WARNING Health IT May Be Hazardous to Your Healthcare: New Health IT Hazard Manager Helps Providers and Vendors Track Electronic Health Systems’ Side Effects

By Chris Dimick

Some in the healthcare industry feel electronic health record (EHR) systems are a miracle cure for what ails a US healthcare system plagued with bloated costs, an inability to communicate, and stunted growth in the use of advanced tools. There are still others who equate some of the promises of health IT to a pitch for snake oil.

But regardless of whether one feels health IT is a wonder or a blunder, both sides agree—the treatment comes with side effects. Adverse patient events, mistakes in documentation, incompatibility with other systems, and IT malfunctions that endanger patients have all been seen after providers have implemented an EHR and other health IT systems.

In the past providers using health IT could only rely on personal experience, word of mouth, and sometimes vague reports from vendors and the government warning of health IT dangers. But a new tool developed through a partnership between the Agency for Healthcare Research and Quality (AHRQ), Abt Associates, ECRI Institute, and Geisinger Health System’s Patient Safety Institute, now gives all health IT users a central, standardized way to report adverse health IT events and issues, and gives patient safety advocates the ability to compile the data and report the top issues and methods for mitigation with the hope of preventing these side effects from flaring up again.

The foundation of the Health IT Hazard Manager is a vendor-neutral health IT hazard taxonomy that allows health IT users and vendors to report specific types of hazards in a standard way. The tool is now being integrated into the non-profit ECRI Institute’s Patient Safety Organization (PSO) reporting system, which will collect IT hazards via the Internet and systematically track the root cause of these health IT-related issues.

Having just launched the tool in October 2013, ECRI will soon issue reports of their findings from the reporting system that will help health IT users, like hospitals and physicians, as well as health IT vendors manage and prevent issues that arise from their systems. The hope is that the tool can make health IT safer by allowing providers and vendors to fix hazards before they contribute to user error or patient harm, says Karen P. Zimmer, MD, MPH, FAAP, medical director at ECRI Institute PSO.

“We really believe in order to make better sense of data it is best to collect data with a standardized taxonomy,” Zimmer says. “And the Hazard Manager is one of the only web-based standardized taxonomy tools for collecting and categorizing HIT hazard concern issues.”

How the Tool Works

The Health IT Hazard Manager started as a project at Geisinger Health System after providers and researchers there identified the industry need for a software tool that allows people to share information about health IT hazards in a standardized way. The tool needed to apply a standard characterization and communication system for identifying issues and naming their potential and actual adverse effects—and to do so in an anonymous way to promote use. Through a contract with AHRQ, Abt Associates further developed, revised, and tested Geisinger’s Hazard Manager in 2012 under the direction of Principal Investigator Jim Walker, MD, then the chief health information officer at Geisinger who conceived the tool and first developed it, and Andrea Hassol, principal associate at Abt Associates and Hazard Manager project director. ECRI, a non-profit research institute that for 45 years has collected, assessed, and reported on patient safety and health IT, joined the project to program and operate the Web-based beta version of the Hazard Manager. The tool was put through pilot testing by a wide range of study participants that spanned the healthcare industry, including seven hospital and health systems, five health IT vendors, and representatives from AHRQ, the Food and Drug Administration, and the Office of the National Coordinator for Health IT.

Tool developers found that test participants didn’t have trouble identifying health IT hazards to report, Hassol says. During the beta test 495 hazards were entered into the manager by test participants based on real-world incidents and near misses, ranging from incidents created by human error to flaws in health IT system design.

The goal of the test wasn’t to specifically analyze and identify top hazards and their impact, but to put the Hazard Manager through its paces and see if it could collect, sort, store, and analyze reported hazards in a standardized way using a defined taxonomy. “The beta test [looked at if the tool] is useable, do people understand the reporting categories we identified, does the standard terminology cover the appropriate and possible kinds of hazards,” says Walker, currently the principal healthcare informatician at Siemens Healthcare Services.

The hazard collection phase will come next now that the beta test is completed and the tool is deemed ready for real-world use. ECRI has integrated the Hazard Manager into its health IT error reporting system, and the tool will be integral in an upcoming ECRI pilot that will reach out to various healthcare providers and vendors to collect hazards and create reports they can use to identify and fix issues that cause user headaches or patient harm.

