A regulatory perspective on the influence of health information technology on organisational quality and safety in England

Abstract

Health information technology can transform and enhance the quality and safety of care, but it may also introduce new risks. This study analysed 130 healthcare regulator inspection reports and organisational digital maturity scores in order to characterise the impact of health information technology on quality and safety from a regulatory perspective. Although digital maturity and the positive use of health information technology are significantly associated with overall organisational quality, the negative effects of health information technology are frequently and more commonly identified by regulators. The poor usability of technology, lack of easy access to systems and data and the incorrect use of health information technology are the most commonly identified areas adversely affecting quality and safety. There is a need to understand the full risks and benefits of health information technology from the perspective of all stakeholders, including patients, end-users, providers and regulators in order to best inform future practice and regulation.

Keywords

healthcare service innovation and IT IT design and development methodologies IT healthcare evaluation organisational change and IT secondary care

Introduction

Health information technology (IT) holds substantial promise to transform and enhance the delivery of safe, high-quality care.¹ It has the potential to reduce adverse events and improve the quality by identifying and preventing error, improving communication and collaboration, and supporting effective decision-making.^2–4 Despite the potential for health IT to improve care quality and operational effectiveness, the movement towards paperless health systems has been associated with the introduction of new unexpected risks and the potential for significant harm to patients as a consequence of human error, poor usability, technical design flaws and disruptions to established clinical processes and workflows.^5,6 Many of these risks are unique to IT within the healthcare context, and may not have been seen with other aspects of medical innovation, nor in IT systems developed for other critical sectors. This highlights that the unique safety risks posed by health IT must be carefully considered alongside the potential benefits, and new ways of identifying, evaluating and regulating the full spectrum of potential risks developed.⁷ Health IT brings numerous complex sociotechnical challenges across the design, implementation and evaluation of new technology.⁸ It is therefore crucial to asses not only technology in isolation but also the impact upon the complex adaptive systems in which it is operated.

The current landscape for assessing the broader impact of health IT is limited. The evidence that does exist largely provides qualitative insights and commentary, is lacking in robust empirical evidence and tends to focus on narrow process measures of success within a small number of organisations.^6,7,9–13 Furthermore, only recently have advances been made in developing standardised measures of organisational digital maturity which are yet to be shown to be truly valid, useful or meaningful.¹⁴ The National Health Service (NHS) Clinical Digital Maturity Index (CDMI) is an example of such a measure that is currently employed to assess organisational maturity in England.¹⁵ While global assessments of health IT are relatively immature, remarkably, there is little evidence assessing the usefulness of routine regulatory inspections to highlight areas of best practice and identify potential problems and risks related to heath IT. By their very nature, these regulatory judgements may represent a valuable repository of information that can be deconstructed to illustrate both the challenges and opportunities for health IT. Furthermore, they may help proactively address issues of safety and risk such as the interoperability and resilience of digital systems or their impact on direct patient care when designing, implementing and evaluating new technologies.

The Care Quality Commission (CQC) is England’s independent quality regulator for health and social care and currently oversees around 30,000 distinct organisations that provide care to patients.¹⁶ It monitors, inspects and regulates services to ensure that they meet fundamental standards of quality and safety¹⁷ via a well-established risk-based approach.^18–20 Despite this, there is increasing evidence that new sources of data and approaches to regulation are needed across all aspects of healthcare,²¹ none more so than the development of specific mechanisms to effectively evaluate and regulate health IT in order to understand its broader impact on the care delivered to patients as healthcare becomes ever more dependent on digital technology.

There is a need to provide further evidence to inform and support the quality assurance and regulation of health IT and the organisations that use it. This study investigates the extent to which health IT and digital maturity are salient drivers of quality, and how they may influence care in English hospitals. It provides useful evidence to help inform the implementation of new technologies, guide the development of policy, practice and regulation of health IT and ultimately improve the quality, effectiveness and safety of care provided to patients.

Aims

This study aims to characterise the positive and negative influences of health IT on the quality of care delivered in the NHS as viewed through the lens of an independent regulator. It also aims to evaluate the association between digital maturity and organisational quality, and highlight potential risks to quality and safety so as to provide evidence-based recommendations to support and inform the successful advancement of health IT as a facilitator of safe, high-quality care for all patients.

Methods

Sample

A total of 130 consecutive healthcare regulator (CQC) inspection reports from NHS provider organisations performed over an 18-month period from October 2014 to March 2016 were identified and reviewed in full by two independent reviewers. This period was purposefully selected as CQC inspection regimes had been expanded to include more in-depth identification of factors affecting quality and safety during this time.²² The 130 reports pertained to 83 secondary, 16 community, nine integrated and 22 mental healthcare providers – all of which were included in the analysis.

