American Journal of Law & Medicine

An eHealth diptych: the impact of privacy regulation on medical error and malpractice litigation.


Notwithstanding the continuing debate over the future of managed care and the appropriate protections to be included in a Patient's Bill of Rights, the safeguarding of patient privacy and the reduction of medical error have emerged as the dominant health law issues. Displacing even the implications of the advances in genomics from the from and editorial pages of our newspapers, privacy and medical error have left the cozy world of professional journals and political platitudes to demand corrective action.

The issue of data privacy already possessed some serious political credentials before the Clinton administration ushered health privacy to center stage by its promulgation of regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). (1) Public visibility was increased by the Bush administration's very vocal dissatisfaction with the regulations, (2) followed by its well publicized, though probably temporary, capitulation. (3) Only recently has medical error resurfaced as an issue of comparable weight attracting public and political concern. (4) A series of publications by the Institute of Medicine (IOM) have not only highlighted the quality flaws in our current system, but have intensified the debate beyond cliched calls for action by appending highly concrete suggestions for amelioration of the problem.

This article argues that the forces driving increased privacy and reduced medical error are closely related; that they find common ground in process re-engineering and the adoption of technologies that conceptually, architecturally and operationally will intersect and frequently combine. (5) The new and controversial federal medical privacy regulations should be put into perspective and recognized as a relatively minor, albeit laudable, component of a broader thrust to update our delivery system to improve, among other things, the quality of care. Additionally, this article argues that increased privacy regulation will further stimulate emerging eHealth (6) business models as improved privacy and security accelerate the utilization and acceptability of computer-mediated healthcare delivery.

In addition to exploring the close and dynamic relationship between health privacy and medical error, this article examines how the infrastructure developments and new privacy regulations will more immediately and often unintentionally reshape one of our extant quality assurance systems--malpractice law. In this regard, it examines how traditional substantive malpractice law is already reacting to changes in healthcare technologies, suggesting that aspects of the privacy regulations will have serious, albeit unanticipated, effects on doctrines such as informed consent and, by reducing false positives, the overall level of malpractice-based risk reallocation.

Part II begins with a discussion of the process and technological implications of the federal government's regulation of medical privacy, particularly in terms of its structure and architecture. Part III will examine the role of technology in reducing medical error. The remainder of the article focuses on the more technical legal implications of the interaction between privacy regulation and the drive to reduce error. In this context, Part IV will scrutinize the impact of privacy regulation and eHealth on substantive malpractice law. Part V will examine the relationship between consent-to-disclosure in privacy regimes and informed consent. Finally, Part VI will discuss the operational or process implications of new privacy and security regimes on malpractice litigation.


At first glance, protecting privacy and improving quality seem to implicate diametrically opposed operational imperatives. The protection of privacy suggests a need to decrease the flow of patient-related information, whereas maximizing information and minimizing information costs are key strategies aimed at improving the quality of care. In fact, nothing could be further from the truth. The overall HIPAA-mandated system is driven by a desire to invigorate the flow of medical information; data protection was appended only to preempt likely provider attempts to externalize the inevitable privacy costs. (7)

The relationship between privacy and quality, however, goes beyond the operational to the architectural. It is not a clean relationship; it is frequently nonlinear while intersections occur at several levels. First, it is true that HIPAA's "Administrative Simplification," which begat our new federal health privacy regulations, was "sold" to the healthcare industry on the basis of its cost-saving architecture. However, on closer examination the improvement of healthcare quality seems to have been an equally strong rationale. Second, the process and technology architecture that will be required to comply with HIPAA--and achieve the promised cost extraction--will lend itself very nicely to the next generation of medical error reducing systems. Third, many of our existing error reducing systems have been ineffective because of provider non-compliance or because our existing systems fail to generate appropriate data. The data architecture and information technology (IT) infrastructure contemplated by HIPAA will likely reinvigorate those systems and their dependent reporting structures. Fourth, consumers will respond positively to improvements in the protection of medical privacy with increased demand for technologically-mediated medicine and online information about healthcare and healthcare providers.

The healthcare industry's attention has been tightly focused on the new HIPAA privacy regulations. (8) Indubitably, many providers view them as an unwelcome and extremely expensive example of governmental overreaching and overregulation. (9) Equally, privacy advocates welcome the regulations. (10) Whatever their merits, however, the privacy regulations are merely a means to an end. Furthermore, the privacy regulations are only a relatively minor, albeit costly, component of HIPAA, just as HIPAA's "Administrative Simplification" is only a component of the overall health information architecture.

