How to Fix EMRs: Shoreline Pools, Electronic Medical Records and Criminally Negligent Homicide

There are many parallels between the health IT sector (with known injuries and deaths [1]; deliberate lack of regulatory enforcement in part due to regulatory capture [2]; willfull blindness and special pleadings by vendors and purchasers regarding the dangers of the devices [3]; 'certification' standards that ignore safety [4], and other cavalier practices), and this tragic story below:

Swimming pool maker pleads guilty to criminally negligent homicide

Source: Claims Journal "Pool Company Admits Guilt in Connecticut Boy's Drowning" John Christoffersen, April 15, 2011

After the tragic drowning of a 6-year-old Connecticut boy in 2007, his parents have brought a lawsuit against the swimming pool company. The lawsuit against Shoreline Pools detailed statistics of pool entrapment deaths and injuries caused by unsafe drains. It presented nationwide evidence that more than 150 adults and children have been seriously hurt or killed in fatal accidents from the lack of automatic pool pump shutdown devices since 1985.

[FDA is well aware of deaths and injuries caused by health IT products, and they admit their data is likely just the 'tip of the iceberg.' See Internal FDA memorandum on HIT risks to Jeffrey Shuren MD JD, Director, Center for Devices and Radiological Health - ed.]

In a court case involving product liability, a designer or manufacturer is held accountable for product safety [except in the deliberately-unregulated health IT sector, that may employ Joint Commission Safety Standard-violating 'gag' and 'hold harmless' contract clauses as well - ed.] and may be separately liable for civil damages when a product is linked to wrongful deaths.

One industry expert speculated that some swimming pool companies may not have been installing the drain safety device on purpose, hoping that the requirements of the state code would be overturned by industry pressure. [That is, regulatory influence and capture - ed.]

Criminal Consequences

The swimming pool company and its president have pleaded guilty to charges relating to the wrongful death of a Connecticut boy who drowned when his arm became trapped in a pool drain. Shoreline Pools and its president admitted guilt for failing to install a required safety device that would have detected a blockage and shut down the drain pump, preventing the boy's death.

Shoreline Pools will pay $150,000 to purchase swimming pool safety ads as part of its court agreement and guilty plea to second-degree manslaughter. A manslaughter charge against the company president was plea-bargained down to criminally negligent homicide [in effect, it probably was second degree manslaughter, but got reduced as a result of court process - ed.], a misdemeanor carrying less consequential weight. The pool company executive, escaping jail time, has been ordered to perform 500 hours of community service and bring 100 swimming pools up to legal safety standards.

At trial, the swimming pool company president said he was not aware of a 2004 state law that mandated the drain safety device [he and the company knew, should have known, or should have made it their business to know, just as health IT companies know, should have known, or should make it their business to know about the toxic effects of their products - ed.] but prosecutors were able to show that the law and the device were both well promoted at trade shows and in safety awareness campaigns among pool manufacturers, even as soon as two full years before the boy's drowning. [Admonitions about heath IT safety risks have been available for far longer - ed.]

Judgments of criminally negligent homicide or manslaughter against the designers and purchasers of clinical IT, and health IT and hospital executives, would go a long way to improving health IT safety.

Such judgments would likely go far further than the typical "community building workshops" and other selective-attendance, "consensus" government committee meetings now underway.

This seems an area wide open for tort actions.

-- SS

[1] Internal FDA memorandum on HIT risks to Jeffrey Shuren MD JD (Director, Center for Devices and Radiological Health). "Not Intended for Public Use." Feb. 23, 2010. (My description/commentary on the memorandum is at this link).

