Reckless indifference to nurse's concerns about bad health IT results in showing her the door?

Autumn AndRa RN Dan Smith Harmoni EHR healthcare IT dangers healthcare IT risk Patient care has not been compromised Raymond Hino Sonoma West Medical Center

Reckless indifference to nurse's concerns about bad health IT results in showing her the door?

Unknown 6/23/2016 Komentar

At numerous past posts I referred to hospital executives' reckless indifference to the concern of seasoned clinicians about bad health IT, such as at  http://hcrenewal.blogspot.com/2013/07/rns-say-sutters-new-electronic-system.html and  http://hcrenewal.blogspot.com/2013/11/another-survey-on-ehrs-affinity-medical.html and other posts.

I now see a stunning story of the results of EHR iconoclasty and patient advocacy:

CNO claims hospital forced her out after she raised concerns about EMR
Becker's Hospital Review
Written by Akanksha Jayanthi  
June 14, 2016 
http://www.beckershospitalreview.com/legal-regulatory-issues/cno-claims-hospital-forced-her-out-after-she-raised-concerns-about-emr.html

 A former nursing executive at Sonoma West Medical Center in Sebastopol, Calif., has filed a lawsuit against the hospital, alleging she was fired after raising concerns the EMR was a threat to patient safety, reports The Press Democrat.

Autumn AndRa, RN, was serving as CNO of the hospital when she approached CEO Ray Hino and said the EMR, called Harmoni, was unsafe, according to the report.

Ms. AndRa was reportedly terminated from her CNO position April 14 and was offered a position in the intensive care unit, which her attorney Daniel Bartley told The Press Democrat would have been a demotion. Ms. AndRa left the hospital due to alleged harassment, according to Mr. Bartley.

If these allegations are true, a clinician, the Chief Nursing Officer, was shown the door in an act of recklessness for her complaining about bad health IT.

Some definitions: 

Bad health IT:

Bad Health IT is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, is difficult and/or prohibitively expensive to customize to the needs of different medical specialists and subspecialists, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, lacks evidentiary soundness, compromises patient privacy or otherwise demonstrates suboptimal design and/or implementation.   

Reckless indifference:

Deliberate indifference is the conscious or reckless disregard of the consequences of one's acts or omissions. It entails something more than negligence, but is satisfied by something less than acts or omissions for the very purpose of causing harm or with knowledge that harm will result.

A wrongful termination lawsuit was apparently filed:

... The lawsuit alleges the EMR system mixes patients' records, so information in one patient's chart moves to another patient's chart. It also alleges the EMR has issues tracking and updating patient medications and does not display patient code status information, which informs providers of patients' desired medical interventions, according to the report.

These types of gross defects, if true, represent an on its face menace to patient safety.

Further, these issues (and the harm that may result) are well known.  In fact ONC's contractor RIT just released a comprehensive review article on health IT problems (see "Report of the Evidence on Health IT Safety and Interventions", May 2016, at https://www.healthit.gov/sites/default/files/task_8_1_final_508.pdf).

CEO Ray Hino had the usual refrain seen in so many postings here (under the blog query "Patient care has not been compromised" - http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised):

Mr. Hino told The Press Democrat the EMR did not pose any danger to patients, and no patients have been harmed because of software defects.

Like most others uttering that line, as I've documented, Mr. Hino apparently lacks expertise (e.g., in clinical, IT or Medical Informatics domains) to render such a judgment about patient danger if the EHR did or does exhibit such problems.  His bio is at https://www.linkedin.com/in/raymondhino.

As to whether patients were harmed, that is irrelevant if the EHR has such defects.  Sooner or later, they will be.  The issue is risk, not body counts (yet).

There's also this.  The EHR in question is not the product of the major EHR vendors but the work of apparent insider.  See http://about.harmonimd.com/usa/ referencing just two implementations, one at Somona West Medical Center, California, the subject of this post, and one at the Kilimanjaro Christian Medical Centre, Tanzania, Africa:

... The lawsuit also names Dan Smith, the developer of the EMR software in question, as a defendant. According to the lawsuit, Mr. Smith "has engaged in retaliation against [Ms. AndRa] and other employees who have voiced concerns that Mr. Smith's electronic medical records system, his self-dealing, and his management of medical and financial decisions are not in the best interests of SWMC and pose life-threatening risks to patient care," reports The Press Democrat.

Not only did Mr. Smith develop the software in question, but he is a significant financial backer and influencer at SWMC. According to a 2015 report from The Press Democrat, Mr. Smith and his wife have contributed nearly $9 million to the hospital in donations and forgivable loans, and he plays a role in "ever major decision" regarding the hospital. Mr. Smith is on SWMC's board of directors. 

I really don't think injured or dead patients (or juries) will find those relationships an excuse for bad health IT, what seems like a clinical trial of new IT by a private company and owner without informed consent (including divulging to patients and users a possible COI), and the discharge of someone complaining about it.

Mr. Smith and hospital officials declined to comment on the lawsuit, citing pending litigation, according to the report.

My expertise is available should the parties so desire.

-- SS

6/21/2016 Addendum:

https://en.wikipedia.org/wiki/Human_subject_research 

Human subjects

The United States Department of Health and Human Services (HHS) defines a human research subject as a living individual about whom a research investigator (whether a professional or a student) obtains data through 1) intervention or interaction with the individual, or 2) identifiable private information (32 C.F.R. 219.102(f)). (Lim, 1990)^[2]

As defined by HHS regulations:

"Intervention"- physical procedures by which data is gathered and the manipulation of the subject and/or their environment for research purposes [45 C.F.R. 46.102(f)]^[2]

"Interaction"- communication or interpersonal contact between investigator and subject [45 C.F.R. 46.102(f)])^[2]

"Private Information"- information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public [45 C.F.R. 46.102(f)] )]^[2]

"Identifiable information"- specific information that can be used to identify an individual^[2]

Human subject rights

In 2010, the National Institute of Justice in the United States published recommended rights of human subjects:

• Voluntary, informed consent
• Respect for persons: treated as autonomous agents
• The right to end participation in research at any time^[3]
• Right to safeguard integrity^[3]
• Benefits should outweigh cost
• Protection from physical, mental and emotional harm
• Access to information regarding research^[3]
• Protection of privacy and well-being^[4]

-- SS

Baca selengkapnya

UK health IT 'glitch': Hundreds of thousands of patients have potentially been given an incorrect cardiovascular risk estimation after a major IT system error

Alex Matthews-King Clinical Safety Incident Dr Grant Ingrams glitch Harry Potter Patient care has not been compromised

UK health IT 'glitch': Hundreds of thousands of patients have potentially been given an incorrect cardiovascular risk estimation after a major IT system error

Unknown 5/31/2016 Komentar

This in the UK.

