For all the benefits health information technology can have on the quality of patient care, IT systems and medical devices, when improperly or sub-optimally used, can pose serious hazards for patient safety. ECRI Institute has put together a list of technology risks to look out for in the year ahead. Whether it's improperly configured tools, missing data, lax security protections or poor human-device interaction, it's critical to stay vigilant against the digitally-induced dangers that can arise. "Our annual Top 10 list is designed to identify the potential sources of danger that we believe warrant the greatest attention for the coming year," write ECRI officials. "It is intended to be a tool that healthcare facilities can use to prioritize their patient safety efforts. The list is not comprehensive, nor will all of the hazards on the list apply to all healthcare facilities. Rather, it is designed to be a starting point for patient safety discussions and for setting health technology safety priorities."
Alarm fatigue – when alerts are missed or ignored as caregivers are overwhelmed or desensitized to them – is a serious safety problem. But it's not the only factor providers should consider when working toward improving the management of clinical alarm systems.
ECRI finds that alarm-related adverse events can often be traced to inappropriate alarm configuration practices. The group encourages healthcare organizations to examine alarm configuration policies and practices in their alarm improvement efforts, if they have not done so already.
When they're working well, EHRs provide the information clinicians need for making appropriate treatment decisions. But when errors exist, incomplete, inaccurate, or out-of-date information can end up in a patient’s record, potentially leading to incorrect treatment decisions and patient harm.
Data in IT systems can be compromised in a number of ways, and once errors are introduced, they can be difficult to spot and correct, ECRI points out. Patient/data mismatches, outdated info, default values and clock synchronization errors between different devices and systems are all things providers should be wary of.
If an IV solution is delivered to the wrong infusion site, or at the wrong rate, it can cause potentially life-threatening dangers. ECRI shows how there are several ways this can happen: The infusion line could be connected to the wrong fluid container, or to in the wrong infusion pump or pump channel, or the patient end of the infusion line could be connected to the wrong administration route.
Factors that can add to this confusion include the fact that smart tpumps are unable to tell one line from another; no automated method exists for associating an infusion pump or pump channel with the correct fluid container and route of delivery.
"Nearly every year, ECRI Institute is engaged by healthcare facilities to investigate endoscope reprocessing failures and to help the facility institute a more effective process," according to the report. "Factors that can contribute to the improper cleaning of instruments include the intricacy of the instruments (e.g., devices with narrow channels or movable parts to disassemble), lengthy or incomplete manufacturer instructions for cleaning, time pressures placed on reprocessing staff, and insufficiently trained personnel, to name a few."
To prevent life-threatening system failures, ventilators incorporate sensors and alarms to warn caregivers when a disconnection occurs, whether it be the complete separation of one breathing circuit component from another or a partial disconnection that allows gases to leak from the circuit. But to be effective, says ECRI, alarms must be set to appropriate levels and must be heard when they sound. The Institute "has investigated cases in which serious patient harm resulted from alarms being set to inappropriate levels and thus not activating to warn of a disconnection, or from staff not hearing the alarms that had been activating."
A diverse range of patient-handling technologies are available to help reduce the risk of staff and patient injury during such activities, according to ECRI. Examples include a variety of patient lift designs (e.g., ceiling-mounted, mobile and sit-to-stand models), lateral transfer aids (e.g., boards, slides, rollers, inflatable mattresses) and specially-designed chairs and stretchers. But improper use of these devices, failure to maintain them appropriately or failures associated with the devices themselves can result in injuries.
"With any imaging technology that uses ionizing radiation, exposures to higher doses are associated with greater risks to the patient (e.g., an increased long-term risk of developing cancer)," according to the ECRI report. "Thus, standard practice specifies that technologists use a dose that is "as low as reasonably achievable to acquire the desired diagnostic information. In other words, the dose should be neither higher nor lower than is necessary to obtain a diagnostic-quality image."
ECRI says it has investigated "several surgical-robot-related adverse events in which situations unique to robot-assisted surgery likely contributed to patient harm."
These events occurred because of factors such as the need to reposition team members or equipment to accommodate the size of the robot; the repositioning of the patient or accidental movement of the OR table during the procedure, and lapses in common safety practices and team communication, leading to avoidable complications (e.g., alternate-site electrosurgical burns, organ puncture, retained foreign objects).
"It is essential for facilities equipped with such systems to provide appropriate training, detailed credentialing and ongoing surgical team competency assessments to minimize patient risk," according to the report.
"The growing trend toward the networking and connectivity of medical devices is associated with a corresponding increase in the vulnerability of these devices to malware and malicious attacks," according to ECRI. "Despite little evidence to date of direct harm to patients from the exploitation of cyber vulnerabilities, cyber security is nevertheless a patient safety consideration that will require increased attention in the coming years.
"As noted by FDA, cybersecurity protections are intended to prevent the exploitation of medical device cyber vulnerabilities that otherwise could lead to device malfunctions, the disruption of healthcare services, inappropriate access to patient information or compromised data integrity within an electronic health record."
"Many kinds of problems can occur with medical devices, ranging from lower-priority issues to potentially life-threatening ones. These problems can result in the issuance of recalls or safety notices from the manufacturer or safety alerts from organizations like FDA or ECRI Institute; these are intended to inform facilities about identified problems before additional incidents occur. However, alerts alone cannot protect patients from harm; healthcare facilities must respond appropriately to these alerts to avoid preventable injury."
