As patients, have we ever thought that issues with Healthcare IT systems like Electronics Health Record (EHR) and its components such as Computerized Physician Order Entry (CPOE), Electronic Medication Administration Record (e-MAR), Clinical Decision Support (CDS) system, etc. could lead to death, permanent loss of a bodily function or other serious injuries? A study commissioned by the Joint Commission revealed that, if not careful, these systems have indeed led to serious health hazards. The study obviously excluded many more close calls! Some of the results are summarized in the figure below.
Because many of such adverse events haven’t regularly been reported in the best possible way until recently, general awareness around the topic is limited. Knowledge of the adverse events, however, shouldn’t discourage us from using Health IT (HIT) systems or believing in merits of the Internet of Things (IoT) trend. In fact, some studies suggest that full potential of IoT should deliver as much as $60B value in the US from increased efficiency and improvements in quality of care. Benefits certainly ought to outweigh drawbacks! Goal here is to develop practices that minimize adverse events and maximize the value that IoT, HIT and the increased connectivity have to offer.
A recent MediTechSafe whitepaper (Need Holistic Approach to Cybersecurity of Medical Devices and Networks … Reinforcement from WannaCry Attacks!) talked about the importance of developing clinical verification & validation (V&V) practices for Medical IT network in a hospital environment during design, implementation, update and/or remediation phases. In fact, clinical V&V should be an essential component of the patch management process when the device being patched is a networked device. The paper talks about treating a network like a Class I medical device when clinical data flows bi-directionally through the network to ensure patient safety and clinical relevance. According to an ECRI Institute study, top five safety issues from HIT events are: (1) system interface issues, (2) wrong input, (3) software issues in system configuration, (4) wrong record retrievals, and (5) software functionality issues. Good V&V practices in a hospital environment should certainly help in managing many of these.
Erin Sparnon, Engineering Manager from ECRI Institute, provided following real examples of how adverse events could occur if one is not careful in HIT integration. She shared these examples via her IHE USA presentation: Ensuring Patient Safety in Your Connected Hospital. The examples clearly speak to the value of performing clinical V&V before commissioning and/or making a change to a HIT network.
1. Wrong therapy due to unsynchronized timestamps
The following example only represents one of many potential scenarios that could create patient care challenges due to network imposed latency. Hence, it is good to test for various clinical use-cases and workflows in consultation with clinicians in a safe environment before commissioning / updating / remediating a network.
2. An update/patch disrupted predetermined surgery procedure
Hospitals have many devices that have to be patched on a regular basis. The following example shows how those updates/patches should be validated in a given hospital’s network environment before implementation.