INTRODUCTION
Health systems, in the United Kingdom and worldwide, are going digital. Healthcare providers need to ensure that they harness the ‘information revolution’ to provide better health outcomes, better patient experience and better value.1 While national policy is concerned to a large extent with major information technology (IT) programmes, such as the widespread introduction of Electronic Health Records (EHRs), many healthcare professionals are already improving their services through development of numerous bottom-up local health IT innovations. Healthcare providers need to be mindful of the potential risks to patient safety that come with the introduction of new IT into clinical practice, but many organisations are struggling to find the right strategy to engage adequately with such bottom-up small-scale innovations.
The recent Wachter review2 and other influential reports published by The King’s Fund3 and the Nuffield Trust4 set out a strategy and recommendations for the transformation of the National Health Service (NHS) towards a fully digitised and interoperable health system. It is expected that the digital infrastructure will be a key mechanism for delivering the vision set out in the NHS 5-year forward view for a modern health service.1 Indeed, health IT offers exciting opportunities for providing novel services to patients, and for improving the quality and safety of care.2,5 Experiences from several countries illustrate the wide range of potential benefits that IT can bring to healthcare, including: more engaging and patient-centred care, better access to care in rural and underserved areas, greater continuity of care across organisational boundaries, efficiency gains and cost savings.2,6
However, there is still a lively debate about the extent to which the available evidence supports the claims about the benefits of IT in healthcare.7–9 In addition, there is an increasing amount of evidence to suggest that the introduction of IT can lead to unintended consequences, and create opportunities for failure, which can have significant effects on patient safety and data security.6, 10–14 For example, concerns about the quality and safety of care have recently sparked controversy about the Cerner EHR system iHealth introduced in 2016 by Island Health at Nanaimo Regional General Hospital (British Columbia). After a series of problems and failures, some staff refused to use the system and decided to go back to pen and paper to protect the safety of patients.15
The Wachter review recognises that the NHS lacks clinicians with skills in digital health and health informatics. In response, the government set up the NHS Digital Academy with a brief to train significant numbers of clinicians to become suitably qualified Chief Clinical Information Officers (CCIO). Such CCIOs are set to become the champions and the leaders of local digital transformation.16 This is an important step forward, because it recognises that technological change needs to be carried by changes in the workforce and the culture within every organisation.
A further important observation made in the Wachter review is the need to allow for local variation in order to avoid the pitfalls of a centralised top-down approach, which formed the basis of the previous, much criticised National Programme for IT. From a patient safety perspective, I believe this is crucial for two reasons: first, because patient safety risks need to be understood and managed within the local context of use of any technology;17,18 and second, because much of the digital innovation is driven from the ground up by enthusiastic clinicians aiming to improve care within their local context.
Many healthcare providers are struggling to fully embrace the opportunities afforded by health IT, and to develop processes for managing the risks that come with the introduction of health IT into clinical processes. In this paper, I look at how healthcare providers might manage the risks of health IT in use, with a particular view to local bottom-up innovations. I argue that many of the patient safety risks relating to health IT are probably quite predictable, but all too often healthcare providers do not properly consider potential risks, and leave these unaddressed. This puts patients at risk, and it threatens the successful adoption of health IT. I draw upon experiences from a number of projects funded by the Health Foundation to outline three key recommendations for how healthcare providers might better manage their health IT risks.