A recent case study by Allscripts discusses steps for patient safety review when an EPR malfunctions.
Editor's Note: This article originally appeared on Allscripts Blog: It Takes a Community. 
Electronic patient record (EPR) systems are not infallible, as much as we wish they were. Maintaining a live clinical system 24/7 whilst also instituting planned upgrades and configuration changes mean that every single organisation has a unique software environment with specific workflows and hardware permutations. It is unfeasible to predict every potential scenario. Most organisations recognise that a backup plan and proactive patient safety reviews are crucial. In the UK, the NHS requires rigorous review and documentation of these activities.
However, when Trusts envisage and prepare for a major incident, they often see things in black and white; they anticipate the technology either works in its entirety or it doesn’t. Many of them create contingency plans based on the worst-case scenario of a complete outage.
In reality, EPR malfunctions are not always all or nothing, and trusts encounter a mixed variety of situations. One time, it may be that a group of users cannot access the system, and another time might involve lost data. Unfortunately, if organisations have only prepared for a full outage, they are not equipped to quickly manage and resolve events they did not anticipate. If the full resolution of the EPR issue is likely to be hours (or longer) away, plans need to be expedited to ensure an acute hospital can continue to operate 24/7.
4 steps for patient safety review when an EPR malfunctions
It’s impossible to predict every combination of possible patient safety hazard, which is why it’s important to categorise and quantify risk based on industry standard. Best-practice approaches include the following steps:
Step 1: Identify patient safety concerns as a subset of all the issues reported
When technology malfunctions, organisations must first focus on patient safety, which is defined as harm to the patient. That seems like an obvious distinction, but it’s an important one. If billing or reporting functions are down, for example, it is unlikely that will cause harm to a patient. Ensure any issues identified are assessed and systematically scored for potential patient harm
Step 2: Distinguish risks from issues
A patient safety issue is something that is happening; a risk is something that might happen. It’s important to view the situation through both lenses. Be consistent and record everything that needs to be detected and monitored. In particular, identify issues that have led to out-of-sync data that will need to be checked and entered later to restore data integrity.
Step 3: Prioritise hazards
No one can address everything all at once. Use an industry framework to determine the severity and likelihood of each safety hazard on the list. Deal with the most worrying items on the list first, and don’t lose track of the others.
Step 4: Make situation as safe as possible whilst waiting for a long-term fix
Once the list is prioritised, organizations must ask: How quickly can these items be fixed? How long will it take to do it right? How can we ensure the safety of patients in the meantime? Put in place work-around processes until a long-term resolution can be implemented.
EPRs contribute to patient safety in countless ways, and we must constantly monitor for potential risk. A lot of proactive clinical safety work is theoretical; we prepare for situation A through situation Z, but we never dreamed of situation 48. By taking a step back and addressing incidents with the core principles above, we can consistently manage risk and patient safety effectively in a crisis.
Editor’s note: To read more about our company’s commitment to patient safety, read a recent blog post by Geoff Caplea, M.D., MBA, Medical Director for Allscripts Patient Safety Program: Health IT safety is a shared responsibility.