Study procedure and outcome measures

The full text of each CQC report was reviewed, and subsequently re-reviewed to ensure full immersion in the data as per standard principles of qualitative research methodology.²³ Two independent and trained reviewers manually extracted, coded and indexed statements referring to health IT. All references to health IT affecting direct patient care, such as those involving electronic health records systems, electronic prescribing or pathology systems, were included. References to health IT that did not directly impact care quality or safety such as electronic staff rostering, patient feedback, patient facing digital tools and electronic incident reporting were excluded. Statements were defined as positive or negative based upon their content, context and influence on safety or quality. The HITS (Health Information Technology Safety Measurement) Framework provides a conceptual foundation for health IT safety measurement, monitoring and improvement, and allows for the contextualisation and systematic structuring of findings and recommendations: the framework is summarised in Table 1.^24–26 Using a deductive approach to analysis, the HITS Framework was employed to categorise statements across the three domains of safe health IT, using health IT safely and monitoring safety²⁴ with direct excerpts used as illustrative examples.

Table 1.

Summarised coding template adapted from the health IT safety domains of the HITS framework and SAFER guide.^24–26

Domain	Principle
Safe health IT – Address safety concerns unique to technology	Data availability – the usability and accessibility of health IT. Are health IT systems easy to use, and are they available to staff when needed?
	Data integrity – accuracy and integrity of the data that are supplied to heath IT users. Are data at risk of being lost, altered or destroyed? Is there only ever ‘one true record’ of patient care?
	Data confidentiality – systems and data are only accessed by authorised users. Are there effective processes in place to ensure the security and privacy of patient information?
Using health IT safely – Optimise the safe use of technology	Complete/correct health IT use – features and functionality are implemented and used as intended. Are systems being used as intended, or are staff failing to maximise their potential due to poorly designed or functioning systems?
	Health IT system usability – are users satisfied with the usability of a system, or does poor design and dissatisfaction lead to the development of potentially unsafe workarounds or other safety concerns?
Monitoring safety – Use technology to monitor and improve patient safety	Surveillance and optimisation – processed and policies for monitoring, detecting and reporting health IT use and its impact on patient safety. Do organisations have effective processes for identifying and mitigating risks, delivering innovation and leveraging health IT to reduce harm and improve safety?

HITS: Health Information Technology Safety Measurement; SAFER: Safety Assurance Factors for EHR Resilience; IT: information technology.

NHS CDMI scores were calculated for all organisations that had data available for analysis. The CDMI score is a standardised tool for evaluating organisational digital maturity used by all NHS organisations in England.¹⁵ CDMI scores are calculated for the core themes of organisational readiness (including leadership, resourcing, governance), capabilities (including asset and resource optimisation, decision support, orders and results management, standards and transfers of care) and infrastructure (including Wi-Fi, mobile devices and single sign-on). The CDMI tool requires organisations to score themselves across 27 questions for readiness, 95 questions for capabilities and 11 questions for the infrastructure with a maximum score of 1400 available.

Data analysis

Inter-rater agreement in data extraction and coding was assessed via Cohen’s kappa coefficient on a randomly selected 10 per cent subset, and discrepancies in coding resolved via consensus. All data were arranged, structured and analysed in Microsoft Excel (Excel for Mac V15.22, Microsoft, USA) and IBM SPSS (SPSS for Mac V23, IBM Corporation, USA). Spearman’s correlation coefficient (two-tailed), Kruskal–Wallis and Mann–Whitney tests were employed to assess correlations and associations.

Results

Four reports did not have an overall CQC quality rating; thus, 126 reports were utilised for subsequent analysis. These reports yielded 585 (226 positive, 359 negative) individual references to health IT. These were coded and defined as having either a positive or a negative influence upon safety, quality or performance and are summarised in Table 2. Inter-rater agreement for data extraction and coding was excellent with an overall Cohen’s kappa coefficient of 0.89.

Table 2.

CQC observations of health IT in practice mapped to the HITS framework.²⁴

HITS framework domains	Positive references	Negative references	Total (%)
Safe health IT Address safety concerns unique to technology
Data availability	88	86	174 (29.1)
Data integrity	5	50	55 (9.2)
Data confidentiality	2	8	10 (1.7)
Using health IT Optimise the safe use of technology
Complete/correct health IT use	22	64	86 (14.4)
Health IT system usability	37	96	133 (22.2)
Monitoring safety Use technology to monitor and improve patient safety
Surveillance and optimisation	79	61	140 (23.4)
Total (%)	233 (39.0)	365 (61.0)	598

CQC: Care Quality Commission; HITS: Health Information Technology Safety Measurement; IT: information technology.

The mean number of statements per report was 4.64 (0-28), with just 13/126 (10.3%) reports containing no references to health IT indicating it is regularly highlighted by the CQC, despite it not being a formal part of the existing quality assessment framework. Health IT was most commonly reported in a negative light (mean negative references = 2.85 (0–18) vs. mean positive references = 1.79 (0–11), p = 0.004). There was no significant difference in the reporting of health IT across the organisation types analysed (secondary care, community care, integrated care and mental healthcare). Overall, nearly two-thirds (365/598, p ⩽ 0.005) of references highlighted the negative influence of heath IT on care; the most commonly identified factors being poor usability (96/365, 26.3%), inconsistent or inadequate availability (86/365, 23.6%) and the incorrect use of technology (64/365, 17.5%). The most commonly identified positive influences were those of effective data availability (88/233, 37.8%), better surveillance and optimisation (79/233, 33.9%) and enhanced usability (37/233, 15.9%). The key thematic differences highlighted between the positive and negative influences of health IT are summarised in Figure 1, and Table 3 highlights illustrative examples across the six domains of the HITS Framework.

Figure 1.

Radar plot comparing emergent themes across the positive and negative influences of health information technology on care quality in the NHS in England.

Table 3.

Examples of specific negative and positive observations of health IT extracted from CQC regulatory reports across the six domains of the HITS framework.²⁴

Safe health IT Address safety concerns unique to technology
Data availability	Positive – ‘… embracing the use of technology and community staff across the trust were increasing their use of mobile devices’ (Org 13)
	Negative – ‘Due to connectivity issues with computers electronic patient records were not always available’ (Org 18)
Data integrity	Positive – ‘…a review of the paper and electronic records ensured that the recordings are complete, accurate and do not contain variances and discrepancies’ (Org 129)
	Negative – ‘…in the community health services we found that some staff used electronic records but others used paper records. This presented a risk by having two systems complicating the process could lead to confusion or recording errors’ (Org 31)
Data confidentiality	Positive – ‘…mobile access allowed them to update their documentation in a variety of private locations so that personal information about people who used the service was protected’ (Org 118)
	Negative – ‘…safeguarding details were not sufficiently restricted to only allow access on a “need to know” basis’ (Org 25)
Using health IT Optimise the safe use of technology
Complete/correct health IT use	Positive – ‘…electronic prescribing and medicines administration system was in place on all wards and helped support safe and effective prescribing’ (Org 78)
	Negative – ‘We tracked patients within the Trust’s IT processes and it was clear the system was capable of providing intelligent timely information but the “operators” were not making the links and updating the screens’ (Org 37)
Health IT system usability	Positive – ‘Parts of the system were being redesigned to address the issues identified. It was intended that information would be easy to enter and therefore save staff time’ (Org 50)
	Negative – ‘The trust had an electronic record system, which caused frustration to many of the staff we spoke with. Staff expressed concern about its effectiveness, connectivity, lack of responsiveness and the additional workload that this added on a daily basis. Staff also commented that many of the templates were lengthy and difficult to use’ (Org 115)
Monitoring safety Use technology to monitor and improve patient safety
Surveillance and optimisation	Positive – ‘The trust was undertaking a number of measures to deliver better working IT systems and access to data in a meaningful form to staff, patients, carers and researchers’ (Org 7)
	Negative – ‘The trust board were aware of the inherent difficulties with the implementation of the software system but had failed to be proactive and plan ahead in preparation. Instead the trust took a reactive approach which left staff confused, frustrated and fire-fighting problems on a daily basis’ (Org 5)

IT: information technology; CQC: Care Quality Commission; HITS: Health Information Technology Safety Measurement.

