Should EHR Vendors Share Health IT Patient Safety Responsibility?

While a new CMS policy aims to improve patient safety through hospital self-assessment of EHR systems, EHR vendors should also be responsible for assessing their products to ensure they meet federal health IT standards, according to a new Journal of the American Medical Association (JAMA) op-ed.

In August, CMS published new rules regarding the Medicare Promoting Interoperability Program and its Protect Patient Health Information Objective. Beginning in 2022, eligible hospitals will have to attest to having completed an annual self-assessment of their EHRs using the ONC SAFER (Safety Assurance Factors for EHR Resilience) Guides.

In the op-ed, Dean F. Sittig, PhD, professor at the University of Texas Health Science Center at Houston, argued that EHR vendors should be responsible for conducting self-assessments of their products.

“Over the past decade, emerging evidence has suggested that unsafe EHRs and unsafe use of EHRs has continued and could lead to harm or potential harm that potentially affects large numbers of patients,” he wrote.

Sittig noted one study that revealed almost 40 percent of EHR-related products surveilled had “nonconformities” with EHR certification requirements that were associated with the potential for patient harm.

EHR vendors could have identified many of these shortcomings prior to product release upon self-assessment of their health IT, Sittig suggested.

“Implementing new CMS policies successfully will require hospitals and EHR developers to share responsibility because many SAFER recommendations are based on EHR features that must be provided by developers,” Sittig explained.

For instance, one SAFER recommendation states that patient identification is displayed on all portions of the EHR user interface, wristbands, and printouts. Hospitals cannot comply with that patient safety recommendation if the vendor has not implemented the feature, Sittig noted.

CMS should add annual SAFER assessment by EHR developers to criteria for the Promoting Interoperability Program to ensure that vendors have evaluated their product against ONC SAFER recommendations, Sittig suggested.

Additionally, the ONC-ACB (Authorized Certification Body) for each EHR developer should assess compliance with these regulations, he said.

“The annual EHR developer assessment process should be transparent and carried out by teams consisting of EHR designers, developers, implementers, and trainers,” Sittig wrote. “Teams should include clinicians able to successfully assess EHR functionality in clinical settings.”

The developer should indicate whether its EHR can meet the requirements for each SAFER recommendation, Sittig said.

Vendors should also document a rationale for recommendations their product cannot support to explain their decision-making and consider safety implications of nonconformity, the op-ed suggested. The rationale should be posted on their website and sent to their customers for transparency.

Additionally, vendors should report the nonconformity rationale to the ONC-ACBs as part of the EHR vendors’ certification process, Sittig wrote.

“ONC should annually convene expert panels composed of EHR users, researchers, and developers to review the aggregate findings from developer nonconformity reports,” he suggested. “If the expert panel deems the developers’ rationale appropriate, revisions to the SAFER Guides should be made accordingly.”

For its part, ONC should publish a list of developers that do not conform with certain SAFER recommendations and the expert panel’s determination of appropriateness for each nonconformity, Sittig said.

The expert panel should also review each SAFER recommendation annually and add new recommendations when needed to keep up with changes in EHR development and use, the op-ed noted.

Lastly, Sittig called for developers to create configuration guides for their product to share information about safe implementation practices.

“EHR developers are in a perfect position to be a conduit for collecting, implementing, and diffusing safety practices because they work with different HCOs,” he wrote.

“Developers should create EHR configuration guides for their own product and share them with their customers and the ONC-ACB,” Sittig continued. “This guidance should describe how their product can be configured to meet SAFER recommendations and warn users of the safety consequences of failure to follow these recommendations.”