[2] Statements of Jeffrey Shuren, Director, CRDH, Feb. 25, 2010, HHS - Health Information Technology (HIT) Policy Committee Adoption/Certification Workgroup, http://www.emrupdate.com/forums/t/27502.aspx

[3] Statements of Barry Chaiken, MD, MPH, FHIMSS, former Chairman of the Board of health IT trade group HIMSS, see http://hcrenewal.blogspot.com/2010/07/barry-chaiken-md-mph-lets-be-patient.html

[4] Hoffman, Sharona and Podgurski, Andy, Meaningful Use and Certification of Health Information Technology: What About Safety? (October 25, 2010). Journal of Law, Medicine and Ethics; Case Legal Studies Research Paper No. 2010-34. Available at SSRN: http://ssrn.com/abstract=1697587

-- Originally posted at Healthcare Renewal http://hcrenewal.blogspot.com by S. Silverstein, MD

How Academic and Government "Anecdotes Are Not Data" Ideologues Kill People

I'm already receiving comments that, regarding Prof. Jon Patrick's detailed exposé of the dangers of ill-suited-for-purpose ED EHR's, Patrick's observations are:

... not really valid because they're not peer reviewed; they're just anecdotal.

Only an egghead could pen such words.

I always get hives immediately after eating strawberries. But without a scientifically controlled experiment with all the right peer review, it's not reliable data. So I continue to eat strawberries every day, since I can't tell if they cause hives.

I'd already written about anecdotalist refrains at my Mar. 7, 2011 post "Australian ED EHR Study: Putting the Lie to the Line "Your Evidence Is Anecdotal, Thus Worthless" Used by Eggheads, Fools and Gonifs." In that essay I cite Dr. Patrick himself on "anecdotal evidence", regarding which he hit the ball out of the Southern Hemisphere in an editorial in "Applied Clinical Informatics" entitled "The Validity of Personal Experiences in Evaluating HIT."

Aside from the fact that eggheads also don't seem to care about the issues of faulty peer review, especially in profitable biomedical sectors, such as at "The Lancet Emphasizes the Threats to the Academic Medical Mission" with its embedded links, and "Has Ghostwriting Infected The Experts With Tainted Knowledge, Creating Vectors for Further Spread and Mutation of the Scientific Knowledge Base?", there's this simple fact:

Public health catastrophe warnings from responsible sources don't need peer review, they need investigation.

Yes, there were those pesky, off-narrative journalistic reports that the Japanese nuclear reactors were not entirely safe, that Bernie Madoff was a fraud, that mortgages for everyone was not a good idea, that the O-rings couldn't stand sub-freezing temperatures, that the the foam that broke off the Columbia launch tank caused a danger, and that the Titanic didn't have enough lifeboats, but they weren't peer reviewed...so we ignored them. Saved us a lot of money, too.

-- SS

Addendum:

At my post "Real" Medical Informatics: What Does a Problem List of Typical Health IT Look Like, Part 2", I opined:

If the purpose of Medical Informatics is the improvement of healthcare (as opposed to career advancement of a small number of academics through publishing obscure articles about HIT benefits while ignoring downsides in rarified, echo-chamber peer reviewed journals), then:

• Who are the "real" medical informatics specialists, and;
  

• Who are the poseurs?

... researchers like Jon Patrick who address real-world issues of great import to patients on HIT risks, and further go public on the web with their work without the full blessings of some dusty journal (and those like Ross Koppel who also directly address the downsides, and others who make available to the public material such as on blogs like this and this, papers like this and sites like this) are the former.

Those who deem only "peer reviewed" articles worthy of daylight, and everything else - especially and particularly reports of downsides - "anecdotal" (the anecdotalists) are the latter.

I stand by this assertion.

Finally, I ask: at what point does ignoring work such as Prof. Patrick's, if patient harm is caused by the system he reviewed, constitute reckless endangerment and perhaps criminal negligence by hospital and government officials?

-- SS

Addendum Mar. 23:

As if on cue, this story appeared in the WSJ:

March 23, 2011

Japan Ignored Warning of Nuclear Vulnerability

TOKYO—Japanese regulators discussed in recent months the use of new cooling technologies at nuclear plants that could have lessened or prevented the disaster that struck this month when a tsunami wiped out the electricity at the stricken Fukushima Daiichi power facility.

