10 Ways To Strengthen Healthcare Security

A team of researchers studying the safety hazards of electronic health record (EHR) systems suggests there may be lessons to be learned from the Ebola scare, even though the Dallas hospital where a man died and infected two healthcare workers swiftly retracted its claim that its EHR was at fault.

Despite that backtracking, the facts of the case align with a common pattern of medical errors where the use of EHRs is, if not the sole cause, often an aggravating factor, according to Hardeep Singh, chief of the health policy, quality, and informatics program at the Veterans Affairs Center for Innovations in Quality, Effectiveness, and Safety, based at the Michael E. DeBakey VA Medical Center in Houston, and an associate professor at Baylor College of Medicine. He was the lead author on a recent study on usability flaws in EHRs that can lead to medical errors.

His research team's follow-up article, "Ebola US Patient Zero: Lessons on misdiagnosis and effective use of electronic health records," being published online Thursday, is labeled opinion, and some of its findings are speculative. Since the researchers don't have access to all the nurse and physician notes and can't examine the configuration of the EHR in detail, they can't say for certain how big a role online interactions among caregivers played. They also acknowledge that even if a concern about the patient wasn't conveyed online, it could have been conveyed offline -- the nurse could and should have alerted the doctor that the patient had recently arrived from Liberia and was exhibiting symptoms consistent with Ebola. A lack of awareness and training about what to look for was likely an even bigger factor.

[Do no harm: Healthcare Experts Propose EHR Safety Guidelines.]

At the same time, the researchers argue the routine EHRs enforce for documenting patient encounters may have encouraged healthcare professionals to treat the case as routine rather than recognizing an extraordinary danger.

"This first case of Ebola in the US has exposed two of the greatest concerns in patient safety in the US outpatient health care system: misdiagnosis and ineffective use of EHRs," Singh's team wrote. "Diagnostic errors typically have affected only one patient at a time, but Patient Zero reminds us that in certain cases, a single misdiagnosis can have widespread and costly implications for public health."

The facts are these: On Sept. 30, 2014, the Centers for Disease Control confirmed the first Ebola case in the US: Thomas Eric Duncan, a 42-year-old Liberian national, who had been visiting family in Dallas. Duncan had first visited the emergency room at Texas Health Presbyterian Hospital on Sept. 25 but was sent home with a prescription for antibiotics. After his condition deteriorated, he returned to the hospital emergency room by ambulance on Sept. 28, but initially no special precautions were taken with his care. Duncan died on Oct. 8, and two nurses were subsequently diagnosed as having contracted the disease from close contact with Duncan and bodily fluids such as vomit.

Early on, Texas Health Presbyterian Hospital in Dallas cited a gap between nurse and physician workflows, mediated by the EHR, as one reason the patient was misdiagnosed and sent home. The suggestion was that the doctor never saw the nurse's note that the patient had traveled from Liberia. (On the other hand, Duncan reportedly was not truthful in his answers to questions about having been in contact with people who were ill, volunteering no information about the chance that Ebola was the cause of his symptoms.)

Not every news story identified the specific EHR software at work in this tale, but the information was not hard to find. Edward Marx, CIO of Texas Health Resources and CHIME's CIO of the Year for 2014, has pointed to the hospital system's early embrace and effective implementation of Epic across the health system as a great success story. You might imagine he got some angry phone calls from Epic executives between the day the hospital issued its blame-the-EHR explanation and the subsequent retraction.

Whatever the reason, the hospital backed off. Singh and his co-authors aren't ready to let the EHR off the hook, however:

Many organizations modify their EHR-related workflows to ensure that specific data elements required for quality measures (none of which focus on diagnostic quality) are reliably captured. In the Ebola case, the nurse was using a template 'designed to provide a high reliability nursing process to allow for the administration of influenza vaccine under a physician-delegated standing order' to record history. These highly constrained tools are optimized for data capture but at the expense of sacrificing their utility for appropriate triage and diagnosis.

The reference to the template is from an initial hospital news release.

Note that while the ability to define such templates is a feature of Epic, health systems and clinicians design their own templates according to their own clinical and productivity goals. So even if the EHR was a factor, the fault possibly was with the configuration of the system rather than the underlying software.

Still, the authors argue the design of these systems, as well as the federal Meaningful Use incentives program that has driven widespread adoption of EHR software, emphasize some recordkeeping over proper care or detection of unexpected conditions:

Current EHRs lack the innovations needed to prevent misdiagnosis. Condition-specific charting templates, drop-down selection lists, and checkboxes developed in response to billing or quality-reporting requirements potentially distort history-taking, examination, and their accurate and comprehensive recording. We suspect this might have occurred in this case. Clinicians also tend to ignore template-generated notes in their review process; often the signal-to-noise ratio in these notes is low. EHRs can lead to less verbal exchange, which is all the more needed and more effective when dealing with complex tasks and communicating critical information. Ideally, the nurse should have verbally communicated the red flag to the physician instead of relying on the physician to find this information in the EHR. Other factors, such as heavy data-entry requirements and frequent copy-and-paste from previous notes, detract from critical thinking during the diagnostic decision-making process.

While the EHR cannot take the blame for what went wrong in Dallas, neither can it be held blameless.

Improving the decision-support tools embedded in EHRs, and making them better at sorting out the important information recorded in the system and displaying it prominently, ought to be a major research focus and ought to get more attention from federal regulators, the authors wrote.

The owners of electronic health records aren't necessarily the patients. How much control should they have? Get the new Who Owns Patient Data? issue of InformationWeek Healthcare today.