What is euphemistically referred to as an "IT system error" is, in reality, the mass delivery of a grossly defective medical device adversely affecting hundreds of thousands of patients.  I'm surprised not to see that other kindly euphemism, "glitch" (http://hcrenewal.blogspot.com/search/label/glitch):

http://www.pulsetoday.co.uk/your-practice/practice-topics/it/gps-told-to-review-patients-at-risk-as-it-error-miscalculates-cv-score-in-thousands/20031807.article

11 May 2016  

By Alex Matthews-King

Hundreds of thousands of patients have potentially been given an incorrect cardiovascular risk estimation after a major IT system error, Pulse can reveal.

The MHRA has told GPs they will have to contact patients who have been affected by a bug in the SystmOne clinical IT software since 2009.

Of course, this refrain appeared, a corollary of "Patient care has not been compromised" (http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised) when health IT crashes and outages occur:

The regulator says that means that ‘a limited number’ of patients may be affected, and the risk to patients is ‘low’.

At best, it's good that only a "limited number" of patients were "affected."  I guess they feel they can justify a "limited number" of patient harms for the glory of a medical Cybernetic Utopia.

At worst, how do "the regulators" know exactly who was affected?  Answer: they don't and this is boilerplate BS meant to CYA.

But Pulse has learnt that the 2,500 practices using SystmOne are having lists sent to them of around 20 patients per partner who may need to be taken off statins, or be put on them, after their risk is recalculated.

Statins are not an innocuous medication.  From WebMD at http://www.webmd.com/cholesterol-management/side-effects-of-statin-drugs?page=2#1:

The most common statin side effects include:

• Headache
• Difficulty sleeping
• Flushing of the skin
• Muscle aches, tenderness, or weakness (myalgia)
• Drowsiness
• Dizziness
• Nausea or vomiting
• Abdominal cramping or pain
• Bloating or gas
• Diarrhea
• Constipation
• Rash

Statins also carry warnings that memory loss, mental confusion, high blood sugar, and type 2 diabetes are possible side effects. It's important to remember that statins may also interact with other medications you take.

Not to mention the risks of not being on a statin if you truly need one.

And this number could increase if a practice provides NHS Health Checks routinely. In addition, the lists being sent to practices only go back to October 2015, but practices will be sent further lists potentially dating back to 2009 over the next few weeks.

Wait!  The "regulators" said that ‘a limited number’ of patients may be affected.  They are clairvoyant, I would imagine.  Maybe one of them is Harry Potter?

The "regulators", who have the same powers as the man-wizard above, know through clairvoyance that only a limited number of people were affected, and risk to them low.

A statement from MHRA to Pulse said: 'An investigation has been launched into a digital calculator used by some GPs to assess the potential risk of cardiovascular disease (CVD) in patients.

'We are working closely with the company responsible for the software to establish the problem and address any issues identified.

The problem is incompetence and negligence.  One wonders what testing was performed before this was unleashed on the public in the UK.

TPP told Pulse they were working to address the ‘Clinical Safety Incident’ and that the QRISK calculator was provided as an advisory tool to support decision making. They added they were working to ensure the issues were addressed and GPs are informed of affected patients ‘as soon as possible’.

‘Clinical Safety Incident’ - what a wonderful euphemism for "healthcare IT debacle."

Deputy chair of the GPC’s IT subcommittee Dr Grant Ingrams told Pulse it would be ’loads of work’ to sort out.

He said: ‘It affects everyone who has had a QRISK, and SystmOne are sending out messages to say “look at these patients”. But then you have to see if the change is significant, and whether you would have made a different decision at the time, or put them on a different treatment’

It will probably be more work than if such a system had never been constructed.

Dr Ingrams said: ‘There’s potential harm both ways…What happens when a patient who had been of a high risk and this hadn’t been identified and they’ve now had a stroke or heart attack?  ‘Similarly if someone had a low risk and they’ve been put on a statin and had a side-effect who’s responsible? That’s the clinical risk.’

Answer: the company that produced this grossly defective software, and those "regulators" who allowed it on the market without independent and thorough testing, are responsible.

Dr William Beeby deputy chair of the GPC’s clinical and prescribing subcommittee, said the bug ‘certainly had the potential to impact on patient confidence’ and this could create even more work  ... ‘It’s the tool we’ve been told to use. So if the tool is inaccurate, then you start to lose confidence and the doctors will then lose confidence as well.’

Patient confidence (let alone physician confidence) in cybernetics already took a big hit in the UK several years back, as at my Sept. 2011 post "NPfIT Programme goes PfffT" at http://hcrenewal.blogspot.com/2011/09/npfit-programme-going-pffft.html.

However, it seems, hyper-enthusiast overconfidence in health IT, including that of the "regulators", would not be injured even if bad health IT caused more casualties than the bombings and V2 attacks suffered by the UK in WW2.

After the health IT debacles involving billions of wasted pounds in the UK, perhaps the UK's "regulators" need to look upon health IT as fondly as this piece of technological wizardry.

A TPP spokesperson told Pulse: 'TPP is dealing with the Clinical Safety Incident involving the QRISK2 Calculator in SystmOne. The tool is intended to support GPs in assessing patients at risk of developing cardiovascular disease and in developing treatment plans. The QRISK2 Calculator is presented within SystmOne as an advisory tool.

"Advisory tool"?  That the doctors can safely ignore?  Hogwash.

