Hospitals—like organizations in many industries—benefit from the adoption of best practices that help improve the quality and safety of the services they offer. However, in many cases, health care facilities fail to use established best practices because of competing priorities, regulatory demands, and other factors. To encourage adoption of practices known to improve care quality and safety, the federal government and organizations that accredit hospitals, such as The Joint Commission, can set safety-related standards that hospitals must meet.
Policies from the Centers for Medicare & Medicaid Services (CMS) and The Joint Commission contain gaps on best practices related to health information technology (IT), even though the adoption of digital systems can both enhance patient safety and lead to medical errors when used or implemented poorly. For example, effective use of electronic health records (EHRs) can alert clinicians when prescribing drugs to which a patient is allergic. On the other hand, confusing screen layouts in EHRs can also contribute to serious medical errors, such as patients missing doses of life-saving medications or receiving the wrong drug altogether.
The COVID-19 pandemic has highlighted the role that health IT can play in keeping both patients and providers safe. Clinical decision support tools built into EHRs can include COVID-related triage questions, such as whether an individual is experiencing symptoms or has been around others who may have been infected. These kinds of tools can help providers to quarantine patients who may be infected and begin providing appropriate care as quickly as possible—but only if clinicians can use them effectively.
Many of the medical errors stemming from EHRs result from subpar usability, which refers to how doctors, nurses, and other clinicians interact with the system. One study found that approximately one-third of 9,000 health IT-related medication safety events occurred at least in part due to errors related to the usability of these systems. Situations that result in these types of errors can arise from multiple ways: how the developer designed the EHR, how the technology is implemented and operated in health care facilities, how clinicians are trained to use it, and other factors. Much of the existing focus on improving EHR usability, however, centers on the role of technology developers—not the policies, actions, and roles of health care facilities in monitoring and addressing challenges that emerge due to their customization of systems or unique workflows.
Given the association between health IT use and safety as well as gaps in steps that facilities currently take, The Pew Charitable Trusts and the MedStar Health National Center for Human Factors in Healthcare identified a series of best practices that hospitals should adopt to monitor and address technology-related problems. The Joint Commission and CMS can serve as catalysts to encourage the implementation of these efforts to enhance the safe use of health IT.
The federal government conducts oversight of health care facilities and clinicians that work with Medicare and Medicaid to ensure that beneficiaries receive high-quality, safe care. Part of that oversight involves the establishment of conditions of participation, which set the basic requirements for hospitals that obtain payment through Medicare and Medicaid. Conditions of participation include requirements on staffing ratios for nurses, reporting of abuses or losses of controlled substances, and data that facilities must share with other organizations.1
To ensure that health care facilities adhere to these conditions, CMS requires that each facility either undergoes an assessment by the state in which it practices or obtains accreditation by an authorized organization.2 These accrediting organizations maintain standards deemed by CMS as either meeting or exceeding the agency’s requirements. Although 10 such organizations existed as of 2018, The Joint Commission currently accredits approximately 4,000—or 80 percent of—hospitals.3The Joint Commission provides its accreditation through an on-site visit in which it collects data and evidence of adherence to its standards, which are routinely updated to incorporate emerging topics involving patient safety.4
The Joint Commission—which has requirements on some critical elements tied to patient safety risks, such as blood loss, fall prevention, medication errors, and bed sores—has notably advanced hospital adoption best practices in several key areas. In 2007, the commission instituted a national patient safety goal of reducing hospital-acquired infections through increased hand washing, based on information that it could save thousands of lives per year.5 In a commission study of eight hospitals, the percentage of staff in compliance with the guidance increased from 47.5 percent in December 2008 to 81 percent in September 2010, demonstrating the role of The Joint Commission in advancing adoption of best practices.6 Accreditation has also been linked to improved hospital performance, such as better scores on federal quality measures and use of evidence-based treatments.7
Although best practices exist to improve health IT safety, they are often not adopted by hospitals. For example, the Office of the National Coordinator for Health Information Technology (ONC)—the federal agency that oversees EHRs—developed recommendations for how hospitals can assess the safety of their systems.8 ONC made checklists called the Safety Assurance Factors for EHR Resilience (SAFER) Guides freely available, but their use by hospitals is low.9
However, given the relative nascent nationwide adoption of EHRs, neither CMS policies nor The Joint Commission standards require adherence to health information technology best practices. Yet mounting evidence indicates a clear connection between the use of technology and safety—where EHRs can improve care and where they might contribute to patient harm.
