The provision of healthcare is remarkably information intensive. A large integrated healthcare system processes twice as many computerized transactions each day (approximately 10 million) as the NASDAQ stock exchange (5 million) processes.

But high volume is just the beginning. Consider the task of tracking a single patient’s current diseases, past medical history, medications, allergies, test results, risk factors, and personal preferences (such as for cardiopulmonary resuscitation). Tricky? Sure, but now do it over months or years, and then add in the fact that the patient is seen by many different providers, scattered across a region.

Want more? To make payment decisions, the insurer needs access to some of this information, as does the source of the insurance, which in the United States is often the patient’s employer. But, because of privacy concerns, both should receive only essential information; to tell them of the patient’s HIV status, or her psychiatric or sexual history, would be highly inappropriate, damaging, and possibly illegal.

Now let’s make it really hard. Assume that the patient is in a car accident and taken to an emergency department (ED) in a nearby state, where she is stabilized and admitted to the hospital. Ideally, the doctors and nurses would see the relevant clinical details of her past history, preferably in a format that highlighted the information they needed without overwhelming them with extraneous data. Orders must be processed instantaneously (none of “the system is down for planned maintenance” or “orders are processed on the next business day” so familiar from commercial transactions). During the patient’s hospital stay, not only would there be seamless links among all of the new observations (the neurosurgeon can easily view the ED doctor’s notes; the resident can quickly find the patient’s vital signs and laboratory studies), but also the various components would weave together seamlessly. For example:

• The system would prompt the doctor with information regarding the appropriate therapy or test for a given condition (along with links to the evidence supporting any recommendations).
  
• The system would warn the nurse that the patient is allergic to a medicine before she administers it.
  
• The system would tell the doctor or pharmacist which medications are on the formulary and steer them to the preferred ones.

Meanwhile, the vast trove of data being created through this patient’s case—and millions of others like it—would be chronicled and analyzed (“mined”), searching for new patterns of disease, evidence of preferred strategies, and more. All of this would be iterative—as new information emerged from this and other research about disease risk factors or best practices, it would seamlessly flow into the system, spurring the next patient’s care to be even better.

Contrast this vision of information nirvana with the prevailing state of most doctors’ offices and hospitals.1,2 Information is stored on paper charts, and thus unavailable to anyone who lacks physical possession of the relevant piece of paper (in some cases, the notes are sufficiently illegible that even physical custody of the paper does not insure information access). Notes are entered as free text, not in a format that facilitates analysis or productive interaction with other pieces of system data. When the patient moves across silos—from outpatient to inpatient, from state to state, from hospital to hospice—crucial information rarely moves with her. Communication of facts (e.g., medication lists, allergies, past medical history), which should be streamed through the system, instead lives at the mercy of person-to-person interactions or a haphazard pinball game of photocopies bouncing from place to place.

Even at the level of the individual practitioner, the impact of this chaos is profoundly demoralizing, wasteful, and dangerous. Just watch a nurse take a patient’s vital signs on a typical hospital ward. The nurse looks at the numbers on the screen of a digital automated blood pressure cuff: 165/92. She records them on an index card (or, sometimes, on her forearm or the cuff of her scrub suit), hopefully next to the correct patient’s name. Later, she returns to the nurses’ station and transcribes these numbers (again, hopefully belonging to the correct patient) onto the appropriate place in the chart (hopefully the right chart). Then, in a teaching hospital, an intern transcribes these vital signs onto another index card (or maybe, these days, an iPad) during morning rounds. He presents these data to his resident and later to his attending, who each do the same thing. Eventually, each of these practitioners writes, or dictates, notes for the medical record. Any wonder that this information (which, you’ll recall, began life in digital form!) is frequently wrong? Or that busy healthcare professionals find that huge chunks of their valuable time are squandered? Or that the patient has the sense (particularly after she has been asked the same question by 10 different people) that the right hand has no idea what the left hand is doing?

Why has healthcare, the most information intensive of industries, entered the modern age of computers so sluggishly, reluctantly, and haphazardly? Part of the reason is that, until recently, the business or clinical case for healthcare information technology (HIT) was far from ironclad. Such justification was needed because HIT is extraordinarily expensive (about $50,000 per doctor in an ambulatory office, and up to $150 million to completely wire a large teaching hospital), unreimbursed, and extremely challenging to implement. Moreover, until the past few years, most healthcare computer systems were relatively clunky and user unfriendly, in part because the market for them was too weak to fund the research and development and generate the user feedback and refinement cycles needed for complex systems to mature.

