Loss of patient data and prescription errors are just two potential safety risks associated with health IT (HIT) adoption. As the FDA examines these issues, the agency is questioning how to better regulate this new electronic field and which branch of government oversight is best suited to monitor such safety concerns.

In a meeting last week of the HIT Policy Committee—Adoption/Certification Workgroup, Jeffrey Shuren, director of the FDA’s Center for Devices and Radiological Health, outlined some of the health and safety risks associated with HIT. Over the last two years, the FDA has received 260 reports of HIT-related malfunctions that could have potentially caused bodily harm, and did actually injure 44 people and kill another six, Shuren said.

These figures were supplied to the FDA voluntarily by patients, clinicians, and user facilities, so they may “represent only the tip of the iceberg in terms of the HIT-related problems that exist,” he said.

Shuren said these adverse events fall into four categories:

• Errors of commission, such as accessing the wrong patient’s record or overwriting one patient’s information with another’s;

• Errors of omission or transmission, such as the loss or corruption of vital patient data;

• Errors in data analysis, including medication dosing errors of several orders of magnitude; and

• incompatibility between multi-vendor software applications and systems, which can lead to any of the above.

“Given the FDA’s regulatory authorities and analytical tools, we could potentially, at a minimum, play an important role in preventing and addressing HIT-related safety issues, thereby helping to foster confidence in these devices," said Shuren.

He suggested the FDA could take three possible approaches in dealing with HIT-related safety concerns:

• Focus on postmarket safety by requiring HIT device manufacturers to electronically register and list their HIT devices, and to submit Medical Device Reports (MDRs) to the FDA.

• Require that HIT device manufacturers also adhere to FDA’s Quality Systems Regulation.

• Apply FDA’s traditional regulatory framework to HIT device manufactuers, in which they would be required to meet all the same regulatory requirements—such as risk-based premarket review—as other, more traditional devices.

Shuren was one of several panelists providing testimony to the HIT Policy Committee—Adoption/Certification Workgroup. Ross Koppel, PhD, a principal investigator at the Center for Clinical Epidemiology and Biostatistics at the University of Pennsylvania School of Medicine, testified that through his research he has identified about 80 specific patient safety risks associated with HIT.

Koppel said the major cause of those HIT safety risks is a “rush to market and a locked-in customer.” Hospitals that buy expensive HIT systems are going to be locked in to those systems, even if better systems become available. In addition, Koppel said vendors in those cases will not be motivated to fix system problems or provide system updates.

Gilad Kuperman, MD, PhD, associate professor of biomedical informatics at Columbia University testified that patient safety risks can occur in several categories, including: reviewing patient data, entering orders, documenting notes, communication, clinical decision support and IT-workflow integration.

The hearing last week took place just one day after Sen. Chuck Grassley, R-Iowa, sent a letter to Secretary of Health and Human Services (HHS) Kathleen Sebelius asking what HHS is doing to ensure that the implementation of HIT systems is being reviewed and monitored for patient and safety concerns.

Grassley told Sebelius that while he “strongly” agrees that HIT has the potential to prevent medical errors and improve the efficiency and effectiveness of healthcare delivery, “I also have been surprised by the lack of discussion about patient safety concerns when, for example, HIT products are not functioning properly or when they are being used incorrectly.”

Among the questions Grassley is asking Sebelius to address is whether the FDA has sufficient authority to regulate HIT products, if the FDA’s role in this regard needs to be further clarified and if “additional authorities” are necessary to adequately oversee HIT products."

Grassley also sent a letter to the Healthcare Information and Management Systems Society (HIMSS) asking “for its perspective on oversight of new information technology initiatives in healthcare.”