Safety Event Reporting by Patient Safety Organizations

EHR System Technical Functionality vs. UsabilityCurious Health IT Safety Suggestions

COMMENTARY
William A. Hyman
Professor Emeritus, Biomedical Engineering
Texas A&M University, w-hyman@tamu.edu
Read other articles by this author

The federal Health IT Patient Safety Tools and Resources website was recently updated with information on Safety Event Reporting via Patient Safety Organizations (PSOs). This is interesting in several regards. One is that as initially conceived customers of PSOs are healthcare providers, not vendors, yet it is suggested that vendors too could report their EHR issues to a PSO. In this regard a set of new PSO FAQs includes the question: “Can an electronic health record (EHR) software developer or vendor report an HIT patient safety event to a PSO?” The answer begins “Yes. Any individual or entity may send information unsolicited to a PSO”. Not addressed is that a PSO is under no obligation to do anything with information received other than from those that it has a contractual relationship with, i.e. those that are paying it.

Moreover there is also little or no reason why a vendor would want to do this voluntarily, or how it would be useful even if they did. If a vendor identifies a problem with its EHR what is necessary for them to do is analyze the problem, communicate with their customers about the problem in a timely manner, and fix it. It is not clear, nor suggested, what reporting the problem to a private third party would accomplish. It is also not suggested how a vendor would decide which of the 78 PSOs they would select for this unsolicited self-reporting , or what any particular PSO would do with such information if they got it. Another FAQ notes that a vendor could also participate in the PSO system by serving as a contractor to a PSO, serving as a contractor to a provider, or creating a component organization to seek listing and thereby serve as a PSO itself.

These suggestions are not directly related to reporting EHR issues other than where a provider might contract with a vendor to report on the provider’s behalf. Aside from the limited concepts of how this would all work, AHRQ continues its assumption that the PSO system is actually valuable, although this has yet to be demonstrated other than perhaps anecdotally. In this regard the GAO reported in January 2010 that it was too soon to assess whether PSOs were valuable. There has been no report since then.

The Safety Tools page also points to the May, 2012 final report of a software project called Hazard Manager. Here it is said that “Hazard Manager is a software tool that can alert users to potential health IT-related patient safety events.” Actually it is a prototype tool for reporting such events (although to whom is not clear) after they have been otherwise identified. It does not itself do any identifying or alerting. Furthermore this software has not been made available, so its current contribution to event reporting and safety is non-existent.

Reporting can be an important component of finding out what the problems with EHR software are, sharing this information, and most importantly correcting the problems with an “upgrade” or other mitigation. (The software industry’s use of upgrade to mean fix-something-that is-broken has to be grudgingly recognized.) As for other mitigations, the non-technical ones typically boil down to “be careful”, which is not a very effective approach. Since reporting is necessary, multiple means of voluntarily reporting problems to multiple private entities is unlikely to be effective in providing a comprehensive approach. Rather, to be valuable, reporting must be mandatory, and focused to a single point of analysis and action.