Key overarching themes highlighted included the need to ensure the accuracy of clinical data and minimisation of data duplication to ensure the delivery of a ‘single true record’ as a fundamental driver of enhanced patient safety.²⁷ The importance of minimising dual records systems, be that across multiple distinct IT systems or between existing paper records and new electronic systems, was also highlighted as leading to confusion or recording error. This duplication can negatively impact the integrity and accuracy of safety-critical health data, particularly when introducing new IT systems to an organisation:

The Trust had a number of different records systems across the Trust. This meant that it was difficult to follow information and that the Trust could not ensure that people’s records were accurate, complete and up to date. (Org 29)

The need for new health IT systems to come hand-in-hand with effective training and ongoing support for staff was also identified:

Staff were still learning how to use the system effectively and felt they had not received sufficient training. (Org 40)

Furthermore, effective training is vital to ensure that systems are used as they are intended and that their full potential realised in order to maximise improvements in the quality and safety of services:

Some staff did not know about, or respond appropriately to, the child protection flags on the electronic patient records system. (Org 34)

A further important theme that was identified was the issue of temporary or locum staff not having access to key systems or not being trained on their use: a key patient safety risk that needs to be adequately addressed:

The trust had a system where a medicines chart was manually printed, which agency nurses signed when they gave out medicines; the electronic system was then updated by a permanent member of staff. We saw that this caused delays in updating electronic records and also saw a delay in medication being administered. (Org 109)

Despite an excess of negative observations, the positive influences of health IT were also identified and the potential for health IT to support staff in delivering excellent patient care highlighted:

We saw some impressive use of technology which was making a real difference to the way care was being delivered across the trust. There was clinical engagement with the ICT projects with nursing staff seconded to work with the ICT teams. This meant, services were developed that were meaningful and practical for front line staff. Staff at all levels told us how proactive and forward thinking the trust was in the use of technology to help them do their jobs more efficiently. (Org 125)

With regard to overall quality ratings, of the 126 reports analysed, 11 (8.7%) organisations were deemed inadequate, 81 (64.3%) requiring improvement, 33 (26.2%) good and only a single organisation was deemed to be outstanding. There was no correlation between the number of negative references to health IT and overall CQC rating (r = –0.94, p = 0.297); there was however a weak yet significant correlation between the number of positive references and CQC rating (r = 0.255, p = 0.004), suggesting that all organisations more often than not experience the negative effects of health IT, but those that report a higher number of positive effects are more likely to be rated as high quality and may have a more mature and effective approach to health IT.

Table 4 highlights key recommendations from the thematic analysis performed that may be used to help improve existing governance and regulatory arrangements, and shape future health IT developments based on real-life experiences of the successes and failures of health IT in the English NHS as seen through the perspective of an independent quality regulator.

Table 4.

Key thematic insights and recommendations to ensure the effective use of health IT.

Principle	Insights and learning points
Data availability	• Ensure all staff, in all areas and locations, have reliable access (e.g. mobile working for staff in the community)• Ensure access across services (e.g. primary through to secondary care)• Ensure reliable and secure connectivity (e.g. adequate Wi-Fi provision)
Data integrity	• Minimise dual records systems (e.g. paper and electronic systems) which often leads to confusion, recording error and failure to provide ‘a single true record’• Minimise and mitigate against the risks of using multiple legacy systems
Data confidentiality	• Ensure appropriate security and privacy policies and procedures are in place, and that these are supported by adequately protected hardware and software• Ensure appropriate authorisations and restriction of access to personal data are enforced and assured as required
Complete/correct health IT use	• Provide adequate training and ongoing support to ensure new IT systems are used as intended and to their full potential• Ensure there are appropriate procedures in places for locum or temporary staff to access and use IT systems correctly
Health IT system usability	• Strive to design simple systems that are designed for day-to-day clinical use; the user interface must ‘delight’; otherwise, staff will not use the technology or develop unsafe workarounds• Poor usability creates greater workload for staff and increases time spent on administration; usability must be a top consideration
Surveillance and optimisation	• Harness new data and insights provided by health IT to drive service and quality improvements• Ensure there is clear visibility of leadership and communication of the organisational IT strategy, objectives and vision• Adopt a proactive, rather than reactive, approach to health IT implementation; identifying and resolving risks before they impact patients• Aim to develop and implement strategies and technology that support clinical staff to perform their duties and add value as a primary objective

IT: information technology.

CDMI scores were available for 125/126 (99.2%) of the NHS organisations analysed. The median overall CDMI score was 740 (mean = 742.8, range = 299–1253, SD = 178.0), indicating significant variability in organisational digital maturity across England. There was no correlation between the number of negative (r = –0.099, p = 0.270) or positive references to health IT (r = –0.063, p = 0.486) and overall CDMI score. There was a weak, but significant correlation between an organisation’s overall CQC rating and total CDMI score (r = 0.186, p = 0.038), and between CQC rating and infrastructure score (r = 0.259, p = 0.004). This suggests that although there is wide variability in organisational digital maturity across England, more mature organisations and those with better digital infrastructure have a higher overall CQC rating, once again highlighting the plausible relationship between effective and high-performing organisations and the mature and good use of health IT.