However, they chose to ignore the vulnerability at existing reactors and instead focused on fixing the issue in future ones, government and corporate documents show. There was no serious discussion of retrofitting older plants with the alternative technology

I guess the "vulnerability reports" just weren't peer reviewed, therefore meaningless - or not reviewed by the "right" peers.

This sounds like our own FDA, ONC office and Institute of Medicine (via the Committee on Patient Safety and Health Information Technology), "choosing to ignore" health IT "vulnerabilities" (such as the aforementioned) and focusing on future issues such as comparative effectiveness research, "the common good", etc. instead.

I call this attitude "reckless endangerment" and hope plaintiff attorneys are paying close attention.

-- SS

Health IT and 'High Regulatory Standards': Criminal Negligence for Implementing Defective Systems That Put Data in the Wrong Charts?

Over at the HIStalk blog (a blog whose owner remains anonymous, and who uses an ISP that does not reveal information that could be used to identify him, apparently out of fear of retaliation for controversial stories he posts), the following appeared:

Monday Morning Update 7/12/10

From Holy Smoke: “Re: Cerner. Misidentification incidents have been reported with Cerner PowerChart and Millenium in hospitals in Indiana, Michigan, and others after a Cerner upgrade. Entries are placed in the wrong electronic chart and reviewed data is for the wrong patient.” Unverified. I saw nothing in the FDA’s Maude database, so if it’s happening, customers should file an experience report.

While the reports are "unverified", I can add that the FDA MAUDE database would not show any data if this problem were recent, as I believe MAUDE contributions are reviewed by FDA before posting.

(7/21/10 addendum: various sources confirm this occurred at a religious-denomination hospital chain headquartered in the Great Lakes region of the U.S.)

However, as I wrote in Oct. 2009 at "Our Policy Is To Always Have Unabashed Faith In The Computer ... Except When It Screws Up, And Then It's The Doctor's Fault", the MAUDE database does contain some error reports from this vendor (one of the very few HIT vendors who actually file such reports) such as:

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfRES/res.cfm?id=64345
Cerner Millennium RadNet Auto Launch Study and Auto Launch Report software functionalities. Defects in the Auto Launch functionality make it possible for a mismatch of patient data.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/Detail.CFM?MDRFOI__ID=946706
Patient care delay. The issue involves functionality in cerner millennium powerchart office and powerchart core and affects users that utilize the powerchart inbox and message center inbox. In results to endorse or sign and review, if the user clicks ok and next multiple times in quick succession while attempting to sign a result or a document, the display could lag behind the system's processing of the action, and multiple results or documents could be signed without the user's review. In message center, when clicking ok and next or accept and next, or when deleting or completing messages and moving to the next task, a document could be signed or a message could be deleted without the user's review. Results could be endorsed or documents could be signed without physician review, which could impact patient care. Cerner received communication that a patient's follow-up care was delayed as a result of this issue.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/Detail.CFM?MDRFOI__ID=753029
Microbiology set up a program within the cerner computer system to automate the reporting system for hsv (herpes simplex virus)testing. The system was tested with the assistance of cerner and found to be working appropriately. The new system was operational for approximately 3 weeks when it was determined that the first word of the sentence, "no" was inappropriately dropping off of the following sentence: "no herpes simplex virus type 1 or herpes simplex virus type 2 detected by dna amplification. " as such, two of five patients were incorrectly informed that they had hsv before the error was detected. One had started an antiviral creme treatment. The other three did not have follow-up visits until after the correct results were determined. Cerner has looked at the program and has not provided an answer for the system issue. In the interim, the previous manual review and entry process is being used.

Assuming the current reports from anonymous whistleblower "Holy Smoke" are true, I note the following.