’We are actively working to ensure the issues identified are addressed and to ensure that clinicians are informed of any patients that may have been affected as soon as possible.’ 

Until the next health IT "bug" arises, that is.

-- SS

Baca selengkapnya

Bad health IT at Medstar Health: FBI probing virus behind outage (And: ka-ching! ka-ching! EHR costs continue their upward spiral)

computer security healthcare IT risk Hollywood Presbyterian Medical Center medical record confidentiality MedStar Health Patient care has not been compromised

Bad health IT at Medstar Health: FBI probing virus behind outage (And: ka-ching! ka-ching! EHR costs continue their upward spiral)

Unknown 3/30/2016 Komentar

Once again, a definition of bad health IT:

Bad Health IT ("BHIT") is defined as IT that is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, is difficult and/or prohibitively expensive to customize to the needs of different medical specialists and subspecialists, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, compromises patient privacy or evidentiary fitness, or otherwise demonstrates suboptimal design and/or implementation. (http://cci.drexel.edu/faculty/ssilverstein/cases/)

I observed bad health IT leading to HIT compromise, hospital chaos and paying of a ransom demand at my Feb. 18, 2016 post "Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised" at http://hcrenewal.blogspot.com/2016/02/hollywood-presbyterian-medical-center.html.

It's happened again, at least with regard to publicly-disclosed stories (there is no requirement for hospital disclosure, more on that below).

FBI probing virus behind outage at MedStar Health facilities - AP
By JACK GILLUM, DAVID DISHNEAU and TAMI ABDOLLAH March 28, 2016 10:04 pm
http://wtop.com/consumer-tech/2016/03/fbi-probing-virus-behind-outage-at-medstar-health-facilities/


WASHINGTON (AP) — Hackers crippled computer systems Monday at a major hospital chain, MedStar Health Inc., forcing records systems offline for thousands of patients and doctors. The FBI said it was investigating whether the unknown hackers demanded a ransom to restore systems.

A computer virus paralyzed some operations at Washington-area hospitals and doctors’ offices, leaving patients unable to book appointments and staff locked out of their email accounts. Some employees were required to turn off all computers since Monday morning.

A law enforcement official said the FBI was assessing whether the virus was so-called ransomware, in which hackers extort money in exchange for returning a victim’s systems to normal. The official spoke on condition of anonymity because the person was not authorized to discuss publicly details about the ongoing criminal investigation.

Not discussed is corporate accountability for deficient IT security.

“We can’t do anything at all. There’s only one system we use, and now it’s just paper,” said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak to reporters.

I note that if the cybernetic pundits were listened to, patients would now be considered at deadly risk due to paper records being used - not due to critical IT infrastructure being hacked and disabled.  Yet it's impossible to disable paper charts en masse.

MedStar said in a statement that the virus prevented some employees from logging into systems. It said all of its clinics remain open and functioning and there was no immediate evidence that patient information had been stolen.

These must be honest thieves.

Of course, we hear the "patient care has not been compromised" line once more (http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised).

Company spokeswoman Ann Nickels said she couldn’t say whether it was a ransomware attack. She said patient care was not affected and the hospitals were using a paper backup system.

The absurdity of this claim is that if patient care is not affected by returning to paper, then why did the hospital invest hundreds of millions on EHRs?

(Considering a increasing evidence base of clinician distraction and disaffection e.g., the Jan. 2015 Medical Societies letter to ONC as at http://hcrenewal.blogspot.com/2015/01/meaningful-use-not-so-meaningul.html, EHR-related errors, many of which would likely not occur under a well-staffed paper system e.g., as at http://hcrenewal.blogspot.com/2014/04/fda-on-health-it-risk-reckless-or.html, and plentiful security breaches e.g., the many posts at http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy, I would also ask if patient care is in fact improved by the return to paper [1].)

When asked whether hackers demanded payment, Nickels said: “I don’t have an answer to that,” and referred to the company’s statement.

Dr. Richard Alcorta, medical director for Maryland’s emergency medical services network, said he suspects it was a ransomware attack. He said his suspicion was based on multiple earlier ransomware attempts on individual hospitals in the state. Alcorta said he was unaware of any ransoms paid by Maryland hospitals or health care systems.

The rather calmly-stated "multiple earlier ransomware attempts on individual hospitals in the state" suggests that

• Hospitals are being targeted in an organized fashion, and
• Costs to implement proper security will draw even more capital and resources from direct patient care and from real brick and mortar facilities, such as entire new hospital wings that would cost less than an EHR, to cybernetics of increasingly dubious value.  (Past projected cost benefits are certainly being proven even more naive.)
  

Terrorism or just plain old crime, the medical driector asks...

“People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus,” he said.

God help us if true terrorists get in the act of cybernetically paralyzing hospitals.

Alcorta said his agency first learned of MedStar’s problems about 10:30 a.m., when the company’s Good Samaritan Hospital in Baltimore called in a request to divert emergency medical services traffic from that facility. He said that was followed by a similar request from Union Memorial, another MedStar hospital in Baltimore. The diversions were lifted as the hospitals’ backup systems started operating, he said.

It used to be that patient diversions were due to doctors and nurses having too many sick patients they are caring for.  Here it seems due to doctors having to many sick computers to deliver proper patient care.

MedStar operates 10 hospitals in Maryland and Washington, including the MedStar Georgetown University Hospital, along with other facilities. It employs 30,000 staff and has 6,000 affiliated physicians.

That's a lot of paralysis.

Monday’s hacking at MedStar came one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.

Hollywood Presbyterian Medical Center, which is owned by CHA Medical Center of South Korea, paid 40 bitcoins — or about $420 per coin of the digital currency — to restore normal operations and disclosed the attack publicly. That hack was first noticed Feb. 5 and operations didn’t fully recover until 10 days later.

Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.

I won't even comment on why a US hospital is owned by a Korean medical center.  The statement "unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted" implies yet another blind spot in the unregulated health IT industry.  Add that to the blindness towards close-calls and actual harms, and you have a field being pushed on the population under penalty by those somewhat deaf, dumb and blind to the downsides.

Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.

All I can hear is "ka-ching! ka-ching!" as the costs to fix the poor computer security in the hospital industry accrues. 

