New HHS Health IT Safety Program Requires Participation From Private Sector

The U.S. Department of Health and Human Services (HHS) has released the Health IT Patient Safety Action and Surveillance Plan. The action plan promotes the vision that health IT can help to eliminate medical errors, improve the quality of care, protect patients and make the health care system more efficient. The Plan has two related objectives: to use health IT to make care safer, and to continuously improve the safety of health IT.

The Plan builds on the Department’s overall commitment to patient safety, and addresses recommendations made in the 2011 Institute of Medicine (IOM) Report, Health IT and Patient Safety: Building Safer Systems for Better Care.

“When implemented and used properly, health IT is an important tool in finding and avoiding medical errors and protecting patients,” said National Coordinator for Health IT Farzad Mostashari, M.D. “This Plan will help us make sure that these new technologies are used to make health care safer.”

The Plan outlines the responsibilities to be shared across HHS and details significant participation from the private sector. Through the Plan:

  • ONC will make it easier for clinicians to report health IT-related incidents and hazards through the use of certified electronic health record technology (CEHRT).
  • The Agency for Healthcare Research and Quality will encourage reporting to Patient Safety Organizations and will update its standardized reporting forms to enable ambulatory reporting of health IT events.
  • The Centers for Medicare & Medicaid Services (CMS) will encourage the use of the standardized reporting forms in hospital incident reporting systems, and train surveyors to identify safe and unsafe practices associated with health IT.
  • Working through a public-private process, ONC will develop priorities for improving the safety of health IT.
  • ONC and CMS consider adopting safety-related objectives, measures, and capabilities for CEHRTs through the Medicare and Medicaid EHR Incentive Programs and ONC’s standards and certification criteria.

ONC also established the Health IT Patient Safety Program, led by ONC’s Chief Medical Officer Jacob Reider, MD, in coordination with the Office of Policy and Planning, to coordinate and implement this Plan.

“Through the Safety Program, ONC will collaborate with stakeholders to incorporate health IT and patient safety into their organizations, and will work closely with all actors to help them fulfill their responsibilities under this Plan. ONC will oversee the aggregation and analysis of data from the sources identified in this Plan, among others, in order to identify trends in patient safety and health IT, provide feedback to developers and providers, and inform policies and interventions to achieve this Plan’s objectives,” says the Plan.

To accompany the Plan’s surveillance of safety-related capabilities in Certified EHR Technology (CEHRT), the ONC has also issued guidance clarifying that ONC-Authorized Certification Bodies will be expected to verify whether safety-related capabilities work properly in live clinical settings in which they are implemented. ONC is coordinating the implementation of the Plan through the ONC Health IT Safety Program. They will be updating the Health IT and Patient Safety website regularly to reflect progress towards implementation and make available resources and other materials developed under the Plan.

In addition to the Plan, Dr. Mostashari announced ONC has contracted with The Joint Commission to better detect and proactively address potential health IT-related safety issues across a variety of health care settings. The Joint Commission will expand its capacity to investigate the role of health IT as a contributing cause of adverse events and will identify high priority areas for expected types of health IT-related events.

It will be interesting to see how the industry responds to the final Plan being published. One of the strategies of the Plan is to incorporate health IT safety in post-market surveillance of certified EHR technology.

HHS had released a draft of the plan in December 2012 along with a request for public comment. State and national medical societies responded, and the American Medical Association called for more research on the intersection of IT and patient safety. “Physicians are concerned about potential liabilities from EHR system design and software flaws, as well as lack of interoperability among EHR systems that could result in incomplete or missing information, which may lead to errors in patient diagnosis and treatment,” they said.

In a comment letter on the draft plan, the Texas Medical Association expressed concern that “the proposed plan lacks the specificity necessary for success.”

brianMore from Brian Ahier


The following two tabs change content below.

Brian Ahier

Brian Ahier is a national expert on health information technology with a focus on health data exchange. He is President of Advanced Health Information Exchange Resources, LLC, which has provided consulting services to a variety of industry clients as well as the Office of the National Coordinator at HHS. Brian sits on the Consumer Technology Workgroup of the HIT Standards Committee which makes recommendations to the National Coordinator on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information consistent with the implementation of the Federal Health IT Strategic Plan. Brian is a founding Board member of DirectTrust, and also serves on the Board of HIMSS Oregon and Q-Life., an intergovernmental agency providing broadband capacity to the region. Brian helped found Gorge Health Connect, Inc. (GHC) a health information exchange organization in the Columbia River Gorge where they implemented one of the first Direct Project pilots. Brian worked at Mid-Columbia Medical Center for eleven years, most recently as Health IT Evangelist. He served four years as a City Councilor in The Dalles, Ore., and on the Board for Mid-Columbia Council of Governments. Brian helped develop the Oregon strategic and operational plans for implementing State-Level HIE under the State Health Information Exchange Cooperative Agreement. After the plan was approved by the ONC he was appointed by the State of Oregon Health Information Technology Oversight Council (HITOC) as Chairperson of the Technology Workgroup responsible for developing a framework and providing input for technology goals, including deliverables and objectives, standards, and definition of central services. Brian has worked on a number of workgroups and committees within the Standards and Interoperability Framework and continues to work on the Direct Project.

