What Do We Know About Medical Errors Associated With Electronic Medical Records?

Recently, the Journal of Patient Safety published a powerful and important article on the role of EHRs in patient harm, errors and malpractice claims. The article is open access. Electronic Health Record–Related Events in Medical Malpractice Claims by Mark L. Graber, Dana Siegal, Heather Riah, Doug Johnston, and Kathy Kenyon.  

The article is remarkable for several reasons:

Considerably over 80% of the reported errors involve horrific patient harm: many deaths, strokes, missed and significantly delayed cancer diagnoses, massive hemorrhage, 10-fold overdoses, ignored or lost critical lab results, etc.

Central to this article’ contribution is its data source and an understanding of the direction of causation of the findings: These errors came to light not because a healthcare provider noted an EHR-related problem, but because the patient was harmed, the provider was sued and there was an insurance payment. 
These data come from an insurance medical malpractice database; the harm caused the EHR-related problem to be discovered, not vise versa. Most studies of errors rely on self-reports, use of signal drugs (e.g., drugs to counteract overdoses), reports of near misses, hope that professional pride or allegiance will not prohibit reporting, etc. In other words, most errors are never, ever known. This data base, as the article’s authors note, reflects the miniscule fraction of harm that results in payouts. And very, very few harms are known, go to court, and result in payouts. Most cases of harm are unknown to the patient and to the provider! Why? Because patients are often very sick, taking many drugs, very young or very old, have suffered chronic and acute conditions, and have several comorbidities–often involving the organs that process medications, the liver and kidneys. Bad things happen to patients when the medical team does everything right, and good things happen to patients when the medical team do some things wrong. Plus the patients have their own homeostatic system that sometimes helps and sometimes works against them.

False Lessons and False Comfort: Nevertheless, despite the authors’ forthrightness about the article’s data sources and limitations, their work still repeats the false comfort that we can address EHR-linked medical problems by reporting the [very few] errors that we know about. To my view, this is a form of self-deception pretending to be a major intervention. Reporting of known errors is essential, but we can’t forget it’s probably less than 1% or 2% of the real errors. Worse, as with so many articles and proposals that pay insufficient attention to the limits of our knowledge about EHR-related problems, it seeks to deflect close attention to the problems of the EHR design, the role of clunky and user-hostile interfaces, and the lack of interoperability. Here’s the quote from the article: Both venders (sic) and the user community are already actively engaged in efforts to address the types of unintended consequences identified in this report.

Comment: One could equally argue that the industry is actively engaged in ignoring the causes of errors. How else can we reconcile the authors’ statement with the vendors’ refusal to inform the public of their usability testing, or even if they did any testing [REF or LINK Raj M. Ratwani, Natalie C. Benda, A. Zachary Hettinger, Rollin J. Fairbanks. Electronic Health Record Vendor Adherence to Usability Certification Requirements and Testing Standards. JAMA, 2015; 314 (10): 1070 DOI: 10.1001/jama.2015.8372 ]

The belief in reporting known errors as a solution is a common theme in all vendor- and ONC-sponsored programs. Again, there’s all to gain by encouraging reporting of errors, but we must remember that we know about almost none of them. As I’ve argued,  The health information technology safety framework: building great structures on vast voids  most EHR-related harms involve errors that may not only be unknown but usually unknowable. Why unknown and unknowable? In addition to the factors I noted above (e.g., comorbidities, polypharmacy, complex patients) we often fail to consider the role of the EHR in errors caused by how they isolate and fragment data needed for patient care. These problems include:
dreadful presentations of patients’ data and general poor usability
drop-down lists that continue to several screens (with the existence of the extended often hidden from the clinician)
pop-ups that hide medication or problem lists
medication lists and problem lists that can’t be seen when ordering medications lab reports presented in erratic or absurd formats and sequences herds of decision support alerts that obscure the screen data that should be contiguous separated by three screens and multiple clicks critical information on the patient is lost because of proprietary EHR software, idiosyncratic device data formats, and refusal to accept data standards, and
lack of true interoperability.  The health information technology safety framework: building great structures on vast voids

