Safety+Risk

=Safety Risks=

Safety is a major theme in the business case for eHealth. eHealth is often mentioned as one solution that can reduce the incidence of preventable adverse events. Several significant reports have been published suggesting that eHealth, and in particular the electronic health records are significant enablers for improved patient safety. However, there is surprisingly little information or guidance in the literature concerning safety issues caused by eHealth systems and programs themselves.

There is however a significant body of work concerning safety risk in other sectors such as the [|aviation] and nuclear industries. Even in health care there is a growing body of work concerning ways to manage the safety risks associated with medical procedures and devices, many of which are controlled by software products and use information and communications technologies. Drawing from this experience, it is possible to conduct at least a remedial assessment of safety risk associated with eHealth.

=Factors Leading to eHealth Safety Risks=

There is evidence that some implementations of eHealth systems, in particular Computerized Physician Order Entry Systems (CPOE), are vulnerable to safety risks.

In the eHealth domain there are at least three sources of safety risk:
 * 1) **Security issues** are the most likely sources of eHealth safety problems. Security concerns itself with the confidentiality, integrity and availability of information. Confidentiality concerns are not likely to give rise to safety issues (except in very rare circumstances, such as releasing the identities of doctors who perform abortions making them vulnerable to personal physical attack). Integrity and availability issues could certainly impact patient and health provider safety, particularly as we become more dependent on eHealth programs. Consider what could happen to a patient if a security breach brought down an eHealth portal that provided access to critical health information systems, or if a virus corrupted or destroyed health data.
 * 2) **Quality of product issues** – where software and hardware products fail to provide essential information when required, or deliver corrupted data; for example, a software bug that causes a lab system to deliver inaccurate test results.
 * 3) **Human factors issues** – where the human/ information system interface fails. This could include user interfaces that are confusing, overly complex procedures that promote error or failure to catch common user errors (e.g. input procedures that make it easy to enter the wrong data or displays that make it easy to misinterpret data). Human factors issues extend more broadly than the technology and include social, cultural, organizational and political issues.

=eHealth Safety Risks=

eHealth is subject to three major safety risks, which can be sub-divided into many sub-risks as described in the table below:


 * **Risk** || **Examples** ||
 * Patient Injury or Death || * Critical data not available
 * Critical data inaccurate
 * Input/output error
 * Human error
 * Decision support error
 * Loss of critical ICT services
 * Corruption or unauthorized modification of Personal Health Information ||
 * Health Provider Injury or Death || * Failure to communicate critical safety procedures (e.g. during pandemic)
 * Failure to communicate patient conditions that could lead to infection ||
 * Population Injury or Death (e.g. public health crisis) || * Failure to communicate critical safety procedures
 * Critical data unavailable
 * Critical data inaccurate
 * Input/output error
 * Decision support error
 * Loss of critical ICT services* Corruption or unauthorized modification of Personal Health Information ||

=Safety Controls in eHealth Programs and Systems:=

• Hazard analysis • Definition of user needs and requirements • Data integrity controls • Human factors design • User training • Functionality testing • Usability testing • Critical incident response procedures • Incident and near-miss reporting systems • eHealth system and program governance

=Safety Risk Assessment=

As of yet there is no structured process or standard for safety risk analysis comparable to the PIA or TRA. General guidance can be obtained from the literature concerning hazard risk assessment and discussions of risk associated with medical devices. Work is underway at ISO Technical Committee 215 to develop safety risk standards associated with the development, deployment and operation of medical software. One promising method for assessing safety risks in health care that can be utilized for eHealth safety risk analysis is Healthcare Failure Mode and Effect Analysis.

=External Links:=

[|ANSI/HE74:2001 - Human factors design process for medical devices] [|Healthcare Failure Mode and Effect Analysis] I[|SO/TS 25238 - Classification of safety risks from health software, 2007]. A draft standard addressing the classification of risks (e.g. low, medium, high). (purchase only) [|Sociotechnologic issues in clinical computing: Common examples of healthcare IT failure]. A website developed and maintained by Dr. Scot Silverstein of Drexel University. The site discusses the safety issues associated with health IT and illustrates a number of case examples. (free) [|Some Unintended Consequences of Information Technology in Health Care: The Nature of Patient Care Information System-related Errors]. JAMIA Mar/Apr 2004 (free) [|Unexpected Increased Mortality After Implementation of a Commercially Sold Computerized Physician Order Entry System]. Pediatrics Dec. 2005. (free) [|Role of Computerized Physician Order Entry Systems in Facilitating Medication Errors]. JAMA Mar.9, 2005 (free) [|Computerized Physician Order Entry: Helpful or Harmful?] JAMIA, Mar/Apr 2004 (free) [|Computer Physician Order Entry: Benefits, Costs and Issues]. Annals of Internal Medicine, July 2003 (free) [|A human factors engineering paradigm for patient safety: designing to support the performance of the healthcare professional] - a focus on designing systems to improve the performance of healthcare professionals and reducing errors. (purchase only) [|Technology, governance and patient safety: Systems issues in technology and patient safety] - a paper on the governance and management of medical devices. (purchase only) [|The Human Factor - Revolutionizing the Way We Live with Technology]- an excellent book by Kim Vicente that outlines the theory and practice of human factors engineering. Lots of anecdotal stories. Very readable. (purchase only)