How much will patient care suffer as a result of the diversion of yet more resources to cybernetics?

As I've written before, stories like this support a serious rethinking of the entire healthcare IT hyper-enthusiast movement to whom the considerable downsides (even patient death) are just an unfortunate "bump in the road" (http://hcrenewal.blogspot.com/2012/03/doctors-and-ehrs-reframing-modernists-v.html), or perhaps more accurately, the healthcare IT hyper-enthusiast religion.

-- SS

[1] I've written that paper for many clinical settings, including highly specialized forms as I implemented highly successfully in invasive cardiology (http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=Cardiology%20story), needs reconsideration, relieving clinicians of clerical work and employing data entry clerks to enter the data.  This would be supplemented by far less expensive document imaging systems for 24/7 availability, and computerized lab results retrieval - the latter with appropriate humans on the receiving end to prevent the "silent silo" syndrome of lab results returned to a computer silo but missed by clinicians due to being very busy and due to unreliable/fatiguing cybernetic alerting.  A lot of workers can be paid for by saving $50 or $100 million on software.

3/30/2016 Addendum:

This is not the first time for EHR outages at MedStar.

As in my May 16, 2015 post "Another day, another EHR outage: MEDSTAR EHR goes dark for days" at http://hcrenewal.blogspot.com/2015/05/another-day-another-ehr-outage-medstar.html, I cited Politico. 

The doctor's observation I highlighted below is of interest.

4/9/15
http://www.politico.com/morningehealth/0415/morningehealth17818.html

MEDSTAR EHR GOES DARK FOR DAYS: MedStar’s outpatient clinics in the D.C. and Baltimore area lost access to their EHRs Monday and Tuesday when the GE Centricity EHR system crashed. The system went offline for scheduled maintenance on Friday and had come back on Monday when it suffered a “severe” malfunction, according to an email from Medstar management that was shared with Morning eHealth.

“All of a sudden the screens lit up with a giant text warning telling us to log off immediately,” a doctor said. “They kept saying it would be back up in an hour, but when I left work Tuesday night it was still down.”

This doctor told us that the outage was “disruptive and liberating at the same time. I wrote prescriptions on a pad for two days instead of clicking 13 times to send an e-script. And I got to talk to my patients much more than I usually do.

But of course we didn’t have access to any notes or medication history, and that was problematic.” MedStar notified clinicians in the email that any information entered in the EHR after Friday was lost.

-- SS

Baca selengkapnya

Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised

Allen Stefanek computer security Hollywood Presbyterian Medical Center medical record confidentiality medical record privacy Patient care has not been compromised

Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised

Unknown 2/19/2016 Komentar

To the cybernetic idealists out there who think computers are the greatest thing next to sliced bread in the healthcare environment, I say, pray you are not on the operating table when something like this happens:

Hackers’ Ransom Attack On California Hospital More Proof Healthcare Cybersecurity Is Floundering
International Business Times
Jeff Stone
02/17/16
http://www.ibtimes.com/hackers-ransom-attack-california-hospital-more-proof-healthcare-cybersecurity-2309720

Who would have thought that, for healthcare professionals, performing surgery, working long hours and navigating the dense world of U.S. health law would be easier than protecting hospital computer networks? That, however, appears to be the case after yet another hospital was victimized in a cyberattack. It’s just the latest example of a U.S. medical provider on the wrong end of a digital assault made possible by a lack of security measures.

I, for one, would have thought that.  In fact, I've been writing about these issues for years (see my many posts at query links http://hcrenewal.blogspot.com/search/label/medical%20record%20confidentiality and http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy).

Doctors at Hollywood Presbyterian Medical Center, in southern California, have been suffering serious computer issues for at least a week, the CEO announced Sunday. Doctors have been unable to digitally access patients’ medical records, staff has been communicating via fax machines and patients have reported long delays in receiving care. It’s all the result of a cyberattack carried out by unknown hackers who are demanding 9,000 bitcoins (roughly $3.4 million) to restore the system to normal.

Ransom for access to EHRs.  The hospital's IT leadership should be held accountable for this invasion of the clinic by cybercriminals.  It's not like the issue is unknown:

... “Hospitals are a veritable bullseye for hackers,” said Grayson Milbourne, security intelligence director at the cybersecurity company Webroot, which works with a number of hospitals and healthcare companies. Milbourne added that the value of patient records is an irresistible target for cybercriminals. “For starters, [hospitals] run on a tight budget and their IT infrastructure is often a very low priority when compared to affording new medical devices and staff. 

More from techtimes.com at http://www.techtimes.com/articles/133874/20160216/hackers-hold-hollywood-hospital-s-computer-system-hostage-demand-3-6-million-as-patients-transferred.htm:

... According to NBC, the damage has caused the hospital to be unable to continue day-to-day operations. To keep up activity at the medical center, the staff has turned to manual documentation using pen and paper to take down patient information and jammed fax lines and telephones to communicate from one department to another. The administration has forbidden the use of other computers for fear that the harmful software could spread to more workstations.  Allen Stefanek, President and CEO of the hospital, says that "significant IT issues" began to emerge last week, leading to a declaration of "internal emergency." He also mentions that the attack was random, not malicious, noting that the emergency rooms have been "sporadically impacted since Friday."

The realities of IT in 2016, when hospitals are increasingly dependent on IT command-and-control systems through which every transaction of care must pass, lead to the conclusion that "IT infrastructure is often a very low priority" reflects negligence.

Back to the IBT article.  The CEO at this hospital proffers the usual BS:

Hollywood Presbyterian’s CEO [Allen Stefanek] told NBC, “Patient privacy has not been compromised."  ...The intrusion  has been described as a ransomware attack, which is typically defined as an attack that involves a hacker infiltrating a victim’s computer, and encrypting their data until the victim agrees to pay a bitcoin ransom. The hospital denies any patient data has been compromised.

Right.  Hackers take control of information systems, but patient data has neither been altered, nor its privacy impaired.

