the dark about the controversies surrounding electronic medical records. One reason for this disconnect and why the full story isn't reaching consumers was explained in this week’s Journal of the American Medical Association.

Like the medical literature more often than not demonstrating the failings of electronic medical records, the investigative report in JAMA isn’t being widely reported in mainstream media. You deserve to hear about it. It turns out that electronic medical record vendors have negotiated contract deals that leave them free and clear of liability when their software is inferior and harms patients, and prohibits problems from being revealed to the public.

The JAMA article was authored by professor Ross Koppel, Ph.D., with the Department of Sociology and Center for Clinical Epidemiology and Biostatistics at the University of Pennsylvania School of Medicine; and David Kreda, a software engineer with Social Research Corporation, both in Philadelphia. They got right to the point:

Health Care Information Technology (HIT) vendors enjoy a contractual and legal structure that renders them virtually liability free — “hold harmless” is the term of art — even when their proprietary products may be implicated in adverse events involving patients. This contractual and legal device shifts liability and remedial burdens to physicians, nurses, hospitals, and clinics, even when these HIT users are strictly following vendor instructions. Vendors avoid liability by relying on the legal doctrine known as “learned intermediaries” and on warranties prohibiting claims against their own products’ fitness. According to this doctrine and legal language, HIT vendors are not responsible for errors their systems introduce in patient treatment, because physicians, nurses, pharmacists, and health care technicians should be able to identify—and correct—any errors generated by software faults.

HIT stakeholders have managed to convince the government that healthcare professionals should know when it’s appropriate to follow the prompts and guidelines in their software. HIT vendors claim that they’ve merely created a software tool and clinicians are in a better position to identify errors resulting in their faulty products, wrote Koppel and Kreda. Given that electronic medical records have become key components of “quality” improvements and following them part of physicians’ pay-for-performance measures, doctors aren’t free to not follow them or use their clinical judgment without repercussions.

Yet the more that HIT software embeds knowledge and performs complex calculations, the more risks there are to patients. For example, at a recent national conference on electronic health records and patient safety, hospital leaders described faulty vendor software that miscalculated intracranial pressures. Nonetheless, had the trauma team not caught the error, the hospital would have been responsible for the resulting harm to the patients involved.

Hospitals and doctor practices, purchasing and implementing the software and making the day-to-day decisions in its use, are at a distinct disadvantage in this deal, they explained. Not only do they not have access to inside information behind the software, but they have no legal recourse when they encounter errors or poorly designed user interfaces.

The substantial disparity between buyers and sellers in knowledge and resources is profound and consequential. Vendors retain company confidential knowledge about designs, faults, software operations, and glitches. Their counsel have crafted contractual terms that absolve them of liability and other punitive strictures, while compelling users’ nondisclosure of their systems’ problematic, even disastrous, software faults. Even though enforced nonsharing of software problems is an industry norm, it is anathema to improving care, to HIT, and to evidence-based medicine. In addition, clinicians’ and health care facilities’ leverage is weakened by fears that vendors’ finances might be so jeopardized that clients’ HIT departments are left to untangle millions of lines of orphaned software code.

In other words, the contracts mandate that problems cannot be disclosed to the public or even shared among healthcare providers using the same systems. Nor do vendors have to disclose known problems with users.

Implementations of HIT are massively complex and fraught with delays, errors, resistance, work process redesign, frustration, and outright failure. Health care facilities cannot predict the myriad scenarios in which software failures could result in patient harm and liability, and they are not likely to be knowledgeable a priori about frequent vendor updates.

The JAMA article authors describe a number of problems that have been identified in electronic medical record systems. For example,

In many HIT systems, physicians must enter patients’ weights before entering medication orders. For non–weight-based dosages, the physician may estimate weights. However, if the next physician is ordering drugs for which exact weights are critical, the prior estimates could lead to harmful dosing. Adding weight qualifiers (eg, “estimate”) only emerge in hindsight. Another example recounts how an infant’s incorrect weight was entered in the electronic medical record, which then generated dangerous dosing guidelines. Correcting the seemingly simple error required substantial effort and necessitated the vendor’s “unlocking” the electronic medical record.

Other examples of software glitches were confusing kilograms and pounds used to give the doses of medications and erroneously removing warnings about fatal drug allergies. In both cases, said Dr. Koppel, “learned intermediary” clauses held that clinicians were responsible for noticing the mistake before prescribing.

Yet, healthcare providers are being forced to use electronic medical records by the federal government’s latest mandates, under the guise that electronic medical records prevent medication prescribing errors.

To date, governmental agencies and organizations that certify hospitals, Medicare and Medicaid contracts, and third party insurers, offer no protections for healthcare providers. “Professional medical organizations could declare that HIT contracts containing blanket hold harmless/learned intermediary clauses are inconsistent with professional practice,” they wrote. “Vendors would then have further incentive to focus on patient safety concerns in addition to marketing prowess.” But they aren’t.

