The committee came to an "eye-opening" realization, Warden said, that there are no hard data available to objectively assess the safety of health IT.
The panel got it right with its recommendation that HHS "should ensure insofar as possible that health IT vendors support the free exchange of information about health IT experiences and issues." Thus, vendors should be banned from using gag clauses in their contracts to block providers from sharing of information about IT safety problems. The committee was right again with several other recommendations that tilted toward public disclosure.
But the committee hedged in saying it "believes reports of health IT-related adverse events and unsafe conditions that are verified and free of user-identifying information should be transparently available to the public."
So, does that mean data on IT errors should be gathered and analyzed by a select few providers, vendors and researchers? Does it mean a limited amount of this information can be made public, and that only when it's "free of user-identifying information?"
Why? If your local doctor or hospital had a fritzy EHR, wouldn't you want to know it?
In the committee’s own words, software alone "is neither safe nor unsafe because safety of health IT cannot exist in isolation from its context of use." In other words, the problem with health IT is often between the keyboard and the chair. "Safety," the report says, "is an emergent property of a larger system that takes into account not just the software but also how it is used by clinicians."
As Eric S. Raymond postulated, "Given enough eyeballs, all bugs are shallow." A corollary would be, given enough people looking at the data on reported IT-related safety concerns, both the effort to fix the glitches and their negative impacts on patients will be minimized.
To get the maximum number of eyes fixed on the problem, end the cult of secrecy around error reporting completely. Make public reporting of the glitches a requirement. The analog shouldn't be AHRQ's voluntary and anonymous Web M&M, but rather the Office for Civil Rights' mandatory and timely public breach reports
The U.S. is already neck deep in a healthcare cost, quality and safety crisis. Health IT is supposed to provide tools to help us out of this mess. So, we're investing tens of billions of taxpayers' dollars to fund national IT deployment. If the machines—or IT users—that taxpayers are subsidizing are killing or injuring patients, everybody has a right to know about it.
The answers to whether IT systems are providing a net reward over risk will be in the data from those systems and the user reports. All of that information should be made public.