What if your hospital couldn’t reliably perform any of the top three Hospital National Patient Safety Goals, as specified by the Joint Commission, above – because their EHR system was down?
Starting at 4 AM on Saturday, December 5, 2015, the EHR system supporting a very large health system went totally dark, due to what’s been communicated to staff members as a “fatal corruption” of its system. 36+ hours later, the EHR is still not back and let’s be honest; this could happen to any health system that’s not prepared.
This health system chose to go “paperless” several years ago, migrating all policies, procedures, and training to maximize the investment in the EHR and related technologies. If there are formal emergency procedures to follow in case of prolonged EHR outage, they have not been communicated to the entire staff, nor are they readily available in printed form anywhere in the affected facilities.
The majority of the clinician support staff members have not worked at the facilities long enough to have worked with paper charts, paper-based ordering procedures, or handwritten progress notes.
New patient medical record numbers cannot be generated. Existing patient medical record numbers cannot be retrieved. New account numbers, which specify an encounter within the health system, cannot be generated.
Existing patient records, including all test results, cannot be accessed. External labs, radiology, and imaging cannot be received electronically, and must be faxed – if possible. Some tests do not have print capability. Medication administration and other critical process details have only been documented in the EHR; for patients involved in an encounter that started prior to the system failure, there is no way to know for certain what tests were run, vital signs were taken, or medications were administered before the EHR outage began.
Electronic ordering – for labs, radiology, medication – cannot be initiated. Even if it could, order fulfillment is supposed to be linked to the patient account numbers that cannot now be generated. Medication procurement and dispensation is tied to scanning of patient wrist-bands that link to the account number. Manual override of the lock on the medication storage facility is possible, but the procedures to document medication dispensation and disposal do not include provisions for paper-based emergency handling.
Institutional protocols, which specify how a particular complaint is to be tested and treated, have been migrated to the EHR, so that a clinician can order a battery of tests for “X” condition with a single click. Institutional protocols change regularly, with advancements in science, clinical practice, and institutional policies. Staff members are trained to order by protocol; continuing education on the intricacies of each test, level, and sequence of events within these protocols has fallen by the wayside. The most recent print-out for a common protocol – anticoagulation in obese patients using heparin – is dated 2013; the staff has no choice but to follow the known-to-be-outdated information.
Prior authorization, referrals, prior justification, and precertification procedures, in which the insurance company gives the provider “permission” to take certain actions – medication prescription, specialist referral, surgery or procedure, hospital admission – require medical records transmission and excruciatingly specific coding machinations in order to obtain explicit approval, and submit a claim.
Transition-of-care and care coordination activities are severely impacted, as medical records transfer and insurance-related actions (such as referrals and precertification) are required to initiate and support the transition – and most information is wholly unavailable.
Every health system function is negatively impacted. The financial, legal, and reputational cost of this incident will be severe.
The Joint Commission duly notified you of the risks, in March 2015’s Investigation of Health IT-Related Deaths, Serious Injuries, or Unsafe Conditions.
Finding significant risk associated with health IT dependency, the Joint Commission subsequently warned you by issuing a Sentinel Alert over EHR Risks in April 2015.
Patient safety is not just a risk: it is an issue. There is no doubt that multiple adverse events will occur.
You knew this could happen. You were required to have a plan to address when – not if – this happened. As Lisa A. Eramo wrote in her piece, “Prepare for the Worst,” in For the Record magazine, the Joint Commission (not to mention HIPAA/HITECH Omnibus Final Rule section 164.308) requires compliance with its Disaster Preparedness and Response standards of care in order for a facility or system to receive and maintain accreditation. And this large health sysetm has multiple facilities with Joint Commission accreditation which are now scrambling to locate current clinical practice guidelines, institutional protocols, alternative insurance medical review board procedures, and even paper prescription pads because those standards of care were not met in the real world.
Someone, somewhere, had a plan. But, ironically enough, it existed only on paper.
Have we forgotten that business continuity planning for a healthcare system should include how health care continues, with or without electronic assistance?
Have we forgotten how to practice medicine beyond the EHR?
The information below constitutes excerpts from the Joint Commissions Investigation and Sentinel Alert referenced above.
As published March 30, 2015, which led to Sentinel Event Alert for EHR issuance in April, 2015.
Joint Commission Sentinel Alert over EHR Risks – abstract by The Advisory Board Company:
It stated that EHRs “introduce new kinds of risks into an already complex health care environment where both technical and social factors must be considered.”
The alert cited an analysis of event reports received by the Joint Commission showing that between Jan. 1, 2010, and June 30, 2013, hospitals reported 120 health IT-related adverse events. Of those errors:
- About 33% stemmed from human-computer interface usability problems;
- 24% stemmed from health IT support communication issues; and
- 23% stemmed from clinical content-related design or data issues.
The alert added, “As health IT adoption spreads and becomes a critical component of organizational infrastructure, the potential for health IT-related harm will likely increase unless risk-reducing measures are put into place.”