December 12, 2014 Health IT Implementation, Usability and Safety Workgroup David Bates, chair Larry Wolf, co-chair

December 12, 2014

Health IT Implementation, Usability and Safety Workgroup

David Bates, chairLarry Wolf, co-chair

Workgroup Members

•David W. Bates, Brigham and Women’s Hospital

(Chair)

•Larry Wolf, Kindred Healthcare (Co-Chair)

• Joan Ash, Oregon Health & Science University

• Janey Barnes, User-View Inc.

• John Berneike, St. Mark's Family Medicine

• Bernadette Capili, New York University

• Michelle Dougherty, American Health Information Management Association

• Paul Egerman, Software Entrepreneur

• Terry Fairbanks, Emergency Physician

• Tejal Gandhi, National Patient Safety Foundation

• George Hernandez, ICLOPS

• Robert Jarrin, Qualcomm Incorporated

• Mike Lardieri, North Shore-LIJ Health System

• Bennett Lauber, The Usability People LLC

• Alisa Ray, Certification Commission for Healthcare Information Technology

• Steven Stack, American Medical Association

Ex Officio Members • Svetlana Lowry, National Institute of

Standards and Technology • Megan Sawchuck, Centers for Disease

Control and Prevention• Jeanie Scott, Department of Veterans

Affairs• Jon White, Agency for Healthcare

Research and Quality-Health and Human Services

ONC Staff • Ellen Makar, (Lead WG Staff)

1

HIT Implementation, Usability and SafetyDraft Workplan

Meetings Task

October 10, 2014 • Presentation of usability research MedStar and NIST

October 24, 2014 1:00 PM-3:00 PM ET

• ECRI and TJC results of adverse event database analysis• Usability Testing • Implementation Science (field reports)

November 7, 2014 1:00 PM-3:00 PM ET

• Presentation on Usability, NIST• Certification presentation – Alicia Morton, ONC

December 12, 2014 1:00 PM-3:00 PM ET

• Risk Management & Shared Responsibility• Health IT Safety Center Road Map Update

January 14, 2014 3:00PM-5:00PM ET • Risk Mgmt. and Shared Responsibility Discussion (cont.)

February 6, 2015 1:00 PM-3:00 PM ET

• TBD

February 20, 20151:00 PM-3:00 PM ET

• TBD

March 10, 2015 – HITPC Meeting • Charged with commenting on the Certification NPRM

March TBD (Mid-Month) • Certification NPRM overview and prepare to comment

March –April TBD • NPRM Comments• Potential Safety Work

May 12, 2015 – HITPC Meeting • Certification NPRM Comments to the HITPC

Agenda

Objective: Presentation and discussion of risk management and shared responsibility framework

1:00 p.m. Call to Order/Roll Call • Michelle Consolazio, Office of the National Coordinator

1:05 p.m. Review of Agenda

• David Bates, chair• Larry Wolf, co-chair

1:10 p.m. Presentation on HIT Safety and Risk Management• Mary Logan and Matt Weinger, Association for the Advancement of

Medical Instrumentation (AAMI)

1:40 p.m. Health IT Safety Center Road Map Update• Doug Johnston, RTI International

2:05 p.m. Public Comment 3:00 p.m. Adjourn

4

5© 2014 Association for the Advancement of Medical Instrumentation www.aami.org

• 7,000 members• Passionate Community:

Engineers, Physicians, Nurses, Researchers, HTM Professionals, Other Technology Experts, Regulators

• FDA is “sustaining” member


• Mission: Support HC in development, management and use of healthcare technology.

• AAMI’s best role: Convening diverse groups

• Best known for: Honest broker

What Makes AAMI Unique


• Standards Development• Education & Training• Patient Safety Initiatives (AAMI

Foundation)• Certification• Publications• Benchmarking Tools• NO Advocacy

AAMI Programs


• Sterilization suite of standards (e.g., “Ebola” Level 4 Gowns)

• Human Factors• Water Quality/Dialysis• Alarms• Risk Management• Quality Systems

9

Examples: AAMI Standards

© 2014 Association for the Advancement of Medical Instrumentation www.aami.org

• Cardiac implantable wireless device sensitivity to electronic surveillance gates used by retail stores

• Small bore connectors (the “Luer” connector)

• Decontamination of Ebola waste

• Cybersecurity

10

Examples: 2014 AAMI Standards Success Stories


• To Propose: A consensus-based process for a risk management standard(s) for Health IT

• To Show: Why it’s needed• To Illustrate: What will be

different in the future state• To Discuss: How to make it

happen

11

Why We Are Here


• No UI standardization• Little actual UCD • Not enough human factors

engineering (HFE)• No formal risk management• No systems approach• Proprietary features• No HDO standardization• No clear governance• Successes occur one

hospital at a time


HIT Safety: Current State

12

( Courtesy of Luis Melendez, Partners Healthcare, FDA Interoperability Workshop, 2010.01.25, www.MDPnP.org)

http://www.aami.org/

• Many complex engineered systems are generally reliable (e.g., bridges, power plants)

• It took many years to understand and iteratively mitigate the myriad hazards of these systems

• Digital technology is relatively new• The deployment of complex

software in safety critical environments poses significant risk of harm to humans


Complex Engineered Systems

• Across most industries, humans are not yet able to design and deploy complex software systems that are on time, within budget, meet specified requirements, satisfy their users, are reliable, maintainable, and safe!

• HIT failures are particularly problematic because they can:– Be unpredictable– Have interactive or multiplicative effects– Be difficult to identify and diagnose– Be challenging to mitigate– HARM PEOPLE!


Software is Fallible

• A 2007 National Academy of Science (NAS) report concluded:– Software systems should be

considered “guilty until proven innocent”

– It should not be the responsibility of the customer to prove that the software is unsafe

– “The burden of proof should fall on the vendor to demonstrate to an independent certifier or regulator that a system is safe”


Software Reliability & Safety

• HIT has often been developed from erroneous or incomplete design specifications– see our 2011 JAMIA paper, Health

Information Technology: Fallacies and Sober Truths.

• HIT often relies on hardware and operating systems not intended for safety critical systems

• Each implementation is a “custom job” (little standardization)

• Highly context dependent – if different context or organization, system can be unsafe or fail (emergent properties)


Unertl KM, Weinger MB, Johnson KB, Lorenzi NM: Describing and modeling workflow and information flow in chronic disease care. J Am Med Inform

Assoc (JAMIA) 16: 826-36, 2009

Healthcare Work is Complex & Highly Context Sensitive

HIT-Specific Issues

• Safety is the top priority• Safety is considered throughout

the product life cycle from initial concept to end-of-product-life management

• Product development is governed by industry wide standards of practice

• Both processes and outcomes of these industries have some type of oversight


Product Safety in High Hazard Industries

Figure courtesy of Bruce Hallbert, INL

• User-centered design (UCD) is a critical contributor to safe and usable software

• UCD is a way of design thinking and a structured way of working

• UCD is but one part of a HFE process• Risk management is another part of

the overall HFE process needed to attain safety & reliability

• It has taken almost 20 years for the medical device industry to reach its current state of HFE implementation


UCD – Important but Insufficient

User Centered Design as articulated in HFE standards

Figure courtesy of Matthew B Weinger, CRISS, Vanderbilt University

19

Risk Management (RM) Process


The process should be:• Useful to the organization• Integral to organizational processes• Integral to important decisions• Address assumptions & uncertainty• Structured and systematic• Tailorable and scalable• Transparent & Auditable• Iterative & responsive to change• Continually reassessed & improved

After ISO 31000-2009

• No other hazardous industry deploys safety critical software without a formal risk management process!

• HIT risk is not just related to direct user interactions but includes data integrity, cybersecurity, etc.

• It is time to include risk management in ONC’s required processes to assure HIT safety & reliability

• AAMI recommends an evidence-based approach to developing and implementing a standardized risk management process for HIT safety


Managing HIT Risk

21

Examples:• ISO 31000 – risk management

• IEC 80001 – RM in IT networks

• IEC 14971 – medical device RM

• ISO 62304 – software RM

• IEC 27005 – IT security RM Figure courtesy of Steve Grimes

We Can Learn From Other Industries

• PSOs, ECRI and The Joint Commission Learning from Adverse Incidents

• The FDA high risk software• The ONC best practices/safer

guides• What no one is doing yet:

Establishing a standardized comprehensive risk management (RM) process for HIT safety and reliability

22

HIT Safety – What’s Missing?


23

What RM Standards Are Needed

Source: ISO/TC 215 Joint Working Group, Future State Architecture/Framework and Roadmap (September 2014).© 2014 Association for the Advancement of Medical Instrumentation www.aami.org

24

What RM Standards are Needed

Source: ISO/TC 215 Joint Working Group, Future State Architecture/Framework and Roadmap (September 2014).© 2014 Association for the Advancement of Medical Instrumentation www.aami.org

• One vendor at a time doesn’t work

• One hospital at a time doesn’t work

• Too many moving targets• Best path: A systems

approach to complex socio-technical challenges

• Proven from other industries


Why Standardize the RM Process for HIT Safety

• HIT progress will be like “dream airplanes”

• HC will not be safer• Big adverse incidents• Net cost higher• Finger pointing• Won’t learn from each other

or from mistakes


What If the RM Process for HIT Is Not Standardized

27

• Consensus-based standards development by ANSI-accredited SDO (AAMI)

• Start in the US• EHR Vendor and Provider Co-

chairs• Committee membership

balance• Longer-term: integrate with

international efforts• Key Question: What will get

vendors to the table?

How to Get From Here to There



Steps to Get Started• AAMI submits paperwork to

ANSI to get started• Committee is formed (key:

getting the right multi-disciplinary people who want to participate)

• Industry must pay AAMI participation or membership fees/no fee for providers

• Committee develops work plan

• Vendors and providers working together

• Efficient Processes• $$$ freed up for innovation

29

Desired Future State of HIT


• Governance clarity• A systems approach to

complex socio-technical challenges

• Full life cycle view• Healthcare will be safer

30

Desired Future State of HIT


31

Analogy: Evolution of ATM Technology


1969: First cash machine1970s: Refinement of the technology1980s: ATM networks localized1990s: U.S. ATM card works in Europe

but only easy to find in big cities2000s: Cash anywhere/everywhereToday: ATM is a highly secure mini-bank

32

• Leader in healthcare tech-oriented consensus-based problem solving in areas of complexity

• Federal government preference for private consensus-based standards to fulfill government aims*

• Long track record of working with all stakeholders to develop consensus standards (ANSI-accredited; global through ISO and IEC)


http://www.whitehouse.gov/sites/default/files/omb/inforeg/revisions-to-a-119-for- public-comments.pdf (see page 21; note prior version as well)

*

Why AAMI?

http://www.whitehouse.gov/sites/default/files/omb/inforeg/revisions-to-a-119-for-public-comments.pdf

33

• “AAMI is Switzerland” for working on complex problems; not an advocacy organization; no agenda or positions

• Expertise in promulgating American standards first that grow into international standards

• Expertise in the right areas: risk management; human factors; quality systems; deep knowledge of patient safety;

• This is our core competency


Why AAMI?

“The future is already here, it just hasn’t been evenly distributed yet”

– William Gibson



http://www.aami.org/hottopics/interoperability/New/AAMI_Proposal_Package_Pre_Reading%20_ONC_Meeting_December2014.pdf



RTI International

RTI International is a trade name of Research Triangle Institute. www.rti.org

Health IT Safety Center Road Map Update

Health IT Policy Committee Implementation, Usability and

Safety Work Group

December 12, 2014

Doug Johnston

RTI International

36

RTI International

Health IT Safety Center Road Map Project

Funded by the Office of the National Coordinator for Health IT (ONC)

Contract Representative (ONC lead): Kathy Kenyon ONC Task Force Representative: Dr. Andrew Gettinger One year scope of work, followed by one option year Three main task groups on this contract:

1. Task Force and Road Map

2. Education and Engagement

3. Analysis and Research– Also administrative and communications tasks

37

RTI International

Overview of the RTI Team

38

Douglas JohnstonProject Director

Linda DimitropoulosAssociate Project Director

Dawn McIntyreProject Manager(Tasks 2..4.1 and 2.4.10 – 2.4.11)

Stephanie RizkTask Force and Road MapTask Lead (2.4.2 – 2.4.4)

Jonathan WaldEducation and EngagementTask Lead (2.4.5 – 2.4.6)

Mark GraberAnalysis and ResearchTask Lead (2.4.7 – 2.4.9)

RTI International

Project Goals and Objectives

Produce a Road Map for a national health IT safety center using a planning process that solicits private sector stakeholder input