The journey through the technical world of HIPAA (and an apparently unlimited collection of acronyms) begins with HIPAA's "Administrative Simplification" Subtitle F, wherein we discover that HIPAA was designed "to improve ... the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." (11)

Somewhat buried in the HIPAA statute (12) was a provision re-tasking the National Committee on Vital and Health Statistics (NCVHS) (13) to become the primary advisory group for health information policy, essentially overseeing the development of the nation's health information systems. Pursuant to this HIPAA mandate, the NCVHS Workgroup first published a concept paper in October 1998, (14) followed by an Interim Report in June 2000, (15) which sketches the broad model for a National Health Information Infrastructure (NHII) as "the set of technologies, standards, applications, systems, values, and laws that support all facets of individual health, health care, and public health." (16)

The rate of progress towards a NHII has attracted negative comments from the President's Information Technology Advisory Committee (PITAC). In its February 2001 report, the Committee noted that, "The U.S. lacks a broadly disseminated and accepted national vision for information technology in health care." (17) PITAC singled out the Department of Health and Human Services (DHHS) as failing to "have a clear, strategic vision of the benefit that the department and all of its agencies could receive from information technology research and use of information technology tools." (18)

Although progress towards a NHII may not have been as rapid as some would like, NCVHS has made all the right noises about protecting patient privacy and has denied that a NHII is merely an attempt by the government to collect personal health information. (19) Consistent with the overall thesis of this article, it is quite telling that in listing the benefits of an NHII, NCVHS first makes reference to the reduction of medical error: "Through the use of integrated information technologies, it is hoped that different segments of the medical care system will be able to `talk' to one another better and faster, and, in the process, dramatically increase diagnostic accuracy and spot potential errors before they injure patients." (20) This linkage has been endorsed by PITAC, with the comment that, "Only information technology can help us take data from records of individual care and make them available for analysis of populations, both for the generation of new epidemiological knowledge and for the generation of prudent health policy." (21)

The key "Administrative Simplification" component of this future NHII is the enabling of Electronic Data Interchange (EDI) for the healthcare system. Fundamentally, EDI is the electronic exchange of standardized business documents between what are known as "trading partners." (22) The EDI architecture envisioned by the regulations made--or to be made--under HIPAA (hereinafter HIPAA-EDI) requires the "use of national transaction standards when performing these business transactions between organizations electronically [and] ... that all parties using these transactions for healthcare follow the guidelines established by national implementation guides." (23)

The HIPAA-EDI model is highly technical, (24) but conceptually straightforward. (25) Those healthcare entities that opt to use EDI will be required to comply with very detailed "Transaction and Code Sets." (26) These data models are generally third party standards (27) promulgated by organizations such as the American National Standards Institute's (ANSI) Accredited Standards Committee (ASC) X12 (28) and the National Council for Prescription Drug Programs (NCPDP). (29) HIPAA-EDI defines its "trading partners" by way of "identifiers" for health plans, individuals, healthcare providers and employers. (30) When it is fully implemented, (31) HIPAA-EDI will provide for a fully interoperable, standardized system for processing all data exchanges between healthcare entities. (32)

The express "Administrative Simplification" goal of HIPAA and its regulations is the reduction of healthcare industry administrative and transaction costs. These costs, which may account for as much as one-third of the country's annual $1 trillion healthcare expenditures, are "backend" administrative costs associated with billing, reimbursement, insurance claims and prescription fulfillment. (33) HIPAA seeks to eliminate 10% or more of these costs by moving the industry to fully interoperable systems for healthcare transactions and promoting efficient healthcare markets. (34)

Encouraging and facilitating the relatively free flow of patient information increases healthcare privacy costs. For the HIPAA-EDI system to be credible, effective and fair, HIPAA limited how many of these costs could be externalized to patients. Accordingly, DHHS has had to enter a world that is far more contentious and politically-charged than that of identifiers and code sets. (35) The Department's work towards assuring security and privacy for medical information has been published as a Notice of Proposed Rule Making (NPRM) for Security and Electronic Signature Standards, (36) and, after a contentious NPRM period and some anxious months following the change in administration, as the final Standards for Privacy of Individually Identifiable Health Information (PIHI). (37)


The core of the PIHI regulations is the restriction or conditioning of disclosure of health information by a broad range of "covered entities" (38) including, for example, health, but not life, insurers. For the purposes of this article's focus on quality of care and malpractice liability, the key group subject to the regulations is certain healthcare providers. These providers, (39) such as hospitals and physicians, are subject to the regulations if they "transmit any health information in electronic form in connection with a [HIPAA-EDI transaction]." (40) As a result, providers who submit claims or process referral authorizations electronically will be encompassed by the regulations.