Health IT Hazard Manager Objectives

The Health IT Hazard Manager offers useful information to providers and vendors on potential dangers to avoid when using health IT. Some of the top objectives of the tool are:

  • Provide a clear focus for how hazards are discovered, including identifying the point in the health IT lifecycle a hazard is identified, how it is discovered, and how information about the hazard is shared within and outside a care delivery organization
  • Explain the various causes that alone or in combination with others led to a health IT hazard, including software design flaws and an absence of effective IT protections that would help users avoid errors
  • Create information about the impact of hazards, including identifying hazards that are noticed before care is affected, those that compromise the process of care delivery, and those that have the potential to, or actually do, harm patients, as well as the type, severity, and duration of patient harm
  • Collect detailed information about the urgency of hazard correction and steps that need to be taken to correct or prevent a hazard

Hazard Manager’s Genesis: Out of Failure Comes Enlightenment

The idea for the Hazard Manager came to Walker several years ago when he was working with Geisinger’s EHR implementation team, who he praised as having a much needed “obsession with preventing harm.” During, and at times after, various health IT implementations Walker and the team identified many different types of potential hazards in the EHR and other systems. The biggest hazard came during the implementation of their computerized physician order entry system (CPOE), that Walker says is a “teeth-chattering” example for all healthcare systems due to the wide use of e-prescribing.

The CPOE system wasn’t made by the same company as their recently implemented state-of-the-art pharmacy system. When attempting to connect the two systems, the implementation team realized there was no truly safe way to connect them without risking prescription errors and patient harm. The two systems were just incompatible. In the end Geisinger had to rip out their new pharmacy system and install the CPOE company’s pharmacy product—at a cost of hundreds of thousands of dollars and nearly nine months of the organization’s time. Later on, the implementation team found research that supported their finding that it wasn’t safe to try and put the different CPOE and pharmacy systems together.

“The question then became when somebody identifies that kind of risk, would there be a way for all of us to share the things we think we have found, see it in some sort of de-identified, safe way, and see, ‘Oh, there are a whole bunch of other organizations across the country who also identified this hazard,’ and then maybe it becomes a standard that you just don’t try to implement those two things together,” Walker says.

Geisinger is not alone when it comes to finding hazards in their health IT systems. The issue is widespread across vendor products and healthcare systems, and has been for some time. As physician and Harvard Medical School educator David Bates famously noted in his 2005 Journal of Biomedical Informatics commentary “Computerized Physician Order Entry and Medication Errors: Finding a Balance,” “after implementing CPOE, we routinely tracked errors and problems that were created, and made thousands of changes to the original application. If I had one thing to ‘do over’ in our CPOE implementation, it would be to have devoted more resources to this area—it is just impossible to ‘get it all right’ at the outset because the processes involved are so complex.”1

There is a two-fold need for the Hazard Manager in the healthcare industry. First, no single provider or vendor has time to sniff out potentially thousands of hazards in a health IT system. Second, this illustrates the enormity of health IT hazards and the need to pool resources, experiences, and effort within the healthcare community to identify, track, report, and fix problems. But before providers can share the hazard mitigation burden, they first have to establish a way to discuss it. “Since there is no standard way of talking about hazards, it is exceedingly hard for one organization to tell another organization about hazards they have found,” Walker says.

Although the Geisinger team had a disciplined way of identifying and managing the errors, it occurred to the group that the healthcare industry as a whole needed a more systematic and openly shared way of characterizing health IT hazards. So the group began to develop a standard language for talking about hazards that is meaningful to all healthcare providers, vendors, researchers, and regulators, Walker says. They can now do so with the Hazard Manager, and all information reported to ECRI with the tool is confidential to encourage reporting, Hassol says. The tool provides the standard taxonomy for reporting or “talking” about errors so researchers can then analyze and share the information with others.

Tool Identifies, Records, and Tracks Hazards

The Health IT Hazard Manager aims to identify, record, and track information about a hazard, including:

  • What kinds of users encounter the hazard?
  • What is the risk of patient harm?
  • Who is responsible for fixing the hazard (vendor or provider operator)?
  • What steps should be taken to manage this hazard and what is the timeline (turn off the system, monitor, or modify it)?
  • Between which products or system interfaces does the hazard occur?