We are now at a turning point for HIT. The patient safety movement has catalyzed the widespread recognition that a robust computer scaffolding is absolutely essential to efforts to improve quality, safety, efficiency, and coordination of care. There are striking examples of successes, such as that enjoyed by the huge Veterans Affairs (VA) system, whose early adoption of electronic health records (EHRs) and computerized provider order entry (CPOE) sparked a substantially improved quality of care.3 A large and convincing literature demonstrates that well-designed and implemented electronic systems can lead to significant benefits for systems and patients.4–8

At the same time, there is a more troubling, though not entirely surprising, side of the story. A decade ago, my colleagues and I openly worried that the early glowing evidence about HIT’s benefits had come from a handful of institutions that had lovingly built their own systems, had highly committed leaders, and had invested heavily in computerization.9 As Shojania and I wrote in our 2004 book Internal Bleeding:

But the average hospital will not share these conditions, any more than your local Gilbert and Sullivan troupe resembles the Metropolitan Opera … More than one CIO has tried to airlift a commercial system into her hospital, then stood scratching her head at how slick the system seemed to be during the vendor’s demo, and how poorly it performed in real life.10

As you’ve already seen, our suspicions—that the implementation of commercial IT systems at thousands of hospitals and hundreds of thousands of ambulatory offices might not go quite so smoothly—have, sadly, been proven correct. A growing literature tells stories of HIT implementation failures, unanticipated consequences, and even harm.11–16 It is a sobering but useful tale, one that highlights the immense challenges of fundamental change in complex adaptive systems (Chapter 2), the critical need to use human factors design principles (Chapter 7), and the overwhelming complexity of the task itself.

This chapter will describe the main types of HIT systems, some of their safety advantages (Table 13-1), and some of the problems—including new kinds of errors—they can create. Because HIT addresses so many safety targets and is a component of so many solutions, considerable information about HIT’s role in specific areas can also be found throughout the book.

Because most medical errors represent failures in communication and data transmission (Figure 9-3), computerization of the medical record would seem like a safety lynchpin. (While the old term was “electronic medical record” [EMR], the term “EHR” is generally preferred, since it emphasizes the role of the patient in viewing and even contributing to the record and the fact that the EHR may chronicle and even influence health status, not just a patient’s medications and diagnoses.) But to realize this benefit, attention must be paid to a variety of system and user factors. The system factors include the ease of use, the speed with which data can be entered and retrieved, the quality of the user interface, and the presence of value-added features such as order entry, decision support, sign-out and scheduling systems, links to all the necessary data (e.g., x-rays and electrocardiograms), and automatic reports. The user factors primarily relate to the training and readiness of the provider and nonprovider workforce (Chapters 7 and 16).

User efficiency is particularly important. Despite the hope that computerization would save time for providers, emerging evidence indicates that the opposite is often true, particularly for physicians.17 Some of this cost in time may be repaid in more efficient information retrieval, but increasing attention will need to be focused on facilitating workflow. (Remember that digital blood pressure reading?—in the “wired” hospital, it will magically leap from blood pressure machine into the EHR, where it can be seamlessly imported into each provider’s note.) Effective systems will, of course, provide huge efficiency benefits to administrators, researchers, and insurers by capturing data in standardized formats and allowing electronic transmission.

Unfortunately, this facilitated movement of bits and bytes has a dark side, in the form of the “copy-and-paste” phenomenon. One tongue-in-cheek essayist captured the problem beautifully:

The copy-and-paste command allows one day’s note to be copied and used as a template for the next day’s note. Ideally, old information and diagnostic impressions are deleted and new ones added. In reality, however, there is no deletion, only addition. Daily progress notes become progressively longer and contain senescent information. The admitting diagnostic impression, long since discarded, is dutifully noted day after day. Last month’s echocardiogram report takes up permanent residence in the daily results section. Complicated patients are on “post-op day 2” for weeks. One wonders how utilization review interprets such statements.18

A study of 167,000 computerized records in the U.S. Department of Veterans Affairs (VA) healthcare system found that physical examinations were completely copied (from one author to another) in 3% of the charts.19 Some IT systems can disable the copy-and-paste function, although this may be unacceptable to providers (some information really does remain static from day to day, and having to retype or redictate it is wasteful and annoying), and resourceful providers can usually find a way to bypass such restrictions anyway.20 In the end, copy-and-paste is like many elements of patient safety, in that introducing structural changes without ensuring that caregivers possess the requisite education and professionalism is likely to lead to new types of mischief, or even harm.