The new regulations limit the disclosures affected providers may make of "protected health information" (PHI). (41) PHI includes oral (42) or recorded information that "relates to the past, present, or future physical or mental health or condition of an individual" (43) and identifies or could identify the individual. (44) This will bring a patient's medical record, billing record, email communications and a physician's notes within the sphere of protection. Thereafter the provider may only disclose PHI as permitted by the PIHI regulations, (45)

Enforcement of the disclosure rules is accomplished primarily through compliance systems, which require the provider to appoint a "privacy officer" and train its staff, (46) and through regulatory oversight. (47) Additionally, the individual whose PHI is at issue (i.e., the patient and, in a few situations, a personal representative) is given certain access and amendment rights which are discussed in detail below. (48) Patients, however, are not given a private right of action for unauthorized disclosures.


Media coverage and industry angst notwithstanding, HIPAA's PIHI did not invent medical privacy law. As the Ninth Circuit has stated, "The constitutionally protected privacy interest in avoiding disclosure of personal matters clearly encompasses medical information and its confidentiality." (49) Federal constitutional protections against state action exist under the Fourth Amendment and the due process clauses of the Fifth and Fourteenth Amendments. (50) Furthermore, some state constitutions provide for even more explicit privacy protections which impact medical information. (51)

Many states already provide robust privacy and security safeguards for medical information, (52) The 1999 Georgetown Health Privacy Project study of state law found that "[v]irtually every state has some law aimed at the confidentiality of patient health information, but very few states have anything approaching a comprehensive health privacy law." (53) In fact, one has to feel some sympathy for the DHHS mandarins given the task of drafting the PIHI regulations. HIPAA-EDI is predicated on national standards and uniformity, suggesting the need for blanket preemption of state laws. However, the EDI-centric limitations of the federal enabling legislation did not permit the draftspersons to reach many of the pro-privacy features of some state laws, features that the drafters could not eschew for both political and philosophical reasons. (54) As a result, the unsatisfactory "more stringent" partial preemption provision in PIHI is likely to befuddle and annoy healthcare institutions with interstate businesses for years into the future. (55) There may be even worse to come as state legislators are prodded by dissatisfied privacy advocates to pass statutes that fill perceived gaps in the PIHI regulations, thereby increasing the number of non-preempted protections. (56)

Obscured amidst the noise of federal regulations, state statutes and at least two generations of conceptually-related uniform laws (57) are common law protections, specifically the tort action for breach of confidence which is recognized by a growing number of jurisdictions, (58) Only a few state medical privacy statutes expressly allow for a private right of action. (59) However, as one federal district court recently noted about the PIHI regulations, "the Standards indicate a strong federal policy to protect the privacy of patient medical records, and they provide guidance to the present case." (60)

Going further, a recent New York case, Doe v. Community Health Plan-Kaiser Corp., (61) involved an alleged disclosure of confidential information by a medical records clerk employed by the defendant HMO. The court, after considering state statutory provisions imposing duties of unauthorized non-disclosure on care providers (62) and HMOs, (63) concluded: "While a private cause of action may not be predicated on ... these statutes [they] define and impose the scope of the actionable duty of confidentiality which arises between certain health care providers ... and their patients." (64) It is likely that state and federal privacy rules increasingly will be used as the basis of a private right of action for breach of medical privacy.


It is within this environment, framed by a fledgling National Health Information Infrastructure, the HIPAA-EDI transactional specifications and the convoluted world of federal and state privacy regulation, that healthcare businesses must design and build their new IT systems. In doing so, providers must respond to two interrelated drivers. First, HIPAA-EDI will require a robust infrastructure that will facilitate the interpretation, processing and storage of standard data sets and linked transactions in a way that integrates institutional legacy systems and allows interoperabillity between systems. Second, this extensive investment in IT will motivate providers to extract additional value from the systems, to provide improvements in the quality of care through patient-oriented re-engineering such as the development of Computerized Patient Record systems (CPR) and to leverage the new architecture by offering innovative eHealth products.