Marketing interests have taken precedence over patient safety, and HIT vendors with even dangerous products are being held blameless. Even when doctors, nurses, hospitals and clinics follow vendor instructions to the letter, they are left with all of the liability for faulty HIT products.

Professor Koppel and Mr. Kreda said they were unable to identify lawsuits involving harm to patients from faulty vendor HIT because nondisclosure and confidentiality clauses restrict information to the healthcare community, as well as from the public. But neither party has incentives to publicize its role in errors that result in patient harm, so it’s little wonder the public has especially been kept in the dark.

But these contractual provisions jeopardize efforts to protect patient safety in another way, they said. The contract provisions prohibit healthcare organizations from sharing problems and what they’ve learned with other clinicians using the same products. All users should be quickly informed of suspected HIT errors, the authors said, and all users notified of the resolution. “Without open presentation of risks, failure to mitigate even fully verified HIT risks to patient safety remains economically self-serving.”

Shifting liability to the users and inserting contractual language that effectively conceals knowledge of serious faults in their HIT systems from users, they concluded is “both counterproductive and unethical.” While HIT vendors should be held harmless from errors beyond their control, such as poor training and misuse of users, being held responsible for their own errors will bring incentives into balance and speed the repair of faulty products by HIT vendors. Accountability and responsibility is integral to everyone in healthcare.

Last month, Dr. Scot Silverstein, M.D., with the department of Biomedical Informatics at Drexel University Institute for Healthcare Informatics in Philadelphia, wrote in the Wall Street Journal that the UK had spent £12.7 billion [$17.12 billion in U.S. dollars] on national HIT and “still does not have a working national HIT system, but instead has a major IT quagmire, some of it caused by U.S. HIT vendors. HIT (with a few exceptions) is largely a disaster.” Despite all of the assured claims of the benefits of HIT that the public is being told, he said, HIT “is an experimental technology whose benefits are unclear” and expert reviews to date have been less than stellar.

The UK Parliament’s report, released earlier this year, on its National Programme for IT in the NHS since beginning implementation of the program in 2006 was surprising. This is the world’s largest and the best evidence to date of our proposed HIT in actual practice, yet we haven’t heard a peep. You can read it here. It concluded:

Recent progress in deploying the new care records systems has been very disappointing, with just six deployments in total during the first five months of 2008-09. The completion date of 2014-15, four years later than originally planned, was forecast before the termination of Fujitsu's contract and must now be in doubt… The report should include updates on actions to resolve the major technical problems with care records systems that are causing serious operational difficulties for Trusts.

By the end of 2008 the Lorenzo care records software had still not gone live throughout a single Acute Trust. Given the continuing delays and history of missed deadlines, there must be grounds for serious concern as to whether Lorenzo can be deployed in a reasonable timescale and in a form that brings demonstrable benefits to users and patients. ..

The planned approach to deploy elements of the clinical functionality of Lorenzo ahead of the patient administration system is untested, and therefore poses a higher risk than previous deployments under the Programme. The Department and the NHS should undertake a thorough assessment of whether this approach to deployment will work in practice…

Of the four original Local Service Providers, two have left the Programme, and just two remain, both carrying large commitments… There are, however, considerable problems with existing deployments of Millennium and serious concerns about the prospects for future deployments of Lorenzo. Before the new arrangements for the South are finalised, the Department should assess whether it would be wise for Trusts in the South to adopt these systems.

The Programme is not providing value for money at present because there have been few successful deployments of the Millennium system and none of Lorenzo in any Acute Trust… Despite our previous recommendation, the estimate of £3.6 billion for the Programme's local costs remains unreliable… the Department should publish a revised, more accurate estimate for local costs and, thereby, for the cost of the Programme as a whole.

The Department hopes that the Programme will deliver benefits in the form of both financial savings and improvements in patient care and safety… There is, however, a lot of work to do within the NHS to realise and measure the benefits…

Little clinical functionality has been deployed to date, with the result that the expectations of clinical staff have not been met... The Department has taken action to engage clinicians and other NHS staff but there remains some way to go in securing their support for the Programme…

Patients and doctors have understandable concerns about data security… the Department and the NHS should set out clearly the disciplinary sanctions that will apply in the event that staff breach security procedures, and they should report on their enforcement of them.

The Department does not have a full picture of data security across the NHS as Trusts and Strategic Health Authorities are required to report only the most serious incidents to the Department. The Department's view is that it is not practical for it to collect details of all security breaches but at present it can offer little reassurance about the nature and extent of lower-level breaches that may be taking place…

Confidentiality agreements that the Department made with CSC in respect of two reviews of the delivery arrangements for Lorenzo are unacceptable because they obstruct parliamentary scrutiny of the Department's expenditure. The Department made open-ended confidentiality agreements in respect of these reviews, with the result that information will not be disclosed even after commercial confidentiality has lapsed with the passage of time. We believe this is improper. The Department should desist from entering into agreements of this kind.

American consumers and healthcare professionals might question why the government has rushed to enforce the adoption of nationalized HIT while being silent on the facts that it is an experimental technology with a history of unaccountability and by most available evidence has failed to provide financial or health benefits for people.