In a more general sense, we must understand that the nation’s almost three trillion dollar investment in healthcare IT by physicians, hospitals, LTCs, the government, ambulance services, visiting nurse organizations, labs, pharmacies, et cetera provides little insight into the harm associated with the technology’s use. (Hint, the much discussed $30 billion incentive payments by the government is only seed money.) Thus, while EHRs and other forms of healthcare IT offer myriad and wondrous advantages–and returning to paper is inconceivable–we should also admit to the patient safety dangers and clinical inefficiencies the technology also creates. Of course we expect the HIT trade associations to always (and only) emphasize the technology’s benefits, but it’s far less acceptable that US regulators, who encouraged and, indeed, penalized its non-use, have heretofore sought to refute or disparage those who sought to document EHRs’ unwanted consequences. One of the additional reasons we have lousy data of EHRs’ harms, is because acknowledging harms was counter to the government’s effort to encourage EHR sales and implementation. By analogy, consider where airline safety would be if the FAA dismissed most airplane’s structural or control problems as “pilot error,” training deficiencies, or as isolated maintenance issues.

No Regulation: In 1997, the EHR manufacturers convinced the FDA that oversight of its products would inhibit innovation. The manufacturers were aided in this effort by HIT enthusiasts, and several medical societies.  Health Care Information Technology Vendors’ “Hold Harmless” Clause: Implications for Patients and clinicians. Ross Koppel and David Kreda JAMA.  EHRs have enjoyed a regulatory-free zone for safety and usability since then. We can argue about the amount of innovation in the software, but almost no one would call EHRs user-friendly (REF) and patient safety has never been part of EHR certification. (Even more inexplicable, in 2015, the EHR industry and its supporters again asked the FDA to remove more of the current, non-existent oversight. I’m not sure what less than zero oversight is, but they want it. Again the industry makes the identical claim that any regulations would inhibit innovation.)

Other Aspects of the Article: While the over-reliance on reporting is unfortunate, there are a few more remarkable aspects of the article that deserve both praise and cautions:

It offers a useful and rare comparison of errors associated with ambulatory vs. inpatient vs. ED settings.

The first author, Mark Graber, is a leader in the study of diagnostic errors. This paper benefits from his focus on this critical issue.

The appendix provides a powerful synopsis of what happens to patients when the EHR is poorly designed and not well integrated into workflow or with other IT systems within a medical system. In fact, the one-page appendix should be required reading of every healthcare worker: clinician, administrator, IT team member, and financial official. We include it below.

They also excluded cases with EHR factors that also included broader HIT concerns. This is a further bias.

One of the authors was, until recently, one of ONC’s attorneys. It is a pleasure to see a willingness by former ONC personnel to publish findings that acknowledge errors associated with the use of EHRs. Only by such acknowledgments can we hope to improve patient safety.

Alas, the references are uncommonly filled with authors who were funded by the ONC, on panels commissioned by the ONC, and on those who are focused on EHR benefits and often sought to downplay EHR problems.

There is a tendency in the work to define problems as due to “user error.” This is unfortunate. More often than not, the cause of the errors are due to poor or missing displays of information, lack of interoperability, etc. Users are a part of the equation, but more often the victim (along with patients, of course). It’s easier to blame users than to fix the EHRs and the system workflow.

In sum, the article by Garber et al, is a significant contribution. The data source is powerful even if only offering just a pinhole view of the problems. But it’s a pinhole we seldom are allowed to peek through. The authors acknowledge the limitations of their dataset but, in my opinion, go for the false comfort of an insufficient solution.

While we all know that EHRs offer such great potential (the absolutely required sentence in every article about EHRs), this work—even with its shortcomings—reminds us of the total vigilance required to make the technology work well and safely. That vigilance must include demanding better EHRs in addition to better implementations. If the EHR is the sorcerer’s apprentice (a la Mickey Mouse), we must ensure with have a benign sorcerer with which to work.

