Abstract: of “Roadmap for Provision of Safer Healthcare Information Systems: Preventing eIatrogenesis” Joan S. Ash, Ph.D., M.L.S., M.B.A.; Charles M. Kilo, M.D., M.P.H.; Michael Shapiro, M.A., M.S.; Joseph Wasserman, B.A.; Carmit McMullen, Ph.D.; William Hersh, M.D. BACKGROUND AND METHODS e-Iatrogenesis, defined as “patient harm caused at least in part by the application of health information technology” (Weiner et al., 2007), is of increasing concern as more and more hospitals are implementing health information systems (HIS). This report assesses how HIS can be designed, developed, implemented, monitored, and maintained to maximize safety. We specifically focus on hospital electronic health records (EHRs), clinical decision support (CDS), and computerized provider order entry (CPOE) systems. This white paper is intended to provide background for an Institute of Medicine (IOM) report on how the use of health information technology affects the safety of patient care by answering the following IOM-posed questions: • What are the risks of health care information systems that arise from workflow and related issues? • How have organizations acted to implement health care information systems safely? • What are the impacts of customization on safety? • What is the industry approach to managing change and customization? A recent literature review by Harrington et al. (2011) has summarized the EHR safety literature, so we first reviewed all papers cited in their report. Of their 43 references, we identified 37 that were relevant to the scope of this article. We analyzed the bibliographies of these selected papers and performed a reverse bibliography search on the articles deemed most relevant and published since 2000. In total, we identified over 100 sources relevant to the scope of this report. We then targeted topics for which published evidence was lacking and conducted several interviews with experts to help fill the knowledge gaps. 1 Full commissioned paper can be found in this project’s Public Access File. C-2 HEALTH IT AND PATIENT SAFETY PREPUBLICATION COPY: UNCORRECTED PROOFS RESULTS What Are the Risks of Health Information Systems That Arise from Workflow and Related Issues? We found seven publications (Chuo and Hicks, 2008; Joint Commission on Accreditation of Healthcare Organizations, 2008; Magrabi et al., 2010; Myers et al., 2011; Santell et al., 2009; Walsh et al., 2006; Zhan et al., 2006) presenting results of assessments of e-iatrogenic risk. All are studies of large databases of reported errors and they consistently indicate low levels of HISrelated risk, under 1 percent of all errors. All point to the need for human diligence when using HIS. Specifically, they indicate that HIS-related errors are due to inadequate staffing levels, lack of user experience, mislabeled bar-codes on medications, human distraction, inaccurate data entry, system downtime, and missing data. How Have Organizations Acted to Implement Health Information Systems Safely? Prior to implementation, health care organizations can mitigate risk. There is a large literature base devoted to the risks inherent in commercial EHR systems, and also warnings about their impact on workflow. Many publications offer guidance to hospitals about assessing workflow, selecting systems for purchase, conducting simulation tests, training, and other mechanisms for ensuring safe HIS implementation. Numerous publications exist to guide the implementation process itself, but there are also several pointing to the risks of rapid implementation without appropriate preparation. Finally, after implementation, continuous monitoring and improvement can mitigate safety risks. What Are the Impacts of Customization on Safety? The literature indicates that customization of the EHR to fit local situations seems to be necessary for many reasons, but there is scant research on how much customization or what form of customization is needed to optimize EHR use and what the risks are from either too much or too little customization. The content of CDS likewise needs adaptation, especially to avoid alert fatigue. Any customization must be done with care so that system upgrades can be accommodated. What Is the Industry Approach to Managing Change and Customization? The current industry approach is fragmented; a report sponsored by the Agency for Healthcare Research and Quality describes a wide variety of vendor practices related to usability of systems (McDonnell et al., 2010). Because purchasers must usually customize systems to fit local workflows and regulations, HIS safety depends on a combination of industry and local diligence.