Studies analyzing patient safety event reports have found that numerous safety issues are associated with poor EHR usability, which can result in serious patient harm.10 For example, in one case, a pediatric patient received twice the appropriate medication dose because the clinician entered the child’s weight in pounds when the EHR was configured to receive weight in kilograms. In another instance, a patient missed a critical organ transplant medication for five days due, in part, to the medication ordering system.11 Clinical decision support tools can reduce medication safety events by flagging inappropriate dosages for clinicians at the time of ordering, or alert providers to missing tests.12
With an opportunity for The Joint Commission to focus on health information technology safety, Pew and MedStar collaborated to identify accreditation requirements that would encourage adoption of EHR safety best practices by hospitals. Pew and MedStar reviewed The Joint Commission’s requirements, conducted 10 interviews with hospital administrators, health IT usability and safety experts, and informaticists—system specialists and engineers—that informed efforts to adhere to current standards, and identified 10 potential accreditation requirements.
Some focus areas target clinical decision support (CDS) functions, which are tools that doctors, nurses, and other health care providers use to guide their care. CDS can include capabilities to calculate the correct dose of a drug, select the right treatment plan, or a range of other guidance. EHRs can also provide tools to support management during a pandemic, such as COVID-19. These tools can include patient triage questions, help with determining the need for home isolation, or guides for personal protective equipment requirements, among others.13 Other focus areas encompass topics broadly applicable to health IT system use and implementation.
Each suggested accreditation requirement lists information on:
Table 1
Clinical Decision Support-Focused Recommendations | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Focus area | Rationale | Example of compliance |
|
||||||||
CDS for recognized high-risk clinical scenarios, those that present conditions associated with more frequent patient safety problems. | Research shows that basic CDS for recognized high-risk clinical scenarios, such as alerts for certain drug-drug interactions or drugallergy issues, can reduce adverse safety events.14 Hospitals should have CDS in place for these scenarios.15 | The hospital uses evidence-based guidelines to identify conditions that warrant CDS and have CDS active in their EHRs. | For specified high-risk scenarios, the hospital can attest to considering CDS to address these recognized risks. | For specified high-risk scenarios, the hospital has considered CDS and can either show evidence of active CDS or has documented why CDS is not active. Evidence of active CDS would include documentation showing CDS is in place or a demonstration of the CDS function in the health IT system. Documentation for why CDS is not active may include data on high override rates or a description of unintended consequences. |
For specified high-risk scenarios, the hospital has considered CDS and can either demonstrate its functionality or has documented why it is not active. Demonstration of the CDS function should take place in the health IT system. Documentation for why CDS is not active may include data on high override rates or a description of unintended consequences. |
||||||
CDS functionality and maintenance | CDS functions may change over time. Changes to health IT system features or the hospital workflow may result in CDS not functioning as intended or as expected by clinicians. Similarly, clinical practice guidelines change and CDS must be updated.16 Hospitals should have a process for assessing CDS, reviewing results from the assessment, and improving CDS based on this information. Further, hospitals should have a process for proactively maintaining CDS based on current clinical knowledge and best practices.17 |
A hospital uses the Leapfrog Computerized Physician Order Entry tool, which assesses the ability of EHRs to alert clinicians to potential medicationrelated safety issues, such as prescriptions for drugs to which patients are allergic.18 Given that the results from the Leapfrog test may change over time, the hospital has a committee with clinical and health IT expertise that meets regularly to review results, discuss current CDS functionality, develop action plans to address functionality needs, and ensure maintenance of CDS based on guidelines and best practices. | The hospital can attest to having a process in place for assessing CDS functionality, reviewing results from the assessment, and regularly maintaining CDS functionality. | The hospital can show evidence of having a process in place for assessing CDS functionality, reviewing results from the assessment, and regularly maintaining CDS functionality. Evidence of these processes may include a committee charter, documentation of the process, and results from CDS assessment or from an action plan that is developed when these processes are completed. |
The hospital can show evidence of CDS functionality and maintenance. Evidence of these processes may include documentation of identified CDS improvements and of changes being made to CDS with a demonstration of the optimized CDS. |
||||||
