Even when their products are implicated in harm to patients, manufacturers of health IT have wide contractual and legal protection that renders them virtually "liability-free," according to a March 25 commentary in the Journal of the American Medical Association.
The current system needs to be changed so that all liability does not rest entirely with physicians, nurses, hospitals and clinics, even when these users of faulty health IT scrupulously follow vendor instructions, according to Ross Koppel, PhD, of the University of Pennsylvania School of Medicine in Philadelphia, and David Kreda, a software designer.
The health IT industry avoids liability by relying on a legal doctrine known as "learned intermediaries" that holds these groups responsible for health IT errors because are presumed to be able to identify-and correct-medical mistakes generated by software faults, according to the authors.
"Health IT vendors claim that, because they cannot practice medicine, clinicians should be accountable for identifying errors resulting from faulty software or hardware," Koppel said. "But errors or lack of clarity in health IT software can create serious, even deadly, risks to patients that clinicians cannot foresee."
In one example, a trauma team did manage to catch an error in a piece of faulty vendor software that miscalculated intracranial pressures. Had they not, patients would have been severely threatened and the hospital would have been responsible for the resulting harm. "From an equity standpoint," Koppel said, "This is unacceptable."
Other examples of internal software mistakes include confusing kilograms and pounds used to derive medication doses based on a patient's weight, and software that erroneously removes warnings about fatal drug allergies. In both cases "learned intermediary" clauses hold that clinicians are responsible for noticing the mistake before prescribing.
Equally unfortunate and unacceptable, according to Koppel, are the provisions in most health IT contracts that prohibit healthcare organizations from openly disclosing any problems caused by vendor software, even to the other licensees using the same products, e.g., clinicians and hospitals. Such stipulations defeat patient safety efforts and are contrary to the principles of evidence-based medicine, says Koppel.
The authors also identified circumstances where health IT vendors should not be held accountable for patient safety failures arising from their products' misbehavior, e.g., user misuse and medical circumstances not knowable in advance.
"Legal and contractual changes must not reduce incentives to vendor innovation," said Koppel. "We must achieve a better balance among patient safety concerns, fairness to clinicians, vendor responsiveness, and vendor marketing."
The authors suggested moving the industry toward this balance may require several changes to the status quo, including:
- Granting additional power to set rules affecting health IT contract terms to state and national organizations with responsibility for inspecting hospitals;
- Professional medical organizations taking a stand that health IT contracts containing blanket "hold harmless/learned intermediary" clauses are inconsistent with professional practice. Vendors would then have to focus more strongly on patient safety concerns;
- Ongoing lobbying of Congress by healthcare professionals and their associations for changes in federal law that would recognize a range of health IT vendors' safety responsibilities-much as with auto manufacturers and seatbelt laws; and
- Altering legal standards to facilitate rather than frustrate disclosure of health IT product shortcomings that have patient safety implications.