Discussion

Healthcare is undergoing a profound transformation driven by the rapid uptake of new technologies. While the adoption of health IT will undoubtedly lead to improvements in the quality, safety and efficiency of care delivered, there is still a paucity of robust evidence to identify the true risks and benefits. This analysis shows that England’s healthcare quality regulator – the CQC – regularly identifies the impact of health IT despite it not being part of the formal assessment framework. Worryingly, nearly two-thirds of these regulatory observations identify the negative effects of health IT that may compromise patient safety, care quality or the working lives of staff. While all organisations had significantly more references to the negative aspects of health IT, importantly, there was a significant relationship between the positive use of health IT and overall organisational quality. Furthermore, while there is widespread variation in the digital maturity of healthcare providers in England, more mature organisations and those with better digital infrastructure are more likely to be high-quality providers of care. Organisations that invest time, people and resource into good health IT are more likely to be high-performing organisations. Conversely, those which are deemed to be delivering inadequate care to their patients are more likely to have poor IT identified through both external regulatory assessment and self-reported measures of digital maturity.

This study has also demonstrated that routine regulatory inspections can provide unique and meaningful insights into the successes and failures of health IT and its influence on the care delivered to patients as shown in Table 4. It not only highlights the current status quo but also has provided firm evidence that may be used to help improve health IT in the future, shape developments based on real-life experiences and drive meaningful improvements in quality and safety.

This study has reinforced the assertion that good health IT is even more critical in securing the safe and sustainable delivery of healthcare. The evidence that introducing widespread structural change, promoting system integration and advocating the adoption of new technology lead to improvements in the quality and safety of care is fairly robust.^28–30 Indeed, hospitals on the ‘most wired’ list of digital maturity do show higher composite quality scores,³¹ and patients treated in digitally mature hospitals may experience lower in-hospital adverse events, mortality, length of stay and complications.^32,33 Given that the majority of studies evaluating the impact of new technologies tend to focus on narrow process-led outcomes of specific technologies in a small number of institutions,³⁴ the broader value of health IT and its influence on the overall quality of care remain largely unknown.³⁵

This study identifies a persistent and widespread variation in the digital maturity across healthcare organisations in England. Barriers to the successful implementation of good health IT may include financial, legal, social and ethical factors, together with the low digital literacy of clinicians, a shortage of evidence for the cost-effectiveness and clinical impact of new products and poor system interoperability.^36,37 Meanwhile, there have been numerous examples of new technology fostering error and harm and weakening rather than strengthening the complex systems of people, technology and process that underpin the effective and safe delivery of care.³⁸ Negative attitudes to new technology may be built on experience, often foster resistance to change and are commonly implicated in the failure of new technology to diffuse across health systems. Examples of such experiences with health IT include an increase in administrative burden, a high risk of clinician burnout and low levels of satisfaction,³⁹ despite the vast majority of clinicians reporting a positive expectation of its potential to improve the quality of care.⁴⁰ New technology must be designed to support day-to-day clinical activities and be easy to use; otherwise, staff will develop unsafe workarounds and devote unnecessary additional time to administrative tasks to the detriment of patients.^41,42 End-user satisfaction is a legitimate and sensitive barometer of health IT and should take precedence over the satisfaction of IT professionals or managers who often have competing objectives and priorities from frontline healthcare professionals. Inevitably, these hurdles and a failure to address them in a systemic and joined-up way mean that the wide disparity in technology adoption persists across all healthcare systems.⁴³

This study has suggested that there is a relationship between the positive use of health IT and overall organisational quality. While entirely plausible, these results must however be interpreted within the context of the strengths and limitations of the study. The quality of care delivered to patients is dependent on a huge range of factors within an extremely complex and dynamic landscape; determining causal inference may therefore be problematic. As previously identified, there is no formal mechanism for identifying or evaluating health IT within the current CQC framework; none the less 598 specific references to health IT were identified which is a large, unique and rich source of data for analysis. An existing published framework²⁴ was utilised to support the evaluation which provides a robust, valid and evidence-based approach to analysis. The NHS CDMI tool is an evidence-based self-assessment framework that attempts to account for not only the narrow focus on technology but also important broader aspects of digital maturity that are often not measured such as digital literacy and capability;¹⁴ it is currently the best measure of digital maturity in England. Furthermore, the internal consistency and inter-rater agreement in both data extraction and subsequent coding of the data were good with an overall Cronbach’s alpha of 0.89.