Review of CDS use | Monitoring if, and how, CDS is being used by clinicians can help identify safety risks, such as the frequency with which alerts are overridden, while knowing whether clinicians are dismissing CDS alerts can inform design of these alerts. Knowing which alerts are adhered to can also inform safety practices.19 | The hospital has an electronic visual dashboard that shows CDS dismissal rates for high-risk conditions, and the hospital has a committee that reviews these data to develop action plans for addressing identified challenges. | The hospital can attest to having a process in place for reviewing clinician use of CDS. | The hospital can show evidence of the process for reviewing clinical use of CDS. Evidence of the process may include documentation of the process or of an action plan that is developed after the process is complete. The action plan should stipulate specific activities the organization can take to improve CDS usability and safety. |
The hospital can show evidence of a process to review CDS use, and evidence of the output of these processes being used to optimize CDS. Evidence of these processes may include documentation of the process or of an action plan that is the output of this process. Evidence of the outputs being used to optimize CDS may include documented changes and a demonstration of the changes that were made in the health IT system. |
||||||
Broadly Applicable Health IT Recommendations | |||||||||||
Focus area | Rationale | Example of compliance |
|
||||||||
Order sets | Order sets, which provide simultaneous ordering of necessary components associated with a care process, can save clinicians time and improve safety. However, order set contents should be consistently reviewed for completeness and accuracy to ensure that patients are receiving the intended care consistent with the latest clinical guidelines.20 CMS suggests reviewing order sets regularly. The hospital should have a process for a regular review.21 | The hospital has a committee with clinical and health IT expertise that meets regularly to review order set content and structure. | The hospital can attest to having a process in place to review order sets on a regular basis. | The hospital can show evidence of the process for reviewing order sets. Evidence of this process may include documentation of the process or of an action plan that is the output of this process. |
The hospital can show evidence of a process to review order sets, and of the output of these processes being used to maintain/improve order sets. Evidence of these processes may include documentation of the process or documentation of an action plan that is the output of this process. Evidence of the outputs being used to maintain/ improve order sets may include documented changes and a demonstration of the changes that were made in the health IT system. |
||||||
Governance | Maintaining safe and effective health IT requires appropriate governance—the organizational processes and structures that provide control and safeguards for implementing, configuring, customizing, and updating the IT system.22 Hospitals should have a clear governance structure in place.23 | The hospital has a documented organizational structure and process for making decisions about health IT. | The hospital can attest to a governance structure to inform health IT processes such as implementation, configuration, customization, and upgrades. | The hospital can show evidence of the governance structure and process. Evidence of the structure and process may include documents that detail the specific structure and process or outputs from the governance process that are used to inform health IT objectives. |
The hospital can show evidence of the governance structure and process, and of the governance process informing health IT decisions. Evidence of the structure and process may include documents that detail the specific structure and process or outputs from the governance process that are used to inform health IT objectives. Evidence of the outputs being used to inform health IT may include specific project objectives and plans. |
||||||
Training | Teaching new skills and behaviors to hospital staff is important for providing employees with the necessary knowledge on how to use the health IT system safely and effectively, including after upgrades that affect usability.24 Hospitals should have a clear process for training staff.25 | The hospital has regular in-person training courses, online training materials, or other training processes for staff. | The hospital can attest to having a process in place to train staff to use health IT and hospital staff can attest to receiving training. | The hospital can show evidence of the training process that is in place and hospital staff can show evidence of receiving training. Evidence of the training process may include the schedule of upcoming trainings or online training materials and documents. Evidence of staff receiving training may include documentation from training sessions. |
Hospital personnel who should be trained on health IT use can describe their training processes and/or can describe where they can go for additional training. | ||||||
Hazard identification | Identifying health IT-related safety hazards, which are actual or potential safety issues that may harm a patient, is necessary to reduce harm and improve the IT systems.26 Hospitals should have a process in place to identify health IT hazards.27 Frequent testing of EHRs has been associated with greater detection of errors.28 | The hospital conducts regular safety assessments of its health IT using selfassessment, such as through the Leapfrog tool. | The hospital has a process in place to identify health IT-related safety hazards. | The hospital can show evidence of one or more health IT hazard identification processes. Evidence of the hazard identification processes may include documentation of the assessment methods or results from the assessments. |
