Friday, March 5, 2010

VA / DoD EHR Interface Debacle: Will It Take the Luminosity Of A Dozen Supernovas To Shed Light On The Obvious About Healthcare IT?

(12/2010 note: I have observed a large number of "hits" on this post from multiple offices of the Mitre Corporation in the past several weeks. Dear Mitre, I ask that if you use my materials in your proposals or writings, that you please let me know. Thank you. My email address is in my profile under "Contributors." -- SS)

The VA and DoD have been working for a number of years on interfacing the VistA EHR system and the military's EHR, AHLTA (why anyone would want to interface to AHLTA in its present state is of concern to me, but...)

[Note: this is not to denigrate the military, and I am very thankful to all who serve and defend our country and freedoms. HIT problems seem unfortunately universal - ed.]

The interface attempt, likely done by the usual actors in the traditional "business IT" manner has resulted in the predictable:

Glitch prompts VA to shut e-health data exchange with Defense
NextGov.com
By Bob Brewin 03/04/2010

The Veterans Affairs Department closed off access to the Defense Department's huge electronic health record system on Monday because it found errors in some patients' medical data clinicians downloaded from the Defense network, according to a departmental patient safety alert, which Nextgov obtained.

Although no patient was injured, the errors shed light on how software glitches could affect the accuracy of electronic medical records and a planned national system that has been backed by the Bush and Obama administrations.

"Shed light on how software glitches could affect the accuracy of electronic medical records?"

As my early medical mentor, Hahnemann cardiothoracic surgery pioneer Victor P. Satinsky would have said about purveyors of such wisdom: they are Masters of the Obvious.

I ask:

Why do we keep needing to "shed light" on the blatantly obvious, in your face, computer science 101 reality about electronic information systems? The light was shed when the first stored-program computers were developed in the late 1940's.

Exactly how much light do we need to shed before IT personnel "get it" about the need for the most extreme diligence in IT-based medical records?

Perhaps the light of a dozen supernovas?


Is this the amount of light it will take before the IT world "gets it" about the need for the utmost engineering rigor in healthcare IT? (click image to play video).


It's fortunate the error was found in a somewhat less than life-threatening manner:

VA first discovered the problem in late February, when one of its doctors accessed the Defense health records system, called AHLTA, to review the prescription information of a female patient. The data showed a Defense physician had prescribed her an erectile dysfunction drug. The VA doctor suspected the system displayed erroneous information [although females have been known to use these drugs- ed.] and a check with the Defense medical facility that supposedly prescribed the drug informed VA that the data was wrong and the VA query had returned information for another patient.

...
When doctors queried the Defense system for patient information, they received no data, a portion of the data, incorrect information, or the complete, correct data for the patient, according to the alert.

[Where have I seen these types of patient data errors mentioned recently? Perhaps at my recent post "
FDA on Health IT Adverse Consequences: 44 Reported Injuries And 6 Deaths In Two Years, Probably Just Tip of Iceberg" ? - ed.]

The glitch did not cause harm to any patient, but "the potential exists for decisions regarding patient care to be made using incorrect or incomplete data," said Jean Scott, director of the Veterans Health Administration's Information Technology Patient Safety Office, in the alert issued on Wednesday.

Indeed.

"The VA clinician may see the patient's data during one session, but another session may not display the data previously seen," the alert noted. "This problem occurs intermittently and has been reported when querying DoD laboratory, pharmacy and radiology reports."

I would add that "intermittent errors" are by definition unpredictable. This is the most dangerous type of IT malfunction of all.

Until those systems are reactivated, VA doctors will have to obtain a patients' health information from their paper medical files, faxes or PDF attachments that are e-mailed to the physicians, Scott said.

What? That old-fashioned, unreliable 5,000 year old artifact upon which the foundations of modern medicine were built, and favored by Luddites?

The errors occurred in the Bidirectional Health Information Exchange, a project started in 2004 that allows clinicians in VA and Defense to view health information in patient files. Older code in the system became stressed at peak periods when clinicians were making the most number of queries, said Roger Baker, chief information officer at VA. At these times, the system did not clear out a memory cache, resulting in memory leaks "so that information from one patient is presented as it is from another," he explained.

Good software and information architecture engineering practices call exactly for testing under stress. Failure to clear caches, memory leaks, etc. are fundamental flaws that should never be permitted to see the light of day in clinical settings. That is what acceptance testing is designed to do. That's what mission critical software undergoes in other sectors. That is what drug and device clinical trials are designed to do.

At this link, for example, is NASA's Certification Processes for Safety-Critical and Mission- Critical Aerospace Software from 2003 (PDF). From that document:

... Since safety-critical aerospace software is prevalent and important to human life, what is the rationale behind certification of such software? In other words, how do engineers know when a new software product works properly and is safe to fly? In the United States, software must undergo a certification process described in various standards by various regulatory bodies including NASA and the Requirements and Technical Concepts for Aviation (RTCA) which is enforced by the Federal Aviation Administration (FAA).