CQC quality ratings consider a wide range of factors, and it is challenging to ascertain the direction of causality for the findings reported. There is no formal structure or framework upon which judgements about health IT are made, and in the absence of this, any references are likely to be opportunistic and dependent upon the nuances of each inspection team – which are not consistent in composition, experience and skills – and also in the information that is provided to them by individual organisations. Inspectors are likely to have inevitable bias towards highlighting areas for improvement, rather than identifying those of good practice which also potentially influences the quality and completeness of the data. Effective and well-led organisations are likely to have a mature approach to health IT, and we know that the implementation of new technology is subject to multiple context- and institution-specific barriers that may also correlate with overall organisational quality and performance.^36,37 Large academic hospitals and those located in urban areas tend to spend more health IT.^43,44 They are also likely to deliver higher quality care due to a greater range of specialist services, better infrastructure and higher patient volumes in comparison to smaller, more isolated institutions.^45,46 Furthermore, smaller institutions may lack the knowledge, skills and resources to embark on complex IT projects. Finally, the focus on secondary care organisations in the study may limit the applicability of the findings to the wider healthcare economy. The vast majority of patient interactions with the NHS in England take place in primary care⁴⁷ and these are not evaluated in this analysis.

The majority of the insights from this study highlight the negative effects of health IT. While this may reflect the understandable tendency for quality inspections to focus on areas for improvement, it nonetheless provides potentially useful insights into the strengths and weaknesses of health IT with implications for future policy and practice. Tackling problems with software and hardware in isolation can only partially mitigate against the risks of new technology. It is important to tackle the entire scope of the sociotechnical system,⁸ including people, organisations, systems, policies and processes as well as the technology, in order to fully address potential patient safety concerns and maximise the benefits that health IT can deliver. To support this, it has been rightly highlighted that there is a need to develop clinical leaders with the necessary skills in informatics to fully realise the transformative potential of health IT and foster innovation throughout the health economy.⁴⁸

There is a clear need to address gaps in the understanding of health IT in real-world settings and provide further evidence to inform and support the regulation and assurance of new and existing technologies. Our analysis frequently identified the potential for health IT to negatively impact patents and staff. There is however a paucity of literature reporting patient harm associated with health IT; it is estimated that just 0.2 per cent of reported patient safety events relate to health IT,⁴⁹ and only 850 individual safety events from a national IT programme were reported over a 6-year period.¹¹ Voluntary reporting of adverse events only detects a small proportion of problems, and often neglects latent errors and near misses that could point to important safety issues that are associated with poor, but not obviously catastrophic, failures.⁵⁰ There is a pressing need to develop formal mechanisms to identify, monitor and address health IT–related safety issues. The full impact of the recent WannaCry cyberattack on the NHS – a large-scale ransomware attack in 2017 that was driven by inadequate IT provision at both a local and national level – has been impossible to quantify, but many thousands of patients were directly impacted.⁵¹ The WannaCry attack also further highlighted that the current regulatory regime is not fit for the digital age and fails to monitor key aspects of patient safety and organisational resilience related to health IT. As such, there is a need to develop better mechanisms to monitor, regulate and quality assure health IT as a fundamental pillar of patient safety;^51–53 effective health IT is inextricably linked to the provision of safe care. No other hazardous industry develops and implements safety-critical IT without some form of independent safety analysis and assurance,⁵⁴ and so there is a clear need to develop an updated process of regulation in healthcare that ensures a credible, consistent and evidenced-based approach. The health domain is unique, but needs to not only learn the lessons of other critical sectors but also share best practice across organisations and stakeholders in order to capture the full breadth of risks and opportunities and ensure that individuals, institutions and regulators keep pace with changes in technology and practice.

Conclusion

The effective use of technology has the potential to transform and enhance the quality and safety of care, but it may also introduce new risks and cause unintentional harm to both patients and organisations. This study highlights that health IT is more often than not associated with negative consequences for patients and staff. Moreover, advanced digital maturity and the positive use of health IT is significantly associated with overall organisational quality. Despite some limitations, this study provides valuable insights into health IT: informing the development and implementation of new technologies, identifying the need for new regulatory and governance procedures, and helping support the very real potential for health IT to bring tremendous benefits and improve the quality of care delivered to patients. However, to be a success, it requires investment in time, people and resources. There is a time-sensitive requirement for an updated approach to managing risk and supporting innovation in health IT. All stakeholders must keep pace with changes in technology and learn from the experiences of other organisations and sectors to ensure the safety of patients, promote the best use of technology and support the sustainability of care delivery as we advance the digital age of healthcare.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This paper represents independent research supported by the National Institute for Health Research (NIHR) Imperial Patient Safety Translational Research Centre (PSTRC) at Imperial College London and Imperial College Healthcare NHS Trust. The views expressed are those of the authors and not necessarily those of the NHS, the NIHR or the Department of Health.