From the second article:

... the patients are not safe from harm. Stefanek insists that the incident has no impact on the overall care for the patients, but some have spoken out to say otherwise. Jackie Mendez and her 87-year-old mother say that they have to drive to Palmdale to pick up medical tests, which takes them over one hour to do so. "It's bad. She's an older person. It's not right she has to do this," she says. Another patient named Belmont West is also affected by the incident. Belmont says he went to the hospital to get his grandmother's medical test results to no avail.

and there's this:

... some patients had to be transferred to other hospitals, as some of the medical equipment that need computers at the Hollywood Presbyterian Medical Center were rendered inoperable, including apparatuses for X-ray and CT scans, documentation and pharmacy and lab work.

These ridiculous executive canned lines, including "the incident has no impact on the overall care for the patients" a.k.a. "patient safety had not been compromised" (see query link http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised), are increasingly absurd, non-credible, and tiring.

The urgency [for hospitals to meet standards of care for IT security -ed.] is growing. One in three Americans had their health records breached in 2015, according to multiple reports released last month. Many of those records were breached as part of the nation-state hacks on health insurers Anthem and Primera, though experts predict hospitals will become more attractive targets as they begin to rely on insulin pumps, intravenous flows and other machines that are connected to the Internet.

I note that if hospitals cannot afford the required diligence, they need to get out of the IT business.  Paper cannot be hacked or held for ransom en masse.

In the end, the hospital appeased the hackers:

Hospital paid 17K ransom to hackers of its computer network
By ANDREW DALTON
Associated Press
http://bigstory.ap.org/article/d89e63ffea8b46d98583bfe06cf2c5af/hospital-paid-17k-ransom-hackers-its-computer-network
Feb. 17, 2016 11:44 PM EST

LOS ANGELES (AP) — A Los Angeles hospital paid a ransom of about $17,000 to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and the most efficient way to solve the problem, the medical center's chief executive said Wednesday.  Hollywood Presbyterian Medical Center paid the demanded ransom of 40 bitcoins — currently worth $16,664 dollars — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement. ... "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

They got off cheap for their negligence, relative to the initial demands.

Questions remain, however:

• Was any patient data altered or corrupted, either deliberately or as a result of the hack?
• Was any patient data copied or stolen?
• Was any malicious code left behind by the hackers on any computer on the network, e.g., "back doors" or other malware that could cause future problems?  Put another way, after paying the ransom, does the hospital believe it is dealing with 'honorable criminals'?
• One might presume the hospital, in an abundance of caution, is now paying after-the-fact for the expertise required to fully assure the integrity of its networks, computers and EHR and other business systems, but is this truly the case?
• Were any patients harmed as a result of the disruptions to information flows, and of so, are the IT leaders in part liable? 
• Will any patients suffer harm moving forward as a result of lost computer information during the episode, incomplete backloads of data on the paper that was resorted to during the crisis, or other factors?  Medical errors due to lost data can propagate forward in time, as I can attest to both personally and professionally.

It is my belief that, until and unless hospital leadership is held fully accountable for incidents such as this, such incidents will be one of many more moving forward.

Incidents like this are made more tragic by the increasing evidence that the benefits from healthcare cybernetics are not exactly what the zealots, pundits and industry opportunists advertised.

-- SS

Baca selengkapnya

Cambridge University Hospitals Trust IT Failures: An Open Letter to Queen Elizabeth II on Repeated EHR Failures, Even After £12.7bn Wasted in Failed NHS National IT Programme

Addenbrooke Hospital Cambridge University Hospitals EPIC healthcare IT dangers healthcare IT risks Mismanagement NPfIT Patient care has not been compromised Rosie hospital

Cambridge University Hospitals Trust IT Failures: An Open Letter to Queen Elizabeth II on Repeated EHR Failures, Even After £12.7bn Wasted in Failed NHS National IT Programme

Unknown 9/25/2015 Komentar

Dear Queen Elizabeth,

I am an American citizen who has written for years about healthcare information technology mismanagement (IT malpractice), dangers to patients of this technology when faulty in healthcare, and the huge mania or bubble that has surrounded this technology in a layer of fairy tales that has cost your Kingdom's treasury, as well as that of the U.S., dearly.

Your subjects seem unable to learn from their mistakes, or learn even from free material at sites such as this, or at my academic site at Drexel University at http://cci.drexel.edu/faculty/ssilverstein/cases/.

Instead of being appropriately skeptical, they spend your citizen's money extravagantly and with abandon on grossly faulty computing.  This results in serious health care meltdowns such as I observed at my September 22, 2011 post on your now-defunct National Programme for IT in the National Health Service (NPfIT).  That post was entitled "NPfIT Programme goes 'PfffT'" and is at http://hcrenewal.blogspot.com/2011/09/npfit-programme-going-pffft.html.

In that post I observed:

... [NPfIT] also failed because of collective ignorance of these domains [e.g., healthcare informatics, social informatics, etc. - ed.] among its leaders, and among those who chose the leaders. For instance, as I wrote here:

The Department of Health has announced the two long-awaited senior management appointments for the National Programme for IT ... The Department announced in February that it was recruiting the two positions as part of a revised governance structure for handling informatics in the Department of Health.

Christine Connelly will be the first Chief Information Officer for Health and will focus on developing and delivering the Department's overall information strategy and integrating leadership across the NHS and associated bodies including NHS Connecting for Health and the NHS Information Centre for Health and Social Care.Christine Connelly was previously Chief Information Officer at Cadbury Schweppes with direct control of all IT operations and projects. She also spent over 20 years at BP where her roles included Chief of Staff for Gas, Power and Renewables, and Head of IT for both the upstream and downstream business.

Martin Bellamy will be the Director of Programme and System Delivery. He will lead NHS Connecting for Health and focus on enhancing partnerships with and within the NHS. Martin Bellamy has worked for the Department for Work and Pensions since 2003. His main role has been as CIO of the Pension Service.

Excuse me. Cadbury Schweppes (candy and drink?) The Pension Service? As national leaders for healthcare IT?

Also see my August 2010 post "Cerner's Blitzkrieg on London: Where's the RAF?" at http://hcrenewal.blogspot.com/2010/08/cerners-blitzkrieg-on-london-wheres-raf.html.