Graber’s Case Examples of Health IT Related Errors, by Category Type 

▪ Fentanyl order altered by a decimal point; patient died.
▪ Insulin order defaulted to wrong preparation (long vs shortacting).
▪ Fentanyl overdose resulting from failed auto-deletion of earlier
orders of a lower dose.
▪ The EHR automatically “signed” a test result when in fact it had not been read; Patient did not receive results of co-existing liver cancer and was treated for lung cancer only. Routing of electronic data
▪ Order for blood delayed reaching lab; patient expired before
blood arrived.
▪ Critical blood gas value misrouted to the wrong unit; patient
expired from respiratory failure.
▪ Critical ultrasound result routed to the wrong tab in the EHR;
MD never saw the result until a year later; patient experienced
delayed recognition of cancer
▪ Abnormal cardiac ultrasound results misrouted, would have
prompted anticoagulation; patient died of stroke.
System dysfunction or malfunction
▪ Multiple reports of system being “down,” staff unable to access
information; In one case, medication reconciliation could
not be completed, resulting in an injurious medication error.
▪ Computer crash caused loss of colonoscopy results; follow up
delayed and next study disclosed colon cancer.
▪ Nursing staff unable to locate a previous nursing assessment and
vital signs; RN asserted that the EHR had just ‘gone live’ and
kept ‘crashing’; delayed recognition of patient’s deterioration.
▪ MDnot able to access nursing ED triage note, which would have
changed management; patient died of subarachnoid hemorrhage.
Integration problems and incompatible Systems
▪ Fetal demise followed by consent for “limited” chromosome
testing. Pathology unable to access the specific order, so did
full chromosome studies not consented by the family.
▪ Delayed diagnosis of lung cancer; Primary care provider could
not access radiology studies at the time of patient visit; paper
results filed without the MD seeing these, staff believing the
results were available on line.
▪ OB patient requested tubal ligation at the time of her 4th
planned Caesarian section. Noted on office record but not integrated
with the delivery room system. Covering MD delivered
the baby but did not know\see the request for tubal
ligation; Patient became pregnant 6 months later.
Lack of or failure of Alert/Alarm/Decision Support
▪ Pathology report of adenocarcinoma delayed in reaching patient’s
chart until after inpatient discharge and no alert sent
to patient’s physician; delayed diagnosis of cancer.
Fragmented information
▪ Test results in multiple locations; failure to note overall decline
of vital signs and lab tests; patient died of sepsis.
▪ Positive test result for cervical cancer entered into problemlist;
MD expected it to be in EHR test result section; error not discovered
until patient’s visit a year later.
▪ RN entered Haldol order as 5.0 mg instead of 0.5 mg; MD
meant to sign off on lab results, but signed off on the wrong
order by mistake.
All other
▪ Pt complained of “sudden onset of chest pains with burning
epigastric pain, some relief with antacid”; Complaint field
was too small; entry noted only as “epigastric pain”; no
ECG done; patient experienced a cardiac event days later.
▪ Lack of follow up of abnormal PSA; visit notes were sparse
due to limited text fields and use of a system that referenced
problems by a number, not text.
User-Related IssuesUser errors – miscellaneous
▪ Electronically signed discharge order omitted patient’s
Coumadin; patient admitted with stroke.
▪ Verbal order for morphine entered without upper limit defined;
patient become obtunded and expired.
▪ Results of positive test for C difficile not noticed; 7 day delay
in starting treatment.
▪MD unable to find pathology report in the EHR; called Pathology
to get a verbal report, which was a normal result from the
wrong patient; real patient died of cancer 3 years later, original
report was abnormal.
Hybrid health records/Conversion issues
▪ Medication reconciliation list did not include Sotalol;
residenct copied the ED medication list; patient went into
Afib. The EHR did not list medications fromthe prior admission
and did not interface with the inpatient unit.
▪ Patient underwent colonoscopy for bleeding per rectum but
exam was incomplete. MD changed EHR’s which didn’t convey
the incomplete exam; patient had delayed diagnosis of colon
▪ Pediatric patient received ampicillin in the ER despite known
allergy, which had been documented in the paper record but
not uploaded into the EHR.
Incorrect information
▪ Facility with new EHR dosage of Benemid copied over from
paper record incorrectly; patient received double doses, developed
seizures and died.
▪ Patient previously on anticoagulation admitted for GI bleeding;
MD intended to discontinue the anticoagulant but mistakenly
clicked on “continue Lovenox for home use”.
▪ Ultrasound results never scanned into the EHR; delayed diagnosis
of thyroid malignancy.
▪ MD intended to order Flonase accidentally selected Flomax
from a drop down menu.
Prepopulating; copy and paste
▪ History copied from a previous note which did not document
patient’s amiodarone medication; delayed recognition of amiodarone
▪ Patient was to receive 6 injections of a medication; The EHR
reflected 66 injections based on use of wrong template.
▪ Incorrect conclusion that patient was on indomethacin when
it was automatically pulled forward from an outdated medication
Training and education
▪ Covering obstetrician did not have EHR access and could not
access clinic notes documenting abnormal fetal size; stated
he\she never received training or password.
▪ Urologist failed to appreciate abnormal test results; CT results
were placed in the new EHR but MD assumed he’d receive a
paper copy.
All other
▪ Amoxicillin ordered for patient allergic to penicillin had allergic
reaction; MD over-rode the alert.
▪ Oxycodone allergy overrode by MD which removed it from
allergy list; on transfer to.
▪ Alerts on abnormal blood culture ignored;