ORCID iD

Guy Martin

References

Institute of Medicine. Crossing the quality chasm: a new health system for the 21st century. Washington, DC: National Academies Press, 2001.

Powsner

Wyatt

Wright

. Opportunities for and challenges of computerisation. Lancet 1998; 352(9140): 1617–1622.

Bates

Gawande

. Improving safety with information technology. New Engl J Med 2003; 348: 2526–2534.

Jones

Rudin

Perry

, et al Health information technology: an updated systematic review with a focus on meaningful use. Ann Intern Med 2014; 160(1): 48–54.

Weiner

Kfuri

Chan

, et al ‘e-Iatrogensis’: the most critical unintended consequence of CPOE and HIT. J Am Med Inform Assn 2007; 14: 387–388.

Myers

Jones

Sittig

. Review of reported clinical information system adverse events in US Food and Drug Administration databases. Appl Clin Inform 2011; 2(1): 63–74.

Sittig

Singh

. Electronic heath records and national patient-safety goals. New Engl J Med 2012; 367: 1854–1860.

Sittig

Singh

. A new sociotechnical model for studying health information technology in complex adaptive healthcare systems. Qual Saf Health Care 2010; 19(Suppl. 3): i68–i74.

Magrabi

Aarts

Nohr

, et al A comparative review of patient safety initiatives for national health information technology. Int J Med Inform 2013; 82(5): e139–e148.

10.

Meeks

Smith

Taylor

, et al An analysis of electronic health record-related patient safety concerns. J Am Med Inform Assn 2014; 21(6): 1053–1059.

11.

Magrabi

Baker

Sinha

, et al Clinical safety of England’s national programme for IT: a retrospective analysis of all reported safety events 2005 to 2011. Int J Med Inform 2015; 84(3): 198–206.

12.

Palojoki

Pajunen

Saranto

, et al Electronic health record-related safety concerns: a cross-sectional survey of electronic health record users. JMIR Med Inform 2016; 4(2): e13.

13.

Lennon

Bouamrane

Devlin

, et al Readiness for delivering digital health at scale: lessons from a longitudinal qualitative evaluation of a national digital health innovation program in the United Kingdom. J Med Internet Res 2017; 19: e42.

14.

Flott

Callahan

Darzi

, et al A patient-centered framework for evaluating digital maturity of health services: a systematic review. J Med Internet Res 2016; 18(4): e75.

15.

NHS England. NHS England launches Clinical Digital Maturity Index to improve patient safety, https://www.england.nhs.uk/2013/11/cdmi/ (2013, accessed 15 April 2016).

16.

CQC. Chief Executive’s report to the Board. Report, Care Quality Commission, October 2015.

17.

CQC. Care Quality Commission (CQC), 2016, http://www.cqc.org.uk

18.

CQC. Intelligent monitoring: NHS acute hospitals, http://www.cqc.org.uk/content/intelligent-monitoring-nhs-acute-hospitals (2014, accessed 1 February 2018)

19.

Bardsley

Spiegelhalter

Blunt

, et al Using routine intelligence to target inspection of healthcare providers in England. Qual Saf Health Care 2009; 18(3): 189–194.

20.

Rothstein

Downer

. Exploring the emergence of risk-based policymaking in UK central government. Public Admin 2012; 90: 781–799.

21.

Griffiths

Beaussier

Demeritt

, et al Intelligent monitoring? Assessing the ability of the Care Quality Commission’s statistical surveillance tool to predict quality and prioritise NHS hospital inspections. BMJ Qual Saf 2017; 26(2): 120–130.

22.

Torjesen

. CQC sets out new inspection regime for hospitals in England. BMJ 2013; 347: f4631.

23.

Mays

Pope

. Assessing quality in qualitative research. BMJ 2000; 320: 50–52.

24.

Singh

Sittig

. Measuring and improving patient safety through health information technology: the Health IT Safety Framework. BMJ Qual Saf 2016; 25(4): 226–232.

25.

Singh

Ash

Sittig

. Safety assurance factors for electronic health record resilience (SAFER): study protocol. BMC Med Inform Decis Mak 2013; 13: 46.

26.

Sittig

Ash

Singh

. The SAFER guides: empowering organizations to improve the safety and effectiveness of electronic health records. Am J Manag Care 2014; 20(5): 418–423.

27.

Payne

Fellner

Dugowson

, et al Use of more than one electronic medical record system within a single health care organization. Appl Clin Inform 2012; 3(4): 462–474.