It's clear medical leaders in the UK learned little from the £12.7bn NPfIT debacle.  Now we have this:

Addenbrooke's Hospital consultants concerned over online records
BBC News
31 July 2015
http://www.bbc.com/news/uk-england-cambridgeshire-30393575

A £200m online patient-record system has been "fraught with problems" and medics' concerns "seemingly overlooked", senior hospital consultants have claimed.

A letter seen by the BBC reveals management at Addenbrooke's and Rosie hospitals in Cambridge were told of "serious" issues last month.  It came after the hospitals transferred 2.1 million records in October.

The trust said "unanticipated" issues led to "more than teething problems". 

The hospital is the first in the UK to use Epic's eHospital system, which is used in hospitals in the US.

To the CEO, these problems are just "hiccups":

... Chief executive Dr Keith McNeil admitted there had been "more than teething problems" and "some of it was anticipated and some of it was unanticipated". The "unanticipated" problems included problems with blood tests and "one of the busiest periods in the hospital's history", he said. He added: "We're profoundly sorry about that... people will understand that you can't do an information technology implementation of this size without some hiccups.

"Hiccups" are a euphemism for incompetence in system design, implementation and testing before it is used on live patients, Your Majesty.  I also note that a close relative of mine, and numerous other patients I know of are severely injured or dead due to these "hiccups."  

And now this:

Addenbrooke's and Rosie hospitals' patients 'put at risk'
BBC News
22 September 2015
http://www.bbc.com/news/uk-england-cambridgeshire-34317265

One of the UK's biggest NHS trusts has been placed in special measures after inspectors found it was "inadequate".

Cambridge University Hospitals Trust, which runs Addenbrooke's and the Rosie Birth Centre, was inspected by the Care Quality Commission in April and May.

Inspectors expressed concerns about staffing levels, delays in outpatient treatment and governance failings.

... Prof Sir Mike Richards, the Care Quality Commission's (CQC) chief inspector of hospitals, said while hospital staff were "extremely caring and extremely skilled", senior management had "lost their grip on some of the basics".

"[Patients] are being put at risk," he said. "It is not that we necessarily saw actual unsafe practice but we did see they would be put at risk if you don't, for example, have sufficient numbers of midwives for women in labour."

The trust, which is said to be predicting a £64m deficit this year, has apologised to patients.

I note that these hospitals had been the beta site for the first implementation of U.S. EHR maker EPIC company's product of the same name.  That £64m deficit looks a bit suspicious for IT overspend; for example see this U.S. hospital's experience of going in the red over fixing 10,000 "issues" (problems) with EPIC, in my post of June 2, 2014:  "In Fixing Those 9,553 EHR "Issues", Southern Arizona’s Largest Health Network is $28.5 Million In The Red" at http://hcrenewal.blogspot.com/2014/06/in-fixing-those-9553-ehr-issues.html.

... Perhaps the most worrying aspect of the Addenbrooke's story is not that such a world-renowned hospital has ended up in a predicament like this, but rather that it happened so quickly.

A year ago the trust which runs the hospital - Cambridge University Hospitals NHS Foundation Trust - wasn't even on the Care Quality Commission's radar in terms of being a failing centre.

I suggest a deep connection between this rapid fall, and the rapid rise of an EHR - an antiquated term for what is now an enterprise command-and-control system for hospitals.

... In fact, two years ago - as the regulator was embarking on its new inspection regime - it was among the band of hospitals considered to be the safest, according to the risk-rating system at the time.

But now a hospital which can boast to being a centre of excellence for major trauma, transplants, cancer, neurosurgery, genetics and paediatrics, has been judged to be a basket case and will join the 12 other failing hospitals already placed in special measures.

In my view, a major disruptive technology such as a new EHR is the Number One suspect in such a fall.

... Certainly it seems to have made mistakes - as the troubles with its £200m computerised patient records programme illustrates - but it's hard to escape the feeling that this is just the tip of the iceberg.

The "troubles with its £200m computerised patient records programme" is likely the iceberg, not just its tip.

The Care Quality Commission ("The independent regulator of health and social care in England", http://www.cqc.org.uk/) investigated these hospitals and issued a report, located at http://www.cqc.org.uk/location/RGT01/reports.

Among their key findings were:

Introducing the new EPIC IT system for clinical records had affected the trust’s ability to report, highlight and take action on data collected on the system. 

Excuse me?   Spend £200m on a computer system, and the result is impaired ability to report, highlight and take action on data collected?  Something is very wrong here.

 ... Although it was beginning to be embedded into practice, it was still having an impact on patient care and relationships with external professionals.

Clearly, the CQC does not mean a positive impact.

... Medicines were not always prescribed correctly due to limitations of EPIC, although we were assured this was being remedied.

Spend £200m on a computer system and the result is medicine prescription impairment (with the risks to patients that entails)?  Excuse me?

If those "limitations" affect these British hospitals, what "limitations" on getting prescriptions correct exist in all the U.S.-based hospitals that use this EHR, I ask?

... There was a significant shortfall of staff in a number of areas, including critical care services and those caring for unwell patients. This often resulted in staff being moved from one area of a service to another to make up staff numbers. Although gaps left by staff moving were back-filled with bank or agency staff, this meant that services often had staff with an inappropriate skills mix and patients were being cared for by staff without training relating to their health needs.

I suspect many staff were so unhappy with the EHR that they left, and recommended others not come.

Despite this patients received excellent care.

Odd how patient care and safety is never affected by bad health IT, as in the myriad stories at this site under the indexing key "patient care has not been compromised" (http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised).

... Clinical staff were not always able to access the information they required – for example, diagnostic tests such as electrocardiographs (ECGs) to assess and provide care for patients. This was because ECGs had to be sent to a central scanning service to be scanned into the electronic recording system [a.k.a. EHR] once the patient had been discharged. This meant their ECGs would not be available for comparison purposes if a patient was re-admitted soon after discharge.

Very, very bad IT planning, potentially putting unstable patients at risk.  Cybernetic miracles always have "fine print" that needs be read by skeptical managers BEFORE implementation.

