The FDA currently regulates medical devices and has received more than 200 reports of adverse events associated with health information technology, according to a recently published report by a team of investigators for the online news outlet, the Huffington Post. Meanwhile, Sen. Chuck Grassley (R-Iowa) has shown an interest in HHS or FDA monitoring health IT systems.
Paul Egerman, a healthcare IT company executive and a member of the federally chartered HIT Policy Committee, served as chairman of its EHR Certification and Adoption work group and made the work group's presentation of a list of a dozen recommendations. The HIT Policy Committee was created last year pursuant to the American Recovery and Reinvestment Act of 2009 to advise the Office of the National Coordinator for Health Information Technology at HHS.
The first among the work group's recommendations was a proposal to create “a national transparent oversight process and information system,” similar to a patient-safety organization, that could receive reports from various sources about patient-safety issues linked to the use of healthcare IT systems.
Egerman was a co-founder of a health IT systems company that would become IDX, Burlington, Vt., which was acquired by General Electric in 2005. He currently serves as chairman and CEO of eScription, Needham, Mass., a provider of computer-assisted medical transcription services.
Egerman said the work group conducted a public hearing Feb. 25 on health IT and patient safety. And while work group members are aware a few studies found patient safety problems associated with health IT systems, “a lot of information that was presented seemed to be drawn from anecdotes and the personal experience of presenters,” Egerman said.
“Everybody agrees there is a continuing need for more investigation,” he said. “We wanted to get past this issue of, do we really have good data here or is it anecdotes?”
A common expectation is that IT-linked patient safety problems stem from software bugs, but a review limited to software glitches alone would be too narrowly focused, he said.
“The largest issue was the complex interaction between people and technology,” Egerman said. Safety problems could just as easily stem from training and implementation problems as the technology itself, he said.
Another problem area is “alert fatigue,” in which patient safety alert thresholds are set so low a critical warning might be missed among a host of more commonplace alerts.
“The system could be working correctly,” Egerman said. “There are no bugs in the system, but people could be very, very busy and under stress” and as a result, the full potential of the IT system isn't realized.
“There is a need for this national database and for this national oversight process,” he said, but the work group stopped short of defining how such a program should be implemented or saying who would run it.
However, the work group did propose it have a confidential reporting system with whistleblower and tort liability protections.
According to Egerman, the specter of possible FDA regulation of EHRs and other health IT systems hung over the work group's deliberations.
“It is a surprisingly emotional issue,” he said. “The FDA already has legislative authority over healthcare IT. They already have authority to regulate this entire area. Our work group couldn't help itself but talk a lot about the FDA.”
Egerman said he worries that the increased costs from FDA device regulation “could become a barrier to entry for small vendors,” particularly for developers of a building wave of Health 2.0 applications. A typical iPhone app, if not free, may cost only a couple of dollars. “You try to layer FDA regulations on people like that, it could inhibit innovation,” he said.
Jeffrey Shuren, director of the FDA's Center for Devices and Radiological Health, spoke to assuage work group and policy committee members' fears.
“The agency is very willing to be flexible and part of a broader approach” to health IT safety, Shuren said, adding that when the FDA conducts a root-cause analysis of a safety problem, “we actually look beyond the technology” to possible underlying causes.
Tomorrow, part two: The unresolved issue of granular privacy consents.