Conduct programs and analyses for immediate advancement of health IT safety. Purposes include:1. Improving safety and safe use of health IT

2. Raising awareness of health IT safety-related initiatives, research and best practices; and

3. Collecting information on stakeholder acceptance and uptake for potential health IT safety center activities.

39

RTI International

Define potential activities Conduct educational programs Promote opportunities for

engagement and research Analyze evidence Support tool/intervention

development Identify health IT safety goals,

priorities, and related measures Support measure and evaluate

progress toward goals Collect and share learning/best

practices Provide a forum

Governance Public-private partnership Build upon and complement existing

efforts; avoid duplication

Assess funding mechanisms Sustainable funding models Develop value proposition

Road Map Considerations Related to Health IT Safety Center

40

RTI International

Task Force Members – 1 of 2*

41

Terry Fairbanks, M.D., M.S.DirectorMedStar Health National Center for Human Factors in Healthcare

Peggy Binzer, J.D.Executive DirectorAlliance for Quality Improvement and Patient Safety

Rich Landen, M.B.A., M.P.H.Patient Safety Workgroup Vice ChairElectronic Health Record Association (EHRA)

Ronni Solomon, J.D.Executive Vice President and General CounselECRI Institute

Dean Sittig, Ph.D.ProfessorUniversity of Texas Health School of Biomedical Informatics

Tejal Gandhi, M.D., M.P.H.President and Chief Executive Officer National Patient Safety Foundation

Rebecca Snead, R.Ph.Executive Vice President and CEONational Alliance of State Pharmacy Associations

Steven Stack, M.D. President Elect

American Medical Association

Diane Jones, J.D.Senior Associate Director, PolicyAmerican Hospital Association

David Classen, M.D.Associate Professor of MedicineUniversity of Utah

Gerry Castro, M.P.H. Project Director, Patient Safety InitiativesThe Joint Commission

Luke Sato, M.D.Senior Vice President and Chief Medical OfficerCRICO

* Steering Committee Members in red

RTI International

Task Force Members – 2 of 2

42

Gilad Kuperman, M.D., Ph.D.Director of Interoperability InformaticsNew York Presbyterian Hospital

Susan McBride, Ph.D., R.N.ProfessorTexas Tech University Health Sciences Center, School of Nursing

Shafiq Rab, M.D.Vice President & CIO Hackensack University Medical Center; (CHIME member)

Eugene Heslin, M.D.Lead PhysicianBridge Street Medical Group

Stephanie Zaremba, J.D.Senior Manager, Government and Regulatory AffairsAthenahealth

Melissa DanforthSenior Director of Hospital RatingsLeapfrog Group

Michael Cohen, M.D.Medical Director, Anatomic Pathology and Oncology Division University of Utah

Emily Barey, R.N. Director of Nursing InformaticsEPIC

Marilyn Neder FlackSenior Vice President, Patient Safety Initiatives

Association for the Advancement of Medical Instrumentation

Martha HaywardLead for Public and Patient EngagementInstitute for Healthcare Improvement

Amy Helwig, M.D., M.S.Deputy Director, Center for Quality Improvement and Patient SafetyAgency for Healthcare Research and Quality

Andrew Gettinger, M.D.Medical Officer & Acting Director Office Clinical Quality and SafetyOffice of the National Coordinator

Bakul Patel, M.B.A., M.Sc.Associate Director for Digital Health (acting) U.S. Food and Drug Administration

TBD

Centers for Medicare & Medicaid Services

TBDFederal Communications Commission

RTI International

Education & Engagement - Webinar Series

43

http://healthit.gov/safer/health-it-safety-webinar-series

http://healthit.gov/safer/health-it-safety-webinar-series

RTI International

Analysis & Reports

Report of the Evidence on Health IT Safety and Interventions

Report on Health IT-related Goals, Priorities and Measures

4 Information Briefs

44

• Analyze and report on health IT- related events in an adverse event database (medical liability claims)

• Only cases where health IT has been implicated in patient harm

• Apply CRICO’s taxonomy to categorize safety events

RTI International

45

RTI International

Discussion (Q&A)

46

47

Next Meeting: Wednesday, January 14, 2015 3:00 PM-5:00 PM Eastern Time

Documents

December 12, 2014 Health IT Implementation, Usability and Safety Workgroup David Bates, chair Larry Wolf, co-chair