One important choice for EHR developers is the use of structured versus unstructured data. Physicians, in particular, have always preferred entering data as unstructured prose (captured through typing, transcription services, or increasingly, speech recognition software), which has the advantages of ease of use and familiarity, and is consistent with the long tradition of “telling the patient’s story.”21,22 On the other hand, unstructured data are difficult to analyze for patterns, to use to support quality improvement and public reporting activities, and to link to computerized decision support. Structured, or coded, data (captured via templates or automatically fed into the EHR after being recorded by electronic devices) can support these functions, but they fail to comport with clinicians’ mental model for data acquisition and analysis. Ongoing research is attempting to identify the best mix of structured and unstructured EHR inputs, and to develop new ways (through “natural language processing”) to mine narrative prose for key data elements.22 It is likely that high-quality EHRs of the future will combine the best of both types of data capture and analysis.

An important advance in EHRs is the ability to promote patient engagement (Chapter 21). At the very least, allowing patients access to their laboratory data and giving them the ability to schedule their own appointments represents real progress.23 But patients, who are increasingly accustomed to managing their own affairs (financial, travel, dating) with the support of electronic systems, are interested in new kinds of tools to help with their medical care and overall health.24 Many patients now keep personal health records (PHRs), although a minority do so electronically. Future developments in this area are likely to weave patient- and provider-facing electronic systems together, facilitate new kinds of information flow and communications (e-mails, text messaging, video consultations, and more), and raise a host of issues surrounding reimbursement, privacy, data integrity (what happens when the provider and patient disagree about what should be in a jointly created record?), and more.25,26 Obviously, the implications of this on patient safety will be profound, with the capacity both for great leaps forward and some new hazards.

EHRs raise yet another challenge, one that is even more profound. As the physician-writer Abraham Verghese has observed, clinicians’ focus is increasingly centered on the data in the computer, sometimes at the cost of the human connections so fundamental to the practice of medicine and the art of healing. After discussing the traditional approach to patients, in which “the [patient’s] body is the text,” Verghese writes of a new, more expedient approach that he sees in today’s trainees:

The patient is still at the center, but more as an icon for another entity clothed in binary garments: the “iPatient.” Often, emergency room personnel have already scanned, tested, and diagnosed, so that interns meet a fully formed iPatient long before seeing the real patient. The iPatient’s blood counts and emanations are tracked and trended like a Dow Jones Index, and pop-up flags remind caregivers to feed or bleed. iPatients are handily discussed (or “card-flipped”) in the bunker [the conference room where the team does its work], while the real patients keep the beds warm and ensure that the folders bearing their names stay alive on the computer.27

Taking full advantage of the remarkable potential for EHRs to improve safety and quality while heeding Verghese’s cautionary tale may be one of the most subtle yet important challenges facing caregivers in the modern age.

Because the prescribing process is one of the Achilles’ heels of medication safety (Figure 4-3), efforts to computerize this process have long been a focus of safety efforts. In 1998, Bates et al. demonstrated that a CPOE system with decision support reduced serious medication errors by 55%, mediated by improved communication, better availability of information, constraints to prevent the use of inappropriate drugs, doses, and frequencies, and assistance with monitoring.4,28 Another study of more sophisticated decision support found an 83% reduction in medication errors.29 The advantages of CPOE over paper-based systems are many; in addition to those listed in Table 13-2, the installation of CPOE systems inevitably leads organizations to standardize chaotic processes (the equivalent of cleaning out your closet before moving), which has its own safety benefits.4

Much of the value of CPOE systems comes from identifying out-of-range results or potentially unsafe interactions, and rapidly alerting providers so that they can decide whether their plan is correct.30 For example, a CPOE system can alert a provider to a potentially fatal medication–allergy interaction (Figure 13-1) or a potentially dangerous laboratory result (Table 13-3). These systems can also be used at the healthcare system level to identify and track errors via trigger tools (Chapters 2 and 14).

In addition to helping clinicians avoid mistakes, CPOE systems can suggest actions that should always accompany certain orders. These “corollary orders” should be second nature, but our memories are fallible and we sometimes forget to check a creatinine and potassium after starting an angiotensin-converting enzyme (ACE) inhibitor, a digoxin level after beginning digoxin, or a glucose level after starting insulin. In one study, clinicians were twice as likely to accept a computerized prompt for a corollary order than they were to place the order without the prompting.31 I’ll say more about these functions—which go under the general name of clinical decision support systems (CDSS)—later in this chapter.