Below, these technologies are discussed more closely in the context of the specific legal issues they impact. (65) This section, however, will note some of the core technologies, from the CPR to Web-based services that will be constructed on, or in close parallel to, the HIPAA-EDI structure.

It is important to remember that the PIHI regulations apply to "protected health information" (66) which is "created or received" (67) by the institution or individual care provider. HIPAA-EDI neither regulates by reference to a CPR--whether or not comprehensive in form--nor expressly calls for the adoption of CPR systems. Accordingly, in the short term at least, a patient's PHI likely will be spread across many systems and various CPRs. Further, some of a patient's medical records will be in discrete unregulated systems because of quirks in the PIHI regulations' complex definitional structure (i.e., paper records held by the quintessential rural physician who only accepts cash). This article, however, projects somewhat beyond the systems still used by many if not most providers today. Rather, it adopts Gostin's description of patient-based longitudinal health records as "patient-specific records in automated form containing all data relevant to the health of an individual (i.e., clinical, financial and research-oriented information, including diagnostic images) collected over a lifetime." (68) Thus, it is assumed that, prompted by the HIPAA-EDI architecture and other forces discussed herein, providers will adopt cohesive, comprehensive CPR systems. Henceforth, this article uses the somewhat inaccurate singular form for CPR, including within that concept multiple, but interoperable and interlinked CPRs.

If HIPAA-EDI is on its face CPR-agnostic, entities such as the Agency for Healthcare Research and Quality (AHRQ) and CPRI-HOST (69) are prodding the industry firmly in the direction of the longitudinal health record. There is no standardized format for a CPR, although there is broad agreement that such a record would contain, "1. Integrated view of patient data, 2. Access to knowledge resources, 3. Physician order entry and clinician data entry, 4. Integrated communications support, and 5. Clinical decision support." (70) Courtesy of HIPAA-EDI, we now also know the identifiers and data sets that will populate the CPR and make it truly interoperable, such that medical records data can flow smoothly in from and out to external sources such as a doctor's office, a pharmacy or a payer. (71)

Integrated into these transactional systems will be sophisticated data tracking and analysis tools. These will support the flow of the myriad reports and records required to be submitted by healthcare institutions. (72) In addition, patients will participate in these systems; ordering everything from their choice of meals when hospitalized, requesting referrals, prescription refills and scheduling outpatient appointments. Patients will also provide feedback to the institution and payers regarding the quality of care they received. (73) The vision of the PITAC is worthy of note:

   Decision-support tools can provide critical links between a current 
   patient's condition and previous clinical studies. Existing systems largely 
   focus on detecting errors at the source, through such methods as range 
   checking, alerts, and reminders, or post-hoc quality monitoring and review. 
   While these types of systems are vital components for improving quality of 
   care, important information is often unavailable or inaccessible because it 
   is spread across multiple information systems and/or organizations with 
   differing systems. This can result in poor coordination of care and 
   increased illness and mortality. The challenge of going beyond these 
   approaches to ones that proactively foster best practices will require 
   efforts in the following areas: 
   * Expanding the range and granularity of routinely captured data. 
   * Standardizing terminology. 
   * Developing robust techniques for incorporating new data types into 
     existing clinical data repositories, e.g., images and patient genotype. 
   * Organizing and collecting large-scale databases to determine best 
   * Developing guidelines based on such evidence. 
   * Implementing guidelines so that they are usable effectively at the point 
     of care, including embedded decision support that is continually updated 
     as new evidence accumulates. 
   * Reducing the cost and difficulty of integrating applications that reside 
     on heterogeneous technologies. (74) 

The critical reader may object that some of the scenarios, technologies and business models discussed in this article have, at most, a quite tenuous link to the PIHI regulations or even to the HIPAA-EDI model. (75) Patient privacy is a major selling point, however, and the highly visible PIHI protections will boost consumer confidence in technologically-mediated healthcare--notwithstanding that PIHI will apply to only a fraction of them. (76) With 63% of American adults now going online, compared to 39% in 1998, (77) the bricks-and-mortar healthcare industry will endeavor not to miss the burgeoning online market. Elsewhere I have argued that "e-Health is premised on a fundamentally new patient experience that is unconstrained by familiar points of entry and structures or traditional channels for delivering information." (78) Providers will respond to that fundamental change: they will cease equating eHealth to the narrow concept of telemedicine, and along with the entrepreneurs who survive the meltdown, will build the next generation of healthcare services. (79)

