Sunday, July 11, 2010

Health IT and 'High Regulatory Standards': Criminal Negligence for Implementing Defective Systems That Put Data in the Wrong Charts?

Over at the HIStalk blog (a blog whose owner remains anonymous, and who uses an ISP that does not reveal information that could be used to identify him, apparently out of fear of retaliation for controversial stories he posts), the following appeared:

Monday Morning Update 7/12/10

From Holy Smoke: “Re: Cerner. Misidentification incidents have been reported with Cerner PowerChart and Millenium in hospitals in Indiana, Michigan, and others after a Cerner upgrade. Entries are placed in the wrong electronic chart and reviewed data is for the wrong patient.” Unverified. I saw nothing in the FDA’s Maude database, so if it’s happening, customers should file an experience report.

While the reports are "unverified", I can add that the FDA MAUDE database would not show any data if this problem were recent, as I believe MAUDE contributions are reviewed by FDA before posting.

(7/21/10 addendum: various sources confirm this occurred at a religious-denomination hospital chain headquartered in the Great Lakes region of the U.S.)

However, as I wrote in Oct. 2009 at "Our Policy Is To Always Have Unabashed Faith In The Computer ... Except When It Screws Up, And Then It's The Doctor's Fault", the MAUDE database does contain some error reports from this vendor (one of the very few HIT vendors who actually file such reports) such as:

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfRES/res.cfm?id=64345
Cerner Millennium RadNet Auto Launch Study and Auto Launch Report software functionalities. Defects in the Auto Launch functionality make it possible for a mismatch of patient data.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/Detail.CFM?MDRFOI__ID=946706
Patient care delay. The issue involves functionality in cerner millennium powerchart office and powerchart core and affects users that utilize the powerchart inbox and message center inbox. In results to endorse or sign and review, if the user clicks ok and next multiple times in quick succession while attempting to sign a result or a document, the display could lag behind the system's processing of the action, and multiple results or documents could be signed without the user's review. In message center, when clicking ok and next or accept and next, or when deleting or completing messages and moving to the next task, a document could be signed or a message could be deleted without the user's review. Results could be endorsed or documents could be signed without physician review, which could impact patient care. Cerner received communication that a patient's follow-up care was delayed as a result of this issue.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/Detail.CFM?MDRFOI__ID=753029
Microbiology set up a program within the cerner computer system to automate the reporting system for hsv (herpes simplex virus)testing. The system was tested with the assistance of cerner and found to be working appropriately. The new system was operational for approximately 3 weeks when it was determined that the first word of the sentence, "no" was inappropriately dropping off of the following sentence: "no herpes simplex virus type 1 or herpes simplex virus type 2 detected by dna amplification. " as such, two of five patients were incorrectly informed that they had hsv before the error was detected. One had started an antiviral creme treatment. The other three did not have follow-up visits until after the correct results were determined. Cerner has looked at the program and has not provided an answer for the system issue. In the interim, the previous manual review and entry process is being used.

Assuming the current reports from anonymous whistleblower "Holy Smoke" are true, I note the following.

My observations apply to any vendor and/or healthcare organization that puts defective HIT into use in patient care--

At my April 2010 post "Healthcare IT Corporate Ethics 101: 'A Strategy for Cerner Corporation to Address the HIT Stimulus Plan'", I'd written:

A profoundly disappointing lesson in the ethics of the healthcare IT sector (and the B-schools as well) can be gleaned from the following, a paper written by a Cerner employee and two health industry colleagues for a Duke Fuqua School of Business course.

The course is "Health Economics & Strategy (HLTHMGMT 326), Distance Executive MBA" (syllabus here in PDF) ... The paper is entitled "A STRATEGY FOR CERNER CORPORATION TO ADDRESS THE HIT STIMULUS PLAN."

The paper was scrubbed from the Duke Fuqua School of Business Site on or around April 16, 2010 but a cached copy is available here. In that paper what I believe is a combination in restraint of trade was suggested:

This paper seeks to clarify these implications [of the the economic 'stimulus' package - ed.], understand the strengths and weaknesses of various players in the industry and recommend a strategy for Cerner Corporation to maximize its profit from the stimulus package and thereby secure a dominant position in the HIT industry.

... We recommend that Cerner collaborate with other incumbent vendors to establish high regulatory standards, effectively creating a barrier to new firm entry.

High standards? I have some suggestions regarding "high regulatory standards."

I agree that high, in fact, the highest regulatory standards should be upheld.

I think I can safely state that a common regulatory standard in healthcare is that those involved in patient care, even peripherally, act with sound judgment and with patient well being as a foremost concern. Those acting recklessly and dangerously might be found negligent in a civil sense, or if acting recklessly in a willful and knowing manner, might be found criminally negligent.

Two descriptions of criminal negligence:

Criminal negligence - (law) recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences).

Criminal negligence is conduct which is such a departure from what would be that of an ordinary prudent or careful person in the same circumstance as to be incompatible with a proper regard for human life or an indifference to consequences. Criminal negligence is negligence that is aggravated, culpable or gross.(PDF).

It is damn well clear that electronic medical records systems must function without unpredictable data errors that put data into the wrong persons' charts, thus producing two errors and two possibilities for patient harm: an erroneous absence of appropriate data in one patient's chart, and an erroneous presence of inappropriate data in another's.

This is not a theoretical argument open to debate, and this is not a drill.

A recent IT-related data error involving one single medication nearly killed my mother.

In addition, the "learned intermediary" excuse used to punt liability onto physicians and other clinicians for patient harm due to IT errors does not apply here, and this is also not open to debate. Physicians, even the most learned, are not clairvoyant; they should not be expected to know which chambers are empty and which chambers are loaded in a game of cybernetic Russian Roulette with the data on their patients.

Having an EMR maintain fundamental relational integrity, i.e., not place clinical data entered in good faith by trusting clinicians in another patients' chart, is not rocket science.

Those who design, those who implement, and those who put into production (i.e., for use by physicians, nurses and other clinicians in the care of patients) any health IT "upgrade" without the extensive testing, testing and more testing necessary to prove proper operation on such a fundamental point as maintenance of relational integrity (i.e., correct patient identity in data storage and retrieval) knew, should have known, or should have made it their business to know that doing so puts patients at risk of injury or death.

Putting an "upgraded" software application with such fundamental defects into actual use in real, live patients care environments - for whatever reason, e.g., finances, vendor marketing pressures, meeting planned objectives and numbers, obtaining a bonus, etc. - reflects in my view:

"... a departure from what would be that of an ordinary prudent or careful person in the same circumstance as to be incompatible with a proper regard for human life or an indifference to consequences."

Thus:

In upholding the highest regulatory standards, if patients are harmed or die as a result of this type of HIT snafu, criminal charges against the responsible IT, clinical and administrative personnel would be an appropriate remedy to this type of negligence.

As I wrote at "$4 Billion Military EMR "AHLTA" to be Put Out of Its Misery?", in my view as of 2010 legal actions are the only way that the domain of healthcare IT can be returned to a field "of, by and for" clinicians, instead of "of, by and for" those who live off the hard work of clinicians and their patients.

-- SS