IOM Calls for Oversight of Health IT Industry

A new report from the Washington, D.C.-based Institute of Medicine (IOM) calls for greater oversight of information technology by the public and private sectors. The report examines a broad range of health information technologies, including electronic health records, secure patient portals, and health information exchanges. It does not examine software for medical devices.

The report asks the secretary of the U.S. Department of Health and Human Services should publish a plan within 12 months to minimize patient safety risks associated with health IT and report annually on the progress being made. The IOM also says there should be a schedule for working with the private sector to assess the impact of health IT on patient safety.

The report recommends the U.S. Food and Drug Administration should exercise its authority to regulate technologies if there is not enough progress. Concurrently, FDA should begin planning the framework needed for potential regulation so that the agency is ready to act if necessary.

"Just as the potential benefits of health IT are great, so are the possible harms to patient safety if these technologies are not being properly designed and used," Gail L. Warden, president emeritus of Henry Ford Health System and chair of the committee that wrote the report, said in a statement.

The IOM argues in the report that the government is investing billions of dollars to encourage hospitals and health care providers to adopt health IT so that all Americans can benefit from the use of electronic health records by 2014, but demonstrated improvements in care and safety are not yet established. The organization argues that while some of these technologies have significantly improved the quality of health care and reduced medical errors, there are still huge concerns about potential harm are emerging as health care providers increasingly rely on health IT to deliver care.

The report talks about huge errors in healthcare technologies -- including medication dosing errors, failure to detect fatal illnesses, and treatment delays due to poor human-computer interactions or loss of data -- have led to several reported patient deaths and injuries. It says the HHS should establish a mechanism for both technology vendors and users to report health IT-related deaths, injuries, or unsafe conditions. It recommends reporting events related to patient safety be mandatory for vendors and voluntary, confidential, and nonpunitive for care providers.

In addition, the report says Congress should establish an independent federal entity to investigate patient deaths, injuries, or potential unsafe conditions associated with health IT. Based on those investigations, the entity could make nonbinding recommendations, allowing flexibility for HHS, health care organizations, vendors, and other experts to determine the best course forward.

It recommends HHS establish quality management principles and risk management processes in designing and implementing health IT products, which can be complex and difficult for doctors and nurses to use.

The study was sponsored by the U.S. Department of Health and Human Services.