The tool is meant to be used before, during, and after a health IT implementation, and serve as a central place that people from various backgrounds and expertise can report and learn about hazards. Implementation teams can use it before selecting various health IT systems and during install. Clinicians can use it to identify hazards found while using the systems for care processes. Patient safety teams can use it as they perform root cause analyses when they identify things about health IT they think contributed to a safety incident. Data put into the collection tool can be turned into trend reports that answer important questions about identified hazards, such as:

  • “What are hazards to watch for with this type of health IT system?”
  • “Is this hazard just happening to one or all providers?”
  • “What is the best practice to solve this hazard?”
Top 10 Health Technology Hazards for 2014

Each year the ECRI Institute’s Health Devices Group develops a top 10 list of health technology hazards that should be monitored by healthcare organizations. The risks are included either due to an increase in their occurrence, a change in technology, or because the risk is chronic and periodically warrants renewed attention.

In the full 2014 hazard report, available at www.ecri.org/2014hazards, ECRI provides risk mitigation strategies currently available for providers to prevent these hazards from causing patient harm. The top 2014 hazards are:

  1. Alarm hazards
  2. Infusion pump medication errors
  3. CT radiation exposures in pediatric patients
  4. Data integrity failures in EHRs and other health IT systems
  5. Occupational radiation hazards in hybrid ORs
  6. Inadequate reprocessing of endoscopes and surgical instruments
  7. Neglecting change management for networked devices and systems
  8. Risks to pediatric patients from “adult” technologies
  9. Robotic surgery complications due to insufficient training
  10. Retained devices and unretrieved fragments

Source: ERCI Institute. “Top 10 Health Technology Hazards for 2014.” Health Devices 42, no. 11 (November 2013). https://www.ecri.org/Forms/Pages/2014_Top_10_Hazards.aspx.

Humans and Machines Equally at Fault

Determining just who is at fault when it comes to health IT hazards can become a “chicken or egg” argument. Do health IT systems cause errors because they are designed poorly? Or is it the fault of poorly trained or unskilled humans not using health IT systems properly that lead to hazards?

The answer is all of the above, but also moot, Walker and Hassol say. Both human and system errors lead to health IT hazards and adverse patient safety events. According to a recent study by ECRI on health IT-related adverse events, nearly half were human-computer interface issues and the other half were system design issues alone. The goal of the healthcare community should not be to point the finger but to determine the issue and employ human and system changes to ensure the hazard doesn’t continue.

“The approach here is ‘What about the system can be fixed to make it more useable and less error prone,’” Walker says. “It is less about the blame and shame cycle we get into where we say ‘You made a mistake and we are going to fire you and act like that fixes something.’”

Some common examples of human- and system-caused health IT hazards include:

  • An implementer entering a plus instead of a minus in a health IT system equation for intracranial pressure and calculating the pressure in error
  • Inability to retract a mistakenly placed radiology test order, which leads to a patient receiving an unnecessary test
  • A clinician selecting the wrong patient name from a health IT system pick list and entering the wrong health information, which could lead to the order of an inaccurate test or the prescription of a harmful drug
  • Inadequate data transfer from one health IT system to another

Once a safety risk is identified, typically there is something that can be changed about a health IT system to make it less hazard prone, Hassol says. “Think of it as use error instead of user error. So did the system fail to protect you and others from falling into a problem? Was there something the system could have been designed to do to protect users?” she says. “Humans make mistakes, humans are tired and fallible. A system can be designed to anticipate some of that and at least not lead tired, fallible people into problems.”

Once a hazard is identified, organizations must conduct an investigation to determine who needs to fix the issue (the vendor or the organization), whether or not the hazard is dangerous enough to modify or shut down a process, and the necessary timeline for fixing the issue. Speaking with an organization’s health IT vendor is an important step, Zimmer says, as they may have a solution they can apply.

The Power of Proactive Health IT Hazard Management

If health IT-related hazards are identified and resolved before a health IT system is used (during design or implementation), no patient can be exposed to harm. The chart below, designed by Health IT Hazard Manager developer Jim Walker, illustrates how organizations can proactively manage health IT hazards.

ECRI First to Use Hazard Manager in Reporting System

Walker hopes one day the Health IT Hazard Manager will be integrated into federal programs and used as part of a national health IT safety program, similar to the Federal Aviation Administration’s Aviation Safety Information Analysis and Sharing (ASIAS) system that centrally and anonymously collects and reports airline industry hazards with the hope of enhancing safety and preventing harm. The Hazard Manager was designed as a public domain tool for that reason, to allow the government or any other interested party to test and grow its use.