Categories: Uncategorized

Tagged as:

6 replies »

  1. Ross: Tremendous article. Thank you so much for helping to bring this issue to light. For years now, the IT industry has tried its best to hide the danger that it has brought to healthcare.

  2. Great post. I like Dr. Palmers idea of an opt out. Likely safer for patients at this point. The ONC and FDA have prioritized corporate interests and data mining over patient safety. Not surprising, but long overdue to be openly recognized. The beginnings of acknowledging the tip of the iceberg. The doctors have been screaming about this for a while. But who cares what they think?

  3. EHRs are a 1970s technology that cannot be fixed by more regulation and user interface patches. Today’s EHRs are focused on the institution rather than the individual patient and they are tuned to proprietary medicine. Either problem would limit the future of EHR but both together call for an open-minded reassessment of the EHR technology model.

    A shift to value or outcomes-based payment must be accompanied by a patient-centered health record architecture. Institutional EHRs perpetuate procedural and institutional metrics best-suited for fee-for-service payments. Would any rational designer create an institutional EHR model today and then hope to synthesize what’s actually going on with a patient?

    The problem with proprietary EHRs becomes the same as the problem with proprietary medicine. Unlike open source software or open source medicine, EHR vendors have the incentive to minimize or even hide their bugs. Mistakes are repeated across each vendor, by design. Algorithms for decision support, alarms, and other core machine intelligence functions are secret and not subject to peer review. Regulation of EHRs is a poor substitute for open, peer-reviewed medicine. Where do we draw the line between open and proprietary medicine?

  4. Nice post. Back when I was writing code (radiation lab “apps”) in the days prior to indoor plumbing, probably close to 90% of my code comprised “idiot trapping” error prevention loops. And, those apps were utterly simple in comparison to a full-featured EHR.

    Beyond “errors,” Margalit argues that structured digital data — even wholly accurate data — are a negative, that they detract from effective clinical reasoning.


  5. Thanks for this, Ross. I think we are going to end up with a hybrid system, maybe using some kind of local area network, unconnected to the internet and not even using TCP/IP. Can you imagine a “Silent Spring”- type book expose coming out to the public? Patients would soon begin to demand exclusion from EHRs for their own records. Eg we found in my lab during erythroblastosis fetalis workups of babies that the purported father of a newborn was not compatible with the blood group and type of the baby or mother in 11% of the workups. Of course, this meant mother was fooling around. People are not going to tell the EHR the truth once they understand its vulnerabilities. Data that would harm employment will be especially guarded–obesity, back pain, high creatinines, diabetes, et al–will be kept out of records of working-adults. Abortion records, evidence of STD’s, mental health stigmata, depression, seizure activity…ditto for these too.

    We should have allowed this medical IT effort to grow from the ground up…which it was doing. Top down forcing by the ONC was not smart, but the government was in a big hurry. Now we live with unintended consequencies. I wish we had some accountability payback for those folks who rushed us into this mess….like reduced retirement income. “Skin in the Game” penalty for bad ideas.