Manufacturers of Medical Devices expend a great deal of effort and money in assuring their products, after all they are usually required to do so by law. In eHealth the story is quite different. Health IT products such as Electronic Health Records don’t usually meet the criteria for being Medical Devices despite being capable of compromising patient safety. Sadly the focus for many manufacturers is not so much on clinical assurance but more on shifting liability when the system exhibits short-comings.
In many countries manufacturers of Health IT enjoy the benefits of so-called ‘hold harmless’ clauses and other warranties. These legal devices limit a manufacturer’s responsibilities and liabilities and instead pass risk onto users. Health IT systems are only expected to provide clinicians with the information they need to make a decision; the clinician is still required to act as a ‘learned intermediary’. Irrespective of the extent to which the information provided by the system is misleading or incomplete the user is expected to take steps to prevent patient harm occurring.
This opens up an interesting debate. Most systems are highly complex in their design and configuration, indeed a true understanding of an Electronic Medical Record is well beyond the intellectual capabilities of any single individual. So how can the clinician realistically make an informed decision on whether to trust information from Health IT when the extent of clinical assurance is less than transparent?
The situation is complicated further when one considers the potential for systems to mislead and the presence of faults which are difficult for users to detect. If a technology leads a clinician down a convincing but ultimately misguided path can we really expect the user to mitigate the risk through clinical judgement alone? Without any information to the contrary should the clinician trust everything or nothing presented by the system? Whilst contractual clauses might offer legal protection for manufacturers they contribute nothing to real-world patient safety.
One solution is for healthcare organisations to contractually require the supplier to carry out and communicate a clinical risk assessment. In this way healthcare organisations can make an informed choice about the extent to which the system can be relied upon. An open and transparent approach engages customers, communicates important human factor controls and builds confidence between stakeholders. What’s more this can be achieved without the need for stifling regulation or the interference of external parties.
In the UK, NHS England and the Health and Social Care Information Centre have mandated two standards called SCCI 0129 and SCCI 0160. These require manufacturers and healthcare organisations to construct a safety case – a report which sets out activities undertaken to assure the design and implementation of a Health IT product. The safety case draws on the available evidence to present conclusions about the acceptability (or otherwise) of the assessed risk. The document makes explicit any further risk reduction activities required by the project stakeholders. These analyses add value to Health IT products and act as a differentiator in a crowded market. Customers perceive the risk assessment not as an admission of guilt but rather an honest and forthright examination of the product’s safety profile.
Attempting to manage clinical risk in Health IT through the prophylactic apportioning of blame is a poor substitute for a considered, transparent and well-reasoned safety assessment. Frankly the patients whose care is supported by these crucial tools deserve better.