Risk management standards for health IT

It’s time to do risk management standards for health IT, Mary Logan, president and CEO of the Association for the Advancement of Medical Instrumentation (AAMI), said at the Bipartisan Policy Center’s Health Innovation Initiative policy forum on Dec. 3.

“Health IT has such great promise, but we can’t continue to do it at one hospital at a time, one vendor at a time. We need standardization of workflows, and more collaboration between vendors and the provider community,” she said.

AAMI is working on convening U.S. stakeholders to begin the process of developing consensus-based standards on risk management. Once that work is finished, they can collaborate with stakeholders internationally.

“There is a lot of finger pointing between vendors and users. Everybody has a role to play in the risk management process and should sit down and work together. If not, we’ll continue to have finger pointing.”

Risk management, a form of loss prevention, must be thought out across the full lifecycle, Logan said. It starts with product design, then implementation, getting it into the field, and finally configuration. “That’s how folks in health IT should be thinking about risk management. If you aren’t doing full cycle you aren’t really thinking about it,” she said.

Also, standards must identify who is responsible at what stage in the risk management process. “Ownership of adjudication would be much clearer.”

The Office of the National Coordinator for Health IT’s (ONC) EHR certification criteria does include safety and design, as well as quality measurement requirements, said Steven Posnak, director of ONC’s Office of Standards & Technology. His office has seen products that have met criteria for eight medication-related safety features.

“We build this both on the certification side as well as the public disclosure side,” he said, noting that users can access a list on the ONC website of what design process each certified entity utilizes. Feedback on how certification is working in the field is critical. “The feedback process is one we can continually improve on.”

Much work is occurring on the federal level, including the interoperability roadmap, he said. More than ever, there are opportunities for stakeholders to contribute.

“When I started in 2005, the conversation was all about adoption. Now the conversation is about how to deal with the better problems we need to solve,” he said. Now that adoption is widespread, it’s time for all stakeholders to focus on more tangible problems. “Safety fits into that, interoperability fits into that, as well as efficiencies connecting health IT use to reform,” he said. “Those are my three areas of prioritization.”

Risk management standards would require a significant amount of rigorous testing, said Logan.

Posnak agreed that testing will become increasingly important to the industry. “Testing will be a buzzword in 2015,” he said. HealthIt.gov helps coordinate and centralize testing resources, and is working with standards developing organizations to have testing available for their standards.

“There are a lot of opportunities to explore testing,” he said.