The hospital can show evidence of one or more health IT hazard identification processes and how the identified hazards are tracked. Evidence of the hazard identification processes may include documentation of the assessment methods or results from the assessments. Evidence for how the hazards are tracked may include changes to documentation of the hazards. |
||||||
Hazard reporting | Hazard reporting is the process of documenting and sharing information on actual or potential safety issues. Staff should have a process for reporting health IT hazards they may encounter. All staff members should know how to report.29 | The hospital has a patient safety event reporting system with a method for noting that the event being reported is health IT-related. | The hospital can attest to having a method for personnel to report health IT-related safety hazards. | The hospital can show evidence of having a hazard reporting process. Evidence of the reporting process may include the reporting system itself or reports that have been entered. |
When asked, personnel should be able to describe how to report a health IT safety hazard. | ||||||
Hazard analysis and resolution | Hazard analysis and resolution is the process of identifying contributing factors to the hazard and developing a plan to mitigate the hazard.30 Analyzing and addressing safety reports that identify health IT issues is important to improving health IT systems. All hospitals should have a process for analysis and a process for resolving identified issues. |
The hospital has a committee that regularly reviews identified hazards and works to address these hazards by engaging internal IT staff and/or the EHR vendor. | The hospital can attest to having a process in place to review and address reported health IT safety hazards. | The hospital can show evidence of having a hazard analysis and resolution process. Evidence of the hazard analysis and resolution process may include a committee charter, outputs from the process, or documentation of identified hazards and resolutions. |
The hospital can show evidence of having a hazard analysis and resolution process, and of how hazards have been resolved. Evidence of the hazard analysis and resolution process may include a committee charter, outputs from the process, or documentation of identified hazards and resolutions. Evidence of resolutions may include changes to the health IT system, communications to providers on new processes, or training to address the hazard. |
||||||
Health IT awareness | Hospital staff health IT awareness is staff knowledge of health IT functions and safety issues.31 Identified safety issues, resolutions to those issues, and new health IT functions and capabilities should be disseminated to relevant staff. The hospital should have a process for disseminating this information. | The hospital has an intranet with a safety section that describes recognized safety hazards and risk mitigation strategies, in addition to email communication to affected providers. | The hospital can attest to having a process in place to disseminate information to staff about health IT use and safety. | The hospital can show evidence of a health IT awareness process. Evidence of a health IT awareness process may include a communication plan and actual communications to personnel. |
When asked, personnel should be able to describe where they can find information on identified hazards and resolutions. |
Two opportunities exist to encourage adoption of these recommendations to accelerate implementation of health IT-focused best practices.
First, The Joint Commission should adopt the above best practices into its hospital accreditation program. The Joint Commission already has some criteria for related domains, such as information management and medication administration. The best practices listed could become subcomponents of the information management section, for example, or a separate group of criteria. The Joint Commission should commit to assessing the incorporation of health IT-related criteria into its accreditation program, and convene stakeholders—such as hospitals, clinicians, usability experts, and technology vendors—to evaluate different approaches, including these best practices.
Second, CMS should incorporate health IT-focused requirements into the Promoting Interoperability program, an effort by the agency to encourage hospitals and clinicians to use EHRs in certain ways, such as to exchange data. Hospitals demonstrate the use of EHRs in the program and score points, which then affects their reimbursement under Medicare. CMS has considered offering bonus points for some health IT safety actions, such as adopting the use of SAFER Guides.32 CMS should consider offering Promoting Interoperability bonus points for implementing the best practices outlined above.
Similarly, CMS should consider how it can incorporate these types of health IT-focused safety practices as conditions for hospital participation in Medicare, especially given that both patients and the federal government pay for care associated with medical errors that may be born out of the ineffective use of EHRs.
The use of EHRs introduces opportunities to both enhance safety and contribute to patient harm. Hospitals’ adoption of best practices for how they customize and implement these health IT systems and monitor their use can help identify areas to address patient safety risks. CMS and The Joint Commission, which play a critical role in accelerating the use of best practices throughout the health industry, should embed health IT-based requirements into their programs for hospitals. This extra step will ensure that CMS and Joint Commission requirements reflect modern technology and help to improve the quality and safety of patient care.