On Sept. 10, the Journal of the American Medical Association (JAMA) Network Online published a “Viewpoint” article entitled, “Policies to Promote Shared Responsibility for Safer Electronic Health Records,” by Dean F. Sittig, Ph.D. and Hardeep Singh, M.D. The authors address the new rules from the Centers for Medicare & Medicaid Services (CMS) regarding the Medicare Promoting Interoperability Program and its Protect Patient Health Information Objective. The authors specifically focus on the addition CMS made of an underscored, attestation-only measure that requires hospitals to attest to having completed an annual self-assessment of the electronic health record (EHR) using the Office of the National Coordinator for Health Information Technology (ONC)–sponsored SAFER (Safety Assurance Factors for EHR Resilience) Guides2 beginning in 2022. The authors write that “This is a major development in health information technology (IT) and patient safety policy, but additional steps are required to strengthen the effects of these rules.”
That said, “A decade ago, health IT–related errors were defined as ‘anytime health IT is unavailable for use, malfunctions during use, is used incorrectly by someone, or when health IT interacts with another system component incorrectly, resulting in data being lost or incorrectly entered, displayed, or transmitted.’ Over the past decade, emerging evidence has suggested that unsafe EHRs and unsafe use of EHRs has continued and could lead to harm or potential harm that potentially affects large numbers of patients.”
Further, “The new policy helps lay the groundwork for hospitals to proactively assess EHR-related patient safety. In collaboration with ONC, 9 SAFER Guides7 were developed in 2014 to help healthcare organizations (HCOs) and EHR developers conduct voluntary self-assessments to help eliminate or minimize EHR-related safety risks and hazards and to increase EHR resilience. Each SAFER Guide consists of 12 to 29 recommended practices to help HCOs know what to do to optimize the safety and safe use of EHRs. HCOs and EHR developers were expected to work on the recommended practices together, owing to interdependencies of implementing technology within the larger complex, adaptive, sociotechnical system in which technology interacts with workflows, personnel, physical environments, and other organizational factors. Adoption of the SAFER Guides so far has been sporadic and minimal.”
The authors go on to explain that implementing new CMS policies effectively will require hospitals and EHR vendors to share responsibility due to the fact that many SAFER recommendations are based on EHR features provided by developers. Therefore, EHR safety is a shared responsibility between the vendors who design and develop the EHR and those in healthcare organizations who implement the systems and are responsible for overseeing their use.
Sittig and Singh write that “CMS and ONC have established standards that EHRs must meet to qualify for use in the Promoting Interoperability Programs. These criteria alone are insufficient to address many patient safety concerns during EHR use in clinical settings; hence, CMS should add annual SAFER assessment by EHR developers to these criteria. This would help ensure that EHR developers have evaluated their product against SAFER recommendations and indicated whether their EHR could be configured to meet each recommendation. In addition, EHR developers should make product default settings conform to SAFER recommendations. The ONC-ACB (Authorized Certification Body) responsible for overseeing each EHR developer should also be responsible for assessing compliance with these regulations.”
The authors continue to explain that the annual EHR developer assessment process should be clear and consist of teams that include EHR designers, developers, implementers, and trainers. Teams should also include clinicians.
The authors continue, “Not all SAFER recommendations are technical (e.g., policies and procedures ensuring accurate patient identification are solely the responsibility of HCOs). For each SAFER recommendation, the developer should indicate whether it requires specific technical features and if so, note whether their product is capable of meeting requirements. For additional transparency, EHR developers should document a rationale for recommendations their product cannot support, post it on their website, and send copies to their customers and the ONC-ACB. The rationale should explain developers’ decision-making and consider safety implications from this nonconformity. These findings should also be reported to and reviewed by the ONC-ACBs as part of the EHR developers’ certification process.”
“ONC should annually convene expert panels composed of EHR users, researchers, and developers to review the aggregate findings from developer nonconformity reports,” the authors write. “If the expert panel deems the developers’ rationale appropriate, revisions to the SAFER Guides should be made accordingly. In addition, to promote transparency, ONC should publish an accessible list of SAFER recommendations whereby developer nonconformity could be noted along with the expert panel’s determination of appropriateness. In addition, the expert panel should review each recommendation annually, modify or eliminate recommendations no longer applicable based on either new evidence or unintended consequences, and add new recommendations to keep up with changes in EHR design, development, configuration, or use.”
The authors mention that knowledge and experiences about SAFER EHR implementation practices are not communicated widely in developer communities or healthcare organizations and that EHR developers are in a good position to collect, implement, and diffuse safety practices because of their work with different healthcare organizations. The authors imply that developers should create EHR configuration guides for their own product and share them with customers and the ONC-ACB, the guide should include how their product can be configured to meet SAFER recommendations and advise users of the safety consequences if the recommendations are not followed.
The authors conclude that “EHR developers must create or modify their products to ensure that hospitals can configure their EHR to meet SAFER Guide recommendations. The new CMS policy requiring hospitals to perform annual self-assessment using the SAFER Guides creates a solid foundation for a much-needed focus on EHR-related patient safety. However, the responsibility for safety must be shared with EHR developers, who should also self-assess their products on an annual basis.”
