Earlier this month, the Centers for Medicare and Medicaid Services (CMS) announced that nearly $2 billion has been paid out in electronic health record (EHR) adoption incentives as of the end of November. In 2009, the US government, as part of the American Recovery and Reinvestment Act of 2009, set aside nearly $30 billion to support EHR adoption in the US. Eligible Medicaid professionals can get up to $63,750 over six years (eligible Medicare professionals up to $44,000 over five years) in incentive payments if they can meet certain technological certification as well as healthcare practice criteria called "meaningful use."
According to a story in Government Health IT, so far the CMS has made EHR incentive payments to 12,070 Medicaid providers (amounting to $916.3 million) and 10,556 Medicare providers (amounting to $920.3 million). Government Health IT also reports that:
"... 115,093 physicians and hospitals are [currently registered] in the Medicare incentive program; 39,503 physicians and hospitals are in the Medicaid program; and 2,634 hospitals are registered for both the Medicare and Medicaid programs."
As more physicians and hospitals adopt EHRs, the more operational risk issues surface. In mid-December, the RAND Corporation in cooperation with the University of Pennsylvania School of Medicine, Kaiser Permanente-Colorado and the American Health Information Management Association Foundation released an EHR "Unintended Consequences Guide" which is available from the US Agency for Healthcare Research and Quality web site.
The guide, says RAND, is aimed at helping "... hospitals and other health care organizations anticipate, avoid and address problems that can occur when adopting and using electronic health records." Some common unintended consequences the guide addresses are:
- More work for clinicians
- Unfavorable workflow changes
- Never-ending demands for system changes
- Conflicts between electronic and paper-based systems
- Unfavorable changes in communication patterns and practices
- Negative user emotions
- Generation of new kinds of errors
- Unexpected and unintended changes in institutional power structure
- Over-dependence on technology
I must admit that I am a bit mystified by what qualifies to be an "unintended consequence" of EHRs since all of the above issues have been discussed for years in the medical as well as computer literature, including by myself here in IEEE Spectrum as a direct consequence of EHR implementation and use. What is interesting is that other issues, e.g., like protecting the security/privacy of electronic health records, do not seem to be mentioned in the guide at all. I'll return to this subject in a few moments.
Another so-called "unintended consequence" missing from the list is "doctoring while distracted," i.e., doctors and other healthcare professionals paying too much attention to their EHR system or other digital devices and not enough to their patients. Sometimes it has to do with doctors having to futz with inputting information into the EHR system, and losing eye contact with their patients (PDF).
Other times, it's being tempted to just forget the patient is there are all. There was an article in the New York Times just two weeks ago about distracted doctors and other health care workers that contained some troubling examples. For instance:
"A peer-reviewed survey of 439 medical technicians published this year in Perfusion, a journal about cardio-pulmonary bypass surgery, found that 55 percent of technicians who monitor bypass machines acknowledged to researchers that they had talked on cell phones during heart surgery. Half said they had texted while in surgery."
The Times article also quoted a Yale-New Haven Hospital anesthesiologist and medical director in one of its surgical intensive care units as saying that when he uses the computers in the intensive care unit, he find that his colleagues have been using them for shopping on Amazon, eBay, and the like: "You name it, I've seen it."
Then there was the administrative director of the 24 operating rooms at the Oregon Health and Science University hospitals who even had to "... reprimand a nurse he saw checking airline prices using an operating room computer during a spinal operation." And this occurred after, the Times said he had, "... established a policy to make operating rooms 'quiet zones,' banning any activity that was not focused on patient care."
The potential benefits of health IT may be great, but the risks seem to be downplayed or willfully ignored. Another New York Times article, this time from last week, discusses the rise in data breaches involving medical records as they increasingly become digitized. Over 10 million US medical records were involved in data breaches in 2011, according to the Privacy Rights Clearinghouse, with many of the 2011 top-ten US IT data breaches being recorded in healthcare.
And according to a story at Bloomberg's BusinessWeek, no one should be too surprised by the data breaches either. The BusinessWeek story states that as physicians and hospitals rush to cash in on the CMS EHR incentives, resources are not being allocated to making sure that the EHR systems being put into place are secure. For instance, BusinessWeek says that a survey by the Ponemon Institute showed that while 81% of health organizations said "... they use mobile devices to collect, store and transmit patient records... 49 percent of participants admit their organizations do nothing to protect these devices."
Dr. Larry Ponemon, President of the Ponemon Institute, is quoted in the BusinessWeek story as saying in regard to heath IT security:
"It’s definitely not getting better. What we see on the people side, on the technology side and on the governance practice side for health-care organizations is that security doesn't seem to be their priority."
Finally, in kind of Sherlock Holmes "the dog that did nothing in the nighttime" sort of way, I have not seen any news reports in 2011 of EHR implementation failures. Prior to the 2009 US government incentive program, EHR implementation failures of 35% or greater were being reported.
I've been given to wondering whether EHR implementation success is now reaching 100% through the magic elixir of government incentives?
This "curious incident", using Holmes' characterization, is one that I intend to explore in 2012. If you come across any publicized US-based EHR implementation failures, please let me know.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.