, , , , , , ,

  • Dan Haley

    I’m plagiarizing myself here, but as I commented earlier today on a related matter (constant rumors of pending FDA “mobile” guidance): “Congress’s mandate in FDASIA is explicit. The statutorily-required proposed framework that Congress has requested of HHS for HIT must (a) protect patients; (b) promote innovation; and (c) avoid unnecessary regulatory duplication. Everyone involved is saying all the right things, but seemingly ignoring that last part about regulatory duplication. Meanwhile, FDA continues to think about releasing a separate regulatory guidance for “mobile,” as if it were 2008 and that distinction still had meaning; and just yesterday ONC issued its own “surveillance plan” for patient safety in HIT – which is also a separate regulatory structure. Ironically, the final question in the recent FDASIA request for comment from the public asks what the Administration can do to avoid unnecessary regulatory duplication in HIT. There is an obvious and simple answer: stop generating duplicative regulatory structures. ”

    The HIT ndustry is invested in ensuring patient safety, both because we are all patients and because – frankly – in a hypercompetitive marketplace, unsafe technology cannot possibly survive. At the same time, as the ONC draft report made abundantly clear, every study of HIT-related patient safety issues to date has found a rate of far less than 1% of patient safety issues have an HIT component. Does less than 1% leave room for improvement? Yes. Does it require its own regulatory bureaucracy, never mind several? Mark me down for a no on that one.

    ONC has a lot of expertise that FDA lacks, and if there is in fact to be a risk-based regulatory structure for HIT overall, then there is a good argument for seating that framework within ONC. But the Administration needs to get its right hand on the same page with its left. Right now both agencies seem to be looking for ways to stick jurisdictional stakes in the regulatory earth to ensure an ongoing role. In light of the third prong of the Congressional FDASIA mandate I have a hard time seeing how that isn’t a direct contravention of Congress’s unusually explicit directive.

  • Pingback: New HHS Health IT Safety Plan Requires Particip...()

  • brianahier

    A few key sections of the Plan…

    pg 16: “ONC will coordinate with the FDA to identify and evaluate health IT adverse event reports made to the FDA MAUDE database. MAUDE is a searchable database of adverse event reports on devices that contains data from several sources, including voluntary reports, user facility reports, and device manufacturers’ reports. This database will provide ONC with an additional source of data from which to analyze potential safety trends and risks associated with health IT.”

    pg 25: “Congress enancted the Food and Drug Administration Safety and Innovation Act (FDASIA) on July 9, 2012. Section 618 of FDASIA instructs the Secretary of HHS, acting through the FDA Commissioner— in collaboration with ONC and the Federal Communications Commission (FCC)—to issue a report by January 2014 on a proposed strategy and recommendations on an appropriate risk-based regulatory framework for health IT that promotes innovation, protects patient safety, and avoids regulatory duplication.

    This report will be developed with significant public input. FDA, ONC, and FCC have issued a request for comment seeking broad input from stakeholders on elements they should consider in developing the report. The report will also be informed by input from the Health IT Policy Committee (which has formed a FDASIA Workgroup) and will incorporate what the agencies learn about risk, safety, and opportunity for innovative technologies to support improved health outcomes. The agencies will consider how to make it easier for innovators to understand the regulatory landscape, ways to minimize regulatory burden—such as the complexity of navigating numerous agencies—and how to design an oversight approach that supports innovations and patient safety.”

    Also I find it very interesting that the ONC has contracted with The Joint Commission to better detect and proactively address potential health IT related safety issues across a variety of health care settings. I am very happy that Jacob Reider, the ONC’s Chief Medical Officer, will be heading up the Health IT Patient Safety Program. I have a great deal of confidence in him…

  • brianahier

    This 5 page Fact Sheet from the ONC gives some good info on the Plan:

  • Dan Haley

    Brian, I agree with your assessment of Jacob Reider, who is great. And frankly I agree with the subtextual assessment of ONC and even their plan – something I tried to make clear on my initial comment. My fear is and continues to be that both agencies are trying to pre-establish regulatory jurisdiction by occupying ground, and I worry that this move by ONC will only prompt a more aggressive move by FDA (their bizarre and wholly unexpected foray into the world of computer viruses a few weeks back leaps unpleasantly to mind). This kind of regulatory race to the bottom is exactly, in my view, what Congress intended to forestall via its FDASIA mandate.

  • brianahier

    Another area of concern is the Code of Conduct provision:

    ONC will work with developers on a code of conduct that commits developers to:

    o Work with Patient Safety Organizations (PSOs) — or similar entities — to report, aggregate, and analyze health IT – related safety events

    o Support providers in reporting safety events

    o Collaborate with private sector efforts to make comparative user experience with different EHR systems more available

    If the rather weak EHR Association Developer Code of Conduct is the extent of this effort then I will be disappointed…

  • Dan Haley

    Certainly no argument from me there, though Dr. Mostashari’s comments at the unveiling event seemed to indicate he was looking for something stronger. I have some expanded thoughts on this here: