REDUCING RISK AND FIDUCIARY EXPOSURE
Risk From Electronic Health Data Exchange
The World Health Organization (WHO) estimates that patient harm is the 14th leading cause of global disease burden, comparable to malaria and tuberculosis, with 42.7 million adverse events occurring during hospitalizations. It is unsettling to learn that according to a scientific study in 2018, incoming C-CDA data had a 100% error rate. Are the errors significant, such as missing when a patient has a life-threatening allergy to certain medications, or are the errors insignificant such as an empty field or garbled notations? EHR systems can’t always identify incoming data issues. Clinicians are unable to see the erroneous codes in the CDA files on their screens. If clinicians are not aware of this issue, why would you, as a hospital system, take action?
In the Health Sciences sector, where sentinel events impact every level of an organization, any risk is unacceptable. The bottom line is that data exchange errors impact individual patients, their families, the medical staff charged with their care, payers, medical practices, and hospital management.
Internal and external organizational changes can increase the risk of data errors: new staff, new data exchange partners, software upgrades, terminology changes – all can unwittingly create new challenges. Unprotected by internal data controls, inbound data poses an undetected risk.
Over our extensive history working with the U.S. Department of Veteran Affairs and their external clinical data exchange partners, we repeatedly have found three types of incoming data errors which we call the three Ms:
1) Missing Data
2) Miscoded Data
3) Misplaced Data
When you engage J P Systems’ team of experts, we develop a plan and then train staff on how to trace down and manage the three Ms. Even one sentinel event can result in lawsuits, governmental oversight, bankruptcy or worse. It is vital to have a data risk management plan that tracks and inspects the data flowing into and out of your organization. By having a mature data risk management plan, you will be able to scale your operations as the amount of data you are required to process continues to grow. In addition, the results of your data risk management plan will provide much needed evidence that your organization is proactively addressing data issues to correct current inaccuracies and has procedures in place to avoid the introduction of inaccurate or incompatible data into your organization.
RISK FROM INBOUND DATA - A 2018 study showed that virtually 0% of EHRs are error free. Fortunately, most of the errors are harmless. However, some errors can seriously affect patient safety, such as encoding the wrong diagnosis or treatment. The study, called “Interoperability Progress and Remaining Data Quality Barriers of Certified Health Information Technologies,” evaluated 401 EHRs from 52 health information technologies for compliance with the Consolidated Clinical Document Architecture (C-CDA) standard.
Real World Examples of the Increased Risk of Erroneous Data - Example of Individual Risk
Imagine you live in Washington, D.C. and while on vacation you have acute abdominal pain and need an emergency appendectomy. You’re in the hospital for surgery and the staff reaches your Primary Care Provider (PCP) to get a complete list of your medications, which you do not have with you. Your doctor’s office uses an outpatient practice management software system (EHR) which is very different from the hospital’s EHR. The PCP sends the surgeon an electronic list of your medications through the outpatient EHR to the hospital’s EHR for medication reconciliation. The information sent about your patient medications from the outpatient EHR failed to use standard drug codes. As you are wheeled into the Operating Room, the lack of ability of the two systems to communicate effectively (interoperability) causes a failure to properly transmit your thyroid medication to the hospital’s EHR. Due to a lack of standardized data, the doctor orders a lower dose of your Synthroid. The lower dose causes you, the patient, to experience a thyroid storm leading to cardiac arrhythmia and cardiac arrest.
The validation of every external data partner is critical to protecting patients. In another case, the data was transmitted, but the wrong patient’s data was sent. J P Systems works with providers to help them minimize risk, patient injury, and liability stemming from data exchange problems.
Reduce Your Risk Due to Rapid Expansion - Example of Enterprise Risk
Now imagine you’re a hospital administrator and responsible for Risk Management for over 200 provider practices and 12 hospital systems. Each hospital system is using Vendor system X7 , so it seems logical that patient data is interoperable across the different offices. But multiple terminology standards may exist. But having the same version of an EHR system does not guarantee that these systems can talk to each other. The coded data must be compatible too! Everyone forgets the critical issue of the underlying terminologies.
As your hospital system grew, you acquired several previously independent medical practices and integrated them into your IT systems. Since each practice is on Vendor system X version 7, there did not appear to be any reason to look under the hood at the data. With each new acquisition, new data is imported into your primary system X, instance. In between two large integrations, the vendor pushes a minor security patch to their servers and automatically updates your instance. Each integrated practice was using different standard terminologies which resulted in the disparate coding of clinical data fields, thereby introducing a level of risk into your organization.
Reduce Your Risk Due to New EHR Installs - Example of Individual Risk
For two days, Ronisky, a young lawyer, had been suffering from severe headaches while a disorienting fever left him struggling to tell the 911 operator his address. (Source) Suspecting meningitis, a doctor at the hospital performed a spinal tap, and the next day an infectious disease specialist typed in an order for a critical lab test — to check the spinal fluid for viruses, including herpes simplex — into the hospital’s EHR.
The system had been installed at the hospital about four months earlier. Although the order appeared on the vendor EHR system’s screen, it was not transmitted to the lab. It turned out that the vendor software didn’t fully “interface” with the lab’s software. According to a lawsuit Ronisky filed in February 2017 in Los Angeles County Superior Court, his results and diagnosis were delayed by days, he claimed — during which time he suffered irreversible brain damage from herpes encephalitis. The suit alleged the mishap delayed doctors from giving him a drug called acyclovir that might have minimized brain damage.
EHR Failures Due to Software Compatibility Issues with Data Trading Partners
One common risk arises when a hospital EHR system does not properly interface with an existing medical practice management system. (Source) “The lack of proper interfacing has been found to cause many incidents of harm, including giving a patient a medication they are allergic to, or reading a test result that has been returned, but is not actually complete.” (Source) “The private health care analytics firm Quantros said it logged 18,000 EHR-related safety events from 2007 to 2018. 3% of those events resulted in patient harm, including seven deaths.” (Source)
It is not only software that causes incompatibilities, but also the way the data has been coded for storage in a database that causes issues. By identifying risks, J P Systems can help minimize the impact of fiduciary risk to your organization. Our data quality service helps organization analyze and understand their data risks from trading partners. This is particularly critical for value-based care organizations whose bottom line is directly impacted by the need to collaborate with other providers, share lab test results, and who cannot bill for repeated lab tests.
As Artificial Intelligence (AI) and Machine Learning evolve, it is more critical than ever to reduce the risk of bad data or data coded with different standards from entering your organization unaware. Many enterprises find that the number of data streams pouring into their EHR is increasing. How can an enterprise harness, manage and mine all this external data? Partner with J P Systems and we will help you and your vendors prepare a custom data risk management plan including your needs for data standards, data trust policies and data quality improvement for interoperability.
For 37 years, J P Systems has been driving efficiencies for customers by minimizing challenges associated with IT system data exchanges. J P Systems analyzes underlying data problems which could introduce fiduciary risk to your organization. Our core focus is to increase the reliability and interoperability of clinical data. We help organizations identify and avoid risks stemming from incoming clinical data and miscommunications in Electronic Health Records (EHR) system.
J P Systems’ team of experts, including PhDs, Clinicians, Data Scientists, Computer Scientists, Data Standard Experts, and Clinical Terminologists, acts as a bridge between your clinical staff and your technical staff. Working collaboratively with your team, we analyze vulnerabilities in data exchanges, and identify potential inbound errors. Then we train your staff on how to recognize and correct identified issues as well as effectively and diplomatically communicate with your external partners. Finally, we create systemic or procedural plans and solutions to help minimize future risk.