But the tool doesn’t need nationwide adoption to be effective. The beta test showed that with only a small group of participants feeding hazards into the tool, it was still effective at identifying and sharing information on hazards.

ECRI integrating the tool into their PSO initiatives means, at the least, hundreds of ECRI’s member provider organizations will be benefiting from the information collected through the Hazard Manager via ECRI hazard and safety reports. Anyone can report a health IT hazard in ECRI’s Hazard Manager-enabled PSO reporting system, not just members, and ECRI often releases open, public reports that soon will feature information gleaned from the hazard tool, according to Zimmer.

As part of ECRI’s patient safety event reporting system, the Hazard Manager will be used to analyze health IT hazards and create de-identified, real-time reports that providers and vendors can use to fix and prevent future errors from occurring. ECRI will also be looking at industry trends in the system and provide insight through reports, webinars, and toolkits.

Training has begun with ECRI members on how to report this new health IT hazard event type. “We are explaining to them how the hazards collected can really help to create safety proactively by finding and fixing these health IT related hazards before they can contribute to errors in care or cause patient harm,” Zimmer says.

The tool provides ECRI with additional and sharper health IT hazard data they did not previously collect and analyze. Thanks in part to the new tool, in early 2014 ECRI is launching a pilot that will bring together health IT developers and vendors, health IT practice experts, healthcare industry leaders, associations, and other PSOs to study health IT-related events. Zimmer says this is one of the first times that health IT vendors have partnered with a PSO on health IT hazards since the pilot gives all participants broad access to de-identified information on what hazards are being reported to both PSOs like ECRI but also other health IT developers and vendors. “Prior to the Hazard Manager we collected information on health IT, but now we are able to drill down on hazard specific fields in a structured way to make better sense of the data,” Zimmer says.

Many pilot test vendors found the tool just as helpful as the providers did, even though most vendors have their own personalized hazard reporting system. “The vendors said ‘We know that the hazards our reporting system identifies are just the tip of the iceberg and we would welcome this other stream of information that would give us an idea of patterns that might be happening with our products or the interactions of our products with others,’” Walker says.

ONC Issues SAFER Guides for EHRs

In an effort to address health IT hazards that could potentially lead to patient harm due to electronic health record systems, the Office of the National Coordinator for Health IT recently issued a series of Safety Assurance Factors for EHR Resilience (SAFER) guides on its website. SAFER guides consist of nine guides organized into three broad groups—foundational guides, infrastructure guides, and clinical process guides—and enable healthcare organizations to address EHR safety in a variety of areas. The guides identify recommended practices to optimize the safety and safe use of EHRs.

No Person or Software is Perfect

At the heart of the Hazard Manager is a simple but important point—identify and learn from your mistakes. Also, nobody—not even a machine—is perfect. Though health IT like EHRs may not be a magic cure-all, it is also not snake oil, Zimmer says. While working with the Hazard Manager tool has reaffirmed the dangers of health IT for Zimmer, it has not tamped her enthusiasm for its benefits.

“One thing we have really learned is health IT has tremendous benefits, but we have also learned the importance of it being designed and implemented in a thoughtful way,” Zimmer says. “What that means is everybody needs to be responsible and play a part in improving patient safety.”


  1. Bates, David W. “Computerized physician order entry and medication errors: Finding a balance.” Journal of Biomedical Informatics 38, no. 4 (August 2005): 259-261.


Walker, Jim et al. “Health IT Hazard Manager Beta-Test: Final Report.” Agency for Healthcare Research and Quality, May 2012. http://healthit.ahrq.gov/sites/default/files/docs/citation/HealthITHazardManagerFinalReport.pdf.

Read More and Download

SAFER Guides Available Online

Interactive PDF versions of the SAFER guides can be downloaded and completed locally for self-assessment of an organization’s degree of conformance to ONC’s SAFER recommended practices. The April 2014 issue of the Journal of AHIMA will also feature an article discussing the SAFER guides and their potential impact on EHR safety.

Chris Dimick (chris.dimick@ahima.org) is editor-in-chief of the Journal of AHIMA.

Article citation:
Dimick, Chris. "WARNING Health IT May Be Hazardous to Your Healthcare: New Health IT Hazard Manager Helps Providers and Vendors Track Electronic Health Systems’ Side Effects" Journal of AHIMA 85, no.3 (March 2014): 34-39.