It’s time to think carefully and look at the large systems (human and technical), institutions, and individuals that contributed to Mr. Duncan’s death. Systems should be designed to protect people and prevent human errors. Certainly we rely on the healthcare system to improve our health and to protect our privacy, especially our rights to health information privacy.
Looking at the death of Mr. Duncan, the poorly designed Epic EHR was a critical part of the problem: the lack of clarity, poor usability, hard to find critical information, and no meaningful quality testing to ensure the system prevents critical errors contributed to his death and endangered many others. Why wasn’t the discharge of a patient with a temperature of 103 from the ER flagged?
EHRs are one of several critical systemic problems.
Current US EHRs were not designed or tested to ensure patient safety or privacy (patient control over the use of PHI for TPO). The Meaningful Use requirements for EHRs don’t address patient safety or ensure patients’ legal rights to control use of PHI. Let’s face it, the MU requirements were set up by the Health IT industry, not by a federal agency charged with protecting the public, such as NIST or the FDA. Industry lobbying resulted in industry ‘self-regulation’, which has failed to protect the public in every other sector of industry. Industry lobbying is another critical systemic problem.
Our public discourse also is a critical systemic problem. The 24/7 US media drives us to play the ‘blame game’—and look at what happens: it’s a sham. A massive public and social media exercise substitutes for a crucial scientific and ethical oversight process by government and industry to face or examine the systemic causes and key actors—both people and institutions. We end up with no responsibility being assigned or addressed. Or the media hoopla and confused thinking leads to the opposite conclusion: everyone and everything is responsible and blamed, which has the same effect: it lets everyone and everything off the hook. Either way, no one and no institutions are to blame.
Think about other examples major historical examples of the way the US plays the ‘blame game’:
• Slavery ends and no people, states, or governments are held responsible for slavery. Therefore, there is no apology or reparations.
• The US invades Iraq and no people or institutions, whether the President, his advisers, Congress, or government are held responsible. Therefore, there is no apology or reparations.
• The US banking industry fails and no people or institutions are held responsible. Therefore, there is no apology or reparations.
Despite all the talk about ‘taking responsibility’ in the US, we have a deep-seated cultural aversion to examining who or what has real responsibility for anything, including who and what is responsible for incredibly destructive national actions and policies, inside or outside our borders.
Let’s look at ‘taking responsibility’ at the level of the individual. Mature adults know that individuals who cannot face who they really are or what they do are very emotionally and intellectually damaged. It’s impossible to learn, grow or change if you can’t clearly face what you do and why. If you can’t face yourself, you are doomed to continue making the same mistakes and harming yourself and others. Isn’t the definition of insanity doing the same thing over and over? And it doesn’t take being a Freudian psychoanalyst to recognize this, its common sense.
Not being able to face and examine actions taken is just as damaging to institutions and nations as it is to individuals.
Another systemic defect that plays a critical role in why flaws in EHRS have yet to be addressed and why those responsible can’t be held accountable is related to contact law: EHR companies have no contractual legal liability and individuals do not have a private right of action. So patchwork fixes are implemented after the fact, to deal with the latest surface problems, and systemic flaws are not addressed. How destructive is it to allow EHR vendors to evade facing liability for their products? Does the EHR industry bear any responsibility for their lobbying efforts that ensured the US healthcare system had to buy defective systems?
Think about other complex software products that people’s lives don’t depend on, which are far less complex than health IT. For example, take Microsoft Office. Microsoft makes improvements in Office software and tests new software intensively before releasing the next version. MSFT knows each tweak in the code could mess up features that worked well in prior versions because Office software code is so complex. To deal with these problems, MSFT employs armies of engineers to perform testing, and then also gets public feedback about problems they missed. MSFT is liable for the technology it sells, and the public can also evaluates the product and demand changes.
Nothing like that happens with health IT which puts our health and lives at risk. And in addition, industry lobbying has enabled any company that touches our personal health data to use, sell, and trade that data millions of times a day, without any accountability or transparency. The result is all data about our minds and bodies, inside and outside the healthcare system, is used without our knowledge or consent and held in millions of data bases unknown and inaccessible to us.
Neither industry nor the government will hold Epic or the EHR industry responsible for any defects in EHRs. They let liability for the software rest with the physicians, hospitals, and institutions that use it. Do you think every institution that uses health IT can hire and deploy an army of engineers to fix and evaluate the complex codes of the 150-650 different HIT software systems they use? Isn’t it another systemic failure to push fixing and testing code down to every doctor, hospital, and institution?
But in the end, laws and ethics governing the practice of Medicine require that the treating doctor is liable for what happens to his/her patient. Yet Mr. Duncan’s doctor has been left totally out of the media coverage. Why? He/she is required to examine all the evidence and make a diagnosis and treatment plan, regardless of whether the records are complete, accurate, or whether the records are paper, digitized, or carved in stone. Where are the medical and health professional organizations? Why don’t they defend and protect patients from flawed technology that violates the Hippocratic Oath? Medical ethics require health professionals not to disclose health information without the patient’s consent. Threat to life is one of the rare exceptions when physicians may violate patient privacy.
Paraphrasing Scott Silverstein, EHRs should have quality testing at the same level as “aerospace software and medical devices”. Health technology does kill and contribute to failures like the death of a person and the death of many (epidemics).
EHRs don’t need ‘flags’ for ‘Ebola’ or ‘travel to an African nation’ to prevent what happened to Mr. Duncan. Addresses the surface is a way to distract us and avoid dealing with systemic problems. The Epic EHR system, sold since 1979, could have used a simply used one or two key symptoms to create alert that would assure people with serious infections did not leave the ER—the Epic EHR could have simply flagged “temp over 102” or “severe pain” or both.
Why has the Epic EHR never addressed such an obvious problem for decades?
Like all of us living in the US, it’s not their fault. No one is to blame.
It’s up to us, the patients, to demand that the flaws in complex systems that govern the US healthcare system be faced. We need oversight that leads to systemic fixes, not code patches. So far, the interests of government and industry have trumped the public’s interests, privacy rights, and expectations of safety.
Deborah C. Peel, MD is the Founder and Chair of Patient Privacy Rights.