There are no analogous requirements or enforcement in the healthcare IT sector. None.

In fact, the VA, of all places, should have been exceptionally wary of these types of malfunctions and exercised the highest levels of engineering rigor.

Why?

See "IT Vulnerabilities Highlighted by Errors, Malfunctions at Veterans Medical Centers" at this link. From that posting, reflecting a March 4, 2009 JAMA article by the same title by Bridget M. Kuehn (JAMA 2009;301(9):919-920):

... After a software update of the electronic medical records system at VA hospitals in August [2008], health care workers at these facilities began to report that as they moved from the records of one patient to those of a second patient, they would sometimes see the first patient's information displayed under the second patient's name. [If not for the diligence of the users then, that type of error could have led to dead patients -ed.]

This records-scrambling problem was reported at 41 of the 153 VA medical centers, said Gail Graham, deputy chief officer of Health Information Management at Veterans Health Administration Headquarters in Washington, DC. Graham explained that the jumbling of records was an uncommon occurrence that only occurred after a particular sequence of events.

...
Health care workers at the VA medical centers were notified about this potential problem in October, and on December 20, the centers received a software "patch" to fix the problem.

Nine VA medical centers reported another type of problem related to their electronic records system: physician orders to stop medication were missed, causing some patients to receive intravenous medications longer than necessary. The problem occurred because after the software upgrade, physician orders to discontinue such medications, which had previously appeared at the top of the screen, were not displayed.

In 3 cases, patients received infusions of drugs such as heparin for up to 11 hours after their physician had ordered the drug to be discontinued. Graham said the affected patients were not notified because they had not been harmed by the oversights. This software problem was corrected on December 8.

As I noted in that post: "... if this type of error occurs once too often, your patient's dead."

Back to the current VA / DoD interface "glitch":

... The VA has fixed the [current] bug and plans to bring the BHIE back online on March 9. Baker emphasized the bug's effect on the medical records of patients that VA and Defense clinicians share was sporadic and occurred in one out of 100 queries. The glitch caused errors only in the records that VA clinicians accessed. Defense doctors still have access to records Veterans Affairs stores.

"Only" 1 out of 100? ... that's only 10,000 errors per million EHR queries. Not too bad at all ... how many soldiers are in a military division?

Baker said the department's response to the glitch showed VA's overall health system worked "because there is always a doctor in the loop" who checks the accuracy of a patient's health data in combination with a well established patient safety organization that quickly alerts clinicians to any errors.

The "system worked" because luck prevailed that fallible, busy human clinicians were not deceived by erroneous information provided by a computer? I fall back on first principles of IT:

A computer can free professionals from tedious, repetitive work which does not require judgment. It can provide facts and figures with lightning speed, giving domain experts more time to exercise their judgment thoughtfully

The system is not working when computers add to the tedium, and having to expend precious cognitive capacity in ferreting out computer errors is certainly in that category. This excuse reminds me of a recent quote from our Homeland Security secretary about how the "system worked" when an airplane nearly was blown out of the sky.

These failure excuses, possibly written by a public relations 'spin doctor' in an effort at damage control, remind me of a humorous sign I bought in a novelty store once, for placing on the wall: "Our policy is to always blame the computer."

Perhaps clinicians need to stand up for this motto: No more alpha and beta software rollouts in healthcare.

Robert Charette, a risk management consultant and president of the ITABHI Corp. in Fredericksburg, Va., which consults with Defense, said VA was lucky it discovered an error as obvious as prescribing an erectile dysfunction drug for a female patient. He wondered if VA would have detected the error if it were for drugs with similar names, adding that despite the low error rate, "it's the one out of 100 that can bite you."

It's also the one out of fifty thousand that can bite you, for instance as Merck recently discovered.

Baker said the complexity of medical records systems like BHIE would make regulating such networks [by agencies such as FDA - ed.] a daunting task.

I thought we were just at the point of transforming health with one thunderous click of a mouse after another per our prior HHS secretary at the 2005 HIMSS summit. Perhaps not...

Dave deBronkart, a patient advocate in Nashua, N.H., who spoke at last week's Health IT Policy Committee meeting, said in an interview with Nextgov that the glitch paralleled the problems he encountered last year when he tried to transfer information from his hospital medical record to Google Health, an online electronic health record database the search giant launched in 2008.

I wrote about that at "Should Google Seek the Resignations of Those Responsible for This Healthcare IT Debacle?" here.

If the United States wants to develop a national health electronic record system, it needs to make sure heath information exchanges work correctly, said deBronkart, who added VA should be commended for reacting quickly to the software problem and issuing the patient safety alert.

I believe this is not possible under the current leadership, organizational and regulatory structures found in the healthcare IT sector. As I've written before, healthcare cannot be 'reformed' or even improved by IT, until IT and its culture are themselves reformed.

For more on these issues, see my site below.

-- SS

For more on HIT challenges see "Contemporary Issues in Medical Informatics: Common Examples of Healthcare Information Technology Difficulties" - http://www.ischool.drexel.edu/faculty/ssilverstein/cases/