Where agency staff were used, they were not always able to access information about patients they were supporting. 

 Ditto.

... Some staff told us there were no care plans on the new IT system.  Some staff told us the doctors’ orders had replaced care plans on the new EPIC IT system. These orders were task-orientated and did not always reflect the holistic needs of the patients.

This defective arrangement sounds like it was designed by non-clinicians.   The hubris and arrogance of non-clinicians sticking their heads into clinical issues - especially those of an IT-management background - must be witnessed to be fully comprehended.  It is my belief that such individuals should be subject to the liability as are the clinicians whose work increasingly depends on these IT systems.   If you dare to stick your neck into clinical affairs regarding systems upon which clinicians depend, you should be subject to the same liabilities as a clinician.  Unfortunately, this rarely if ever occurs.

 ... Whilst there were up-to-date evidence-based guidelines in place, we were concerned that these were not always being followed in maternity. This included FHR monitoring, VTE and early warning score guidelines. Staff were competent and understood the guidelines they were required to follow, however, lack of staffing and familiarity with the computer system (EPIC) made this difficult.

The point being missed here is that paper records required no massive multi-hundred page training manual in order to to perform basic functions such as the above.  The complexity of EHRs is costly, unnecessary, impairs clinicians and the solution is a massive scale back and simplification of these systems' complexity and scope.  Unfortunately, that, too is unlike to happen until the negative impacts become increasingly visible and intolerable - a meltdown I predict will occur, eventually.

... Since the introduction of EPIC, outcomes of people’s care and treatment was not robustly collected or monitored. For example, there was no maternity dashboard available since December 2014.

Again, spend £200m and have this result?  Something is seriously wrong here.  I suspect it is that personnel no longer had the time to perform monitoring, as they were likely distracted and struggling to keep afloat with more fundamental medical issues (like keeping major mishaps from occurring) using a complex and buggy EHR system.

That theory is likely confirmed by the following:

... At unit level we observed examples of excellent leadership principles; however, leadership of the directorate overall required improvement. This was because senior managers had not responded appropriately or in a timely way to known and serious safety risks, there was a general lack of service planning, and because key performance data was not being collected robustly and therefore not being analysed. We recognised that EPIC was the root cause of the problems with data collection, and that prior to its introduction in October 2014 many of the data collection issues were not apparent, however, improving this issue was not seen as a priority.

Management, I suspect, became complacent due to their infatuation with cybernetics and a belief that with a big-name EHR in place, operational ills were accounted for and they could relax.  (I've written of this phenomenon as the "syndrome of inappropriate overconfidence in computing.")  Management complacency, bad health IT and struggling clinicians is a very, very bad combination.

... Staff understood their responsibilities for safeguarding children, and acted to protect them from the risk of avoidable harm or abuse. There were enough medical staff but there were nursing shortages in some areas, such as in the day unit and in the neonatal unit. The new ‘EPIC’ (a records management system) computer system added to pressures on staff but effective temporary solutions helped to protect patients.

In other words, workarounds were used to get around the work-impeding EHR.  Workarounds introduce yet more risk.

... the electronic records system (EPIC) created significant numbers of delayed discharges that impacted on patients receiving end-of-life care.  ... Many staff said they had struggled with EPIC and it was time consuming. The specialist palliative care team found patients dropped off the system, so kept two lists to avoid losing patients.

One does not struggle with paper records.  (My current colleagues tell me the EHR struggle is non-ending.)  I further note that a computer system's rights, it appears, took precedence over patients' dying with dignity.

... While introducing EPIC, processes to deal with remaining paper records were unclear. For example, staff documented follow-up appointment requests on notepads. Paper records which were not stored in EPIC were inconsistently stored within the outpatients department. Inaccurate discharge summaries led to a risk that patients would not receive appropriate follow up care.

A fetish to totally eliminate paper, even where paper is the best medium for a purpose (e.g., as here:  http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=Cardiology%20story), creates major chaos and increases risk.

In conclusion, Your Highness, it might benefit your citizens (and those of the U.S.) if a national re-education programme were instituted to de-condition your leaders from unfettered belief in cybernetic miracles in medicine, a mental state they attain in large part due to mass EHR vendor and pundit propaganda.

A more sober mindset is recommended by your subject Shaun Goldfinch in "Pessimism, Computer Failure, and Information Systems Development in the Public Sector" (Public Administration Review 67;5:917-929, Sept/Oct. 2007, then at the University of Otago, New Zealand): 

The majority of information systems developments are unsuccessful. The larger the development, the more likely it will be unsuccessful. Despite the persistence of this problem for decades and the expenditure of vast sums of money, computer failure has received surprisingly little attention in the public administration literature. This article outlines the problems of enthusiasm and the problems of control, as well as the overwhelming complexity, that make the failure of large developments almost inevitable. Rather than the positive view found in much of the public administration literature, the author suggests a pessimism when it comes to information systems development. Aims for information technology should be modest ones, and in many cases, the risks, uncertainties, and probability of failure mean that new investments in technology are not justified. The author argues for a public official as a recalcitrant, suspicious, and skeptical adopter of IT.

Such a mindset would be helpful in preventing massive wastes of healthcare Pounds, Euros and Dollars better spent on patient care than on cybernetic pipe dreams.

Sincerely,

S. Silverstein, MD
Drexel University
Philadelphia, PA

------------------

Addendum:

I would like to hear from those in the know if my suspicions are correct.  Please leave comments.

-- SS

Baca selengkapnya

Another day, another EHR outage: MEDSTAR EHR goes dark for days

healthcare IT crash healthcare IT outage MedStar Health Patient care has not been compromised Politico

Another day, another EHR outage: MEDSTAR EHR goes dark for days

Unknown 5/06/2015 Komentar

At my March 2, 2015 post "Rideout Hospital, California: CEO Pinocchio on quality of patient care during hospital computer crash" (http://hcrenewal.blogspot.com/2015/03/rideout-hospital-california-ceo.html) I highlighted a stunning example of when the light shone through the corporate B.S. about health IT outages, thanks to a letter to the editor by a family member of an affected patient:

Letter: Re: Rideout Hospital computer problems

http://www.appeal-democrat.com/opinion/letter-re-rideout-computer-problems/article_4a408cc0-be47-11e4-9b7b-93c22da930d4.html 

Friday, February 27, 2015 

I am writing in regard to comments made by the CEO of Rideout Hospital regarding its recent computer crash. 