My observations apply to any vendor and/or healthcare organization that puts defective HIT into use in patient care--

At my April 2010 post "Healthcare IT Corporate Ethics 101: 'A Strategy for Cerner Corporation to Address the HIT Stimulus Plan'", I'd written:

A profoundly disappointing lesson in the ethics of the healthcare IT sector (and the B-schools as well) can be gleaned from the following, a paper written by a Cerner employee and two health industry colleagues for a Duke Fuqua School of Business course.

The course is "Health Economics & Strategy (HLTHMGMT 326), Distance Executive MBA" (syllabus here in PDF) ... The paper is entitled "A STRATEGY FOR CERNER CORPORATION TO ADDRESS THE HIT STIMULUS PLAN."

The paper was scrubbed from the Duke Fuqua School of Business Site on or around April 16, 2010 but a cached copy is available here. In that paper what I believe is a combination in restraint of trade was suggested:

This paper seeks to clarify these implications [of the the economic 'stimulus' package - ed.], understand the strengths and weaknesses of various players in the industry and recommend a strategy for Cerner Corporation to maximize its profit from the stimulus package and thereby secure a dominant position in the HIT industry.

... We recommend that Cerner collaborate with other incumbent vendors to establish high regulatory standards, effectively creating a barrier to new firm entry.

High standards? I have some suggestions regarding "high regulatory standards."

I agree that high, in fact, the highest regulatory standards should be upheld.

I think I can safely state that a common regulatory standard in healthcare is that those involved in patient care, even peripherally, act with sound judgment and with patient well being as a foremost concern. Those acting recklessly and dangerously might be found negligent in a civil sense, or if acting recklessly in a willful and knowing manner, might be found criminally negligent.

Two descriptions of criminal negligence:

Criminal negligence - (law) recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences).

Criminal negligence is conduct which is such a departure from what would be that of an ordinary prudent or careful person in the same circumstance as to be incompatible with a proper regard for human life or an indifference to consequences. Criminal negligence is negligence that is aggravated, culpable or gross.(PDF).

It is damn well clear that electronic medical records systems must function without unpredictable data errors that put data into the wrong persons' charts, thus producing two errors and two possibilities for patient harm: an erroneous absence of appropriate data in one patient's chart, and an erroneous presence of inappropriate data in another's.

This is not a theoretical argument open to debate, and this is not a drill.

A recent IT-related data error involving one single medication nearly killed my relative.

In addition, the "learned intermediary" excuse used to punt liability onto physicians and other clinicians for patient harm due to IT errors does not apply here, and this is also not open to debate. Physicians, even the most learned, are not clairvoyant; they should not be expected to know which chambers are empty and which chambers are loaded in a game of cybernetic Russian Roulette with the data on their patients.

Having an EMR maintain fundamental relational integrity, i.e., not place clinical data entered in good faith by trusting clinicians in another patients' chart, is not rocket science.

Those who design, those who implement, and those who put into production (i.e., for use by physicians, nurses and other clinicians in the care of patients) any health IT "upgrade" without the extensive testing, testing and more testing necessary to prove proper operation on such a fundamental point as maintenance of relational integrity (i.e., correct patient identity in data storage and retrieval) knew, should have known, or should have made it their business to know that doing so puts patients at risk of injury or death.

Putting an "upgraded" software application with such fundamental defects into actual use in real, live patients care environments - for whatever reason, e.g., finances, vendor marketing pressures, meeting planned objectives and numbers, obtaining a bonus, etc. - reflects in my view:

"... a departure from what would be that of an ordinary prudent or careful person in the same circumstance as to be incompatible with a proper regard for human life or an indifference to consequences."

Thus:

In upholding the highest regulatory standards, if patients are harmed or die as a result of this type of HIT snafu, criminal charges against the responsible IT, clinical and administrative personnel would be an appropriate remedy to this type of negligence.

As I wrote at "$4 Billion Military EMR "AHLTA" to be Put Out of Its Misery?", in my view as of 2010 legal actions are the only way that the domain of healthcare IT can be returned to a field "of, by and for" clinicians, instead of "of, by and for" those who live off the hard work of clinicians and their patients.

-- SS