Providers already embrace new business-to-business (B2B) services such as procurement and related e-marketplaces. (80) Business-to-consumer (B2C) eHealth services will rapidly grow beyond vertical portals such as WebMD (81) and spawn treatment auctions, (82) group-buying services (83) and sites that match patients to clinical trials. (84) The emerging health industry IT architecture will interface with increasingly sophisticated consumer product and Web-service hybrids, such as Web-connected medical monitoring appliances, (85) Palm-based EKG monitors (86) or diagnosis-enabled cell phones that locate imperiled patients via Global Positioning Systems (GPS). (87) These will enable remote diagnosis, monitoring, and even treatment, while soon interfacing with implanted chips that deliver prescription medicines. (88)

Most discussions of HIPAA-EDI, and specifically the PIHI regulations, concentrate on what is prohibited. However, HIPAA-EDI is just as important for what it enables and promotes. While publicly complaining about compliance costs, providers--at least institutional ones--favor the basic HIPAA-EDI structure and promise of cost reduction. (89) Forward-thinking providers likely will view the HIPAA-EDI mandate as an opportunity to re-engineer their systems to feature elaborate data collection and analysis mechanisms that are interoperable with the systems of other healthcare entities and, at their core, feature a highly sophisticated CPR. The remainder of this article examines how these systems and the specifics of our new world of privacy protection will conspire in an effort to reduce medical error and reshape aspects of malpractice litigation.


As discussed above, protecting patient privacy and reducing medical error are inextricably linked by technological growth and process reform. This linkage is a worldwide phenomenon and occurs at many levels--both philosophical and functional, commercial and technological. (90) The technology that directly or indirectly is required by the architecture of HIPAA-EDI will hasten, even jump-start, process reform and the development of the overall healthcare information infrastructure. In addition, it will accelerate the acceptance of technological solutions by healthcare professionals, hastening technologically-mediated quality improvement. As Stair has observed, "Broadly speaking, quality has two dimensions: (1) the objective, technical aspects of care (the accuracy of diagnosis and effectiveness of treatment), and (2) service and patient satisfaction." (91) While Start argues that "[t]he impact of the digital revolution on customer service and patient satisfaction may be equally important," (92) he concedes that "[m]ost of the discussion about IT and quality has focused on the development of outcomes measures for improving the technical dimension of care," while observing that "[n]ew knowledge about outcomes should improve not only clinical judgment but also organizational processes, reducing mistakes and iatrogenic disease." (93)


Our contemporary understanding of medical and medication error owes much to the legacy of the Harvard Study. (94) The current discourse, however, must be dated to the November 1999 publication by the IOM of To Err Is Human: Building a Safer Health System, (95) which garnered headlines nationwide. The report is a comprehensive exposition of adverse events and iatrogenic (96) injuries, particularly those caused by error. To Err Is Human will always be known for its oft-quoted statistic that "at least 44,000 Americans die each year as a result of medical errors," (97) making medical error the eighth leading cause of death, ahead of motor vehicle accidents, breast cancer or AIDS. (98) The IOM report bracketed the medical error phenomenon by also noting that "the results of the New York Study suggest the number may be as high as 98,000." (99) Not surprisingly, both the methodologies behind these studies and the extrapolations built upon them have already attracted criticisms. (100)

Medical and medication errors are, of course, merely distributionally-loaded subsets of the universe of adverse events, while negligent or malpractice-related events are a subset of those medical and medication errors. The IOM report defines its terms as follows:

   An error is ... the failure of a planned action to be completed as intended 
   (i.e., error of execution) or the use of a wrong plan to achieve an aim 
   (i.e., error of planning). 
   An adverse event is an injury caused by medical management rather than the 
   underlying condition of the patient. 
   An adverse event attributable to error is a "preventable adverse event." 
   Negligent adverse events represent a subset of preventable adverse events 
   that satisfy legal criteria used in determining negligence.... (101) 

In addition, the IOM report estimated that medication errors account for over 7,000 deaths annually. (102) As defined by the National Coordinating Council for Medication Error Reporting and Prevention (NCC MERP) (103) a medication error is "any preventable event that may cause or lead to inappropriate medication use or patient harm while the medication is in the control of the health care professional, patient or consumer." (104) According to AHRQ, "Adverse drug events (ADEs) result in more than 770,000 injuries and deaths each year," (105) while medication errors are a "frequent cause" of medication-related adverse events. (106) AHRQ's synthesized research suggests that "28 percent to 95 percent of ADEs can be prevented by reducing medication errors through computerized medication systems" and that "[c]omputerized medication order entry has the potential to prevent an estimated 84 percent of dose, frequency and route errors." (107)

