Medical device flaws, cloud cybersecurity, alarm fatigue are top health IT risks for 2023

The more things change in health IT, the more they stay the same, reveals ECRI’s latest list of top 10 technology risks. The organization has been publishing its rankings since 2008, and this year’s edition includes several topics that have been mainstays since the very beginning

Medical device flaws, cloud cybersecurity risks, and alarm fatigue remain among 2023’s most pressing concerns, reflecting the ongoing complexity of the health IT ecosystem in both the inpatient setting and the patient’s home.

Poor communication about medical device recalls leaves patients in the dark

This year, medical device recalls are the biggest issue, the non-profit safety organization stated.  Device manufacturers, providers, and consumer safety organizations are not adequately sharing recall information with consumers, leaving patients unaware that their technologies have been recalled, explained Marcus Schabacker, MD, PhD, president and CEO of ECRI.

“Even if patients do receive notifications, the language may be jargon-heavy and perplexing, and patients may have difficulty determining whether their device is affected or what to do about it,” he said. “Without clear, understandable information about a product recall, patients cannot accurately assess the health risks and may harm themselves by continuing to use an unsafe device, or by inappropriately stopping use of a device.”

Medical device manufacturers need to work more closely with providers and device distributers to simplify the process of registering a device, rethink their wording of instructions and recall notifications, and designate more resources to directly connecting with consumers when a device issue arises.

Concerns around medical devices feature heavily across the list, including warnings about defects in single-use devices, such as procedure kits and catheters, and inflatable pressure infusers (IPIs) that can cause fatal air emboli when improperly used.  Underreporting of these issues can perpetuate problems and put patients at unnecessary risks, ECRI cautions.

Cloud cybersecurity shortfalls risk patient care disruptions

Cybersecurity is a perennial concern in healthcare, especially as more and more clinical systems move into the cloud. Failing to identify and proactively manage cloud security risks can lead to unacceptable disruptions to patient care, ECRI says, especially when healthcare organizations don’t fully understand the scope of their responsibilities.

“Accessing a clinical service such as an EHR or a radiology system through the cloud can offer significant benefits compared with more traditional systems,” the report states. “This deployment model does not, however, eliminate a healthcare delivery organization’s security considerations. It only changes them.”

“Healthcare delivery organization[s] must rely on the cloud company to ensure the security and reliability of its online operations and to remediate any security event and promptly restore service. Nevertheless, in most cases the liability for any failure remains with the healthcare delivery organization.”

Provider organizations must stay on top of their system security by working closely with their cloud provider to delineate responsibilities, establish robust channels of communication, and collaborate in a timely manner when something goes wrong.

Staying one step ahead of cybersecurity threats can ensure that critical systems remain available and safe to support patient care around the clock.

Alarm fatigue and alert overrides create patient safety concerns 

Beeps, dings, pop up notifications, and hard stops are designed to guide a clinician’s actions in a positive direction, but too many alerts and alarms can do exactly the opposite. Alarm fatigue is closely tied with cognitive overload and eventual burnout, putting both patients and providers at risk of safety events and poor outcomes.

ECRI’s third biggest risk on the list for 2023 is inappropriate overrides of alerts on automated medication dispensing cabinets. Typically, clinicians are required to enter their credentials in order to unlock a patient’s specific medications. But in emergencies, the clinician can speed up the process with an override procedure – something that can be dangerous for patients in a routine setting, since pharmacists are not brought in to review any changes or potential contraindications.

“Some high-profile medication error events, including fatal incidents, have been associated with the inappropriate use of an ADC’s override feature,” ECRI notes. “Concerningly, the Institute for Safe Medication Practices (ISMP) has found that, too often, practitioners view the override process as a routine step, rather than a risky one.”

The report suggests that healthcare organizations monitor the number of overrides and educate clinicians on appropriate use of this function.

In a similar vein, providers may need enhanced education about the use of telemetry devices for patients. Telemetry is often overused as a “safety net” for patients who don’t actually have high-risk cardiac issues, leading to a cacophony of low-value audio and visual alarms.

“Invariably, [overuse of telemetry] leads to an increase in alarms—some of which will not require immediate action but nevertheless vie for the clinician’s attention,” the report says. “This increased alarm load can overwhelm and distract care providers, creating the conditions that can lead to a critical alarm being missed and a patient’s deterioration going unrecognized. ECRI is aware of incidents in which telemetry alarm events went unnoticed, in some cases resulting in patient harm.”

Judicious use of telemetry according to established guidelines can reduce cognitive overload and make it less likely for clinicians to miss something important.

To ensure patient safety and reduce opportunities for harm, healthcare organizations will need to regularly assess their guidelines and procedures for each of these health IT areas, provide ongoing training for staff, and invest in tools and strategies to remain proactive about identifying and addressing concerns.

Jennifer Bresnick is a journalist and freelance content creator with a decade of experience in the health IT industry.  Her work has focused on leveraging innovative technology tools to create value, improve health equity, and achieve the promises of the learning health system.  She can be reached at jennifer@inklesscreative.com.