28.

Jha

Perlin

Kizer

, et al Effect of the transformation of the Veterans Affairs Health Care System on the quality of care. New Engl J Med 2003; 348(22): 2218–2227.

29.

Perlin

. Transformation of the US Veterans Health Administration. Health Econ Policy L 2006; 1(Pt2): 99.

30.

Buntin

Burke

Hoaglin

, et al The benefits of health information technology: a review of the recent literature shows predominantly positive results. Health Affair 2011; 30(3): 464–471.

31.

Himmelstein

Wright

Woolhandler

. Hospital computing and the costs and quality of care: a national study. Am J Med 2010; 123(1): 40–46.

32.

Amarasingham

Plantinga

Diener-West

, et al Clinical information technologies and inpatient outcomes. Arch Intern Med 2009; 169(2): 108–114.

33.

Furukawa

Eldridge

Wang

, et al Electronic health record adoption and rates of in-hospital adverse events. J Patient Saf. Epub ahead of print 01 February 2016. DOI: 10.1097/PTS.0000000000000257.

34.

Chaudhry

Wang

, et al Systematic review : impact of health information technology on quality, efficiency and costs of medical care. Ann Intern Med 2006; 144(10): 742–752.

35.

Parente

McCullough

. Health information technology and patient safety: evidence from panel data. Health Affair 2009; 28(2): 357–360.

36.

Stroetmann

Artmann

Dumortier

, et al United in diversity: legal challenges on the road towards interoperable eHealth solutions in Europe. Eur J Biomed Inform 2012; 8: 3–10.

37.

Currie

Seddon

. A cross-national analysis of eHealth in the European Union: some policy and research directions. Inform Manage 2014; 51: 783–797.

38.

Ash

Berg

Coiera

. Some unintended consequences of information technology in health care: the nature of patient care information system-related errors. J Am Med Inform Assn 2004; 11(2): 104–112.

39.

Shanafelt

Dyrbye

Sinsky

, et al Relationship between clerical burden and characteristics of the electronic environment with physician burnout and professional satisfaction. Mayo Clin Proc 2016; 91(7): 836–848.

40.

Yau

Williams

Brown

. Family physicians’ perspectives on personal health records: qualitative study. Can Fam Physician 2011; 57(5): e178–184.

41.

Shaha

El-Othmani

Saleh

, et al The growing gap in electronic medical record satisfaction between clinicians and information technology professionals: issues of most concern and suggested remediations. J Bone Joint Surg Am 2015; 97(23): 1979–1984.

42.

MacMillan

Slessarev

Etchells

. eWasted time: redundant work during hospital admission and discharge. Health Inform J 2014; 22: 60–66.

43.

Jha

DesRoches

Campbell

, et al Use of electronic health records in U.S. hospitals. New Engl J Med 2009; 360: 1628–1638.

44.

Neumeier

Berner

Burke

, et al Hospital budget increase for information technology during phase 1 of meaningful use. Health Care Manage 2015; 34: 157–165.

45.

Juillard

Lashoher

Sewell

, et al A national analysis of the relationship between hospital volume, academic center status, and surgical outcomes for abdominal hysterectomy done for leiomyoma. J Am Coll Surg 2009; 208(4): 599–606.

46.

Burke

Frakt

Khullar

, et al Association between teaching status and mortality in US hospitals. JAMA 2017; 317(20): 2105–2113.

47.

NHS England. https://www.england.nhs.uk/five-year-forward-view/next-steps-on-the-nhs-five-year-forward-view/primary-care/ (accessed 3 June 2019)

48.

Sood

NcNeil

Keogh

. Chief clinical information officers: clinical leadership for a digital age. BMJ 2017; 358: j3295.

49.

Magrabi

Ong

M-S

Runciman

, et al An analysis of computer-related patient safety incidents to inform the development of a classification. J Am Med Inform Assn 2010; 17(6): 663–670.

50.

Koppel

. Monitoring and evaluating the use of electronic health records. JAMA 2010; 303(19): 1918.

51.

National Audit Office. Investigation: WannaCry cyber attack and the NHS – National Audit Office (NAO). National Audit Office, 2017, https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf%0Ahttps://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/

52.

Martin

Hankin

, et al Cybersecurity and healthcare: how safe are we. BMJ 2017; 358: j3179.

53.

Martin

Ghafur

Kinross

, et al WannaCry – a year on. BMJ 2018; 361: k2381.

54.

Karsh

Weinger

Abbott

, et al Health information technology: fallacies and sober realities. J Am Med Inform Assn 2010; 17(6): 617–623.