Beyond the "44,000 deaths" sound byte, however, the long-term contribution of To Err Is Human is its emphasis on process-based solutions. Reason explains the core concepts as follows:

   The basic premise in the system approach is that humans are fallible and 
   errors are to be expected, even in the best organisations. Errors are seen 
   as consequences rather than causes, having their origins not so much in the 
   perversity of human nature as in "upstream" systemic factors. These include 
   recurrent error traps in the workplace and the organisational processes 
   that give rise to them. Countermeasures are based on the assumption that 
   though we cannot change the human condition, we can change the conditions 
   under which humans work. (108) 

Leape appropriately cautions us that "[t]he systems approach is not a substitute for either responsibility or professional judgment." (109) Equally, he is on point with the comment that "Neither the medical paradigm of training, testing, and blaming, nor the legal paradigm of tort redress has succeeded." (110) The sorry sight of the President and Congress wrangling over whether HMOs should be sued in state or federal courts (111) should serve as an apt metaphor for the near bankruptcy of our traditional approaches to improving the quality of care. Process reform is where regulatory energies and investment dollars will be concentrated over the next decade and, increasingly, our concept of process reform will merge with the healthcare industry's growing appetite for information technologies.


With considerably less publicity than that generated by To Err Is Human, the IOM subsequently released a report from the same Committee on the Quality of Health Care in America. The 2001 report, Crossing the Quality Chasm: A New Health System for the 21st Century, (112) noted "the absence of real progress towards restructuring health care systems to address both quality and cost concerns, or toward applying advances in information technology (IT) to improve administrative and clinical processes." (113) This second report devotes an entire chapter to the relationship between technology and quality of care. it notes:

   IT has enormous potential to improve the quality of health care. ... In the 
   area of safety, there is growing evidence that automated order entry 
   systems can reduce errors in drug prescribing and dosing. ... In the area 
   of effectiveness, there is considerable evidence that automated reminder 
   systems improve compliance with clinical practice guidelines.... There are 
   many opportunities to use IT to make care more patient-centered, for 
   example, by facilitating access to clinical knowledge through 
   understandable and reliable Web sites and online support groups ... 
   customized health education ... and the use of clinical decision support 
   systems.... Both patients and clinicians can benefit from improvements in 
   timeliness through the use of Interact-based communications (i.e., 
   e-visits, telemedicine) and immediate access to automated clinical 
   information, diagnostic tests, and treatment results.... Clinical decision 
   support systems have been shown to improve efficiency by reducing redundant 
   laboratory tests. Finally, Internet-based health communication can enhance 
   equity by providing a broader array of options for interacting with 
   clinicians.... (114) 

Fueled by technological innovation, even the most traditional practice will not be impervious to this revolution. All physicians will interface with sophisticated new systems designed both to reduce "backend" administrative tasks and to positively influence the quality of medical care. Even in traditional practice space, technology and quality assurance will turn out to be intertwined: technology will become an increasingly important component of risk management and quality assurance programs, and will be used to proactively target medical error.

While legislative (115) and regulatory (116) responses increasing the use of technology are likely, and public opinion fuelled by studies such as To Err Is Human will promote reform, most of the immediate pressure to increase technologically advanced medical error reducing systems likely will come from accreditation agencies. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) has made important revisions to its standards that became effective on July 1, 2001. Aimed specifically at adverse events and medical error, the revisions underscore the Joint Commission's requirements as to process engineering and error reporting. (117) Revisions that will implicate technology-based approaches include increasing reporting and proactive risk-reducing systems. (118) The Management of Information Chapter has been revised to include requirements that will lead to more database-driven risk management and error reduction systems, (119) and improvements in the institution's knowledge-base systems. (120)

Together these various initiatives give rise to three overlapping sets of technologies that will tend to reduce medical and medication error. They may be loosely identified as Proactive, Interactive and Informational.

1. Proactive and Order Systems

Proactive systems will be the first to appear in quantity, and mass adoption is likely to be rapid. The average physician likely will observe this phenomenon in increased automation of medication, such as automated interaction alerts (121) and other systems. (122) Electronic prescribing interfaces increasingly will neutralize the dangers (123) associated with physicians' notoriously illegible handwriting. (124) These computerized medication order entry or physician order entry (POE) systems (125) will also flag objective indications of potential error. …

Log in to your account to read this article – and millions more.