He said quality of care for patients had not been compromised during this incident. He is lying.

My spouse went to Rideout almost two weeks ago and had a Lexiscan of her heart when the computer system went down. The hospital doctor released her and assured her that if anything were wrong, the radiology department would spot it and she would inform us.

Here it is two weeks later and now they are saying because of the computer problem the entire test didn't get to her cardiologist until today. They think she may have had a minor heart attack and needs further cardiac intervention.

 Is this the new "open and improved" truths we are getting from this hospital? Rideout CEO Robert Chason misinformed us all. 

I am sure my spouse, who has fallen through the cracks during this inexcusable lapse in Rideout's technical policies, is not the only patient suffering similar situations. 

Shame on Chason for minimizing the effects of this catastrophe at our local hospital. 

Edward Ferreira 
Yuba City

I am aware of another major EHR outage via Politico.com:

4/9/15
http://www.politico.com/morningehealth/0415/morningehealth17818.html

MEDSTAR EHR GOES DARK FOR DAYS: MedStar’s outpatient clinics in the D.C. and Baltimore area lost access to their EHRs Monday and Tuesday when the GE Centricity EHR system crashed. The system went offline for scheduled maintenance on Friday and had come back on Monday when it suffered a “severe” malfunction, according to an email from Medstar management that was shared with Morning eHealth.

“All of a sudden the screens lit up with a giant text warning telling us to log off immediately,” a doctor said. “They kept saying it would be back up in an hour, but when I left work Tuesday night it was still down.”

This doctor told us that the outage was “disruptive and liberating at the same time. I wrote prescriptions on a pad for two days instead of clicking 13 times to send an e-script. And I got to talk to my patients much more than I usually do.

But of course we didn’t have access to any notes or medication history, and that was problematic.” MedStar notified clinicians in the email that any information entered in the EHR after Friday was lost.

I do not know if corporate issued the standard "patient safety was not compromised" line, but can almost predict it was uttered somewhere along the line.

MedStar is a big healthcare system.  An outage for several days at its outpatient clinics is disruptive and will lead to harms in the short term, but also in the long term, that cannot be effectively tallied, due to lost information. 

That includes information put on backup paper that fails to get entered when an EHR goes back up, as well as outright computer data loss as occurred here.

Note the doctor's comments about the "liberating" aspect of being freed from health IT.  He/she could actually practice medicine, not computer babysitting.

How many harms will come of this "major malfunction?"  There is no way to know.  However, hospitals cannot have it both ways.  If these systems are touted as improving safety, then safety is affected when they are down and emergency measures are put into place, resulting in chaos; and certainly when information simply goes to the "bit bucket."

The answer?  Either far more redundancy, or far less reliance on "paperless" systems.

There also needs to be mandatory reporting of EHR outages and root cause analysis so the incidence and the reasons can be studied, at the very least.

-- SS

Baca selengkapnya

Rideout Hospital, California: CEO Pinocchio on quality of patient care during hospital computer crash

Appeal-Democrat healthcare IT crash healthcare IT risk Patient care has not been compromised Rideout Hospital Robert Chason

Rideout Hospital, California: CEO Pinocchio on quality of patient care during hospital computer crash

Unknown 3/03/2015 Komentar

EHRs and other clinical IT are touted as essential to improving safety, among many other benefits.

Yet when hospital systems crash, the common refrain by hospital executives to the press, when such stories are reported, is "...but quality of care was not compromised."  

In fact, I've made an indexing term for this refrain.  The following query link retrieves the posts so indexed, numbering almost 30 at present:  http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised

One hospital in California 40 minutes north of Sacramento had a crash and its CEO made exactly that claim.  However, a patient's husband disagreed, and called the CEO a liar.  Why?  His wife was affected by the crash in a very unsafe manner.

The Appeal-Democrat is a local news source for Sutter and Yuba counties, California, serving readers since 1860.  Emphases mine:

Letter: Re: Rideout Hospital computer problems

http://www.appeal-democrat.com/opinion/letter-re-rideout-computer-problems/article_4a408cc0-be47-11e4-9b7b-93c22da930d4.html 

Friday, February 27, 2015 

I am writing in regard to comments made by the CEO of Rideout Hospital regarding its recent computer crash. 

He said quality of care for patients had not been compromised during this incident. He is lying.

My spouse went to Rideout almost two weeks ago and had a Lexiscan of her heart when the computer system went down. The hospital doctor released her and assured her that if anything were wrong, the radiology department would spot it and she would inform us.

Here it is two weeks later and now they are saying because of the computer problem the entire test didn't get to her cardiologist until today. They think she may have had a minor heart attack and needs further cardiac intervention.

 Is this the new "open and improved" truths we are getting from this hospital? Rideout CEO Robert Chason misinformed us all. 

I am sure my spouse, who has fallen through the cracks during this inexcusable lapse in Rideout's technical policies, is not the only patient suffering similar situations. 

Shame on Chason for minimizing the effects of this catastrophe at our local hospital. 

Edward Ferreira 
Yuba City

Claims that hospital paralysis through health IT outages and malfunctions don't compromise patient care insult my intelligence.  Such claims insult the intelligence of patients and their families, too.  Outages and malfunctions nearly always compromise the quality and safety of care.
  
Patient safety is put at risk because hospitals are not making adequate efforts to keep these systems up 24x7. Many might say they can't afford it.  You don't put in life-critical information systems half-baked, however. Not in medicine, anyway.

Finally, the press, by accepting these Pinocchio-like statements from hospital administrations without severe challenge, only promote cavalier behavior of hospital executives.

Hospital executives:  EHRs are so absolutely essential to patient safety, we spend hundreds of millions of dollars on them. When they crash, however, patient care is never compromised.

-- SS

Baca selengkapnya